From f18b4630e818bb4fbcfdfa1a644912e73dbfd63e09703cd4c3531ebb9aad0b1e Mon Sep 17 00:00:00 2001 From: Robert Schweikert Date: Wed, 31 Jul 2024 13:07:13 +0000 Subject: [PATCH] Accepting request 1190644 from home:glaubitz:branches:Cloud:Tools - Update to version 2.0.3 * Upgrade py version * Replace deprecated usage of datetime - from version 2.0.2 * Check for efs-proxy PIDs when cleaning tunnel state files * Add PID to log entries - from version 2.0.1 * Disable Nagle's algorithm for efs-proxy TLS mounts to improve latencies - from version 2.0.0 * Replace stunnel, which provides TLS encryptions for mounts, with efs-proxy, a component built in-house at AWS. Efs-proxy lays the foundation for upcoming feature launches at EFS. - from version 1.36.0 * Support new mount option: crossaccount, conduct cross account mounts via ip address. Use client AZ-ID to choose mount target. - from version 1.35.2 * Revert "Add warning if using older Version" * Support MacOS Sonoma - Switch package to modern Python Stack on SLE-15 * Use Python 3.11 on SLE-15 by default * Use primary Python version on Tumbleweed OBS-URL: https://build.opensuse.org/request/show/1190644 OBS-URL: https://build.opensuse.org/package/show/Cloud:Tools/aws-efs-utils?expand=0&rev=42 --- .gitattributes | 23 ++ .gitignore | 1 + aws-efs-utils.changes | 340 ++++++++++++++++++ aws-efs-utils.spec | 123 +++++++ disable_mount_efs_test.patch | 21 ++ efs-utils-1.35.1.tar.gz | 3 + efs-utils-2.0.3.tar.gz | 3 + ...en_amazon-efs-mount-watchdog.service.patch | 24 ++ skip-styletest.patch | 7 + use_mock_from_unittest.patch | 12 + 10 files changed, 557 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 aws-efs-utils.changes create mode 100644 aws-efs-utils.spec create mode 100644 disable_mount_efs_test.patch create mode 100644 efs-utils-1.35.1.tar.gz create mode 100644 efs-utils-2.0.3.tar.gz create mode 100644 harden_amazon-efs-mount-watchdog.service.patch create mode 100644 skip-styletest.patch create mode 100644 use_mock_from_unittest.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/aws-efs-utils.changes b/aws-efs-utils.changes new file mode 100644 index 0000000..30a1dce --- /dev/null +++ b/aws-efs-utils.changes @@ -0,0 +1,340 @@ +------------------------------------------------------------------- +Wed Jul 31 11:04:49 UTC 2024 - John Paul Adrian Glaubitz + +- Update to version 2.0.3 + * Upgrade py version + * Replace deprecated usage of datetime +- from version 2.0.2 + * Check for efs-proxy PIDs when cleaning tunnel state files + * Add PID to log entries +- from version 2.0.1 + * Disable Nagle's algorithm for efs-proxy TLS mounts to improve latencies +- from version 2.0.0 + * Replace stunnel, which provides TLS encryptions for mounts, with efs-proxy, + a component built in-house at AWS. Efs-proxy lays the foundation for upcoming + feature launches at EFS. +- from version 1.36.0 + * Support new mount option: crossaccount, conduct cross account mounts via ip address. + Use client AZ-ID to choose mount target. +- from version 1.35.2 + * Revert "Add warning if using older Version" + * Support MacOS Sonoma +- Switch package to modern Python Stack on SLE-15 + * Use Python 3.11 on SLE-15 by default + * Use primary Python version on Tumbleweed + +------------------------------------------------------------------- +Tue Feb 20 11:16:23 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Tue Feb 13 14:39:45 UTC 2024 - John Paul Adrian Glaubitz + +- Update to version 1.35.1 + * Revert openssl requirement change + * Revert "Update EFS Documentation: Clarify Current FIPS Compliance Status" + * Update EFS Documentation: Clarify Current FIPS Compliance Status + * test: Change repo urls in eol debian9 build + * Check private key file size to skip generation + * test: Fix pytest that failed since commit 3dd89ca + * Fix should_check_efs_utils_version scope + * Add warning if using old version + * Add 'fsap' option as EFS-only option + +------------------------------------------------------------------- +Fri Mar 31 08:49:42 UTC 2023 - John Paul Adrian Glaubitz + +- Update to version 1.35.0 + * Add parameters to allow mount fo pod impersonation feature in EFS CSI Driver + * Updated the README with support of Oracle8 distribution + * Readme troubleshooting section + table of contents + * Add efs-utils Support for MacOS Ventura EC2 instances + +------------------------------------------------------------------- +Wed Jan 25 10:50:15 UTC 2023 - John Paul Adrian Glaubitz + +- Update to version 1.34.5 + * Handle invalid entries in /proc/mounts + * Detect invalid private key + +------------------------------------------------------------------- +Tue Jan 3 10:22:00 UTC 2023 - John Paul Adrian Glaubitz + +- Update to version 1.34.4 + * Fix potential tlsport selection collision by using + state file as tlsport lock file (bsc#1206737, CVE-2022-46174) +- Use RPM macros for directory paths (bsc#1191055) + +------------------------------------------------------------------- +Fri Dec 2 11:38:36 UTC 2022 - John Paul Adrian Glaubitz + +- Update to version 1.34.3 + * Fix stunnel constantly restart issue when upgrading + from 1.32.1 and before version to latest version + * Fix race in stunnel port selection + * Disable journal entry fetch from systemctl call +- from version 1.34.2 + * Fix potential issue on AL2 when watchdog trying to restart + stunnel for the TLS mounts that existing before upgrade +- from version 1.34.1 + * Update Amazon Linux 2 platform to use namespaced stunnel5 + +------------------------------------------------------------------- +Tue Oct 18 14:13:10 UTC 2022 - pgajdos@suse.com + +- python-six is not required for build + https://trello.com/c/MO53MocR/143-remove-python3-six + +------------------------------------------------------------------- +Fri Sep 23 13:00:33 UTC 2022 - John Paul Adrian Glaubitz + +- Update to version 1.33.4 (bsc#1203170) + * Fix the issue where watchdog sending signal to incorrect + processes and add FIPS mode support + * Apply additional check on awscredsuri option +- from version 1.33.3 + * Fix the potential stunnel hanging issue caused by full + subprocess PIPE filled by stunnel log + * Specify FIPS mode in configuration + * Add separate env_path for macOS; Add comments + * Update get-pip.py download url in README +- from version 1.33.2 + * Fix the incorrect path to generate read_ahead_kb config file + and Bump the default tls port range from 400 to 1000 +- Add patch to use unittest.mock instead of mock in testsuite + * use_mock_from_unittest.patch +- Use relative URL in Source field + +------------------------------------------------------------------- +Wed May 18 05:39:02 UTC 2022 - pgajdos@suse.com + +- version update to 1.33.1 + * Enable mount process to retry on failed or timed out mount.nfs command + * use unittest.mock instead of mock + +------------------------------------------------------------------- +Wed Apr 27 06:39:41 UTC 2022 - pgajdos@suse.com + +- version update to 1.32.1 + * Enable watchdog to check stunnel health periodically and restart + hanging stunnel process when necessary. +- do not require python-mock for build + https://trello.com/c/S6eADbii/64-remove-python-mock + +------------------------------------------------------------------- +Wed Mar 9 11:47:22 UTC 2022 - John Paul Adrian Glaubitz + +- Remove redundant python3 dependency from Requires +- Update regular expression to fix python shebang + +------------------------------------------------------------------- +Fri Feb 18 12:39:14 UTC 2022 - Robert Schweikert + +- Update to version 1.31.3 (bsc#1195916) + + Add skip-styletest.patch + - Style is enforced upstream and triggers unnecessary build version + requirements + + Allow specifying fs_id in cloudwatch log group name + + Includes fix for stunnel path + +------------------------------------------------------------------- +Wed Aug 11 12:32:39 