From f2d38dd1dc185f7dc39cf39e802aef084a5cbdfef57d9e04a8c55f414063f853 Mon Sep 17 00:00:00 2001 From: Robert Schweikert Date: Thu, 24 Jun 2021 12:36:19 +0000 Subject: [PATCH 1/4] Accepting request 901729 from home:glaubitz:branches:Cloud:Tools - Update to version 1.31.2 + Handle HTTPError and other unknown exception when fetching IMDS token + Support Oracle Enterprise Linux 8 - from version 1.31.1 + Support fallback to mount with mount target ip address when DNS resolution fails + Bump py from 1.8.0 to 1.10.0 - from version 1.30.2 + Add helper message when config file on instance is not latest + Fix the throughput regression due to read_ahead configuration change on Linux distribution with kernel version 5.4.x and above - from version 1.30.1 + Support mounting to specific AZ mount target + Revert "Support mounting to specific AZ mount target" + Support mounting to specific AZ mount target + Use regional AWS STS endpoints instead of the global endpoint to reduce latency - from version 1.29.1-mac + Fix issue where state files are removed after mount on EC2 instances running on MacOS Big Sur + Add support for EC2 Mac instances running macOS Big Sur - from version 1.29.1 + Update the python dependency to python3 + Fix typo - from version 1.28.2 + Fix the issue that mounting with IAM authorization with iam role does not work with IMDSv2 - from version 1.28.1 + Support publishing mount success/failure notification via CloudWatch log + filename of .deb-package now includes architecture - from version 1.27.1 + Merge PR #60 on GitHub. Adds support for AssumeRoleWithWebIdentity. OBS-URL: https://build.opensuse.org/request/show/901729 OBS-URL: https://build.opensuse.org/package/show/Cloud:Tools/aws-efs-utils?expand=0&rev=16 --- aws-efs-utils.changes | 88 ++++++++++++++++++++++++++++++++++++ aws-efs-utils.spec | 12 +++-- disable_mount_efs_test.patch | 21 +++++++++ v1.17.tar.gz | 3 -- v1.31.2.tar.gz | 3 ++ 5 files changed, 120 insertions(+), 7 deletions(-) create mode 100644 disable_mount_efs_test.patch delete mode 100644 v1.17.tar.gz create mode 100644 v1.31.2.tar.gz diff --git a/aws-efs-utils.changes b/aws-efs-utils.changes index e9db47c..eee733b 100644 --- a/aws-efs-utils.changes +++ b/aws-efs-utils.changes @@ -1,3 +1,91 @@ +------------------------------------------------------------------- +Thu Jun 24 11:57:02 UTC 2021 - John Paul Adrian Glaubitz + +- Update to version 1.31.2 + + Handle HTTPError and other unknown exception when fetching IMDS token + + Support Oracle Enterprise Linux 8 +- from version 1.31.1 + + Support fallback to mount with mount target ip address when DNS resolution fails + + Bump py from 1.8.0 to 1.10.0 +- from version 1.30.2 + + Add helper message when config file on instance is not latest + + Fix the throughput regression due to read_ahead configuration change + on Linux distribution with kernel version 5.4.x and above +- from version 1.30.1 + + Support mounting to specific AZ mount target + + Revert "Support mounting to specific AZ mount target" + + Support mounting to specific AZ mount target + + Use regional AWS STS endpoints instead of the global endpoint to reduce latency +- from version 1.29.1-mac + + Fix issue where state files are removed after mount on EC2 + instances running on MacOS Big Sur + + Add support for EC2 Mac instances running macOS Big Sur +- from version 1.29.1 + + Update the python dependency to python3 + + Fix typo +- from version 1.28.2 + + Fix the issue that mounting with IAM authorization with + iam role does not work with IMDSv2 +- from version 1.28.1 + + Support publishing mount success/failure notification via CloudWatch log + + filename of .deb-package now includes architecture +- from version 1.27.1 + + Merge PR #60 on GitHub. Adds support for AssumeRoleWithWebIdentity. + + Add support for AssumeRoleWithWebIdentity +- from version 1.26.3 + + Fix an issue where watchdog crashed during restart because stunnel + was killed and pid key was removed from state file +- from version 1.26.2 + + Fixes an issue with watchdog where it sometimes fails to restart stunnels in + efs-csi-driver container * Fixes an issue where fs cannot be mounted with tls + using systemd.automount-units due to mountpoint check + + Revert "Fixes