rpm/openvswitch
SHA256
1
0
Fork 0
forked from pool/openvswitch
Code Pull Requests Activity

Accepting request 699630 from home:jaicaa:branches:network

Browse Source 
- Fix problem preventing new installs to run as non root (bsc#1132029),
  including: 
  * Align with upstream so that no running configuration is changed on
    upgrades, specifically to avoid changes on the user Open vSwitch runs
    under.
  * hugetblfs groups is created as system group.
- Add missing opnvswitch-ipsec package and systemd service.
- Add patch to use strongswan instead of libreswan for openvswitch-ipsec.
  libreswan package not available currently.
  * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
- Add missing ovs-delete-transient-ports systemd service.
- Align installed headers with upstream.
- Fix problem preventing rpm build '--with check'.
- Fix python environment that had directories pointing to /usr/local.
- Version bump to 2.11.1. Some of the changes are:
  * netdev-tc-offloads: Fix probe tc block support
  * rhel: Include all header files in the Fedora's devel package
  * reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT.
  * OVN: Make periodic RAs consistent with RA responder.
  * OVN: Always send prefix option in RAs
  * OVN: Use offset instead of pointer into ofpbuf
  * ofproto: fix the bug of bucket counter is not updated
  * netdev-dpdk: Print netdev name for txq mapping.
  * dpif-netdev-perf: Fix millisecond stats precision with slower TSC.
  * ifupdown.sh: Add missing "--may-exist" option
  * dpif-netdev-perf: Fix double update of perf histograms.
  * dpdk: Stop dumping memzones to stdout.
  * dpctl: Drop parser debug information.
  * netdev-tc-offloads: Properly get the block id on flow del/get
  * netdev-tc-offloads: Improve log message for icmpv6 offload not supported
  * conntrack: Replace structure copy by memcpy().
  * conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
  * conntrack: Fix race for NAT cleanup.
  * ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses.
  * datapath-windows: Add annotations to find vport functions
  * datapath-windows: Guard vport usage in user.c
  * datapath-windows: Fix potential deadlock in event subscription
  * datapath-windows: Fix race condition during port creation
  * datapath-windows: Fix nbl cleanup when memory allocation fails
  * netdev-linux: Remove ingress qdisc before trying to add shared block
  * netdev-tc-offloads: Remove ingress qdisc on tc init flow api
  * ovsdb-idl: Fix memory leak of idl->remote.
  * travis: Remove 'sudo' configuration.
  * OVN: Add port addresses to IPAM after all ports are joined.
  * dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete
  * OVN: update RA next_announce according to {min, max}_interval
  * rconn: Avoid occasional immediate connection failures.
  * dpdk: Fix case-sensitivity of dpdk-init knob.
  * NEWS: Clean up the 2.11.0 release notes a bit.
  * conntrack: Fix L4 csum for V6 extension hdr pkts.
  * packets: Change return type for 'packet_csum_upperlayer6()'.
  * ovsdb-client: Fix typo.
  * ovn-nbctl: Daemon mode should retry when IDL connection lost.
  * ofctl: break the loop if ovs_pcap_read returns error
  * netlink: added check to prevent netlink attribute overflow

OBS-URL: https://build.opensuse.org/request/show/699630
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=180
This commit is contained in:
Tomáš Chvátal 2019-05-06 07:43:09 +00:00 committed by Git OBS Bridge
parent 69a69ece5d
commit cbca071983
5 changed files with 181 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
0001-Use-strongswan-for-openvswitch-ipsec-service.patch Normal file
View File

@ -0,0 +1,27 @@
From 6aca005f17aecf003da9a85f8dd099baef771572 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
Date: Fri, 26 Apr 2019 15:27:05 +0200
Subject: [PATCH 1/6] Use strongswan for openvswitch-ipsec service
Since libreswan is not packaged for Leap/SLES, use strongswan for the
time being.
---
rhel/usr_lib_systemd_system_openvswitch-ipsec.service | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
index 6e309aa57..34e3f4c90 100644
--- a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
+++ b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
@@ -6,7 +6,7 @@ After=openvswitch.service
[Service]
Type=forking
ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
- --ike-daemon=libreswan start-ovs-ipsec
+ --ike-daemon=strongswan start-ovs-ipsec
ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec
[Install]
--
2.16.4

3
openvswitch-2.11.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f4b01d7376d7298bc6e7fa7a6067229ca7c7e299394e5ea9aff651d52edfdbee
size 7680146