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s). Added patch(es): + * harden_amazon-efs-mount-watchdog.service.patch + +------------------------------------------------------------------- +Thu Jun 24 11:57:02 UTC 2021 - John Paul Adrian Glaubitz + +- Update to version 1.31.2 + + Handle HTTPError and other unknown exception when fetching IMDS token + + Support Oracle Enterprise Linux 8 +- from version 1.31.1 + + Support fallback to mount with mount target ip address when DNS resolution fails + + Bump py from 1.8.0 to 1.10.0 +- from version 1.30.2 + + Add helper message when config file on instance is not latest + + Fix the throughput regression due to read_ahead configuration change + on Linux distribution with kernel version 5.4.x and above +- from version 1.30.1 + + Support mounting to specific AZ mount target + + Revert "Support mounting to specific AZ mount target" + + Support mounting to specific AZ mount target + + Use regional AWS STS endpoints instead of the global endpoint to reduce latency +- from version 1.29.1-mac + + Fix issue where state files are removed after mount on EC2 + instances running on MacOS Big Sur + + Add support for EC2 Mac instances running macOS Big Sur +- from version 1.29.1 + + Update the python dependency to python3 + + Fix typo +- from version 1.28.2 + + Fix the issue that mounting with IAM authorization with + iam role does not work with IMDSv2 +- from version 1.28.1 + + Support publishing mount success/failure notification via CloudWatch log + + filename of .deb-package now includes architecture +- from version 1.27.1 + + Merge PR #60 on GitHub. Adds support for AssumeRoleWithWebIdentity. + + Add support for AssumeRoleWithWebIdentity +- from version 1.26.3 + + Fix an issue where watchdog crashed during restart because stunnel + was killed and pid key was removed from state file +- from version 1.26.2 + + Fixes an issue with watchdog where it sometimes fails to restart stunnels in + efs-csi-driver container * Fixes an issue where fs cannot be mounted with tls + using systemd.automount-units due to mountpoint check + + Revert "Fixes an issue with watchdog where it sometimes fails to restart stunnels + in efs-csi-driver container" + + Fixes an issue with watchdog where it sometimes fails to restart stunnels in + efs-csi-driver container + + Remove non-ascii character in dist/efs-utils.conf +- from version 1.25-3 + + Check if mountpoint is already mounted beforehand for tls mount + + Bug fix and enhancement, support fedora +- from version 1.25-2 + + Fix python3 IAM role name encoded format, add optional + override for stunnel log + + Encode IAM role name to UTF-8 +- from version 1.25-1 + + Create self-signed certificate for tls-only mount + + add CentOS 8 support +- from version 1.24 + + Fix the malformed certificate info + + bump the release id to 3 + + Use IMDSv1 by default, and use IMDSv2 where required + + Revert "Use IMDSv1 by default, and fall back to IMDSv2 if necessary" + + Use IMDSv1 by default, and fall back to IMDSv2 if necessary + + Modify rhel8-support.sh to handle Fedora as well, and rename it + + Remove which from DEB package dependency + + List which as dependency to search command exec path + + Enable region sourcing from efs-utils configuration file and fix + stunnel exec path issue in openSUSE + + Update rpm changelog for v1.23-2, fix circleCI build issue +- from version 1.23 + + Add support for Amazon Elastic Container Service +- from version 1.22 + + Improvements to metadata retrieval and IAM authentication +- from version 1.21 + + Improvements to auth and access point support +- from version 1.20 + + Fixes the mount issue with full DNS name in the AWS China Regions; + Upgrades unit test coverage version dependency to enable accurate + python3.8 coverage test +- from version 1.19 + + Added region localization, Integrate repository with CircleCI to enable + package build visualization, Unit tests bug fixes for python3.5 +- from