Accepting request 1323535 from devel:kubic

OBS-URL: https://build.opensuse.org/request/show/1323535
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/etcd?expand=0&rev=53

README.security

@@ -1,10 +1,11 @@
-By default etcd doesn't require authentication.  If you configure etcd to be reachable
+By default etcd doesn't require authentication. If you configure etcd to be reachable
 over the network, have untrustworthy local users on the system where etc runs or store
 data in etcd that needs to be kept confidential please make sure to enable authentication.
 
-You can do that by configuring the settings under [security] in /etc/sysconfig/etcd.
-For additional guidance please read
-https://etcd.io/docs/v3.5/op-guide/configuration/#security
-and
-https://etcd.io/docs/v3.5/op-guide/authentication
-to ensure that you enforce proper access control
+You can do that by configuring the settings under the Security section in /etc/default/etcd.
+
+For additional guidance please read:
+https://etcd.io/docs/v3.6/op-guide/configuration/#security
+
+And to ensure that you enforce proper access control:
+https://etcd.io/docs/v3.6/op-guide/authentication/

_service

@@ -1,19 +1,28 @@
 <services>
-  <service name="tar_scm" mode="disabled">
+  <service name="tar_scm" mode="manual">
     <param name="url">https://github.com/etcd-io/etcd.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v3.5.12</param>
+    <param name="revision">v3.6.7</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>
   </service>
-  <service mode="disabled" name="set_version">
-  </service>
-  <service name="recompress" mode="disabled">
+  <service name="set_version" mode="manual"/>
+  <service name="recompress" mode="manual">
     <param name="file">*.tar</param>
     <param name="compression">gz</param>
   </service>
-  <service name="go_modules" mode="disabled">
+  <service name="go_modules" mode="manual">
+    <param name="subdir">server</param>
+    <param name="vendorname">vendor-server</param>
+  </service>
+  <service name="go_modules" mode="manual">
+    <param name="subdir">etcdctl</param>
+    <param name="vendorname">vendor-etcdctl</param>
+  </service>
+  <service name="go_modules" mode="manual">
+    <param name="subdir">etcdutl</param>
+    <param name="vendorname">vendor-etcdutl</param>
   </service>
 </services>

_servicedata

@@ -1,8 +1,4 @@
 <servicedata>
 <service name="tar_scm">
-                <param name="url">https://github.com/coreos/etcd.git</param>
-              <param name="changesrevision">94745a4eed0425653b3b4275a208d38babceeaec</param></service><service name="tar_scm">
-                <param name="url">git://github.com/etcd-io/etcd.git</param>
-              <param name="changesrevision">99018a77bea9a9d29962e5169876c64e02739c52</param></service><service name="tar_scm">
                 <param name="url">https://github.com/etcd-io/etcd.git</param>
-              <param name="changesrevision">e7b3bb6ccac840770f108ef9a0f013fa51b83256</param></service></servicedata>
+              <param name="changesrevision">e838ef116fc368b321ddf2e424167b15174fb80d</param></service></servicedata>

etcd-3.5.12.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:de10f81bb463e1e057d3a76eaf252c360e5b2b082f2b646539b1ab6e1509d84e
-size 4138338

etcd-3.6.7.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:aac996754b47858ffb943a58463f795e37440a0f6479f2ffddf511b5f32325c0
+size 7443044