3
openvswitch-2.11.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c1296ae44a7b176150915e33bc497cc0a7a02caeba84ea43ce9b6a2509d9b5dc
size 7682693

59
openvswitch.changes
View File

@ -1,3 +1,62 @@
-------------------------------------------------------------------
Mon Apr 29 14:12:36 UTC 2019 - <jcaamano@suse.com>
- Fix problem preventing new installs to run as non root (bsc#1132029),
including:
* Align with upstream so that no running configuration is changed on
upgrades, specifically to avoid changes on the user Open vSwitch runs
under.
* hugetblfs groups is created as system group.
- Add missing opnvswitch-ipsec package and systemd service.
- Add patch to use strongswan instead of libreswan for openvswitch-ipsec.
libreswan package not available currently.
* 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
- Add missing ovs-delete-transient-ports systemd service.
- Align installed headers with upstream.
- Fix problem preventing rpm build '--with check'.
- Fix python environment that had directories pointing to /usr/local.
- Version bump to 2.11.1. Some of the changes are:
* netdev-tc-offloads: Fix probe tc block support
* rhel: Include all header files in the Fedora's devel package
* reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT.
* OVN: Make periodic RAs consistent with RA responder.
* OVN: Always send prefix option in RAs
* OVN: Use offset instead of pointer into ofpbuf
* ofproto: fix the bug of bucket counter is not updated
* netdev-dpdk: Print netdev name for txq mapping.
* dpif-netdev-perf: Fix millisecond stats precision with slower TSC.
* ifupdown.sh: Add missing "--may-exist" option
* dpif-netdev-perf: Fix double update of perf histograms.
* dpdk: Stop dumping memzones to stdout.
* dpctl: Drop parser debug information.
* netdev-tc-offloads: Properly get the block id on flow del/get
* netdev-tc-offloads: Improve log message for icmpv6 offload not supported
* conntrack: Replace structure copy by memcpy().
* conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
* conntrack: Fix race for NAT cleanup.
* ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses.
* datapath-windows: Add annotations to find vport functions
* datapath-windows: Guard vport usage in user.c
* datapath-windows: Fix potential deadlock in event subscription
* datapath-windows: Fix race condition during port creation
* datapath-windows: Fix nbl cleanup when memory allocation fails
* netdev-linux: Remove ingress qdisc before trying to add shared block
* netdev-tc-offloads: Remove ingress qdisc on tc init flow api
* ovsdb-idl: Fix memory leak of idl->remote.
* travis: Remove 'sudo' configuration.
* OVN: Add port addresses to IPAM after all ports are joined.
* dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete
* OVN: update RA next_announce according to {min, max}_interval
* rconn: Avoid occasional immediate connection failures.
* dpdk: Fix case-sensitivity of dpdk-init knob.
* NEWS: Clean up the 2.11.0 release notes a bit.
* conntrack: Fix L4 csum for V6 extension hdr pkts.
* packets: Change return type for 'packet_csum_upperlayer6()'.
* ovsdb-client: Fix typo.
* ovn-nbctl: Daemon mode should retry when IDL connection lost.
* ofctl: break the loop if ovs_pcap_read returns error
* netlink: added check to prevent netlink attribute overflow
-------------------------------------------------------------------
Mon Mar 25 14:18:56 UTC 2019 - <jcaamano@suse.com>

