Accepting request 1126827 from home:PSuarezHernandez:branches:systemsmanagement:saltstack

- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Added:
  * revert-make-sure-configured-user-is-properly-set-by-.patch

OBS-URL: https://build.opensuse.org/request/show/1126827
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=223

_lastrevision

@@ -1 +1 @@
-ca93a62c2cad9074f438fd562ea759079a0685c7
+56bc957ab216f66af02e5299b9e71fd4e82dd999

revert-make-sure-configured-user-is-properly-set-by-.patch

@@ -0,0 +1,194 @@
+From d9980c8d2cfedfd6f08543face6ee7e34e9d1b54 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?=
+ <psuarezhernandez@suse.com>
+Date: Thu, 16 Nov 2023 09:23:58 +0000
+Subject: [PATCH] Revert "Make sure configured user is properly set by
+ Salt (bsc#1210994) (#596)" (#614)
+
+This reverts commit 5ea4add5c8e2bed50b9825edfff7565e5f6124f3.
+---
+ pkg/common/salt-master.service                |  1 -
+ pkg/old/deb/salt-master.service               |  1 -
+ pkg/old/suse/salt-master.service              |  1 -
+ salt/cli/daemons.py                           | 27 -------------------
+ salt/cli/ssh.py                               |  8 ------
+ salt/utils/verify.py                          |  4 +--
+ .../integration/cli/test_salt_minion.py       |  4 +--
+ 7 files changed, 4 insertions(+), 42 deletions(-)
+
+diff --git a/pkg/common/salt-master.service b/pkg/common/salt-master.service
+index 257ecc283f..377c87afeb 100644
+--- a/pkg/common/salt-master.service
++++ b/pkg/common/salt-master.service
+@@ -8,7 +8,6 @@ LimitNOFILE=100000
+ Type=notify
+ NotifyAccess=all
+ ExecStart=/usr/bin/salt-master
+-User=salt
+ 
+ [Install]
+ WantedBy=multi-user.target
+diff --git a/pkg/old/deb/salt-master.service b/pkg/old/deb/salt-master.service
+index f9dca296b4..b5d0cdd22c 100644
+--- a/pkg/old/deb/salt-master.service
++++ b/pkg/old/deb/salt-master.service
+@@ -7,7 +7,6 @@ LimitNOFILE=16384
+ Type=notify
+ NotifyAccess=all
+ ExecStart=/usr/bin/salt-master
+-User=salt
+ 
+ [Install]
+ WantedBy=multi-user.target
+diff --git a/pkg/old/suse/salt-master.service b/pkg/old/suse/salt-master.service
+index caabca511c..9e002d16ca 100644
+--- a/pkg/old/suse/salt-master.service
++++ b/pkg/old/suse/salt-master.service
+@@ -8,7 +8,6 @@ LimitNOFILE=100000
+ Type=simple
+ ExecStart=/usr/bin/salt-master
+ TasksMax=infinity
+-User=salt
+ 
+ [Install]
+ WantedBy=multi-user.target
+diff --git a/salt/cli/daemons.py b/salt/cli/daemons.py
+index c9ee9ced91..ecc05c919e 100644
+--- a/salt/cli/daemons.py
++++ b/salt/cli/daemons.py
+@@ -7,7 +7,6 @@ import logging
+ import os
+ import warnings
+ 
+-import salt.defaults.exitcodes
+ import salt.utils.kinds as kinds
+ from salt.exceptions import SaltClientError, SaltSystemExit, get_error_message
+ from salt.utils import migrations
+@@ -74,16 +73,6 @@ class DaemonsMixin:  # pylint: disable=no-init
+                 self.__class__.__name__,
+             )
+ 
+-    def verify_user(self):
+-        """
+-        Verify Salt configured user for Salt and shutdown daemon if not valid.
+-
+-        :return:
+-        """
+-        if not check_user(self.config["user"]):
+-            self.action_log_info("Cannot switch to configured user for Salt. Exiting")
+-            self.shutdown(salt.defaults.exitcodes.EX_NOUSER)
+-
+     def action_log_info(self, action):
+         """
+         Say daemon starting.
+@@ -189,10 +178,6 @@ class Master(
+         self.config["interface"] = ip_bracket(self.config["interface"])
+         migrations.migrate_paths(self.config)
+ 
+-        # Ensure configured user is valid and environment is properly set
+-        # before initializating rest of the stack.
+-        self.verify_user()
+-
+         # Late import so logging works correctly
+         import salt.master
+ 
+@@ -305,10 +290,6 @@ class Minion(
+ 
+         transport = self.config.get("transport").lower()
+ 
+-        # Ensure configured user is valid and environment is properly set
+-        # before initializating rest of the stack.
+-        self.verify_user()
+-
+         try:
+             # Late import so logging works correctly
+             import salt.minion
+@@ -497,10 +478,6 @@ class ProxyMinion(
+             self.action_log_info("An instance is already running. Exiting")
+             self.shutdown(1)
+ 
+-        # Ensure configured user is valid and environment is properly set
+-        # before initializating rest of the stack.
+-        self.verify_user()
+-
+         # TODO: AIO core is separate from transport
+         # Late import so logging works correctly
+         import salt.minion
+@@ -599,10 +576,6 @@ class Syndic(
+ 
+         self.action_log_info('Setting up "{}"'.format(self.config["id"]))
+ 
+-        # Ensure configured user is valid and environment is properly set
+-        # before initializating rest of the stack.
+-        self.verify_user()
+-
+         # Late import so logging works correctly
+         import salt.minion
+ 
+diff --git a/salt/cli/ssh.py b/salt/cli/ssh.py
+index 672f32b8c0..6048cb5f58 100644
+--- a/salt/cli/ssh.py
++++ b/salt/cli/ssh.py
+@@ -1,9 +1,7 @@
+ import sys
+ 
+ import salt.client.ssh
+-import salt.defaults.exitcodes
+ import salt.utils.parsers
+-from salt.utils.verify import check_user
+ 
+ 
+ class SaltSSH(salt.utils.parsers.SaltSSHOptionParser):
+@@ -17,11 +15,5 @@ class SaltSSH(salt.utils.parsers.SaltSSHOptionParser):
+             # that won't be used anyways with -H or --hosts
+         self.parse_args()
+ 
+-        if not check_user(self.config["user"]):
+-            self.exit(
+-                salt.defaults.exitcodes.EX_NOUSER,
+-                "Cannot switch to configured user for Salt. Exiting",
+-            )
+-
+         ssh = salt.client.ssh.SSH(self.config)
+         ssh.run()
+diff --git a/salt/utils/verify.py b/salt/utils/verify.py
+index 7899fbe538..879128f231 100644
+--- a/salt/utils/verify.py
++++ b/salt/utils/verify.py
+@@ -335,8 +335,8 @@ def check_user(user):
+ 
+         # We could just reset the whole environment but let's just override
+         # the variables we can get from pwuser
+-        # We ensure HOME is always present and set according to pwuser
+-        os.environ["HOME"] = pwuser.pw_dir
++        if "HOME" in os.environ:
++            os.environ["HOME"] = pwuser.pw_dir
+ 
+         if "SHELL" in os.environ:
+             os.environ["SHELL"] = pwuser.pw_shell
+diff --git a/tests/pytests/integration/cli/test_salt_minion.py b/tests/pytests/integration/cli/test_salt_minion.py
+index bde2dd51d7..c0d6013474 100644
+--- a/tests/pytests/integration/cli/test_salt_minion.py
++++ b/tests/pytests/integration/cli/test_salt_minion.py
+@@ -41,7 +41,7 @@ def test_exit_status_unknown_user(salt_master, minion_id):
+         factory = salt_master.salt_minion_daemon(
+             minion_id, overrides={"user": "unknown-user"}
+         )
+-        factory.start(start_timeout=30, max_start_attempts=1)
++        factory.start(start_timeout=10, max_start_attempts=1)
+ 
+     assert exc.value.process_result.returncode == salt.defaults.exitcodes.EX_NOUSER
+     assert "The user is not available." in exc.value.process_result.stderr
+@@ -53,7 +53,7 @@ def test_exit_status_unknown_argument(salt_master, minion_id):
+     """
+     with pytest.raises(FactoryNotStarted) as exc:
+         factory = salt_master.salt_minion_daemon(minion_id)
+-        factory.start("--unknown-argument", start_timeout=30, max_start_attempts=1)
++        factory.start("--unknown-argument", start_timeout=10, max_start_attempts=1)
+ 
+     assert exc.value.process_result.returncode == salt.defaults.exitcodes.EX_USAGE
+     assert "Usage" in exc.value.process_result.stderr
+-- 
+2.42.0
+
+

