rpm/openvswitch
SHA256
1
0
Fork 0
forked from pool/openvswitch
Code Pull Requests Activity
eec277fb34
openvswitch/Use-strongswan-for-openvswitch-ipsec-service.patch

24 lines
1.1 KiB
Diff
Raw Normal View History

Accepting request 744426 from home:jaicaa:branches:network - Update openvswitch to 2.12.0. For a list of changes, check https://github.com/openvswitch/ovs/blob/master/NEWS - Removed patches that are already included upstream: * 0001-rhel-secure-openvswitch-useropts.patch * 0002-rhel-let-ctl-handle-runtime-directory.patch - Rebased patches: * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch OBS-URL: https://build.opensuse.org/request/show/744426 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=192
2019-10-31 13:42:47 +01:00
From f786cf97880bdf1ebed65db2f560ff15f1f29413 Mon Sep 17 00:00:00 2001
Accepting request 699630 from home:jaicaa:branches:network - Fix problem preventing new installs to run as non root (bsc#1132029), including: * Align with upstream so that no running configuration is changed on upgrades, specifically to avoid changes on the user Open vSwitch runs under. * hugetblfs groups is created as system group. - Add missing opnvswitch-ipsec package and systemd service. - Add patch to use strongswan instead of libreswan for openvswitch-ipsec. libreswan package not available currently. * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch - Add missing ovs-delete-transient-ports systemd service. - Align installed headers with upstream. - Fix problem preventing rpm build '--with check'. - Fix python environment that had directories pointing to /usr/local. - Version bump to 2.11.1. Some of the changes are: * netdev-tc-offloads: Fix probe tc block support * rhel: Include all header files in the Fedora's devel package * reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT. * OVN: Make periodic RAs consistent with RA responder. * OVN: Always send prefix option in RAs * OVN: Use offset instead of pointer into ofpbuf * ofproto: fix the bug of bucket counter is not updated * netdev-dpdk: Print netdev name for txq mapping. * dpif-netdev-perf: Fix millisecond stats precision with slower TSC. * ifupdown.sh: Add missing "--may-exist" option * dpif-netdev-perf: Fix double update of perf histograms. * dpdk: Stop dumping memzones to stdout. * dpctl: Drop parser debug information. * netdev-tc-offloads: Properly get the block id on flow del/get * netdev-tc-offloads: Improve log message for icmpv6 offload not supported * conntrack: Replace structure copy by memcpy(). * conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'. * conntrack: Fix race for NAT cleanup. * ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses. * datapath-windows: Add annotations to find vport functions * datapath-windows: Guard vport usage in user.c * datapath-windows: Fix potential deadlock in event subscription * datapath-windows: Fix race condition during port creation * datapath-windows: Fix nbl cleanup when memory allocation fails * netdev-linux: Remove ingress qdisc before trying to add shared block * netdev-tc-offloads: Remove ingress qdisc on tc init flow api * ovsdb-idl: Fix memory leak of idl->remote. * travis: Remove 'sudo' configuration. * OVN: Add port addresses to IPAM after all ports are joined. * dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete * OVN: update RA next_announce according to {min, max}_interval * rconn: Avoid occasional immediate connection failures. * dpdk: Fix case-sensitivity of dpdk-init knob. * NEWS: Clean up the 2.11.0 release notes a bit. * conntrack: Fix L4 csum for V6 extension hdr pkts. * packets: Change return type for 'packet_csum_upperlayer6()'. * ovsdb-client: Fix typo. * ovn-nbctl: Daemon mode should retry when IDL connection lost. * ofctl: break the loop if ovs_pcap_read returns error * netlink: added check to prevent netlink attribute overflow OBS-URL: https://build.opensuse.org/request/show/699630 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=180
2019-05-06 09:43:09 +02:00
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
Accepting request 744426 from home:jaicaa:branches:network - Update openvswitch to 2.12.0. For a list of changes, check https://github.com/openvswitch/ovs/blob/master/NEWS - Removed patches that are already included upstream: * 0001-rhel-secure-openvswitch-useropts.patch * 0002-rhel-let-ctl-handle-runtime-directory.patch - Rebased patches: * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch OBS-URL: https://build.opensuse.org/request/show/744426 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=192
2019-10-31 13:42:47 +01:00
Date: Mon, 28 Oct 2019 15:14:19 +0100
Subject: [PATCH] Use strongswan for openvswitch-ipsec service