version 1.18 + + Support IAM authentication and access points. +- Add patch to disable mount_efs_test which requires networking + + disable_mount_efs_test.patch +- Add openssl to BuildRequires, required for testsuite +- Update Requires from requirements.txt + +------------------------------------------------------------------- +Tue Nov 3 15:03:24 UTC 2020 - Franck Bui + +- Drop '-f' option with %service_del_preun/%service_del_postun + + With %service_del_preun, the option is already ignored with as + support for DISABLE_STOP_ON_REMOVAL has been dropped. + + With %service_del_postun, this option shouldn't be needed besides + very few special cases. But this package doesn't seem to belong to + this category. + +------------------------------------------------------------------- +Mon Feb 3 12:03:13 UTC 2020 - Dominique Leuenberger + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut through the -mini flavors. + +------------------------------------------------------------------- +Tue Dec 17 20:14:25 UTC 2019 - John Paul Adrian Glaubitz + +- Update to version 1.17 + + Added support for Python 3 +- Enable testsuite which now passes on Python 3 +- Update BuildRequires from requirements.txt + +------------------------------------------------------------------- +Thu Dec 5 11:42:38 UTC 2019 - John Paul Adrian Glaubitz + +- Update to version 1.16 + + Support Python 3 for tests +- from version 1.15 + + Properly support Python3 +- from version 1.14 + + Tolerate EFS state directory existing during mount +- from version 1.13 + + Change watchdog configuration so it stops after all file systems are unmounted +- from version 1.12 + + Update stunnel idle timeout + * The default stunnel idle timeout is many hours. By setting it to a value based + on the NFS lease length we can recover from network partitions sooner. +- from version 1.11 + + Add support for RHEL8 + * Fixes Python shebangs to work on systems without a default "python" version. + * Fixes watchdog process not being properly started on systemd systems. +- from version 1.10 + + Update to default configuration that disables OCSP + * To use OCSP, the client accessing EFS must be able to reach the Amazon Certificate + Authority (CA). To maximize file system availability in the event that the CA is + not reachable from your VPC, the EFS mount helper no longer enables OCSP by default. +- Don't enable testsuite as it is currently failing + + https://github.com/aws/efs-utils/issues/24 +- Drop patches merged upstream + + efs-switchparser.patch +- Update BuildRequires from requirements.txt + +------------------------------------------------------------------- +Tue Apr 9 22:29:17 UTC 2019 - John Paul Adrian Glaubitz + +- Update to version 1.7 + + subprocess usage: explicitly pass `close_fds = True` + + state_file_dir: choose safe default mode, make mode configurable + + choose_tls_port(): reuse socket and explicitly close it in all cases + + watchdog: be robust against unrelated localhost based nfs mounts +- Drop hardening patches merged upstream + + 0001-subprocess-usage-explicitly-pass-close_fds-True.patch + + 0002-state_file_dir-choose-safe-default-mode-make-mode-co.patch + + 0003-pytest-adjust-tests-to-new-state_file_dir_mode-confi.patch + + 0004-choose_tls_port-reuse-socket-and-explicitly-close-it.patch + + 0005-watchdog-be-robust-against-unrelated-localhost-based.patch +- from version 1.6 + + fix for additional unexpected arguments + + add test for additional unexpected arguments + +------------------------------------------------------------------- +Wed Apr 3 08:38:34 UTC 2019 - John Paul Adrian Glaubitz + +- Include hardening and robustness fixes from security audit (bsc#1125133) + + 0001-subprocess-usage-explicitly-pass-close_fds-True.patch + + 0002-state_file_dir-choose-safe-default-mode-make-mode-co.patch + + 0003-pytest-adjust-tests-to-new-state_file_dir_mode-confi.patch + + 0004-choose_tls_port-reuse-socket-and-explicitly-close-it.patch + + 0005-watchdog-be-robust-against-unrelated-localhost-based.patch + +------------------------------------------------------------------- +Thu Feb 14 14:54:30 UTC 2019 - Robert Schweikert + +- Rename from amazon-efs-utils to aws-efs-utils + +------------------------------------------------------------------- +Thu Feb 14 00:56:12 UTC 2019 - Robert Schweikert + +- Support Python 3.2 and later + + Add efs-switchparser.patch + + SafeConfigParser is no longer available, use ConfigParser + +------------------------------------------------------------------- +Mon Feb 11 18:20:10 UTC 2019 - Jan Engelhardt + +- Ensure neutrality of descriptions. + +------------------------------------------------------------------- +Sat Feb 9 09:21:23 UTC 2019 - John Paul Adrian Glaubitz + +- Initial build (bsc#1101451, fate#327220, bsc#1124652, fate#327221) + + Version 1.5 diff --git a/aws-efs-utils.spec b/aws-efs-utils.spec new file mode 100644 index 0000000..4da6e0a --- /dev/null +++ b/aws-efs-utils.spec @@ -0,0 +1,123 @@ +# +# spec file for package aws-efs-utils +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if 0%{?suse_version} >= 1600 +%define pythons %{primary_python} +%else +%define pythons python311 +%endif +%global _sitelibdir %{%{pythons}_sitelib} +Name: aws-efs-utils +Version: 2.0.3 +Release: 0 +Summary: Utilities for using the EFS file systems +License: MIT +Group: System/Management +URL: https://github.com/aws/efs-utils +Source0: %{url}/archive/v%{version}.tar.gz#/efs-utils-%{version}.tar.gz +Patch0: disable_mount_efs_test.patch +Patch1: harden_amazon-efs-mount-watchdog.service.patch +Patch2: skip-styletest.patch +Patch3: use_mock_from_unittest.patch +BuildRequires: %{pythons}-attrs >= 17.4.0 +BuildRequires: %{pythons}-botocore >= 1.17.53 +BuildRequires: %{pythons}-coverage >= 4.5.4 +BuildRequires: openssl +#BuildRequires: %{pythons}-flake8 >= 3.7.9 +BuildRequires: %{pythons}-flake8 +BuildRequires: %{pythons}-mccabe >= 0.6.1 +BuildRequires: %{pythons}-pbr >= 3.1.1 +BuildRequires: %{pythons}-pluggy >= 0.13.0 +BuildRequires: %{pythons}-py >= 1.11.0 +BuildRequires: %{pythons}-pycodestyle >= 2.5.0 +BuildRequires: %{pythons}-pyflakes >= 2.1.1 +BuildRequires: %{pythons}-pytest >= 4.6.7 +BuildRequires: %{pythons}-pytest-cov >= 2.8.1 +BuildRequires: %{pythons}-pytest-html >= 1.19.0 +BuildRequires: %{pythons}-pytest-metadata >= 1.7.0 +BuildRequires: %{pythons}-pytest-mock >= 1.11.2 +BuildRequires: systemd-rpm-macros +BuildRequires: pkgconfig(systemd) +Requires: nfs-utils +Requires: stunnel >= 4.56 +BuildArch: noarch + +%description +This package provides utilities for using the EFS file systems. + +%prep +%setup -n efs-utils-%{version} +%patch -P 0 -p1 +find . -name "*.py" -exec sed -i 's/env python3/python3/' {} + +%patch -P 1 -p1 +%patch -P 2 +%patch -P 3 -p1 + +%build +# No build required + +%check +make test + +%install +mkdir -p %{buildroot}%{_sysconfdir}/amazon/efs +mkdir -p %{buildroot}%{_unitdir} +install -p -m 644 %{_builddir}/efs-utils-%{version}/dist/amazon-efs-mount-watchdog.service %{buildroot}%{_unitdir} + +mkdir -p %{buildroot}%{_bindir} +mkdir -p %{buildroot}%{_sbindir} +mkdir -p %{buildroot}%{_localstatedir}/log/amazon/efs +mkdir -p %{buildroot}%{_mandir}/man8 +mkdir -p %{buildroot}%{_sysconfdir}/amazon/efs + +install -p -m 644 %{_builddir}/efs-utils-%{version}/dist/efs-utils.conf %{buildroot}%{_sysconfdir}/amazon/efs +install -p -m 444 %{_builddir}/efs-utils-%{version}/dist/efs-utils.crt %{buildroot}%{_sysconfdir}/amazon/efs +install -p -m 755 %{_builddir}/efs-utils-%{version}/src/mount_efs/__init__.py %{buildroot}%{_sbindir}/mount.efs +install -p -m 755 %{_builddir}/efs-utils-%{version}/src/watchdog/__init__.py %{buildroot}%{_bindir}/amazon-efs-mount-watchdog +install -p -m 644 %{_builddir}/efs-utils-%{version}/man/mount.efs.8 %{buildroot}%{_mandir}/man8 + +# Create rc-link +for srv_name in %{buildroot}%{_unitdir}/*.service; do rc_name=$(basename -s '.service' $srv_name); ln -s service %{buildroot}%{_sbindir}/rc$rc_name; done + +%pre +%service_add_pre amazon-efs-mount-watchdog.service + +%post +%service_add_post amazon-efs-mount-watchdog.service + +%preun +%service_del_preun amazon-efs-mount-watchdog.service + +%postun +%service_del_postun amazon-efs-mount-watchdog.service + +%files +%defattr(-,root,root,-) +%doc NOTICE README.md +%license LICENSE +%{_unitdir}/amazon-efs-mount-watchdog.service +%{_sysconfdir}/amazon +%config %{_sysconfdir}/amazon/efs/efs-utils.conf +%config %{_sysconfdir}/amazon/efs/efs-utils.crt +%{_sbindir}/mount.efs +%{_bindir}/amazon-efs-mount-watchdog +%{_sbindir}/rcamazon-efs-mount-watchdog +%{_var}/log/amazon +%{_mandir}/man8/mount.efs.8.gz + +%changelog diff --git a/disable_mount_efs_test.patch b/disable_mount_efs_test.patch new file mode 100644 index 0000000..70e66c7 --- /dev/null +++ b/disable_mount_efs_test.patch @@ -0,0 +1,21 @@ +diff -Nru efs-utils-1.31.2.orig/Makefile efs-utils-1.31.2/Makefile +--- efs-utils-1.31.2.orig/Makefile 2021-06-17 17:05:57.000000000 +0200 ++++ efs-utils-1.31.2/Makefile 2021-06-24 13:55:03.285623213 +0200 +@@ -57,5 +57,5 @@ + + .PHONY: test + test: +- pytest ++ pytest --ignore=test/mount_efs_test + flake8 +diff -Nru efs-utils-1.31.2.orig/setup.cfg efs-utils-1.31.2/setup.cfg +--- efs-utils-1.31.2.orig/setup.cfg 2021-06-17 17:05:57.000000000 +0200 ++++ efs-utils-1.31.2/setup.cfg 2021-06-24 13:54:45.397645746 +0200 +@@ -6,7 +6,6 @@ + addopts = + --verbose + --html build/pytest/index.html +- --cov mount_efs + --cov watchdog + --cov-report html:build/coverage + --cov-fail-under 80 diff --git a/efs-utils-1.35.1.tar.gz b/efs-utils-1.35.1.tar.gz new file mode 100644 index 0000000..10eb8c6 --- /dev/null +++ b/efs-utils-1.35.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6a60083ebf3e3c7942c58a5e7eeca6854bd44ba9bb1a6ed2f56435ecdd793b8d +size 129133 diff --git a/efs-utils-2.0.3.tar.gz b/efs-utils-2.0.3.tar.gz new file mode 100644 index 0000000..e3aa273 --- /dev/null +++ b/efs-utils-2.0.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7489b85737e2a91006b99461d34e4f67c3d101a105a0cf78235d554e2b736f0d +size 165557 diff --git a/harden_amazon-efs-mount-watchdog.service.patch b/harden_amazon-efs-mount-watchdog.service.patch new file mode 100644 index 0000000..0210461 --- /dev/null +++ b/harden_amazon-efs-mount-watchdog.service.patch @@ -0,0 +1,24 @@ +Index: efs-utils-1.17/dist/amazon-efs-mount-watchdog.service +=================================================================== +--- efs-utils-1.17.orig/dist/amazon-efs-mount-watchdog.service ++++ efs-utils-1.17/dist/amazon-efs-mount-watchdog.service +@@ -11,6 +11,19 @@ Description=amazon-efs-mount-watchdog + Before=remote-fs-pre.target + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHome=true ++PrivateDevices=true ++ProtectHostname=true ++ProtectClock=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectKernelLogs=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + Type=simple + ExecStart=/usr/bin/env amazon-efs-mount-watchdog + KillMode=process diff --git a/skip-styletest.patch b/skip-styletest.patch new file mode 100644 index 0000000..d773164 --- /dev/null +++ b/skip-styletest.patch @@ -0,0 +1,7 @@ +--- Makefile.orig ++++ Makefile +@@ -58,4 +58,3 @@ deb: + .PHONY: test + test: + pytest --ignore=test/mount_efs_test +- flake8 diff --git a/use_mock_from_unittest.patch b/use_mock_from_unittest.patch new file mode 100644 index 0000000..686273c --- /dev/null +++ b/use_mock_from_unittest.patch @@ -0,0 +1,12 @@ +diff -Nru efs-utils-1.33.4.orig/test/common.py efs-utils-1.33.4/test/common.py +--- efs-utils-1.33.4.orig/test/common.py 2022-09-22 07:36:56.000000000 +0200 ++++ efs-utils-1.33.4/test/common.py 2022-09-23 14:58:48.522147941 +0200 +@@ -8,7 +8,7 @@ + + import subprocess + +-from mock import MagicMock ++from unittest.mock import MagicMock + + + # The process mock can be retrieved by calling PopenMock().mock