112
openvswitch.spec
View File

@ -41,7 +41,7 @@
# Disable building the external kernel datapath by default
%bcond_with kmp
Name: openvswitch
Version: 2.11.0
Version: 2.11.1
Release: 0
Summary: A multilayer virtual network switch
# All code is Apache-2.0 except
@ -53,6 +53,8 @@ Url: http://openvswitch.org/
Source0: http://openvswitch.org/releases/openvswitch-%{version}.tar.gz
Source1: preamble
Source89: Module.supported.updates
# PATCH-FIX-OPENSUSE: Use-strongswan-for-openvswitch-ipsec-service.patch
Patch0: 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: graphviz
@ -270,6 +272,17 @@ forwarding.
Open vSwitch is a full-featured software-based Ethernet switch.
%package ipsec
Summary: Open vSwitch IPsec tunneling support
License: Apache-2.0
Group: Productivity/Networking/System
Requires: %{name} = %{version}
Requires: python-openvswitch = %{version}
Requires: strongswan
%description ipsec
This package provides IPsec tunneling support for OVS tunnels.
%package -n python2-ovs
Summary: Python2 bindings for Open vSwitch
License: Apache-2.0
@ -322,6 +335,7 @@ performance and connectivity issues in Open vSwitch setup.
%prep
%setup -q -n openvswitch-%{version}
%patch0 -p1
%build
set -- * .travis* .mailmap .cirrus.yml
@ -383,6 +397,13 @@ popd
%check
%if %{with check}
pushd source
touch resolv.conf
export OVS_RESOLV_CONF=$(pwd)/resolv.conf
# Python build macros have moved out of the build directory some
# extra_dist files that are required for check, put them back.
cp python/_build.tmp/*.py python/build/
# Recheck tests before we declare them broken. If that fails, dump
# the log and exit. >2.5.0 uses the RECHECK env variable so this
# needs to be taken into consideration for future releases.
@ -412,13 +433,21 @@ pushd source
%make_install
# Install extra headers not included with 'make install'
for header in $(find lib -type f -name "*.h"); do
install -d -m 755 %{buildroot}%{_includedir}/%{name}/"$(dirname $header)"
install -m 644 "$header" %{buildroot}%{_includedir}/%{name}/"$(dirname $header)"
done
copy_headers() {
src=$1
dst=$RPM_BUILD_ROOT/$2
install -d -m 0755 $dst
install -m 0644 $src/*.h $dst
}
copy_headers include/sparse %{_includedir}/openvswitch/sparse
copy_headers include/sparse/arpa %{_includedir}/openvswitch/sparse/arpa
copy_headers include/sparse/netinet %{_includedir}/openvswitch/sparse/netinet
copy_headers include/sparse/sys %{_includedir}/openvswitch/sparse/sys
copy_headers lib %{_includedir}/openvswitch/lib
for service in openvswitch ovn-controller ovn-controller-vtep \
ovn-northd ovsdb-server ovs-vswitchd; do
ovn-northd ovsdb-server ovs-vswitchd ovs-delete-transient-ports \
openvswitch-ipsec; do
install -D -m 644 rhel/usr_lib_systemd_system_${service}.service \
%{buildroot}%{_unitdir}/${service}.service
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc${service}
@ -485,6 +514,18 @@ pushd source/python
export LDFLAGS="${LDFLAGS} -L %{buildroot}%{_libdir}"
export CPPFLAGS="-I ../include"
# Set python environment
sed \
-e '/^##/d' \
-e 's,[@]pkgdatadir[@],%{_datadir}/%{name},g' \
-e 's,[@]RUNDIR[@],%{_rundir},g' \
-e 's,[@]LOGDIR[@],%{_localstatedir}/log,g' \
-e 's,[@]bindir[@],%{_bindir},g' \
-e 's,[@]sysconfdir[@],%{_sysconfdir},g' \
-e 's,[@]DBDIR[@],%{_sysconfdir}/%{name},g' \
< ovs/dirs.py.template \
> ovs/dirs.py
%if 0%{?suse_version}
# SLES
%{python_build}
@ -509,24 +550,29 @@ find %{buildroot} -type f -name "*.la" -delete -print
%post
/sbin/ldconfig
%{fillup_only -n openvswitch}
if [ $1 -eq 1 ]; then
sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' %{_sysconfdir}/sysconfig/openvswitch
sed -i 's:\(.*su\).*:\1 openvswitch openvswitch:' %{_sysconfdir}/logrotate.d/openvswitch
# Follow the upstream strategy that no running openvswitch
# configuration is changed on upgrade so use fillup only for new installs.
%{?suse_version: %fillup_only -n openvswitch}
%if %{with dpdk}
sed -i \
's@OVS_USER_ID="openvswitch:openvswitch"@OVS_USER_ID="openvswitch:hugetlbfs"@'\