an issue with watchdog where it sometimes fails to restart stunnels + in efs-csi-driver container" + + Fixes an issue with watchdog where it sometimes fails to restart stunnels in + efs-csi-driver container + + Remove non-ascii character in dist/efs-utils.conf +- from version 1.25-3 + + Check if mountpoint is already mounted beforehand for tls mount + + Bug fix and enhancement, support fedora +- from version 1.25-2 + + Fix python3 IAM role name encoded format, add optional + override for stunnel log + + Encode IAM role name to UTF-8 +- from version 1.25-1 + + Create self-signed certificate for tls-only mount + + add CentOS 8 support +- from version 1.24 + + Fix the malformed certificate info + + bump the release id to 3 + + Use IMDSv1 by default, and use IMDSv2 where required + + Revert "Use IMDSv1 by default, and fall back to IMDSv2 if necessary" + + Use IMDSv1 by default, and fall back to IMDSv2 if necessary + + Modify rhel8-support.sh to handle Fedora as well, and rename it + + Remove which from DEB package dependency + + List which as dependency to search command exec path + + Enable region sourcing from efs-utils configuration file and fix + stunnel exec path issue in openSUSE + + Update rpm changelog for v1.23-2, fix circleCI build issue +- from version 1.23 + + Add support for Amazon Elastic Container Service +- from version 1.22 + + Improvements to metadata retrieval and IAM authentication +- from version 1.21 + + Improvements to auth and access point support +- from version 1.20 + + Fixes the mount issue with full DNS name in the AWS China Regions; + Upgrades unit test coverage version dependency to enable accurate + python3.8 coverage test +- from version 1.19 + + Added region localization, Integrate repository with CircleCI to enable + package build visualization, Unit tests bug fixes for python3.5 +- from version 1.18 + + Support IAM authentication and access points. +- Add patch to disable mount_efs_test which requires networking + + disable_mount_efs_test.patch +- Add openssl to BuildRequires, required for testsuite +- Update Requires from requirements.txt + ------------------------------------------------------------------- Tue Nov 3 15:03:24 UTC 2020 - Franck Bui diff --git a/aws-efs-utils.spec b/aws-efs-utils.spec index 2c3e6ef..59bf5a4 100644 --- a/aws-efs-utils.spec +++ b/aws-efs-utils.spec @@ -1,7 +1,7 @@ # # spec file for package aws-efs-utils # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,21 +17,24 @@ Name: aws-efs-utils -Version: 1.17 +Version: 1.31.2 Release: 0 Summary: Utilities for using the EFS file systems License: MIT Group: System/Management URL: https://github.com/aws/efs-utils Source0: https://github.com/aws/efs-utils/archive/v%{version}.tar.gz +Patch0: disable_mount_efs_test.patch +BuildRequires: openssl BuildRequires: python3-attrs >= 17.4.0 -BuildRequires: python3-coverage >= 4.5 +BuildRequires: python3-botocore >= 1.17.53 +BuildRequires: python3-coverage >= 4.5.4 BuildRequires: python3-flake8 >= 3.7.9 BuildRequires: python3-mccabe >= 0.6.1 BuildRequires: python3-mock >= 2.0.0 BuildRequires: python3-pbr >= 3.1.1 BuildRequires: python3-pluggy >= 0.13.0 -BuildRequires: python3-py >= 1.8.0 +BuildRequires: python3-py >= 1.10.0 BuildRequires: python3-pycodestyle >= 2.5.0 BuildRequires: python3-pyflakes >= 2.1.1 BuildRequires: python3-pytest >= 4.6.7 @@ -52,6 +55,7 @@ This package provides utilities for using the EFS file systems. %prep %setup -n efs-utils-%{version} +%patch0 -p1 find . -name "*.py" -exec sed -i 's/env python/python3/' {} + %build diff --git a/disable_mount_efs_test.patch b/disable_mount_efs_test.patch new file mode 100644 index 0000000..70e66c7 --- /dev/null +++ b/disable_mount_efs_test.patch @@ -0,0 +1,21 @@ +diff -Nru efs-utils-1.31.2.orig/Makefile efs-utils-1.31.2/Makefile +--- efs-utils-1.31.2.orig/Makefile 2021-06-17 17:05:57.000000000 +0200 ++++ efs-utils-1.31.2/Makefile 2021-06-24 13:55:03.285623213 +0200 +@@ -57,5 +57,5 @@ + + .PHONY: test + test: +- pytest ++ pytest --ignore=test/mount_efs_test + flake8 +diff -Nru efs-utils-1.31.2.orig/setup.cfg efs-utils-1.31.2/setup.cfg +--- efs-utils-1.31.2.orig/setup.cfg 2021-06-17 17:05:57.000000000 +0200 ++++ efs-utils-1.31.2/setup.cfg 2021-06-24 13:54:45.397645746 +0200 +@@ -6,7 +6,6 @@ + addopts = + --verbose + --html build/pytest/index.html +- --cov mount_efs + --cov watchdog + --cov-report html:build/coverage + --cov-fail-under 80 diff --git a/v1.17.tar.gz b/v1.17.tar.gz deleted file mode 100644 index 7e3057e..0000000 --- a/v1.17.