diff --git a/.gitignore b/.gitignore index b080a56..a2365e4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,23 +1,23 @@ SOURCES/ansible-posix-1.4.0.tar.gz SOURCES/ansible-sshd-9766d9097a87a130d4c8abde2247aaad5c925ecf.tar.gz -SOURCES/auto-maintenance-c22eff88d40972158cd5c413b7468b4e904cc76c.tar.gz +SOURCES/auto-maintenance-e3ac549bee05349d7ae033971448f861415ad608.tar.gz SOURCES/certificate-1.1.6.tar.gz SOURCES/cockpit-1.3.0.tar.gz -SOURCES/community-general-5.4.0.tar.gz +SOURCES/community-general-6.0.1.tar.gz SOURCES/crypto_policies-1.2.6.tar.gz SOURCES/firewall-1.4.0.tar.gz -SOURCES/ha_cluster-1.7.4.tar.gz +SOURCES/ha_cluster-1.8.1.tar.gz SOURCES/kdump-1.2.5.tar.gz SOURCES/kernel_settings-1.1.10.tar.gz SOURCES/logging-1.10.0.tar.gz SOURCES/metrics-1.7.3.tar.gz SOURCES/nbde_client-1.2.6.tar.gz SOURCES/nbde_server-1.1.5.tar.gz -SOURCES/network-1.9.1.tar.gz +SOURCES/network-1.10.1.tar.gz SOURCES/postfix-1.2.4.tar.gz SOURCES/selinux-1.4.0.tar.gz SOURCES/ssh-1.1.9.tar.gz SOURCES/storage-1.9.1.tar.gz SOURCES/timesync-1.6.9.tar.gz SOURCES/tlog-1.2.9.tar.gz -SOURCES/vpn-1.3.5.tar.gz +SOURCES/vpn-1.5.1.tar.gz diff --git a/.rhel-system-roles.metadata b/.rhel-system-roles.metadata index 9b1ba8a..4d95614 100644 --- a/.rhel-system-roles.metadata +++ b/.rhel-system-roles.metadata @@ -1,23 +1,23 @@ -bca451fd997be80be30f106e49f1bf550d2e609c SOURCES/ansible-posix-1.4.0.tar.gz +e699d31bfa020050818f133b7c65a49d2e459178 SOURCES/ansible-posix-1.4.0.tar.gz c47e62ecf6502d952378206626ba66e456a73513 SOURCES/ansible-sshd-9766d9097a87a130d4c8abde2247aaad5c925ecf.tar.gz -453a44d1259addc4f702ea79da7b810b420e21f1 SOURCES/auto-maintenance-c22eff88d40972158cd5c413b7468b4e904cc76c.tar.gz +d7aa4c69b339bf109227ea9c289b242a808ca0f5 SOURCES/auto-maintenance-e3ac549bee05349d7ae033971448f861415ad608.tar.gz 25e2045c8fc9d6455d7c5b0c7d32d4976ebc5178 SOURCES/certificate-1.1.6.tar.gz 77b34cce8b416fec3a50900b47cbe6b8216e3036 SOURCES/cockpit-1.3.0.tar.gz -58f117fafe36a19425b3a9bc0ba69f33e5fa81ee SOURCES/community-general-5.4.0.tar.gz +ae6b2ada54e20e0400ed9e5e2d5fae8227303184 SOURCES/community-general-6.0.1.tar.gz 56bc0763e0b549c3499a80e95d0953ee6769136a SOURCES/crypto_policies-1.2.6.tar.gz 4ee58deb2a514edd81dbcc56508be4ca9fd49089 SOURCES/firewall-1.4.0.tar.gz -6ac7fbfa996fd4425415601d28e5b7b0790682ae SOURCES/ha_cluster-1.7.4.tar.gz +65eb89785d3c02e93c860f3e73a5dd5835ac9840 SOURCES/ha_cluster-1.8.1.tar.gz 6ae0614d51db00957943fad6967674c0de88862c SOURCES/kdump-1.2.5.tar.gz 17f28f701d7842499b232a7b28daae5f51ea631b SOURCES/kernel_settings-1.1.10.tar.gz 042ba1183db4d36742a21c92111d68415c7c951a SOURCES/logging-1.10.0.tar.gz 4ebbf457b9f0d767d19b7ef322b848e5e4da50ef SOURCES/metrics-1.7.3.tar.gz 80baf489aea9052ad11c84df7a6adfca75ce7a7b SOURCES/nbde_client-1.2.6.tar.gz 2e2ad1b455da8c0a198524a08ffe16f2c954f131 SOURCES/nbde_server-1.1.5.tar.gz -cb01d5d59afdf4f514de5fda2220ea8271ecb699 SOURCES/network-1.9.1.tar.gz +c3f012d86202d0f59d766d04c92ed4f82807ea1c SOURCES/network-1.10.1.tar.gz 4a31ac4e7d4de65c2a74cfc6f3c4ff852d5a578c SOURCES/postfix-1.2.4.tar.gz a54aee1fa1b0ee023e4168d0abe880ad6ea64dcb SOURCES/selinux-1.4.0.tar.gz fcdbd369bcc41df028f842e49ebff28370d3adb4 SOURCES/ssh-1.1.9.tar.gz 10b9bf8f3b16fc99d6070af6dbf82f9f889a8ff6 SOURCES/storage-1.9.1.tar.gz c0af2701a0f8db1d721bf6df4ba257888be0fe87 SOURCES/timesync-1.6.9.tar.gz 53fd0059c1da4c42228a9c0df592a96cd5a5060f SOURCES/tlog-1.2.9.tar.gz -ec3e9a88af360861ea3ef4be92fbb6776690272d SOURCES/vpn-1.3.5.tar.gz +ad0fdbb87a8ef445aaf9d749d0df20f788775c7c SOURCES/vpn-1.5.1.tar.gz diff --git a/SOURCES/0001-ssh-Add-final-version-of-the-option-RequiredRSASize-53.patch b/SOURCES/0001-ssh-Add-final-version-of-the-option-RequiredRSASize-53.patch deleted file mode 100644 index b8b9941..0000000 --- a/SOURCES/0001-ssh-Add-final-version-of-the-option-RequiredRSASize-53.