salt.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Nov 16 10:33:00 UTC 2023 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Revert changes to set Salt configured user early in the stack (bsc#1216284)
+
+- Added:
+  * revert-make-sure-configured-user-is-properly-set-by-.patch
+
 -------------------------------------------------------------------
 Mon Nov 13 16:02:35 UTC 2023 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
 

salt.spec

@@ -296,7 +296,7 @@ Patch75:        fix-tests-to-make-them-running-with-salt-testsuite.patch
 # PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/commit/f82860b8ad3ee786762fa02fa1a6eaf6e24dc8d4
 # PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/65020
 Patch76:        do-not-fail-on-bad-message-pack-message-bsc-1213441-.patch
-# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/64510
+# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/64510 (dropped at patch 91)
 Patch77:        make-sure-configured-user-is-properly-set-by-salt-bs.patch
 # PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/64959
 Patch78:        fixed-gitfs-cachedir_basename-to-avoid-hash-collisio.patch
@@ -325,6 +325,8 @@ Patch88:        fix-cve-2023-34049-bsc-1215157.patch
 Patch89:        fix-gitfs-__env__-and-improve-cache-cleaning-bsc-119.patch
 # PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/65435
 Patch90:        dereference-symlinks-to-set-proper-__cli-opt-bsc-121.patch
+# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/614 (revert patch 77)
+Patch91:        revert-make-sure-configured-user-is-properly-set-by-.patch
 
 ### IMPORTANT: The line below is used as a snippet marker. Do not touch it.
 ### SALT PATCHES LIST END