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2d535100e3cd1fe22dec918f21f555993d9675214df83ac20d4e8621131d3078 -size 31263 diff --git a/v1.31.2.tar.gz b/v1.31.2.tar.gz new file mode 100644 index 0000000..18e13f1 --- /dev/null +++ b/v1.31.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3619127427178795a9fc76ae23b4e8603e4cfd9f5330e9f3ce44fddc21fe85cb +size 101173 From f02137959b1db06bf4b5c50cf77b0faa960a937fed4fef66209efa3477ee980a Mon Sep 17 00:00:00 2001 From: Robert Schweikert Date: Thu, 2 Sep 2021 20:12:02 +0000 Subject: [PATCH 2/4] Accepting request 911447 from home:jsegitz:branches:systemdhardening:Cloud:Tools Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/911447 OBS-URL: https://build.opensuse.org/package/show/Cloud:Tools/aws-efs-utils?expand=0&rev=17 --- aws-efs-utils.changes | 6 +++++ aws-efs-utils.spec | 2 ++ ...en_amazon-efs-mount-watchdog.service.patch | 24 +++++++++++++++++++ 3 files changed, 32 insertions(+) create mode 100644 harden_amazon-efs-mount-watchdog.service.patch diff --git a/aws-efs-utils.changes b/aws-efs-utils.changes index eee733b..af184d3 100644 --- a/aws-efs-utils.changes +++ b/aws-efs-utils.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Aug 11 12:32:39 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s). Added patch(es): + * harden_amazon-efs-mount-watchdog.service.patch + ------------------------------------------------------------------- Thu Jun 24 11:57:02 UTC 2021 - John Paul Adrian Glaubitz diff --git a/aws-efs-utils.spec b/aws-efs-utils.spec index 59bf5a4..7abcb0c 100644 --- a/aws-efs-utils.spec +++ b/aws-efs-utils.spec @@ -25,6 +25,7 @@ Group: System/Management URL: https://github.com/aws/efs-utils Source0: https://github.com/aws/efs-utils/archive/v%{version}.tar.gz Patch0: disable_mount_efs_test.patch +Patch1: harden_amazon-efs-mount-watchdog.service.patch BuildRequires: openssl BuildRequires: python3-attrs >= 17.4.0 BuildRequires: python3-botocore >= 1.17.53 @@ -57,6 +58,7 @@ This package provides utilities for using the EFS file systems. %setup -n efs-utils-%{version} %patch0 -p1 find . -name "*.py" -exec sed -i 's/env python/python3/' {} + +%patch1 -p1 %build # No build required diff --git a/harden_amazon-efs-mount-watchdog.service.patch b/harden_amazon-efs-mount-watchdog.service.patch new file mode 100644 index 0000000..0210461 --- /dev/null +++ b/harden_amazon-efs-mount-watchdog.service.patch @@ -0,0 +1,24 @@ +Index: efs-utils-1.17/dist/amazon-efs-mount-watchdog.service +=================================================================== +--- efs-utils-1.17.orig/dist/amazon-efs-mount-watchdog.service ++++ efs-utils-1.17/dist/amazon-efs-mount-watchdog.service +@@ -11,6 +11,19 @@ Description=amazon-efs-mount-watchdog + Before=remote-fs-pre.target + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHome=true ++PrivateDevices=true ++ProtectHostname=true ++ProtectClock=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectKernelLogs=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + Type=simple + ExecStart=/usr/bin/env amazon-efs-mount-watchdog + KillMode=process From 5989180d393953220dcaac52aa576c00509d895d6529d0db923bf0e68bed4b93 Mon Sep 17 00:00:00 2001 From: Robert Schweikert Date: Fri, 18 Feb 2022 14:51:57 +0000 Subject: [PATCH 3/4] - Update to version 1.31.3 (bsc#1195916) + Add skip-styletest.patch - Style is enforced upstream and triggers unnecessary build version requirements + Allow specifying fs_id in cloudwatch log group name + Includes fix for stunnel path OBS-URL: https://build.opensuse.org/package/show/Cloud:Tools/aws-efs-utils?expand=0&rev=18 --- aws-efs-utils.changes | 10 ++++++++++ aws-efs-utils.spec | 11 +++++++---- efs-utils-1.31.3.tar.gz | 3 +++ skip-styletest.patch | 7 +++++++ v1.31.2.tar.gz | 3 --- 5 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 efs-utils-1.31.3.tar.gz create mode 100644 skip-styletest.patch delete mode 100644 v1.31.2.tar.gz diff --git a/aws-efs-utils.changes b/aws-efs-utils.changes index af184d3..9b0c92f 100644 --- a/aws-efs-utils.changes +++ b/aws-efs-utils.