%{_sysconfdir}/sysconfig/openvswitch
%define rgroup hugetlbfs
%else
%define rgroup openvswitch
%endif
sed -i \
's@^#OVS_USER_ID="openvswitch:openvswitch"@OVS_USER_ID="openvswitch:%{rgroup}"@'\
%{_sysconfdir}/sysconfig/openvswitch
sed -i 's:\(.*su\).*:\1 openvswitch %{rgroup}:' %{_sysconfdir}/logrotate.d/openvswitch
# In the case of upgrade, this is not needed
chown -R openvswitch:openvswitch %{_sysconfdir}/openvswitch
chown -R openvswitch:openvswitch %{_localstatedir}/log/openvswitch
chown -R openvswitch:%{rgroup} %{_localstatedir}/log/openvswitch
fi
%if 0%{?suse_version}
%service_add_post ovsdb-server.service ovs-vswitchd.service openvswitch.service
%{fillup_only -n openvswitch}
%service_add_post ovsdb-server.service ovs-vswitchd.service openvswitch.service ovs-delete-transient-ports.service
%else
%if 0%{?systemd_post:1}
%systemd_post %{name}.service
@ -538,6 +584,11 @@ fi
%endif
%endif
%post ipsec
%if 0%{?suse_version}
%service_add_post openvswitch-ipsec.service
%endif
%posttrans
# Save the "enabled" state across the transition of ownership
# of openvswitch.service from openvswitch-switch to
@ -557,7 +608,7 @@ fi
# admin decide when it's the best time for an OvS restart.
# 5771f476573445710834234a6a9f7bd999a027e7 ("fedora: do not restart the service on a pkg upgrade")
%if 0%{?suse_version}
%service_del_postun -n ovsdb-server.service -n ovs-vswitchd.service -n openvswitch.service
%service_del_postun -n ovsdb-server.service -n ovs-vswitchd.service -n openvswitch.service -n ovs-delete-transient-ports.service
%else
%if 0%{?systemd_postun:1}
%systemd_postun %{name}.service
@ -566,9 +617,14 @@ fi
%endif
%endif
%postun ipsec
%if 0%{?suse_version}
%service_del_postun -n openvswitch-ipsec.service
%endif
%pre
%if 0%{?suse_version}
%service_add_pre ovsdb-server.service ovs-vswitchd.service openvswitch.service
%service_add_pre ovsdb-server.service ovs-vswitchd.service openvswitch.service ovs-delete-transient-ports.service
%endif
# Save the "enabled" state across the transition of
# ownership of openvswitch.service from openvswitch-switch to
@ -586,14 +642,19 @@ getent passwd openvswitch >/dev/null || \
%if %{with dpdk}
getent group hugetlbfs >/dev/null || \
groupadd hugetlbfs
groupadd -r hugetlbfs
usermod -a -G hugetlbfs openvswitch
%endif
exit 0
%pre ipsec
%if 0%{?suse_version}
%service_add_pre openvswitch-ipsec.service
%endif
%preun
%if 0%{?suse_version}
%service_del_preun ovsdb-server.service ovs-vswitchd.service openvswitch.service
%service_del_preun ovsdb-server.service ovs-vswitchd.service openvswitch.service ovs-delete-transient-ports.service
%else
%if 0%{?systemd_preun:1}
%systemd_preun %{name}.service
@ -606,6 +667,11 @@ exit 0
%endif
%endif
%preun ipsec
%if 0%{?suse_version}
%service_del_preun openvswitch-ipsec.service
%endif
%post -n %{lname} -p /sbin/ldconfig
%postun -n %{lname} -p /sbin/ldconfig
@ -804,7 +870,6 @@ exit 0
%{_datadir}/openvswitch/scripts/ovs-ctl
%{_datadir}/openvswitch/scripts/ovs-kmod-ctl
%{_datadir}/openvswitch/scripts/ovs-lib
%{_datadir}/openvswitch/scripts/ovs-monitor-ipsec
%{_datadir}/openvswitch/scripts/ovs-save
%{_datadir}/openvswitch/vswitch.ovsschema
%{_mandir}/man1/ovsdb-client.1%{?ext_man}
@ -829,9 +894,11 @@ exit 0
%{_sbindir}/rcovsdb-server
%{_sbindir}/rcovs-vswitchd
%{_sbindir}/rcopenvswitch
%{_sbindir}/rcovs-delete-transient-ports
%{_unitdir}/openvswitch.service
%{_unitdir}/ovs-vswitchd.service
%{_unitdir}/ovsdb-server.service
%{_unitdir}/ovs-delete-transient-ports.service
%if 0%{?suse_version}
%{_fillupdir}/sysconfig.openvswitch
%{_datadir}/bash-completion/completions/ovs-appctl-bashcomp.bash
@ -878,6 +945,11 @@ exit 0
%{_datadir}/openvswitch/scripts/ovs-vtep
%{_datadir}/openvswitch/vtep.ovsschema
%files ipsec
%{_datadir}/openvswitch/scripts/ovs-monitor-ipsec
%{_sbindir}/rcopenvswitch-ipsec
%{_unitdir}/openvswitch-ipsec.service
%files -n python2-ovs
%{python2_sitearch}/ovs/
%{python2_sitearch}/ovs-*.egg-info