Accepting request 700964 from network

OBS-URL: https://build.opensuse.org/request/show/700964 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvswitch?expand=0&rev=40
2019-05-06 11:28:11 +00:00 · 2019-05-06 11:28:11 +00:00 · 07cfc24886
commit 07cfc24886
parent f2d005f531 cbca071983
5 changed files with 181 additions and 23 deletions
--- a/0001-Use-strongswan-for-openvswitch-ipsec-service.patch
+++ b/0001-Use-strongswan-for-openvswitch-ipsec-service.patch
@ -0,0 +1,27 @@
+From 6aca005f17aecf003da9a85f8dd099baef771572 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
+Date: Fri, 26 Apr 2019 15:27:05 +0200
+Subject: [PATCH 1/6] Use strongswan for openvswitch-ipsec service
+
+Since libreswan is not packaged for Leap/SLES, use strongswan for the
+time being.
+---
+ rhel/usr_lib_systemd_system_openvswitch-ipsec.service | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
+index 6e309aa57..34e3f4c90 100644
+--- a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
+++ b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
+@@ -6,7 +6,7 @@ After=openvswitch.service
+ [Service]
+ Type=forking
+ ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
+-                    --ike-daemon=libreswan start-ovs-ipsec
+                    --ike-daemon=strongswan start-ovs-ipsec
+ ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec
+ 
+ [Install]
+-- 
+2.16.4
+
--- a/openvswitch-2.11.0.tar.gz
+++ b/openvswitch-2.11.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f4b01d7376d7298bc6e7fa7a6067229ca7c7e299394e5ea9aff651d52edfdbee
-size 7680146
--- a/openvswitch-2.11.1.tar.gz
+++ b/openvswitch-2.11.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c1296ae44a7b176150915e33bc497cc0a7a02caeba84ea43ce9b6a2509d9b5dc
+size 7682693
--- a/openvswitch.changes
+++ b/openvswitch.changes
@ -1,3 +1,62 @@
+-------------------------------------------------------------------
+Mon Apr 29 14:12:36 UTC 2019 -  <jcaamano@suse.com>
+
+- Fix problem preventing new installs to run as non root (bsc#1132029),
+  including: 
+  * Align with upstream so that no running configuration is changed on
+    upgrades, specifically to avoid changes on the user Open vSwitch runs
+    under.
+  * hugetblfs groups is created as system group.
+- Add missing opnvswitch-ipsec package and systemd service.
+- Add patch to use strongswan instead of libreswan for openvswitch-ipsec.
+  libreswan package not available currently.
+  * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
+- Add missing ovs-delete-transient-ports systemd service.
+- Align installed headers with upstream.
+- Fix problem preventing rpm build '--with check'.
+- Fix python environment that had directories pointing to /usr/local.
+- Version bump to 2.11.1. Some of the changes are:
+  * netdev-tc-offloads: Fix probe tc block support
+  * rhel: Include all header files in the Fedora's devel package
+  * reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT.
+  * OVN: Make periodic RAs consistent with RA responder.
+  * OVN: Always send prefix option in RAs
+  * OVN: Use offset instead of pointer into ofpbuf
+  * ofproto: fix the bug of bucket counter is not updated
+  * netdev-dpdk: Print netdev name for txq mapping.
+  * dpif-netdev-perf: Fix millisecond stats precision with slower TSC.
+  * ifupdown.sh: Add missing "--may-exist" option
+  * dpif-netdev-perf: Fix double update of perf histograms.
+  * dpdk: Stop dumping memzones to stdout.
+  * dpctl: Drop parser debug information.
+  * netdev-tc-offloads: Properly get the block id on flow del/get
+  * netdev-tc-offloads: Improve log message for icmpv6 offload not supported
+  * conntrack: Replace structure copy by memcpy().
+  * conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
+  * conntrack: Fix race for NAT cleanup.
+  * ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses.
+  * datapath-windows: Add annotations to find vport functions
+  * datapath-windows: Guard vport usage in user.c
+  * datapath-windows: Fix potential deadlock in event subscription
+  * datapath-windows: Fix race condition during port creation
+  * datapath-windows: Fix nbl cleanup when memory allocation fails
+  * netdev-linux: Remove ingress qdisc before trying to add shared block
+  * netdev-tc-offloads: Remove ingress qdisc on tc init flow api
+  * ovsdb-idl: Fix memory leak of idl->remote.
+  * travis: Remove 'sudo' configuration.
+  * OVN: Add port addresses to IPAM after all ports are joined.
+  * dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete
+  * OVN: update RA next_announce according to {min, max}_interval
+  * rconn: Avoid occasional immediate connection failures.
+  * dpdk: Fix case-sensitivity of dpdk-init knob.
+  * NEWS: Clean up the 2.11.0 release notes a bit.
+  * conntrack: Fix L4 csum for V6 extension hdr pkts.
+  * packets: Change return type for 'packet_csum_upperlayer6()'.
+  * ovsdb-client: Fix typo.
+  * ovn-nbctl: Daemon mode should retry when IDL connection lost.
+  * ofctl: break the loop if ovs_pcap_read returns error
+  * netlink: added check to prevent netlink attribute overflow
+
 -------------------------------------------------------------------
 Mon Mar 25 14:18:56 UTC 2019 -  <jcaamano@suse.com>