Accepting request 699630 from home:jaicaa:branches:network - Fix problem preventing new installs to run as non root (bsc#1132029), including: * Align with upstream so that no running configuration is changed on upgrades, specifically to avoid changes on the user Open vSwitch runs under. * hugetblfs groups is created as system group. - Add missing opnvswitch-ipsec package and systemd service. - Add patch to use strongswan instead of libreswan for openvswitch-ipsec. libreswan package not available currently. * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch - Add missing ovs-delete-transient-ports systemd service. - Align installed headers with upstream. - Fix problem preventing rpm build '--with check'. - Fix python environment that had directories pointing to /usr/local. - Version bump to 2.11.1. Some of the changes are: * netdev-tc-offloads: Fix probe tc block support * rhel: Include all header files in the Fedora's devel package * reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT. * OVN: Make periodic RAs consistent with RA responder. * OVN: Always send prefix option in RAs * OVN: Use offset instead of pointer into ofpbuf * ofproto: fix the bug of bucket counter is not updated * netdev-dpdk: Print netdev name for txq mapping. * dpif-netdev-perf: Fix millisecond stats precision with slower TSC. * ifupdown.sh: Add missing "--may-exist" option * dpif-netdev-perf: Fix double update of perf histograms. * dpdk: Stop dumping memzones to stdout. * dpctl: Drop parser debug information. * netdev-tc-offloads: Properly get the block id on flow del/get * netdev-tc-offloads: Improve log message for icmpv6 offload not supported * conntrack: Replace structure copy by memcpy(). * conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'. * conntrack: Fix race for NAT cleanup. * ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses. * datapath-windows: Add annotations to find vport functions * datapath-windows: Guard vport usage in user.c * datapath-windows: Fix potential deadlock in event subscription * datapath-windows: Fix race condition during port creation * datapath-windows: Fix nbl cleanup when memory allocation fails * netdev-linux: Remove ingress qdisc before trying to add shared block * netdev-tc-offloads: Remove ingress qdisc on tc init flow api * ovsdb-idl: Fix memory leak of idl->remote. * travis: Remove 'sudo' configuration. * OVN: Add port addresses to IPAM after all ports are joined. * dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete * OVN: update RA next_announce according to {min, max}_interval * rconn: Avoid occasional immediate connection failures. * dpdk: Fix case-sensitivity of dpdk-init knob. * NEWS: Clean up the 2.11.0 release notes a bit. * conntrack: Fix L4 csum for V6 extension hdr pkts. * packets: Change return type for 'packet_csum_upperlayer6()'. * ovsdb-client: Fix typo. * ovn-nbctl: Daemon mode should retry when IDL connection lost. * ofctl: break the loop if ovs_pcap_read returns error * netlink: added check to prevent netlink attribute overflow OBS-URL: https://build.opensuse.org/request/show/699630 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=180
2019-05-06 09:43:09 +02:00
Since libreswan is not packaged for Leap/SLES, use strongswan for the
time being.
---
rhel/usr_lib_systemd_system_openvswitch-ipsec.service | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Accepting request 957920 from home:susnux:branches:network * Update OVS to version 2.17.0 * Fix CVE-2021-36980 (boo#1188524) * Enable multiple python3 flavor sub-packages on Tumbleweed / Factory Requires: https://build.opensuse.org/request/show/957836 (added patch for missing programs for OVN) OBS-URL: https://build.opensuse.org/request/show/957920 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=217
2022-03-03 22:11:12 +01:00
diff -Nur openvswitch-2.17.0/rhel/usr_lib_systemd_system_openvswitch-ipsec.service new/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
--- openvswitch-2.17.0/rhel/usr_lib_systemd_system_openvswitch-ipsec.service 2022-02-17 23:15:55.257680736 +0100
+++ new/rhel/usr_lib_systemd_system_openvswitch-ipsec.service 2022-02-26 02:22:12.429785364 +0100
@@ -7,7 +7,7 @@
Accepting request 699630 from home:jaicaa:branches:network - Fix problem preventing new installs to run as non root (bsc#1132029), including: * Align with upstream so that no running configuration is changed on upgrades, specifically to avoid changes on the user Open vSwitch runs under. * hugetblfs groups is created as system group. - Add missing opnvswitch-ipsec package and systemd service. - Add patch to use strongswan instead of libreswan for openvswitch-ipsec. libreswan package not available currently. * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch - Add missing ovs-delete-transient-ports systemd service. - Align installed headers with upstream. - Fix problem preventing rpm build '--with check'. - Fix python environment that had directories pointing to /usr/local. - Version bump to 2.11.1. Some of the changes are: * netdev-tc-offloads: Fix probe tc block support * rhel: Include all header files in the Fedora's devel package * reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT. * OVN: Make periodic RAs consistent with RA responder. * OVN: Always send prefix option in RAs * OVN: Use offset instead of pointer into ofpbuf * ofproto: fix the bug of bucket counter is not updated * netdev-dpdk: Print netdev name for txq mapping. * dpif-netdev-perf: Fix millisecond stats precision with slower TSC. * ifupdown.sh: Add missing "--may-exist" option * dpif-netdev-perf: Fix double update of perf histograms. * dpdk: Stop dumping memzones to stdout. * dpctl: Drop parser debug information. * netdev-tc-offloads: Properly get the block id on flow del/get * netdev-tc-offloads: Improve log message for icmpv6 offload not supported * conntrack: Replace structure copy by memcpy(). * conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'. * conntrack: Fix race for NAT cleanup. * ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses. * datapath-windows: Add annotations to find vport functions * datapath-windows: Guard vport usage in user.c * datapath-windows: Fix potential deadlock in event subscription * datapath-windows: Fix race condition during port creation * datapath-windows: Fix nbl cleanup when memory allocation fails * netdev-linux: Remove ingress qdisc before trying to add shared block * netdev-tc-offloads: Remove ingress qdisc on tc init flow api * ovsdb-idl: Fix memory leak of idl->remote. * travis: Remove 'sudo' configuration. * OVN: Add port addresses to IPAM after all ports are joined. * dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete * OVN: update RA next_announce according to {min, max}_interval * rconn: Avoid occasional immediate connection failures. * dpdk: Fix case-sensitivity of dpdk-init knob. * NEWS: Clean up the 2.11.0 release notes a bit. * conntrack: Fix L4 csum for V6 extension hdr pkts. * packets: Change return type for 'packet_csum_upperlayer6()'. * ovsdb-client: Fix typo. * ovn-nbctl: Daemon mode should retry when IDL connection lost. * ofctl: break the loop if ovs_pcap_read returns error * netlink: added check to prevent netlink attribute overflow OBS-URL: https://build.opensuse.org/request/show/699630 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=180
2019-05-06 09:43:09 +02:00
Type=forking
Accepting request 957920 from home:susnux:branches:network * Update OVS to version 2.17.0 * Fix CVE-2021-36980 (boo#1188524) * Enable multiple python3 flavor sub-packages on Tumbleweed / Factory Requires: https://build.opensuse.org/request/show/957836 (added patch for missing programs for OVN) OBS-URL: https://build.opensuse.org/request/show/957920 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=217
2022-03-03 22:11:12 +01:00
PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid
Accepting request 699630 from home:jaicaa:branches:network - Fix problem preventing new installs to run as non root (bsc#1132029), including: * Align with upstream so that no running configuration is changed on upgrades, specifically to avoid changes on the user Open vSwitch runs under. * hugetblfs groups is created as system group. - Add missing opnvswitch-ipsec package and systemd service. - Add patch to use strongswan instead of libreswan for openvswitch-ipsec. libreswan package not available currently. * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch - Add missing ovs-delete-transient-ports systemd service. - Align installed headers with upstream. - Fix problem preventing rpm build '--with check'. - Fix python environment that had directories pointing to /usr/local. - Version bump to 2.11.1. Some of the changes are: * netdev-tc-offloads: Fix probe tc block support * rhel: Include all header files in the Fedora's devel package * reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT. * OVN: Make periodic RAs consistent with RA responder. * OVN: Always send prefix option in RAs * OVN: Use offset instead of pointer into ofpbuf * ofproto: fix the bug of bucket counter is not updated * netdev-dpdk: Print netdev name for txq mapping. * dpif-netdev-perf: Fix millisecond stats precision with slower TSC. * ifupdown.sh: Add missing "--may-exist" option * dpif-netdev-perf: Fix double update of perf histograms. * dpdk: Stop dumping memzones to stdout. * dpctl: Drop parser debug information. * netdev-tc-offloads: Properly get the block id on flow del/get * netdev-tc-offloads: Improve log message for icmpv6 offload not supported * conntrack: Replace structure copy by memcpy(). * conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'. * conntrack: Fix race for NAT cleanup. * ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses. * datapath-windows: Add annotations to find vport functions * datapath-windows: Guard vport usage in user.c * datapath-windows: Fix potential deadlock in event subscription * datapath-windows: Fix race condition during port creation * datapath-windows: Fix nbl cleanup when memory allocation fails * netdev-linux: Remove ingress qdisc before trying to add shared block * netdev-tc-offloads: Remove ingress qdisc on tc init flow api * ovsdb-idl: Fix memory leak of idl->remote. * travis: Remove 'sudo' configuration. * OVN: Add port addresses to IPAM after all ports are joined. * dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete * OVN: update RA next_announce according to {min, max}_interval * rconn: Avoid occasional immediate connection failures. * dpdk: Fix case-sensitivity of dpdk-init knob. * NEWS: Clean up the 2.11.0 release notes a bit. * conntrack: Fix L4 csum for V6 extension hdr pkts. * packets: Change return type for 'packet_csum_upperlayer6()'. * ovsdb-client: Fix typo. * ovn-nbctl: Daemon mode should retry when IDL connection lost. * ofctl: break the loop if ovs_pcap_read returns error * netlink: added check to prevent netlink attribute overflow OBS-URL: https://build.opensuse.org/request/show/699630 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=180
2019-05-06 09:43:09 +02:00
ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
- --ike-daemon=libreswan start-ovs-ipsec
+ --ike-daemon=strongswan start-ovs-ipsec
ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec
[Install]
Copy Permalink