etcd.changes

@@ -1,3 +1,225 @@
+-------------------------------------------------------------------
+Thu Dec 18 15:16:37 UTC 2025 - Elisei Roca <eroca@suse.com>
+
+- Update to version 3.6.7:
+  * dependency: Bump golang.org/x/net from 0.38.0 to 0.45.0
+  * Bump go to 1.24.11
+  * Print token fingerprint instead of the original tokens in log messages
+
+-------------------------------------------------------------------
+Fri Nov 14 07:59:59 UTC 2025 - Elisei Roca <eroca@suse.com>
+
+- Update to version 3.6.6:
+  * v3rpc: add and use getServerMetrics() with global metricsServerCached
+  * Fix the '--force-new-cluster' can't clean up learners issue
+  * etcdserver: follow convention to extract auth token in cluster_util.go
+  * etcdserver: fix cannot promote with auth from follower
+  * Fix endpoint status not retuning the correct storage quota
+  * server/embed: Log EOF on DEBUG in TLS handshake
+  * Reject watch request with -1 revision and make rangeEvents safe against negative revision
+
+-------------------------------------------------------------------
+Fri Sep 19 20:28:42 UTC 2025 - Elisei Roca <eroca@suse.com>
+
+- Update to version 3.6.5:
+  * Bump go to 1.24.7
+  * fix 20271: protect backend usage from concurrent applySnapshot and defrag
+  * Re-check that the lease still exists during the renew process
+  * Add an e2e test to reproduce lease Renew returns a wrong response
+  * server: Fix TestLogRotation error message in Go 1.24
+  * dependency: bump github.com/golangci/golangci-lint from v1.63.4 to v1.64.8
+  * Bump bbolt to v1.4.3
+  * Remove checking confState during schema migration
+  * Remove the --experimental-snapshot-catch-up-entries from help
+
+-------------------------------------------------------------------
+Mon Jul 28 12:16:38 UTC 2025 - Elisei Roca <eroca@suse.com>
+
+- Update to version 3.6.4:
+  * Check promotion against v2store when updating v2store
+  * Add an e2e test to reproduce the issue 20340
+
+-------------------------------------------------------------------
+Wed Jul 23 08:18:21 UTC 2025 - Elisei Roca <eroca@suse.com>
+
+- Update to version 3.6.3:
+  * Fix v2store check returning wrong result even there isn't any auth data
+  * Updated help for --quota-backend-bytes
+  * Prevent flakes with TestWatchRestore
+
+-------------------------------------------------------------------
+Tue Jul 15 08:43:36 UTC 2025 - Elisei Roca <eroca@suse.com>
+
+- Update to version 3.6.2:
+  * Avoid lowering revision of watchers in the future after restore
+  * Add verification to verify the watch response have a bigger revision than minRev
+  * Disable progress notify validation until we can guarantee response
+  * Skip sending progress notification for watch with starting revision in the future
+
+- Switch to _service file for vendoring and drop update-vendor.sh
+
+-------------------------------------------------------------------
+Tue Jun 10 09:33:50 UTC 2025 - Elisei Roca <eroca@suse.com>
+
+- See upgrade guide:
+  https://etcd.io/docs/v3.6/upgrades/upgrade_3_6/
+
+- Update to version 3.6.1:
+  * etcd server:
+    - Replaced the deprecated/removed UnaryServerInterceptor and
+      StreamServerInterceptor in otelgrpc with NewServerHandler
+    - Add protection on PromoteMember and UpdateRaftAttributes to prevent panicking
+    - Fix the issue that --force-new-cluster can't remove all other members in a corner case
+    - Fix mvcc: avoid double decrement of watcher gauge on close/cancel race
+    - Add validation to ensure there is no empty v3discovery endpoint
+  * etcdctl:
+    - Fix command etcdctl endpoint health doesn't work when options are set via environment variables
+
+- Update to version 3.6.0:
+  https://github.com/etcd-io/etcd/compare/v3.5.21...v3.6.0
+  * Dropped flags in v3.6.0:
+      ETCD_ENABLE_V2
+      ETCD_PROXY
+      ETCD_PROXY_DIAL_TIMEOUT
+      ETCD_PROXY_FAILURE_WAIT
+      ETCD_PROXY_READ_TIMEOUT
+      ETCD_PROXY_REFRESH_INTERVAL
+      ETCD_PROXY_WRITE_TIMEOUT
+
+-------------------------------------------------------------------
+Fri Jun  6 19:46:00 UTC 2025 - Elisei Roca <eroca@suse.com>
+
+- Fix a bug when migrating existing /etc/sysconfig/etcd
+- Add suggests for subpackages etcdctl and etcdutl
+- Add script for updating etcd.conf
+  * update-etcd-conf.sh
+- Renamed script for vendoring and commented out go_modules
+  in service file, we use the script
+  * update-vendor.sh
+
+-------------------------------------------------------------------
+Fri Mar 28 08:58:18 UTC 2025 - Elisei Roca <eroca@suse.com>
+
+- Update to version 3.5.21:
+  * bump golang.org/x/net from v0.36.0 to v0.38.0
+  * bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2
+    to address CVE-2025-30204 (bsc#1240515)
+
+-------------------------------------------------------------------
+Mon Mar 24 09:42:26 UTC 2025 - Elisei Roca <eroca@suse.com>
+
+- Update to version 3.5.20:
+  * Fix the issue that learner promotion command doesn't support
+    json output
+  * overwrite the member if already exist
+  * add verification to check whether membership data is in sync
+    between v2store and v3store
+  * fix: grpcproxy can get stuck in and endless loop causing high
+    cpu usage
+  * perf(release3.5): use RLock in Demoted method for read-only
+    access to expiry
+
+-------------------------------------------------------------------
+Thu Mar 06 13:16:47 UTC 2025 - Elisei Roca <eroca@suse.com>
+
+- Update to version 3.5.19:
+  * Bump go toolchain to 1.23.7
+  * fix a compaction induce latency issue
+  * Add learner id into log when being promoted or removed
+  * add learner check to readyz
+  * tools: add mixed read-write performance evaluation scripts
+
+-------------------------------------------------------------------
+Mon Jan 27 10:25:07 UTC 2025 - Elisei Roca <eroca@suse.com>
+
+- Update to version 3.5.18:
+  * Ensure all goroutines created by StartEtcd to exit before
+    closing the errc
+  * mvcc: restore tombstone index if it's first revision
+  * Bump go toolchain to 1.22.11
+  * Avoid deadlock in etcd.Close when stopping during bootstrapping
+  * etcdutl/etcdutl: use datadir package to build wal/snapdir
+  * Remove duplicated <-s.ReadyNotify()
+  * Do not wait for ready notify if the server is stopping
+  * Fix mixVersion test case: ensure a snapshot to be sent out
+  * *: support custom content check offline in v2store
+  * Print warning message for deprecated flags if set
+  * fix runtime error: comparing uncomparable type
+  * add tls min/max version to grpc proxy
+
+-------------------------------------------------------------------
+Mon Dec  2 13:37:55 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- Fixing a configuration data loss bug:
+  Fillup really really wants that the template and the target file
+  actually follow the sysconfig format. The current config and the
+  current template do not fulfill this requirement.
+
+  Move the current /etc/sysconfig/etcd to /etc/default/etcd and
+  install a new sysconfig file which only adds the ETCD_OPTIONS
+  option, which is actually used by the unit file.
+
+  This also makes it a bit cleaner to move etcd to use
+  --config-file in the long run.
+
+-------------------------------------------------------------------
+Sun Dec  1 14:52:01 UTC 2024 - Elisei Roca <eroca@suse.com>
+
+- Update etcd configuration file based on
+  https://github.com/etcd-io/etcd/blob/v3.5.17/etcd.conf.yml.sample
+
+-------------------------------------------------------------------
+Fri Nov 29 13:36:47 UTC 2024 - Elisei Roca <eroca@suse.com>
+
+- Update to version 3.5.17:
+  * fix(defrag): close temp file in case of error
+  * Bump go toolchain to 1.22.9
+  * fix(defrag): handle defragdb failure
+  * fix(defrag): handle no space left error
+  * [3.5] Fix risk of a partial write txn being applied
+  * [serverWatchStream] terminate recvLoop on sws.close()
+
+- Update to version 3.5.16:
+  * Bump go toolchain to 1.22.7
+  * Introduce compaction sleep interval flag
+  * Fix passing default grpc call options in Kubernetes client
+  * Skip leadership check if the etcd instance is active processing
+    heartbeats
+  * Introduce Kubernetes KV interface to etcd client
+
+- Update to version 3.5.15:
+  * Differentiate the warning message for rejected client and peer
+  * connections
+  * Suppress noisy basic auth token deletion log
+  * Support multiple values for allowed client and peer TLS
+    identities(#18015)
+  * print error log when validation on conf change failed
+
+- Update to version 3.5.14:
+  * etcdutl: Fix snapshot restore memory alloc issue
+  * server: Implement WithMmapSize option for backend config
+  * gRPC health server sets serving status to NOT_SERVING on defrag
+  * server/mvcc: introduce compactBeforeSetFinishedCompact
+    failpoint
+  * Update the compaction log when bootstrap and update compact's
+    signature
+  * add experimental-snapshot-catchup-entries flag.
+  * Fix retry requests when receiving ErrGPRCNotSupportedForLearner
+
+- Update to version 3.5.13:
+  * Fix progress notification for watch that doesn't get any events
+  * pkg/types: Support Unix sockets in NewURLS
+  * added arguments to the grpc-proxy: dial-keepalive-time,
+    dial-keepalive-timeout, permit-without-stream
+  * server: fix comment to match function name
+  * Make CGO_ENABLED configurable for etcd 3.5
+  * etcdserver: drain leaky goroutines before test completed
+
+-------------------------------------------------------------------
+Mon Sep  2 15:08:01 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
+
+- vendor-update.sh: Fix static /tmp file issue (bsc#1199031)
+
 -------------------------------------------------------------------
 Mon Mar 25 09:07:45 UTC 2024 - Elisei Roca <eroca@suse.com>
 
@@ -445,7 +667,7 @@ Thu May 13 13:42:05 UTC 2021 - alexandre.vicenzi@suse.com
 Fri Apr 16 20:34:06 UTC 2021 - Dirk Müller <dmueller@suse.com>
 
 - update etcd.service: avoid args from commandline and environment
-  as it leads to start failure (bsc#1183703) 
+  as it leads to start failure (bsc#1183703)
 