--- a/openvswitch.spec
+++ b/openvswitch.spec
@ -41,7 +41,7 @@
 # Disable building the external kernel datapath by default
 %bcond_with kmp
 Name:           openvswitch
-Version:        2.11.0
+Version:        2.11.1
 Release:        0
 Summary:        A multilayer virtual network switch
 # All code is Apache-2.0 except
@ -53,6 +53,8 @@ Url:            http://openvswitch.org/
 Source0:        http://openvswitch.org/releases/openvswitch-%{version}.tar.gz
 Source1:        preamble
 Source89:       Module.supported.updates
+# PATCH-FIX-OPENSUSE: Use-strongswan-for-openvswitch-ipsec-service.patch
+Patch0:         0001-Use-strongswan-for-openvswitch-ipsec-service.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  graphviz
@ -270,6 +272,17 @@ forwarding.

 Open vSwitch is a full-featured software-based Ethernet switch.

+%package ipsec
+Summary:        Open vSwitch IPsec tunneling support
+License:        Apache-2.0
+Group:          Productivity/Networking/System
+Requires:       %{name} = %{version}
+Requires:       python-openvswitch = %{version}
+Requires:       strongswan
+
+%description ipsec
+This package provides IPsec tunneling support for OVS tunnels.
+
 %package -n python2-ovs
 Summary:        Python2 bindings for Open vSwitch
 License:        Apache-2.0
@ -322,6 +335,7 @@ performance and connectivity issues in Open vSwitch setup.

 %prep
 %setup -q -n openvswitch-%{version}
+%patch0 -p1

 %build
 set -- * .travis* .mailmap .cirrus.yml
@ -383,6 +397,13 @@ popd
 %check
 %if %{with check}
 pushd source
+touch resolv.conf
+export OVS_RESOLV_CONF=$(pwd)/resolv.conf
+
+# Python build macros have moved out of the build directory some
+# extra_dist files that are required for check, put them back.
+cp python/_build.tmp/*.py python/build/
+
 # Recheck tests before we declare them broken. If that fails, dump
 # the log and exit. >2.5.0 uses the RECHECK env variable so this
 # needs to be taken into consideration for future releases.
@ -412,13 +433,21 @@ pushd source
 %make_install

