diff --git a/.gitignore b/.gitignore index 5bce807..97f995e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,19 +1,22 @@ -SOURCES/ansible-sshd-1c5c48835e01adc176febf945e1fd36b7d9af7fd.tar.gz +SOURCES/ansible-netcommon-2.4.0.tar.gz +SOURCES/ansible-posix-1.3.0.tar.gz +SOURCES/ansible-sshd-v0.14.1.tar.gz SOURCES/auto-maintenance-2dd50c8a16af647e4c7a768c481335e97735958a.tar.gz SOURCES/certificate-1.1.0.tar.gz +SOURCES/community-general-3.6.0.tar.gz SOURCES/crypto_policies-1.2.0.tar.gz -SOURCES/ha_cluster-1.3.0.tar.gz -SOURCES/kdump-1.1.0.tar.gz +SOURCES/ha_cluster-1.3.1.tar.gz +SOURCES/kdump-1.1.1.tar.gz SOURCES/kernel_settings-1.1.0.tar.gz -SOURCES/logging-1.5.1.tar.gz +SOURCES/logging-1.6.0.tar.gz SOURCES/metrics-1.3.1.tar.gz SOURCES/nbde_client-1.1.0.tar.gz SOURCES/nbde_server-1.1.0.tar.gz -SOURCES/network-1.4.0.tar.gz +SOURCES/network-c0f603808217f691f603d535becf7ff307790cac.tar.gz SOURCES/postfix-1.1.0.tar.gz -SOURCES/selinux-1.3.0.tar.gz -SOURCES/ssh-1.1.0.tar.gz -SOURCES/storage-1.6.1.tar.gz -SOURCES/timesync-1.6.0.tar.gz +SOURCES/selinux-1.3.2.tar.gz +SOURCES/ssh-1.1.1.tar.gz +SOURCES/storage-1.6.2.tar.gz +SOURCES/timesync-1.6.1.tar.gz SOURCES/tlog-1.2.0.tar.gz -SOURCES/vpn-1.2.0.tar.gz +SOURCES/vpn-1.2.1.tar.gz diff --git a/.rhel-system-roles.metadata b/.rhel-system-roles.metadata index 0348be1..2d628a9 100644 --- a/.rhel-system-roles.metadata +++ b/.rhel-system-roles.metadata @@ -1,19 +1,22 @@ -81dc493a73559dc310a806c8dad6c310f2456512 SOURCES/ansible-sshd-1c5c48835e01adc176febf945e1fd36b7d9af7fd.tar.gz +2ab6e8b033f65ed628f2f2ae41863e48da5fa96c SOURCES/ansible-netcommon-2.4.0.tar.gz +d2d2382c38eaf34d2295aba2aa4652d75ebbaeef SOURCES/ansible-posix-1.3.0.tar.gz +534d8bed26ab113833885f32a2b1e1ffdf6f4e95 SOURCES/ansible-sshd-v0.14.1.tar.gz 88baab8db9cba232b8deb8c690dccf2d3ef77b31 SOURCES/auto-maintenance-2dd50c8a16af647e4c7a768c481335e97735958a.tar.gz b677782b53c4ffe790528b4b2c12f31b07523b4c SOURCES/certificate-1.1.0.tar.gz +e0d38d1d9b688476dc8523321f32a1a8d994970f SOURCES/community-general-3.6.0.tar.gz 1dea114d52dd032bde01a2a64a9b8233daeaa8dc SOURCES/crypto_policies-1.2.0.tar.gz -d3c6ec22b1e60ad3b53b07009ac54e946355aa75 SOURCES/ha_cluster-1.3.0.tar.gz -3e3e61b4a8fecc8fb649ab32a3751bd3a3930281 SOURCES/kdump-1.1.0.tar.gz +c10b2536aa764b47c7d8580003b8c7cae1209466 SOURCES/ha_cluster-1.3.1.tar.gz +f11ff27eae83718110ab58c907243d0930dcc498 SOURCES/kdump-1.1.1.tar.gz 90ea8d850a2c46988e4128df36c1254b787d2fb7 SOURCES/kernel_settings-1.1.0.tar.gz -61127d1b542bf7501ca16834c1716cb01883abfa SOURCES/logging-1.5.1.tar.gz +04b2d0cfe1ec88831ee7ffb3b0fb2b6045818c69 SOURCES/logging-1.6.0.tar.gz 170825f78241811a16095f795a93cc9144c39a98 SOURCES/metrics-1.3.1.tar.gz f3298859354c92921a3b68fa76f877d4596915d6 SOURCES/nbde_client-1.1.0.tar.gz a2c85f6a850285c8afb8635de0cbbb7eb2b46530 SOURCES/nbde_server-1.1.0.tar.gz -73207015b9e48cd2bdf86fab68f8f34e2181a94b SOURCES/network-1.4.0.tar.gz +f8e5d33d0f2cf3ea5febb34c019ab34468d5c9de SOURCES/network-c0f603808217f691f603d535becf7ff307790cac.tar.gz 8f10d7be6d7ea3d855cf5d22f32b5ba7bb8302be SOURCES/postfix-1.1.0.tar.gz -0f6894033fc2110eac6b81b5e6b4ca9ca0af6632 SOURCES/selinux-1.3.0.tar.gz -b5e0786216e22508435c13b4da7b6fcce4ad82fe SOURCES/ssh-1.1.0.tar.gz -5820c668d774e9a267011376138cca5a64fb23dd SOURCES/storage-1.6.1.tar.gz -7bf364246b52dd8df3de6b6c9bf4553410983439 SOURCES/timesync-1.6.0.tar.gz +d75a23e6d488a297016ff38b9b402f0357a4d56d SOURCES/selinux-1.3.2.tar.gz +03049a38fe3cb7356910db62b692b5cd58ed2a5e SOURCES/ssh-1.1.1.tar.gz +bc8533a5fb21d4b594535ba2a4498ef899cd75e1 SOURCES/storage-1.6.2.tar.gz +ef208ec219dcd11f5325717f33fe606bda1a5bd0 SOURCES/timesync-1.6.1.tar.gz ad38181af7223caa21b602e91d0feeb9085451e0 SOURCES/tlog-1.2.0.tar.gz -9f91e40a6657e262893f85158706934954bcbcb2 SOURCES/vpn-1.2.0.tar.gz +13d6b7168f13eebe890967e1221c633ea58840f4 SOURCES/vpn-1.2.1.tar.gz diff --git a/SPECS/linux-system-roles.spec b/SPECS/linux-system-roles.spec index 9cfb30d..805db49 100644 --- a/SPECS/linux-system-roles.spec +++ b/SPECS/linux-system-roles.spec @@ -21,11 +21,11 @@ Name: linux-system-roles %endif Url: https://github.com/linux-system-roles Summary: Set of interfaces for unified system management -Version: 1.8.3 +Version: 1.9.0 Release: 2%{?dist} #Group: Development/Libraries -License: GPLv3+ and MIT and BSD +License: GPLv3+ and MIT and BSD and Python %global installbase %{_datadir}/linux-system-roles %global _pkglicensedir %{_licensedir}/%{name} %global rolealtprefix linux-system-roles. @@ -113,23 +113,23 @@ BuildRequires: ansible >= 2.9.10 #%%defcommit 2 9fe6eb36772e83b53dcfb8ceb73608fd4f72eeda %global rolename2 selinux -%deftag 2 1.3.0 +%deftag 2 1.3.2 #%%defcommit 3 8db8f9ed9088432bac7abf68f1b284475a3baa38 %global rolename3 timesync -%deftag 3 1.6.0 +%deftag 3 1.6.1 #%%defcommit 4 02fc72b482e165472624b2f68eecd2ddce1d93b1 %global rolename4 kdump -%deftag 4 1.1.0 +%deftag 4 1.1.1 -#%%defcommit 5 b08a0b3748ee87aa3bdbcf1f0b7e41ef4971bbee +%defcommit 5 c0f603808217f691f603d535becf7ff307790cac %global rolename5 network -%deftag 5 1.4.0 +#%%deftag 5 1.4.0 #%%defcommit 6 b3b456183edb7b8aa6ceff7ce667d8e22009ef6a %global rolename6 storage -%deftag 6 1.6.1 +%deftag 6 1.6.2 #%%defcommit 7 0673d842fb32c437501e2aada2e38921da98e115 %global rolename7 metrics @@ -145,7 +145,7 @@ BuildRequires: ansible >= 2.9.10 #%%defcommit 10 20dd3e5520ca06dcccaa9b3f1fb428d055e0c23f %global rolename10 logging -%deftag 10 1.5.1 +%deftag 10 1.6.0 #%%defcommit 11 c57d0b1f3384c525738fa26ba4bdca485e162567 %global rolename11 nbde_server @@ -166,20 +166,20 @@ BuildRequires: ansible >= 2.9.10 %global forgeorg15 https://github.com/willshersystems %global repo15 ansible-sshd %global rolename15 sshd -%defcommit 15 1c5c48835e01adc176febf945e1fd36b7d9af7fd -#%%deftag 15 v0.13.1 +#%%defcommit 15 57c54e5268d9c09ab31b1357558cdcaa68116015 +%deftag 15 v0.14.1 #%%defcommit 16 59b9fd7b25607d8bd33bdb082748955f2652846a %global rolename16 ssh -%deftag 16 1.1.0 +%deftag 16 1.1.1 #%%defcommit 17 f901239cb91878719c9e7461760ef8d4789d626d %global rolename17 ha_cluster -%deftag 17 1.3.0 +%deftag 17 1.3.1 #%%defcommit 18 5f6cb73e6753fbdbb219b7d3079f0378b2d3bdb3 %global rolename18 vpn -%deftag 18 1.2.0 +%deftag 18 1.2.1 %global mainid 2dd50c8a16af647e4c7a768c481335e97735958a Source: %{url}/auto-maintenance/archive/%{mainid}/auto-maintenance-%{mainid}.tar.gz @@ -202,6 +202,15 @@ Source16: %{archiveurl16} Source17: %{archiveurl17} Source18: %{archiveurl18} +# Collection tarballs from Automation Hub +# Not used on Fedora. +Source801: ansible-posix-1.3.0.tar.gz +Source802: ansible-netcommon-2.4.0.tar.gz + +# Collection tarballs from Galaxy +# Not used on Fedora. +Source901: community-general-3.6.0.tar.gz + # Script to convert the collection README to Automation Hub. # Not used on Fedora. Source998: collection_readme.sh @@ -269,6 +278,18 @@ Collection artifact for %{name}. This package contains %{collection_namespace}-% %prep %setup -q -a1 -a2 -a3 -a4 -a5 -a6 -a7 -a8 -a9 -a10 -a11 -a12 -a13 -a14 -a15 -a16 -a17 -a18 -n %{getarchivedir 0} +for file in %_sourcedir/*.tar.gz; do + if [[ "$file" =~ %_sourcedir/([^-]+)-([^-]+)-(.+).tar.gz ]]; then + ns=${BASH_REMATCH[1]} + name=${BASH_REMATCH[2]} + ver=${BASH_REMATCH[3]} + mkdir -p .external/$ns/$name + pushd .external/$ns/$name > /dev/null + tar xfz "$file" + popd > /dev/null + fi +done + declare -A ROLESTODIR=(%{rolestodir}) for rolename in %{rolenames}; do dir_from_archive="${ROLESTODIR[${rolename}]}" @@ -301,6 +322,63 @@ sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" tests/*.yml exa sed -r -i -e "s/min_ansible_version: 2.8/min_ansible_version: 2.9/" meta/main.yml cd .. +%if 0%{?rhel} +# Unpack tar.gz to retrieve to be vendored modules and place them in the roles library. +# ansible.posix: +# - library: +# - Module selinux and seboolean for the selinux role +# - Module mount for the storage role +declare -A module_map=( ["selinux.py"]="selinux" ["seboolean.py"]="selinux" ["mount.py"]="storage" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + if [ ! -d $role/library ]; then + mkdir $role/library + fi + cp -pL .external/ansible/posix/plugins/modules/$module $role/library/$module + sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' -e "s/ansible_collections.ansible.posix.plugins.module_utils/ansible.module_utils.${role}_lsr/" $role/library/$module +done + +# ansible.posix: +# - module_utils: +# - Module_util mount for the storage role +module_map=( ["mount.py"]="storage" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + if [ ! -d $role/module_utils/${role}_lsr ]; then + mkdir -p $role/module_utils/${role}_lsr + fi + cp -pL .external/ansible/posix/plugins/module_utils/$module $role/module_utils/${role}_lsr/$module + sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module +done + +# ansible.netcommon: +# - filter_plugins: +# - Filter ipaddr for the vpn role +declare -A module_map=( ["ipaddr.py"]="vpn" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + if [ ! -d $role/filter_plugins ]; then + mkdir $role/filter_plugins + fi + cp -pL .external/ansible/netcommon/plugins/filter/$module $role/filter_plugins/$module + sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/filter_plugins/$module +done + +# community.general: +# - library: +# - Module seport, sefcontext and selogin for the selinux