 -------------------------------------------------------------------
 Wed Mar 03 13:50:06 UTC 2021 - alexandre.vicenzi@suse.com
@@ -577,7 +799,7 @@ Thu Aug 06 09:30:53 UTC 2020 - rbrown@suse.com
 -------------------------------------------------------------------
 Sun Jun  7 21:09:20 UTC 2020 - Dirk Mueller <dmueller@suse.com>
 
-- update home-page url 
+- update home-page url
 
 -------------------------------------------------------------------
 Thu Feb  6 09:03:22 UTC 2020 - Michal Jura <mjura@suse.com>
@@ -887,7 +1109,7 @@ Mon Nov 12 09:33:41 UTC 2018 - opensuse-packaging@opensuse.org
 -------------------------------------------------------------------
 Tue Jun  5 09:24:54 UTC 2018 - dcassany@suse.com
 
-- Make use of %license macro 
+- Make use of %license macro
 
 -------------------------------------------------------------------
 Wed May 30 11:10:04 UTC 2018 - jmassaguerpla@suse.com
@@ -902,7 +1124,7 @@ Wed Feb 28 10:27:43 UTC 2018 - jmassaguerpla@suse.com
 
 - Build require go 1.9.4 or newer, since etcd has been tested and
   built on that. See previous changelog.
-  fix#go_requirement (bsc#1095184). 
+  fix#go_requirement (bsc#1095184).
 
 -------------------------------------------------------------------
 Thu Feb 22 06:54:05 UTC 2018 - opensuse-packaging@opensuse.org
@@ -928,7 +1150,7 @@ Thu Feb  1 16:58:18 CET 2018 - ro@suse.de
 -------------------------------------------------------------------
 Thu Nov 23 13:48:13 UTC 2017 - rbrown@suse.com
 
-- Replace references to /var/adm/fillup-templates with new 
+- Replace references to /var/adm/fillup-templates with new
   %_fillupdir macro (boo#1069468)
 
 -------------------------------------------------------------------
@@ -1646,7 +1868,7 @@ Fri May 19 16:18:42 UTC 2017 - opensuse-packaging@opensuse.org
 Thu Apr 13 10:01:12 UTC 2017 - jmassaguerpla@suse.com
 
 - Fix etcd build. We are generating 2 binaries, etcd and etcdctl.
-  They need to be built separately 
+  They need to be built separately
 
 -------------------------------------------------------------------
 Thu Feb 23 10:03:29 UTC 2017 - fcastelli@suse.com
@@ -1656,12 +1878,12 @@ Thu Feb 23 10:03:29 UTC 2017 - fcastelli@suse.com
 -------------------------------------------------------------------
 Tue Jan 24 12:23:46 UTC 2017 - jmassaguerpla@suse.com
 
-- exclude i586. We don't expect this package to be built on i586. 
+- exclude i586. We don't expect this package to be built on i586.
 
 -------------------------------------------------------------------
 Mon Jan 23 14:24:08 UTC 2017 - jmassaguerpla@suse.com
 
-- remove sysconfig.etcd: this file is not being used 
+- remove sysconfig.etcd: this file is not being used
 
 -------------------------------------------------------------------
 Mon Jan 23 12:40:16 UTC 2017 - opensuse-packaging@opensuse.org

etcd.conf

@@ -1,56 +1,322 @@
-# set commandline options
-# example: ETCD_OPTIONS="--enable-v2=true" to enable the v2 API
-#ETCD_OPTIONS=
+# Please also read README.security for this package.
 