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 1bda31d2d07ed9042b09b0596904dd4f317d8f48 Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Mon, 26 Sep 2022 20:20:47 +0200 -Subject: [PATCH] Add final version of the option RequiredRSASize (#53) - -* Update source template to match generated template - -* Add final name of the RequiredRSASize parameter - -keeping the old version for backward compatibility. - -Upstream commit: -https://github.com/openssh/openssh-portable/commit/54b333d1 ---- - .dev-tools/10_top.j2 | 4 ++-- - .dev-tools/options_body | 1 + - templates/ssh_config.j2 | 3 +++ - 3 files changed, 6 insertions(+), 2 deletions(-) - -diff --git a/.dev-tools/10_top.j2 b/.dev-tools/10_top.j2 -index 99704bd..8411de8 100644 ---- a/.dev-tools/10_top.j2 -+++ b/.dev-tools/10_top.j2 -@@ -7,10 +7,10 @@ - {% elif value is sameas false %} - {{ key }} no - {% elif value is string or value is number %} --{{ key }} {{ value }} -+{{ key }} {{ value | string }} - {% else %} - {% for i in value %} --{{ key }} {{ i }} -+{{ key }} {{ i | string }} - {% endfor %} - {% endif %} - {% endif %} -diff --git a/.dev-tools/options_body b/.dev-tools/options_body -index 176879d..8cc382f 100644 ---- a/.dev-tools/options_body -+++ b/.dev-tools/options_body -@@ -84,6 +84,7 @@ RekeyLimit - RemoteCommand - RemoteForward - RequestTTY -+RequiredRSASize - RevokedHostKeys - RhostsRSAAuthentication - RSAAuthentication -diff --git a/templates/ssh_config.j2 b/templates/ssh_config.j2 -index fab57de..7f277c7 100644 ---- a/templates/ssh_config.j2 -+++ b/templates/ssh_config.j2 -@@ -119,6 +119,7 @@ Match {{ match["Condition"] }} - {{ render_option("RemoteCommand",match["RemoteCommand"],true) -}} - {{ render_option("RemoteForward",match["RemoteForward"],true) -}} - {{ render_option("RequestTTY",match["RequestTTY"],true) -}} -+{{ render_option("RequiredRSASize",match["RequiredRSASize"],true) -}} - {{ render_option("RevokedHostKeys",match["RevokedHostKeys"],true) -}} - {{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}} - {{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}} -@@ -240,6 +241,7 @@ Host {{ host["Condition"] }} - {{ render_option("RemoteCommand",host["RemoteCommand"],true) -}} - {{ render_option("RemoteForward",host["RemoteForward"],true) -}} - {{ render_option("RequestTTY",host["RequestTTY"],true) -}} -+{{ render_option("RequiredRSASize",host["RequiredRSASize"],true) -}} - {{ render_option("RevokedHostKeys",host["RevokedHostKeys"],true) -}} - {{ render_option("RhostsRSAAuthentication",host["RhostsRSAAuthentication"],true) -}} - {{ render_option("RSAAuthentication",host["RSAAuthentication"],true) -}} -@@ -354,6 +356,7 @@ Host {{ host["Condition"] }} - {{ body_option("RemoteCommand",ssh_RemoteCommand) -}} - {{ body_option("RemoteForward",ssh_RemoteForward) -}} - {{ body_option("RequestTTY",ssh_RequestTTY) -}} -+{{ body_option("RequiredRSASize",ssh_RequiredRSASize) -}} - {{ body_option("RevokedHostKeys",ssh_RevokedHostKeys) -}} - {{ body_option("RhostsRSAAuthentication",ssh_RhostsRSAAuthentication) -}} - {{ body_option("RSAAuthentication",ssh_RSAAuthentication) -}} --- -2.37.3 - diff --git a/SOURCES/0001-sshd-Add-final-version-of-RequiredRSASize.patch b/SOURCES/0001-sshd-Add-final-version-of-RequiredRSASize.patch deleted file mode 100644 index e1072c2..0000000 --- a/SOURCES/0001-sshd-Add-final-version-of-RequiredRSASize.