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Feb 18 12:39:14 UTC 2022 - Robert Schweikert + +- Update to version 1.31.3 (bsc#1195916) + + Add skip-styletest.patch + - Style is enforced upstream and triggers unnecessary build version + requirements + + Allow specifying fs_id in cloudwatch log group name + + Includes fix for stunnel path + ------------------------------------------------------------------- Wed Aug 11 12:32:39 UTC 2021 - Johannes Segitz diff --git a/aws-efs-utils.spec b/aws-efs-utils.spec index 7abcb0c..f8bbade 100644 --- a/aws-efs-utils.spec +++ b/aws-efs-utils.spec @@ -1,7 +1,7 @@ # # spec file for package aws-efs-utils # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,20 +17,22 @@ Name: aws-efs-utils -Version: 1.31.2 +Version: 1.31.3 Release: 0 Summary: Utilities for using the EFS file systems License: MIT Group: System/Management URL: https://github.com/aws/efs-utils -Source0: https://github.com/aws/efs-utils/archive/v%{version}.tar.gz +Source0: efs-utils-%{version}.tar.gz Patch0: disable_mount_efs_test.patch Patch1: harden_amazon-efs-mount-watchdog.service.patch +Patch2: skip-styletest.patch BuildRequires: openssl BuildRequires: python3-attrs >= 17.4.0 BuildRequires: python3-botocore >= 1.17.53 BuildRequires: python3-coverage >= 4.5.4 -BuildRequires: python3-flake8 >= 3.7.9 +#BuildRequires: python3-flake8 >= 3.7.9 +BuildRequires: python3-flake8 BuildRequires: python3-mccabe >= 0.6.1 BuildRequires: python3-mock >= 2.0.0 BuildRequires: python3-pbr >= 3.1.1 @@ -59,6 +61,7 @@ This package provides utilities for using the EFS file systems. %patch0 -p1 find . -name "*.py" -exec sed -i 's/env python/python3/' {} + %patch1 -p1 +%patch2 %build # No build required diff --git a/efs-utils-1.31.3.tar.gz b/efs-utils-1.31.3.tar.gz new file mode 100644 index 0000000..84750b2 --- /dev/null +++ b/efs-utils-1.31.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6d9c494631133f72d2755379b3907930ed4c333e0f9de5d0df64ef352be58954 +size 105670 diff --git a/skip-styletest.patch b/skip-styletest.patch new file mode 100644 index 0000000..d773164 --- /dev/null +++ b/skip-styletest.patch @@ -0,0 +1,7 @@ +--- Makefile.orig ++++ Makefile +@@ -58,4 +58,3 @@ deb: + .PHONY: test + test: + pytest --ignore=test/mount_efs_test +- flake8 diff --git a/v1.31.2.tar.gz b/v1.31.2.tar.gz deleted file mode 100644 index 18e13f1..0000000 --- a/v1.31.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3619127427178795a9fc76ae23b4e8603e4cfd9f5330e9f3ce44fddc21fe85cb -size 101173 From f1ea99ff091c677c92472310d3a685e71203572bd98011972bbcf0b2cdc836a1 Mon Sep 17 00:00:00 2001 From: Robert Schweikert Date: Wed, 9 Mar 2022 12:16:24 +0000 Subject: [PATCH 4/4] Accepting request 960475 from home:glaubitz:branches:Cloud:Tools - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang OBS-URL: https://build.opensuse.org/request/show/960475 OBS-URL: https://build.opensuse.org/package/show/Cloud:Tools/aws-efs-utils?expand=0&rev=19 --- aws-efs-utils.changes | 6 ++++++ aws-efs-utils.spec | 3 +-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/aws-efs-utils.changes b/aws-efs-utils.changes index 9b0c92f..6588d98 100644 --- a/aws-efs-utils.changes +++ b/aws-efs-utils.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Mar 9 11:47:22 UTC 2022 - John Paul Adrian Glaubitz + +- Remove redundant python3 dependency from Requires +- Update regular expression to fix python shebang + ------------------------------------------------------------------- Fri Feb 18 12:39:14 UTC 2022 - Robert Schweikert diff --git a/aws-efs-utils.spec b/aws-efs-utils.spec index f8bbade..1d0e1ea 100644 --- a/aws-efs-utils.spec +++ b/aws-efs-utils.spec @@ -49,7 +49,6 @@ BuildRequires: python3-six >= 1.11.0 BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(systemd) Requires: nfs-utils -Requires: python3 Requires: stunnel >= 4.56 BuildArch: noarch @@ -59,7 +58,7 @@ This package provides utilities for using the EFS file systems. %prep %setup -n efs-utils-%{version} %patch0 -p1 -find . -name "*.py" -exec sed -i 's/env python/python3/' {} + +find . -name "*.py" -exec sed -i 's/env python3/python3/' {} + %patch1 -p1 %patch2