-# [member]
-ETCD_NAME=default
+# Environment variables: every flag has a corresponding environment variable that has the
+# same name but is prefixed with ETCD_ and formatted in all caps and snake case.
+# For example, --some-flag would be ETCD_SOME_FLAG.
+
+# Caution: If you mix-and-match configuration options, then the following rules apply.
+# * Command-line flags take precedence over environment variables.
+# * If you provide a configuration file all command-line flags and environment variables are ignored.
+
+# Set commandline options example: ETCD_OPTIONS="--feature-gates=StopGRPCServiceOnDefrag=true"
+# ETCD_OPTIONS=""
+
+# Member:
+ETCD_NAME="default"
+# Human-readable name for this member.
 ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
-#ETCD_WAL_DIR=""
-#ETCD_SNAPSHOT_COUNT="10000"
-#ETCD_HEARTBEAT_INTERVAL="100"
-#ETCD_ELECTION_TIMEOUT="1000"
-# Before changing this setting allowing etcd to be reachable over the network
-# or if you have untrustworthy local users on the system where etc runs please
-# make sure to enable authentication in the [security] section below. Please
-# also read README.security for this package
-#ETCD_LISTEN_PEER_URLS="http://localhost:2380"
+# Path to the data directory.
+# ETCD_WAL_DIR=""
+# Path to the dedicated wal directory.
+# ETCD_SNAPSHOT_COUNT="10000"
+# Number of committed transactions to trigger a snapshot to disk. Deprecated in v3.6 and will be decommissioned in v3.7.
+# ETCD_HEARTBEAT_INTERVAL="100"
+# Time (in milliseconds) of a heartbeat interval.
+# ETCD_ELECTION_TIMEOUT="1000"
+# Time (in milliseconds) for an election to timeout. See tuning documentation for details.
+# ETCD_INITIAL_ELECTION_TICK_ADVANCE="true"
+# Whether to fast-forward initial election ticks on boot for faster election.
+# ETCD_LISTEN_PEER_URLS="http://localhost:2380"
+# List of URLs to listen on for peer traffic.
 ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
-#ETCD_MAX_SNAPSHOTS="5"
-#ETCD_MAX_WALS="5"
-#ETCD_CORS=""
-#
-#[cluster]
-#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
-# if you use different ETCD_NAME (e.g. test), set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
-#ETCD_INITIAL_CLUSTER="default=http://localhost:2380"
-#ETCD_INITIAL_CLUSTER_STATE="new"
-#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
-ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
-#ETCD_DISCOVERY=""
-#ETCD_DISCOVERY_SRV=""
-#ETCD_DISCOVERY_FALLBACK="proxy"
-#ETCD_DISCOVERY_PROXY=""
+# List of URLs to listen on for client grpc traffic and http as long as --listen-client-http-urls is not specified.
+# ETCD_LISTEN_CLIENT_HTTP_URLS=""
+# List of URLs to listen on for http only client traffic. Enabling this flag removes http services from --listen-client-urls.
+# ETCD_MAX_SNAPSHOTS="5"
+# Maximum number of snapshot files to retain (0 is unlimited). Deprecated in v3.6 and will be decommissioned in v3.7.
+# ETCD_MAX_WALS="5"
+# Maximum number of wal files to retain (0 is unlimited).
+# ETCD_MEMORY_MLOCK=""
+# Enable to enforce etcd pages (in particular bbolt) to stay in RAM.
+# ETCD_QUOTA_BACKEND_BYTES="0"
+# Sets the maximum size (in bytes) that the etcd backend database may consume. Exceeding this triggers an alarm and puts etcd in read-only mode. Set to 0 to use the default 2GiB limit.
+# ETCD_BACKEND_BBOLT_FREELIST_TYPE="map"
+# BackendFreelistType specifies the type of freelist that boltdb backend uses(array and map are supported types).
+# ETCD_BACKEND_BATCH_INTERVAL=""
+# BackendBatchInterval is the maximum time before commit the backend transaction.
+# ETCD_BACKEND_BATCH_LIMIT="0"
+# BackendBatchLimit is the maximum operations before commit the backend transaction.
+# ETCD_MAX_TXN_OPS="128"
+# Maximum number of operations permitted in a transaction.
+# ETCD_MAX_REQUEST_BYTES="1572864"
+# Maximum client request size in bytes the server will accept.
+# ETCD_MAX_CONCURRENT_STREAMS="math.MaxUint32"
+# Maximum concurrent streams that each client can open at a time.
+# ETCD_GRPC_KEEPALIVE_MIN_TIME="5s"
+# Minimum duration interval that a client should wait before pinging server.
+# ETCD_GRPC_KEEPALIVE_INTERVAL="2h"
+# Frequency duration of server-to-client ping to check if a connection is alive (0 to disable).
+# ETCD_GRPC_KEEPALIVE_TIMEOUT="20s"
+# Additional duration of wait before closing a non-responsive connection (0 to disable).
+# ETCD_SOCKET_REUSE_PORT="false"
+# Enable to set socket option SO_REUSEPORT on listeners allowing rebinding of a port already in use.
+# ETCD_SOCKET_REUSE_ADDRESS="false"
+# Enable to set socket option SO_REUSEADDR on listeners allowing binding to an address in TIME_WAIT state.
+# ETCD_ENABLE_GRPC_GATEWAY=""
+# Enable GRPC gateway.
+# ETCD_RAFT_READ_TIMEOUT="5s"
+# Read timeout set on each rafthttp connection
+# ETCD_RAFT_WRITE_TIMEOUT="5s"
+# Write timeout set on each rafthttp connection
+# ETCD_FEATURE_GATES=""
+# A set of key=value pairs that describe server level feature gates for alpha/experimental features. Options are:
+# AllAlpha=true|false (ALPHA - default=false)
+# AllBeta=true|false (BETA - default=false)
+# CompactHashCheck=true|false (ALPHA - default=false)
+# InitialCorruptCheck=true|false (ALPHA - default=false)
+# LeaseCheckpoint=true|false (ALPHA - default=false)
+# LeaseCheckpointPersist=true|false (ALPHA - default=false)
+# SetMemberLocalAddr=true|false (ALPHA - default=false)
+# StopGRPCServiceOnDefrag=true|false (ALPHA - default=false)
+# TxnModeWriteWithSharedBuffer=true|false (BETA - default=true)
+
+# Clustering:
+# ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
+# List of this member's peer URLs to advertise to the rest of the cluster.
+# ETCD_INITIAL_CLUSTER="default=http://localhost:2380"
+# Initial cluster configuration for bootstrapping.
+# ETCD_INITIAL_CLUSTER_STATE="new"
+# Initial cluster state ('new' when bootstrapping a new cluster or 'existing' when adding new members to an existing cluster).
+# After successful initialization (bootstrapping or adding), flag is ignored on restarts
+# ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
+# Initial cluster token for the etcd cluster during bootstrap.
+# Specifying this can protect you from unintended cross-cluster interaction when running multiple clusters.
+ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
+# List of this member's client URLs to advertise to the public.
+# The client URLs advertised should be accessible to machines that talk to etcd cluster. etcd client libraries parse these URLs to connect to the cluster.
+# ETCD_DISCOVERY=""
+# Discovery URL used to bootstrap the cluster for v2 discovery. Will be deprecated in v3.7, and be decommissioned in v3.8.
+# ETCD_DISCOVERY_TOKEN=""
+# V3 discovery: discovery token for the etcd cluster to be bootstrapped.
+# ETCD_DISCOVERY_ENDPOINTS=""
+# V3 discovery: List of gRPC endpoints of the discovery service.
+# ETCD_DISCOVERY_DIAL_TIMEOUT="2s"
+# V3 discovery: dial timeout for client connections.
+# ETCD_DISCOVERY_REQUEST_TIMEOUT="5s"
+# V3 discovery: timeout for discovery requests (excluding dial timeout).
+# ETCD_DISCOVERY_KEEPALIVE_TIME="2s"
+# V3 discovery: keepalive time for client connections.
+# ETCD_DISCOVERY_KEEPALIVE_TIMEOUT="6s"
+# V3 discovery: keepalive timeout for client connections.
+# ETCD_DISCOVERY_INSECURE_TRANSPORT="true"
+# V3 discovery: disable transport security for client connections.
+# ETCD_DISCOVERY_INSECURE_SKIP_TLS_VERIFY="false"
+# V3 discovery: skip server certificate verification (CAUTION: this option should be enabled only for testing purposes).
+# ETCD_DISCOVERY_CERT=""
+# V3 discovery: identify secure client using this TLS certificate file.
+# ETCD_DISCOVERY_KEY=""
+# V3 discovery: identify secure client using this TLS key file.
+# ETCD_DISCOVERY_CACERT=""
+# V3 discovery: verify certificates of TLS-enabled secure servers using this CA bundle.
+# ETCD_DISCOVERY_USER=""
+# V3 discovery: username[:password] for authentication (prompt if password is not supplied).
+# ETCD_DISCOVERY_PASSWORD=""
+# V3 discovery: password for authentication (if this option is used, --user option shouldn't include password).
+# ETCD_DISCOVERY_FALLBACK="exit"
+# Expected behavior ('exit') when discovery services fails. Note that v2 proxy is removed.
+# ETCD_DISCOVERY_PROXY=""
+# HTTP proxy to use for traffic to discovery service. Will be deprecated in v3.7, and be decommissioned in v3.8.
+# ETCD_DISCOVERY_SRV=""
+# DNS srv domain used to bootstrap the cluster.
+# ETCD_DISCOVERY_SRV_NAME=""
+# Suffix to the dns srv name queried when bootstrapping.
+# ETCD_STRICT_RECONFIG_CHECK="true"
+# Reject reconfiguration requests that would cause quorum loss.
+# ETCD_PRE_VOTE="true"
+# Enable the raft Pre-Vote algorithm to prevent disruption when a node that has been partitioned away rejoins the cluster.
+# ETCD_AUTO_COMPACTION_RETENTION="0"
+# Auto compaction retention length. 0 means disable auto compaction.
+# ETCD_AUTO_COMPACTION_MODE="periodic"
+# Interpret 'auto-compaction-retention' one of: periodic|revision. 'periodic' for duration based retention, defaulting to hours if no time unit is provided (e.g. '5m'). 'revision' for revision number based retention.
+# ETCD_V2_DEPRECATION="write-only"
+# Phase of v2store deprecation. Deprecated and scheduled for removal in v3.8. The default value is enforced, ignoring user input.
+# Supported values:
+# 'not-yet'                // Issues a warning if v2store have meaningful content (default in v3.5)
+# 'write-only'             // Custom v2 state is not allowed (default in v3.6)
+# 'write-only-drop-data'   // Custom v2 state will get DELETED ! (planned default in v3.7)
+# 'gone'                   // v2store is not maintained any longer. (planned to cleanup anything related to v2store in v3.8)
+
+# Security:
+# ETCD_CERT_FILE=""
+# Path to the client server TLS cert file.
+# ETCD_KEY_FILE=""
+# Path to the client server TLS key file.
+# ETCD_CLIENT_CERT_AUTH="false"
+# Enable client cert authentication.
+# ETCD_CLIENT_CERT_FILE=""
+# Path to an explicit peer client TLS cert file otherwise cert file will be used when client auth is required.
+# ETCD_CLIENT_KEY_FILE=""
+# Path to an explicit peer client TLS key file otherwise key file will be used when client auth is required.
+# ETCD_CLIENT_CRL_FILE=""
+# Path to the client certificate revocation list file.
+# ETCD_CLIENT_CERT_ALLOWED_HOSTNAME=""
+# Comma-separated list of SAN hostnames for client cert authentication.
+# ETCD_TRUSTED_CA_FILE=""
+# Path to the client server TLS trusted CA cert file.
+# ETCD_AUTO_TLS="false"
+# Client TLS using generated certificates.
+# ETCD_PEER_CERT_FILE=""
+# Path to the peer server TLS cert file.
+# ETCD_PEER_KEY_FILE=""
+# Path to the peer server TLS key file.
+# ETCD_PEER_CLIENT_CERT_AUTH="false"
+# Enable peer client cert authentication.
+# ETCD_PEER_CLIENT_CERT_FILE=""
+# Path to an explicit peer client TLS cert file otherwise peer cert file will be used when client auth is required.