role rolename2 +module_map=( ["seport.py"]="selinux" ["sefcontext.py"]="selinux" ["selogin.py"]="selinux" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + if [ ! -d $role/library ]; then + mkdir $role/library + fi + cp -pL .external/community/general/plugins/modules/$module $role/library/$module + ls -alrtF $role/library/$module + sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module +done +%endif + # Replacing "linux-system-roles.rolename" with "rhel-system-roles.rolename" in each role %if "%{roleprefix}" != "linux-system-roles." for rolename in %{rolenames}; do @@ -357,6 +435,18 @@ for role in %{rolenames}; do --namespace %{collection_namespace} --collection %{collection_name} done +%if 0%{?rhel} +# Convert vendored plugins to FQCN for collection +# ansible.netcommon: +# - filter_plugins: +# - Filter ipaddr for the vpn role +declare -A module_map=( ["ipaddr"]="vpn" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + find .collections/ansible_collections/%{collection_namespace}/%{collection_name}/*/vpn \( -iname "*.yml" -o -iname "*.j2" \) -exec sed -i -e "s/\<$module\>/%{collection_namespace}.%{collection_name}.&/g" {} \; +done +%endif + # copy requirements.txt and bindep.txt from auto-maintenance/lsr_role2collection if [ -f lsr_role2collection/collection_requirements.txt ]; then cp lsr_role2collection/collection_requirements.txt \ @@ -623,6 +713,36 @@ fi %endif %changelog +* Tue Oct 26 2021 Sergei Petrosian - 1.9.0-2 +- Change the PFSL license to Python because this is how PFSL is reffered to in + rpminspect-data packages in Fedora, CentOS, and RHEL + Related: rhbz#2006076 + +* Mon Oct 11 2021 Sergei Petrosian - 1.9.0-1 +- Support ansible-core and improve roles: + - selinux: Add support for Rocky Linux 8, fix ansible_distribution_major_version + - timesync: Support ansible-core, use ansible_managed | comment + - kdump: Support ansible-core, use ansible_managed | comment + - network: Support ansible-core; deprecate RHEL 9 in readme; validate that ipv6_disabled is conflicting with other settings; specify PCI address to configure profile - adds match and path settings) + - storage: Support ansible-core, add skip checks feature to speed up the tests + - logging: Support ansible-core, add the `uid` option for elasticsearch, improve performance, use ansible_manged | comment + Resolves: rhbz#1990490 (EL9) + - ssh: Use ansible_manged | comment + - sshd: Use ansible_managed | comment + - ha_cluster: Support ansible-core, fix password_hash salt length + - vpn: Support ansible-core, use wait_for_connection instead of wait_for with ssh + - ansible_managed | comment BZs: + Resolves: rhbz#2006230 (EL9) + Resolves: rhbz#2006231 (EL8) + Resolves: rhbz#2006233 (EL7) +- untar the collection tarballs and copy the files +- Add vendoring code for rhel / centos + - selinux: selinux, seboolean, seport, selogin, sefcontext + - storage: mount + - vpn: ipaddr + Resolves: rhbz#2006076 (EL9) + Resolves: rhbz#2006081 (EL8) + * Thu Aug 26 2021 Rich Megginson - 1.8.3-2 - selinux - tag tests_selinux_disabled.yml with tests::avc Resolves rhbz#1996315 (EL9)