 # Install extra headers not included with 'make install'
-for header in $(find lib -type f -name "*.h"); do
-        install -d -m 755 %{buildroot}%{_includedir}/%{name}/"$(dirname $header)"
-        install -m 644 "$header" %{buildroot}%{_includedir}/%{name}/"$(dirname $header)"
-done
+copy_headers() {
+    src=$1
+    dst=$RPM_BUILD_ROOT/$2
+    install -d -m 0755 $dst
+    install -m 0644 $src/*.h $dst
+}
+copy_headers include/sparse %{_includedir}/openvswitch/sparse
+copy_headers include/sparse/arpa %{_includedir}/openvswitch/sparse/arpa
+copy_headers include/sparse/netinet %{_includedir}/openvswitch/sparse/netinet
+copy_headers include/sparse/sys %{_includedir}/openvswitch/sparse/sys
+copy_headers lib %{_includedir}/openvswitch/lib

 for service in openvswitch ovn-controller ovn-controller-vtep \
-    ovn-northd ovsdb-server ovs-vswitchd; do
+    ovn-northd ovsdb-server ovs-vswitchd ovs-delete-transient-ports \
+    openvswitch-ipsec; do
        install -D -m 644 rhel/usr_lib_systemd_system_${service}.service \
        %{buildroot}%{_unitdir}/${service}.service
        ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc${service}
@ -485,6 +514,18 @@ pushd source/python
 export LDFLAGS="${LDFLAGS} -L %{buildroot}%{_libdir}"
 export CPPFLAGS="-I ../include"

+# Set python environment
+sed \
+    -e '/^##/d' \
+    -e 's,[@]pkgdatadir[@],%{_datadir}/%{name},g' \
+    -e 's,[@]RUNDIR[@],%{_rundir},g' \
+    -e 's,[@]LOGDIR[@],%{_localstatedir}/log,g' \
+    -e 's,[@]bindir[@],%{_bindir},g' \
+    -e 's,[@]sysconfdir[@],%{_sysconfdir},g' \
+    -e 's,[@]DBDIR[@],%{_sysconfdir}/%{name},g' \
+    < ovs/dirs.py.template \
+    > ovs/dirs.py
+
 %if 0%{?suse_version}
 # SLES
 %{python_build}
@ -509,24 +550,29 @@ find %{buildroot} -type f -name "*.la" -delete -print

 %post
 /sbin/ldconfig
-%{fillup_only -n openvswitch}

 if [ $1 -eq 1 ]; then
-    sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' %{_sysconfdir}/sysconfig/openvswitch
-    sed -i 's:\(.*su\).*:\1 openvswitch openvswitch:' %{_sysconfdir}/logrotate.d/openvswitch
+    # Follow the upstream strategy that no running openvswitch
+    # configuration is changed on upgrade so use fillup only for new installs.
+    %{?suse_version: %fillup_only -n openvswitch}

 %if %{with dpdk}
-    sed -i \
-        's@OVS_USER_ID="openvswitch:openvswitch"@OVS_USER_ID="openvswitch:hugetlbfs"@'\
-        %{_sysconfdir}/sysconfig/openvswitch
+    %define rgroup hugetlbfs
+%else
+    %define rgroup openvswitch
 %endif
+
+    sed -i \
+        's@^#OVS_USER_ID="openvswitch:openvswitch"@OVS_USER_ID="openvswitch:%{rgroup}"@'\
+        %{_sysconfdir}/sysconfig/openvswitch
+    sed -i 's:\(.*su\).*:\1 openvswitch %{rgroup}:' %{_sysconfdir}/logrotate.d/openvswitch
+
    # In the case of upgrade, this is not needed
    chown -R openvswitch:openvswitch %{_sysconfdir}/openvswitch
-    chown -R openvswitch:openvswitch %{_localstatedir}/log/openvswitch
+    chown -R openvswitch:%{rgroup} %{_localstatedir}/log/openvswitch
 fi
 %if 0%{?suse_version}
-	%service_add_post ovsdb-server.service ovs-vswitchd.service openvswitch.service
-	%{fillup_only -n openvswitch}
+	%service_add_post ovsdb-server.service ovs-vswitchd.service openvswitch.service ovs-delete-transient-ports.service
 %else
    %if 0%{?systemd_post:1}
        %systemd_post %{name}.service
@ -538,6 +584,11 @@ fi
    %endif
 %endif