+# ETCD_PEER_CLIENT_KEY_FILE=""
+# Path to an explicit peer client TLS key file otherwise peer key file will be used when client auth is required.
+# ETCD_PEER_TRUSTED_CA_FILE=""
+# Path to the peer server TLS trusted CA file.
+# ETCD_PEER_CERT_ALLOWED_CN=""
+# Comma-separated list of allowed CNs for inter-peer TLS authentication.
+# ETCD_PEER_CERT_ALLOWED_HOSTNAME=""
+# Comma-separated list of allowed SAN hostnames for inter-peer TLS authentication.
+# ETCD_PEER_AUTO_TLS="false"
+# Peer TLS using self-generated certificates if --peer-key-file and --peer-cert-file are not provided.
+# ETCD_SELF_SIGNED_CERT_VALIDITY="1"
+# The validity period of the client and peer certificates that are automatically generated by etcd when you specify ClientAutoTLS and PeerAutoTLS, the unit is year, and the default is 1.
+# ETCD_PEER_CRL_FILE=""
+# Path to the peer certificate revocation list file.
+# ETCD_CIPHER_SUITES=""
+# Comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go).
+# ETCD_CORS="*"
+# Comma-separated whitelist of origins for CORS, or cross-origin resource sharing, (empty or * means allow all).
+# ETCD_HOST_WHITELIST="*"
+# Acceptable hostnames from HTTP client requests, if server is not secure (empty or * means allow all).
+# ETCD_TLS_MIN_VERSION="TLS1.2"
+# Minimum TLS version supported by etcd. Possible values: TLS1.2, TLS1.3.
+# ETCD_TLS_MAX_VERSION=""
+# Maximum TLS version supported by etcd. Possible values: TLS1.2, TLS1.3 (empty will be auto-populated by Go).
+
+# Auth:
+# ETCD_AUTH_TOKEN="simple"
+# Specify a v3 authentication token type and its options ('simple' or 'jwt').
+# ETCD_BCRYPT_COST="10"
+# Specify the cost / strength of the bcrypt algorithm for hashing auth passwords. Valid values are between 4 and 31.
+# ETCD_AUTH_TOKEN_TTL="300"
+# Time (in seconds) of the auth-token-ttl.
+
+# Profiling and Monitoring:
+# ETCD_ENABLE_PPROF="false"
+# Enable runtime profiling data via HTTP server. Address is at client URL + "/debug/pprof/"
+# ETCD_METRICS="basic"
+# Set level of detail for exported metrics, specify 'extensive' to include server side grpc histogram metrics.
+# ETCD_LISTEN_METRICS_URLS=""
+# List of URLs to listen on for the /metrics and /health endpoints. For https, the client URL TLS info is used.
+
+# Logging:
+# ETCD_LOGGER="zap"
+# Currently only supports 'zap' for structured logging.
+# ETCD_LOG_OUTPUTS="default"
+# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd, or list of comma separated output targets.
+# ETCD_LOG_LEVEL="info"
+# Configures log level. Only supports debug, info, warn, error, panic, or fatal.
+# ETCD_LOG_FORMAT="json"
+# Configures log format. Only supports json, console.
+# ETCD_ENABLE_LOG_ROTATION="false"
+# Enable log rotation of a single log-outputs file target.
+# ETCD_LOG_ROTATION_CONFIG_JSON="{"maxsize": 100, "maxage": 0, "maxbackups": 0, "localtime": false, "compress": false}"
+# Configures log rotation if enabled with a JSON logger config. MaxSize(MB), MaxAge(days,0=no limit), MaxBackups(0=no limit), LocalTime(use computers local time), Compress(gzip)".
+# ETCD_WARNING_UNARY_REQUEST_DURATION="300ms"
+# Set time duration after which a warning is logged if a unary request takes more than this duration.
+
+# Experimental distributed tracing:
+# ETCD_EXPERIMENTAL_ENABLE_DISTRIBUTED_TRACING="false"
+# Enable experimental distributed tracing. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--enable-distributed-tracing' instead.
+# ETCD_ENABLE_DISTRIBUTED_TRACING="false"
+# Enable distributed tracing.
+# ETCD_EXPERIMENTAL_DISTRIBUTED_TRACING_ADDRESS="localhost:4317"
+# Distributed tracing collector address. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--distributed-tracing-address' instead.
+# ETCD_DISTRIBUTED_TRACING_ADDRESS="localhost:4317"
+# Distributed tracing collector address.
+# ETCD_EXPERIMENTAL_DISTRIBUTED_TRACING_SERVICE_NAME="etcd"
+# Distributed tracing service name, must be same across all etcd instances. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--distributed-tracing-service-name' instead.
+# ETCD_DISTRIBUTED_TRACING_SERVICE_NAME="etcd"
+# Distributed tracing service name, must be same across all etcd instances.
+# ETCD_EXPERIMENTAL_DISTRIBUTED_TRACING_INSTANCE_ID=""
+# Distributed tracing instance ID, must be unique per each etcd instance. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--distributed-tracing-instance-id' instead.
+# ETCD_DISTRIBUTED_TRACING_INSTANCE_ID=""
+# Distributed tracing instance ID, must be unique per each etcd instance.
+# ETCD_EXPERIMENTAL_DISTRIBUTED_TRACING_SAMPLING_RATE="0"
+# Number of samples to collect per million spans for distributed tracing. Disabled by default. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--distributed-tracing-sampling-rate' instead.
+# ETCD_DISTRIBUTED_TRACING_SAMPLING_RATE="0"
+# Number of samples to collect per million spans for distributed tracing.
+
+# Experimental feature:
+# ETCD_EXPERIMENTAL_INITIAL_CORRUPT_CHECK="false"
+# Enable to check data corruption before serving any client/peer traffic. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--feature-gates=InitialCorruptCheck=true' instead.
+# ETCD_EXPERIMENTAL_CORRUPT_CHECK_TIME="0s"
+# Duration of time between cluster corruption check passes. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--corrupt-check-time' instead.
+# ETCD_CORRUPT_CHECK_TIME="0s"
+# Duration of time between cluster corruption check passes.
+# ETCD_EXPERIMENTAL_COMPACT_HASH_CHECK_ENABLED="false"
+# Enable leader to periodically check followers compaction hashes. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--feature-gates=CompactHashCheck=true' instead.
+# ETCD_EXPERIMENTAL_COMPACT_HASH_CHECK_TIME="1m"
+# Duration of time between leader checks followers compaction hashes. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--compact-hash-check-time' instead.
+# ETCD_COMPACT_HASH_CHECK_TIME="1m"
+# Duration of time between leader checks followers compaction hashes.
+# ETCD_EXPERIMENTAL_ENABLE_LEASE_CHECKPOINT="false"
+# ExperimentalEnableLeaseCheckpoint enables primary lessor to persist lease remainingTTL to prevent indefinite auto-renewal of long lived leases. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--feature-gates=LeaseCheckpoint=true' instead.
+# ETCD_EXPERIMENTAL_COMPACTION_BATCH_LIMIT="1000"
+# ExperimentalCompactionBatchLimit sets the maximum revisions deleted in each compaction batch. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--compaction-batch-limit' instead.
+# ETCD_COMPACTION_BATCH_LIMIT="1000"
+# CompactionBatchLimit sets the maximum revisions deleted in each compaction batch.
+# ETCD_EXPERIMENTAL_PEER_SKIP_CLIENT_SAN_VERIFICATION="false"
+# Skip verification of SAN field in client certificate for peer connections. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--peer-skip-client-san-verification' instead.
+# ETCD_PEER_SKIP_CLIENT_SAN_VERIFICATION="false"
+# Skip verification of SAN field in client certificate for peer connections.
+# ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL="10m"
+# Duration of periodical watch progress notification. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--watch-progress-notify-interval' instead.
+# ETCD_WATCH_PROGRESS_NOTIFY_INTERVAL="10m"
+# Duration of periodical watch progress notification.
+# ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION="100ms"
+# Warning is generated if requests take more than this duration. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--warning-apply-duration' instead.
+# ETCD_WARNING_APPLY_DURATION="100ms"
+# Warning is generated if requests take more than this duration.
+# ETCD_EXPERIMENTAL_TXN_MODE_WRITE_WITH_SHARED_BUFFER="true"
+# Enable the write transaction to use a shared buffer in its readonly check operations. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--feature-gates=TxnModeWriteWithSharedBuffer=true' instead.
+# ETCD_EXPERIMENTAL_BOOTSTRAP_DEFRAG_THRESHOLD_MEGABYTES=""
+# Enable the defrag during etcd server bootstrap on condition that it will free at least the provided threshold of disk space. Needs to be set to non-zero value to take effect. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--bootstrap-defrag-threshold-megabytes' instead.
+# ETCD_BOOTSTRAP_DEFRAG_THRESHOLD_MEGABYTES=""
+# Enable the defrag during etcd server bootstrap on condition that it will free at least the provided threshold of disk space. Needs to be set to non-zero value to take effect.
+# ETCD_EXPERIMENTAL_WARNING_UNARY_REQUEST_DURATION="300ms"
+# Set time duration after which a warning is generated if a unary request takes more than this duration. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--warning-unary-request-duration' instead.
+# ETCD_MAX_LEARNERS="1"
+# Set the max number of learner members allowed in the cluster membership.
+# ETCD_EXPERIMENTAL_COMPACTION_SLEEP_INTERVAL=""
+# Sets the sleep interval between each compaction batch. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--compaction-sleep-interval' instead.
+# ETCD_COMPACTION_SLEEP_INTERVAL=""
+# Sets the sleep interval between each compaction batch.
+# ETCD_EXPERIMENTAL_DOWNGRADE_CHECK_TIME=""
+# Duration of time between two downgrade status checks. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--downgrade-check-time' instead.
+# ETCD_DOWNGRADE_CHECK_TIME=""
+# Duration of time between two downgrade status checks.
+# ETCD_EXPERIMENTAL_ENABLE_LEASE_CHECKPOINT_PERSIST="false"
+# Enable persisting remainingTTL to prevent indefinite auto-renewal of long lived leases. Always enabled in v3.6. Should be used to ensure smooth upgrade from v3.5 clusters with this feature enabled. Requires experimental-enable-lease-checkpoint to be enabled. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--feature-gates=LeaseCheckpointPersist=true' instead.
+# ETCD_EXPERIMENTAL_MEMORY_MLOCK=""
+# Enable to enforce etcd pages (in particular bbolt) to stay in RAM. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--memory-mlock' instead.
+# ETCD_EXPERIMENTAL_SNAPSHOT_CATCHUP_ENTRIES=""
+# Number of entries for a slow follower to catch up after compacting the raft storage entries. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--snapshot-catchup-entries' instead.
+# ETCD_SNAPSHOT_CATCHUP_ENTRIES=""
+# Number of entries for a slow follower to catch up after compacting the raft storage entries.
+# ETCD_EXPERIMENTAL_STOP_GRPC_SERVICE_ON_DEFRAG=""
+# Enable etcd gRPC service to stop serving client requests on defragmentation. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--feature-gates=StopGRPCServiceOnDefrag=true' instead.
+
+# Unsafe feature:
+# ETCD_FORCE_NEW_CLUSTER="false"
+# Force to create a new one-member cluster.
+# ETCD_UNSAFE_NO_FSYNC="false"
+# Disables fsync, unsafe, will cause data loss.
+
+# CAUTIOUS with unsafe flag! It may break the guarantees given by the consensus protocol!
 
-#
-#[security]
-#ETCD_CERT_FILE=""
-#ETCD_KEY_FILE=""
-#ETCD_CLIENT_CERT_AUTH="false"
-#ETCD_TRUSTED_CA_FILE=""
-#ETCD_PEER_CERT_FILE=""
-#ETCD_PEER_KEY_FILE=""
-#ETCD_PEER_CLIENT_CERT_AUTH="false"
-#ETCD_PEER_TRUSTED_CA_FILE=""
-#
-#[logging]
-#ETCD_LOG_LEVEL="debug"
-# examples for -log-package-levels etcdserver=WARNING,security=DEBUG
-#ETCD_LOG_PACKAGE_LEVELS=""
-#
-#[proxy] Note: flags will be deprecated in v3.6. "proxy" supports v2 API only.
-#ETCD_PROXY="off"
-#ETCD_PROXY_FAILURE_WAIT="5000"
-#ETCD_PROXY_REFRESH_INTERVAL="30000"
-#ETCD_PROXY_DIAL_TIMEOUT="1000"
-#ETCD_PROXY_WRITE_TIMEOUT="5000"
-#ETCD_PROXY_READ_TIMEOUT="0"

etcd.service

@@ -21,6 +21,7 @@ RestrictRealtime=true
 Type=notify
 WorkingDirectory=/var/lib/etcd/
 EnvironmentFile=-/etc/sysconfig/etcd
+EnvironmentFile=-/etc/default/etcd
 User=etcd
 # set GOMAXPROCS to number of processors
 ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/sbin/etcd $ETCD_OPTIONS"

etcd.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package etcd
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -15,6 +15,7 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
+%global etcd_default_file /etc/default/etcd
 