+%post ipsec
+%if 0%{?suse_version}
+	%service_add_post openvswitch-ipsec.service
+%endif
+
 %posttrans
 # Save the "enabled" state across the transition of ownership
 # of openvswitch.service from openvswitch-switch to
@ -557,7 +608,7 @@ fi
 # admin decide when it's the best time for an OvS restart.
 # 5771f476573445710834234a6a9f7bd999a027e7 ("fedora: do not restart the service on a pkg upgrade")
 %if 0%{?suse_version}
-    %service_del_postun -n ovsdb-server.service -n ovs-vswitchd.service -n openvswitch.service
+    %service_del_postun -n ovsdb-server.service -n ovs-vswitchd.service -n openvswitch.service -n ovs-delete-transient-ports.service
 %else
    %if 0%{?systemd_postun:1}
        %systemd_postun %{name}.service
@ -566,9 +617,14 @@ fi
    %endif
 %endif

+%postun ipsec
+%if 0%{?suse_version}
+	%service_del_postun -n openvswitch-ipsec.service
+%endif
+
 %pre
 %if 0%{?suse_version}
-%service_add_pre ovsdb-server.service ovs-vswitchd.service openvswitch.service
+%service_add_pre ovsdb-server.service ovs-vswitchd.service openvswitch.service ovs-delete-transient-ports.service
 %endif
 # Save the "enabled" state across the transition of
 # ownership of openvswitch.service from openvswitch-switch to
@ -586,14 +642,19 @@ getent passwd openvswitch >/dev/null || \

 %if %{with dpdk}
    getent group hugetlbfs >/dev/null || \
-    groupadd hugetlbfs
+    groupadd -r hugetlbfs
    usermod -a -G hugetlbfs openvswitch
 %endif
 exit 0

+%pre ipsec
+%if 0%{?suse_version}
+    %service_add_pre openvswitch-ipsec.service
+%endif
+
 %preun
 %if 0%{?suse_version}
-    %service_del_preun ovsdb-server.service ovs-vswitchd.service openvswitch.service
+    %service_del_preun ovsdb-server.service ovs-vswitchd.service openvswitch.service ovs-delete-transient-ports.service
 %else
    %if 0%{?systemd_preun:1}
        %systemd_preun %{name}.service
@ -606,6 +667,11 @@ exit 0
    %endif
 %endif

+%preun ipsec
+%if 0%{?suse_version}
+	%service_del_preun openvswitch-ipsec.service
+%endif
+
 %post   -n %{lname} -p /sbin/ldconfig
 %postun -n %{lname} -p /sbin/ldconfig

@ -804,7 +870,6 @@ exit 0
 %{_datadir}/openvswitch/scripts/ovs-ctl
 %{_datadir}/openvswitch/scripts/ovs-kmod-ctl
 %{_datadir}/openvswitch/scripts/ovs-lib
-%{_datadir}/openvswitch/scripts/ovs-monitor-ipsec
 %{_datadir}/openvswitch/scripts/ovs-save
 %{_datadir}/openvswitch/vswitch.ovsschema
 %{_mandir}/man1/ovsdb-client.1%{?ext_man}
@ -829,9 +894,11 @@ exit 0
 %{_sbindir}/rcovsdb-server
 %{_sbindir}/rcovs-vswitchd
 %{_sbindir}/rcopenvswitch
+%{_sbindir}/rcovs-delete-transient-ports
 %{_unitdir}/openvswitch.service
 %{_unitdir}/ovs-vswitchd.service
 %{_unitdir}/ovsdb-server.service
+%{_unitdir}/ovs-delete-transient-ports.service
 %if 0%{?suse_version}
 %{_fillupdir}/sysconfig.openvswitch
 %{_datadir}/bash-completion/completions/ovs-appctl-bashcomp.bash
@ -878,6 +945,11 @@ exit 0
 %{_datadir}/openvswitch/scripts/ovs-vtep
 %{_datadir}/openvswitch/vtep.ovsschema

+%files ipsec
+%{_datadir}/openvswitch/scripts/ovs-monitor-ipsec
+%{_sbindir}/rcopenvswitch-ipsec
+%{_unitdir}/openvswitch-ipsec.service
+
 %files -n python2-ovs
 %{python2_sitearch}/ovs/
 %{python2_sitearch}/ovs-*.egg-info