 %define project go.etcd.io/etcd
 #Compat macro for new _fillupdir macro introduced in Nov 2017
@@ -22,31 +23,36 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           etcd
-Version:        3.5.12
+Version:        3.6.7
 Release:        0
-Summary:        Highly-available key value store for configuration and service discovery
+Summary:        Reliable key-value store for the most critical data of a distributed system
 License:        Apache-2.0
 Group:          System/Management
 URL:            https://github.com/etcd-io/etcd
 Source:         %{name}-%{version}.tar.gz
-Source1:        vendor.tar.gz
+Source1:        vendor-server.tar.gz
+Source2:        vendor-etcdctl.tar.gz
+Source3:        vendor-etcdutl.tar.gz
 Source11:       %{name}.conf
 Source12:       %{name}.service
+Source13:       %{name}.sysconfig
+Source14:       %{name}.sysuser
 Source15:       README.security
-Source16:       system-user-etcd.conf
-Source17:       vendor-update.sh
-BuildRequires:  golang(API) >= 1.20
+Source16:       update-etcd-conf.sh
+BuildRequires:  golang(API) >= 1.24
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  sysuser-tools
 BuildRequires:  xz
 Requires(post): %fillup_prereq
+Suggests:       etcdctl
+Suggests:       etcdutl
 ExcludeArch:    s390 %{ix86}
 %sysusers_requires
 
 %description
-etcd is a distributed, consistent key-value store for shared configuration and
-service discovery, with a focus on being:
+etcd is a distributed reliable key-value store for the most critical data of a
+distributed system, with a focus on being:
 
 - Simple: well-defined, user-facing API (gRPC)
 - Secure: automatic TLS with optional client cert authentication
@@ -72,9 +78,11 @@ It's designed to operate directly on etcd data files.
 For operations over a network, please use `etcdctl`.
 
 %prep
-%setup -q -a1
+%autosetup
 cp %{SOURCE15} .
-cp -rla vendor/* ./ && rm -r vendor/
+tar -C server -xzf %{SOURCE1}
+tar -C etcdctl -xzf %{SOURCE2}
+tar -C etcdutl -xzf %{SOURCE3}
 
 %build
 %{goprep} %{project}
@@ -93,7 +101,7 @@ for item in server etcdctl etcdutl;do
 done
 cd "$dir"
 
-%sysusers_generate_pre %{SOURCE16} %{name} system-user-etcd.conf
+%sysusers_generate_pre %{SOURCE14} %{name} etcd.conf
 
 %install
 install -d %{buildroot}%{_sbindir}
@@ -108,13 +116,19 @@ install -D -p -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/%{name}.service
 ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
 
 # Sysconfig
-install -D -p -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir}/sysconfig.%{name}
+install -D -p -m 0644 %{SOURCE13} %{buildroot}%{_fillupdir}/sysconfig.%{name}
+install -D -p -m 0644 %{SOURCE11} %{buildroot}%{etcd_default_file}
 
 # Additional
 install -d -m 750 %{buildroot}%{_localstatedir}/lib/%{name}
-install -Dm0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/system-user-etcd.conf
+install -Dm0644 %{SOURCE14} %{buildroot}%{_sysusersdir}/etcd.conf
 
 %pre -f %{name}.pre
+if [ ! -e %{etcd_default_file} -a -e /etc/sysconfig/etcd ] ; then
+  echo "Migrating existing /etc/sysconfig/etcd to %{etcd_default_file}."
+  echo "From now on only ETCD_OPTIONS should be in /etc/sysconfig/etcd"
+  mv /etc/sysconfig/etcd %{etcd_default_file}
+fi
 %service_add_pre %{name}.service
 
 %post
@@ -131,7 +145,7 @@ install -Dm0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/system-user-etcd.conf
 %license LICENSE
 %doc CONTRIBUTING.md README.md DCO README.security
 %{_sbindir}/%{name}
-%{_sysusersdir}/system-user-etcd.conf
+%{_sysusersdir}/%{name}.conf
 
 # Service
 %{_unitdir}/%{name}.service
@@ -140,6 +154,8 @@ install -Dm0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/system-user-etcd.conf
 # Sysconfig
 %{_fillupdir}/sysconfig.%{name}
 
+%config(noreplace) %{etcd_default_file}
+
 # Additional
 %dir %attr(0750,%{name},%{name}) %{_localstatedir}/lib/%{name}
 

etcd.sysconfig

@@ -0,0 +1,9 @@
+## Path:     Applications/etcd
+## Description:    etcd key value store
+## Type:     string()
+## Default:    ""
+## ServiceRestart: etcd
+#
+# additional options to pass to etcd:
+#
+ETCD_OPTIONS=""

update-etcd-conf.sh

@@ -0,0 +1,137 @@
+#!/usr/bin/bash
+#
+# Script to update etcd configuration
+# Intended to be run after updating sources
+# Author: Elisei Roca
+#------------------------------------------
+
+set -euo pipefail
+#set -x
+
+DRY_RUN=0
+REBUILD_IMAGE=0
+NEW_CONF=".update-etcd-conf.new"
+RPM_CACHE=".update-etcd-conf-latest.rpm"
+
+
+while [ "$#" -gt 0 ]; do
+  case $1 in
+    --clean|-c)
+      echo "Clean $NEW_CONF and $RPM_CACHE"
+      rm -f "$NEW_CONF" "$RPM_CACHE"
+      exit 0
+      ;;
+    --dry-run|-d)
+      DRY_RUN=1
+      ;;
+    --rebuild|-r)
+      REBUILD_IMAGE=1
+      ;;
+    --help|-h)
+      echo "Usage: $0 [--clean|-c] [--dry-run|-d] [--rebuild|-r]"
+      echo "  --clean,     -c : remove $NEW_CONF and $RPM_CACHE"
+      echo "  --dry-run,   -d : create '$NEW_CONF' instead of updating etcd.conf"
+      echo "  --rebuild,   -r : rebuild the RPM and container image"
+      exit 0
+      ;;
+    *)
+      echo "Unknown argument: $1" >&2
+      exit 1
+      ;;
+  esac
+  shift
+done
+
+BODY_TMP=$(mktemp "./.etcd-conf-update.body.XXXXXX")
+HELP_TMP=$(mktemp "./.etcd-conf-update.help.XXXXXX")
+OSC_LOG=$(mktemp "./.etcd-conf-update.osc.XXXXXX")
+TEMP_FILES="$HELP_TMP $BODY_TMP $OSC_LOG"
+cleanup() {
+  rm -f $TEMP_FILES
+}
+trap cleanup EXIT
+
+if [ "$REBUILD_IMAGE" -eq 1 ] || [ ! -f "$RPM_CACHE" ]; then
+  rm -f "$RPM_CACHE"
+  echo 'osc build --local-package --no-service'
+  osc build --local-package --no-service --clean | tee "$OSC_LOG"
+  RPM_PATH=$(tail -n10 "$OSC_LOG" | grep -Eo '/[^ ]*/etcd-[^ ]*\.rpm' | tail -1)
+  [ -z "$RPM_PATH" ] || [ ! -f "$RPM_PATH" ] && { echo '| No etcd RPM found after osc build |'; exit 1; }
+  cp -v "$RPM_PATH" "$RPM_CACHE"
+  echo "Copied newly built RPM to: $RPM_CACHE"
+else
+  echo "Using cached RPM: $RPM_CACHE"
+fi
+
+
+if [ "$REBUILD_IMAGE" -eq 1 ] || ! podman image exists etcd-oscrpm; then
+  podman build . -t etcd-oscrpm -f - <<EOF
+FROM registry.opensuse.org/opensuse/tumbleweed:latest
+COPY $RPM_CACHE /tmp/etcd.rpm
+RUN old /etc/zypp/repos.d/*.repo
+RUN zypper -n install --allow-unsigned-rpm /tmp/etcd.rpm
+EOF
+fi
+
+
+ETCD_VERSION=$(podman run --rm etcd-oscrpm etcd --version 2>/dev/null | awk '/^etcd Version:/ {print $3}')
+[ -z "$ETCD_VERSION" ] && { echo "Failed to extract etcd version from container"; exit 1; }
+echo "Version: $ETCD_VERSION"
+
+if ! podman run --rm etcd-oscrpm etcd --help > "$HELP_TMP" 2>/dev/null; then
+  echo "Error: Failed to run etcd --help in container" >&2
+  exit 1
+fi
+[ -s "$HELP_TMP" ] || { echo "Error: etcd --help output is empty" >&2; exit 1; }
+
+
+HEADER_CONTENT='# Please also read README.security for this package.
+
+# Environment variables: every flag has a corresponding environment variable that has the
+# same name but is prefixed with ETCD_ and formatted in all caps and snake case.
+# For example, --some-flag would be ETCD_SOME_FLAG.
+
+# Caution: If you mix-and-match configuration options, then the following rules apply.
+# * Command-line flags take precedence over environment variables.
+# * If you provide a configuration file all command-line flags and environment variables are ignored.
+
+# Set commandline options example: ETCD_OPTIONS="--feature-gates=StopGRPCServiceOnDefrag=true"
+# ETCD_OPTIONS=""'
+
+
+awk '
+  /^[[:space:]]*--[A-Za-z0-9-]+/ {
+    match($0, "^[[:space:]]*--([A-Za-z0-9-]+)([[:space:]]+\x27([^\x27]*)\x27|[[:space:]]+([^[:space:]]+))?", arr)
+    var = arr[1]
+    gsub("-", "_", var)
+    var = toupper(var)
+    if (arr[3] != "") val = arr[3]
+    else if (arr[4] != "") val = arr[4]
+    else val = ""
+    print "# ETCD_" var "=\"" val "\""
+    next
+  }
+  /^[[:space:]]*$/ { print ""; next }
+  { sub(/^[[:space:]]*/, "", $0); print "# " $0 }
+' "$HELP_TMP" > "$BODY_TMP"
+
+echo "$HEADER_CONTENT" > "$NEW_CONF"
+cat "$BODY_TMP" >> "$NEW_CONF"
+
+
+# Uncomment default configuration options
+for line in ETCD_NAME ETCD_DATA_DIR ETCD_LISTEN_CLIENT_URLS ETCD_ADVERTISE_CLIENT_URLS; do
+  sed -i "/# $line=/s/^# //" "$NEW_CONF"
+done
+
+
+# Modify ETCD_DATA_DIR to default value
+sed -i 's|^ETCD_DATA_DIR=.*$|ETCD_DATA_DIR="/var/lib/etcd/default.etcd"|' "$NEW_CONF"
+
+
+if [ "$DRY_RUN" -eq 0 ]; then
+  mv "$NEW_CONF" etcd.conf
+  echo "Updated etcd.conf"
+else
+  echo "Dry run: created $NEW_CONF"
+fi

vendor-etcdctl.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0193cf4cb050b5873e4cf6ec6709a860210c2281218c8a28c144fb2eab170d48
+size 4078418

vendor-etcdutl.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c82eb9434749dc6a823f6467f248efe6d3fac2c44d6563d052e02c6baab8dffe
+size 5816094

vendor-server.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:48fb24a93e97fe1812036e85200e39502e4206fe811494040d4d5d99d5082085
+size 5277921

vendor-update.sh

@@ -1,46 +0,0 @@
-#!/usr/bin/bash
-#
-# Script to update the vendor tarball
-# Author: Elisei Roca
-#------------------------------------
-
-# set -x
-
-NAME=etcd
-STACK=("server" "etcdctl" "etcdutl")
-VERSION=$(grep -oP '(?<=Version:)(.*)' etcd.spec | xargs)
-
-[ ! -f "$NAME-$VERSION".tar.gz ] && echo "$NAME-$VERSION.tar.gz does not exist" && exit 1 
-
-echo "Updating vendor file..."
-
-rm -rf /tmp/"$NAME" ||:
-mkdir -p /tmp/"$NAME"/vendor
-
-tar --strip-components=1 -xvf "$NAME-$VERSION".tar.gz -C /tmp/"$NAME" &> /dev/null
-
-dir=$(pwd)
-for item in ${STACK[*]}; do
-	mkdir /tmp/"$NAME"/vendor/"$item"
-	cd /tmp/"$NAME/$item"
-	go mod vendor
-	mv vendor/ ../vendor/"$item"
-done
-cd "$dir"
-
-fdupes -r -1 /tmp/"$NAME"/vendor/ |
-  while read line; do 
-    target="";
-    for file in ${line[*]}; do
-      if [ "x${target}" == "x" ]; then
-        target=$file;
-      else
-        ln -f "${target}" "${file}";
-      fi; 
-    done;
-  done
-
-tar -czvf vendor.tar.gz -C /tmp/"$NAME" vendor &> /dev/null
-rm -rf /tmp/"$NAME"  ||:
-
-echo "Repacked to vendor.tar.gz"

vendor.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b617a120bb3aba3a12f7c06a129ecfbdacbe1456a0470e4cc73e4aeb3a9732be
-size 5406488