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 1408f489240dca04f086e4b32b253313eea28ea8 Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Mon, 26 Sep 2022 15:26:12 +0200 -Subject: [PATCH] Add final version of RequiredRSASize - -Keep the old version for backward compatibility - -Upstream commit: -https://github.com/openssh/openssh-portable/commit/1875042c ---- - meta/options_body | 1 + - meta/options_match | 1 + - templates/sshd_config.j2 | 2 ++ - templates/sshd_config_snippet.j2 | 2 ++ - 4 files changed, 6 insertions(+) - -diff --git a/meta/options_body b/meta/options_body -index 8681269..23a00f4 100644 ---- a/meta/options_body -+++ b/meta/options_body -@@ -89,6 +89,7 @@ PubkeyAuthentication - RSAAuthentication - RSAMinSize - RekeyLimit -+RequiredRSASize - RevokedKeys - RDomain - RhostsRSAAuthentication -diff --git a/meta/options_match b/meta/options_match -index 6ef9214..5ec1413 100644 ---- a/meta/options_match -+++ b/meta/options_match -@@ -47,6 +47,7 @@ PubkeyAuthentication - RDomain - RekeyLimit - RevokedKeys -+RequiredRSASize - RhostsRSAAuthentication - RSAAuthentication - RSAMinSize -diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2 -index 2899f0a..a3b2465 100644 ---- a/templates/sshd_config.j2 -+++ b/templates/sshd_config.j2 -@@ -89,6 +89,7 @@ Match {{ match["Condition"] }} - {{ render_option("RDomain",match["RDomain"],true) -}} - {{ render_option("RekeyLimit",match["RekeyLimit"],true) -}} - {{ render_option("RevokedKeys",match["RevokedKeys"],true) -}} -+{{ render_option("RequiredRSASize",match["RequiredRSASize"],true) -}} - {{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}} - {{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}} - {{ render_option("RSAMinSize",match["RSAMinSize"],true) -}} -@@ -203,6 +204,7 @@ Match {{ match["Condition"] }} - {{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}} - {{ body_option("RSAMinSize",sshd_RSAMinSize) -}} - {{ body_option("RekeyLimit",sshd_RekeyLimit) -}} -+{{ body_option("RequiredRSASize",sshd_RequiredRSASize) -}} - {{ body_option("RevokedKeys",sshd_RevokedKeys) -}} - {{ body_option("RDomain",sshd_RDomain) -}} - {{ body_option("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) -}} -diff --git a/templates/sshd_config_snippet.j2 b/templates/sshd_config_snippet.j2 -index 0ece8ed..a12cb3b 100644 ---- a/templates/sshd_config_snippet.j2 -+++ b/templates/sshd_config_snippet.j2 -@@ -88,6 +88,7 @@ Match {{ match["Condition"] }} - {{ render_option("RDomain",match["RDomain"],true) -}} - {{ render_option("RekeyLimit",match["RekeyLimit"],true) -}} - {{ render_option("RevokedKeys",match["RevokedKeys"],true) -}} -+{{ render_option("RequiredRSASize",match["RequiredRSASize"],true) -}} - {{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}} - {{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}} - {{ render_option("RSAMinSize",match["RSAMinSize"],true) -}} -@@ -202,6 +203,7 @@ Match {{ match["Condition"] }} - {{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}} - {{ body_option("RSAMinSize",sshd_RSAMinSize) -}} - {{ body_option("RekeyLimit",sshd_RekeyLimit) -}} -+{{ body_option("RequiredRSASize",sshd_RequiredRSASize) -}} - {{ body_option("RevokedKeys",sshd_RevokedKeys) -}} - {{ body_option("RDomain",sshd_RDomain) -}} - {{ body_option("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) -}} --- -2.37.3 - diff --git a/SOURCES/CHANGELOG.md b/SOURCES/CHANGELOG.md index 0530187..8d0cd2c 100644 --- a/SOURCES/CHANGELOG.md +++ b/SOURCES/CHANGELOG.md @@ -1,11 +1,14 @@ Changelog ========= -[1.20.1] - 2022-09-27 + +[1.21.0-0.2.network] - 2022-11-15 ---------------------------- ### New Features -- [ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles](https://bugzilla.redhat.com/show_bug.cgi?id=2129875) +- [network - [RFE] Support setting the metric of the default route for initscripts provider](https://bugzilla.redhat.com/show_bug.cgi?id=2134201) +- [network - [RFE] Support the DNS priority](https://bugzilla.redhat.com/show_bug.cgi?id=2133856) +- [network - Support looking up named route table in routing rule](https://bugzilla.redhat.com/show_bug.cgi?id=2129620) ### Bug Fixes diff --git a/SOURCES/CHANGELOG.rst b/SOURCES/CHANGELOG.rst new file mode 100644 index 0000000..cf9ac93 --- /dev/null +++ b/SOURCES/CHANGELOG.rst @@ -0,0 +1 @@ +See docs/CHANGELOG.md diff --git a/SPECS/rhel-system-roles.spec b/SPECS/rhel-system-roles.spec index 28cc510..4ebb721 100644 --- a/SPECS/rhel-system-roles.spec +++ b/SPECS/rhel-system-roles.spec @@ -3,14 +3,13 @@ # ansible-core as a build_dep on RHEL8 %if 0%{?fedora} || 0%{?rhel} >= 9 %bcond_without ansible -%global ansible_build_dep ansible-core >= 2.11.0 +%if 0%{?fedora} +BuildRequires: ansible-packaging %else -%if 0%{?rhel} && ! 0%{?epel} -%bcond_with ansible -%else -%bcond_without ansible -%global ansible_build_dep ansible >= 2.9.10 +BuildRequires: ansible-core >= 2.11.0 %endif +%else +%bcond_with ansible %endif %bcond_with collection_artifact @@ -30,23 +29,12 @@ Name: linux-system-roles %endif Url: https://github.com/linux-system-roles Summary: Set of interfaces for unified system management -Version: 1.20.1 -Release: 1%{?dist} +Version: 1.21.0 +Release: 0.2.network%{?dist} -#Group: Development/Libraries License: GPLv3+ and MIT and BSD and Python -%global installbase %{_datadir}/linux-system-roles %global _pkglicensedir %{_licensedir}/%{name} -%global rolealtprefix linux-system-roles. -%global roleprefix %{name}. -%global roleinstprefix %{nil} -%global rolealtrelpath ../../linux-system-roles/ -%if 0%{?rhel} -%global roleinstprefix %{roleprefix} -%global installbase %{_datadir}/ansible/roles -%global rolealtrelpath %{nil} -%endif - +%global roleinstprefix %{name}. %if 0%{?rhel} %global collection_namespace redhat %global collection_name rhel_system_roles @@ -58,19 +46,25 @@ License: GPLv3+ and MIT and BSD and Python %global collection_version %{version} # Helper macros originally from macros.ansible by Igor Raits -# Not available on RHEL, so we must define those macros locally here without using ansible-galaxy - +# On RHEL, not available, so we must define those macros locally +# On Fedora, provided by ansible-packager # Not used (yet). Could be made to point to AH in RHEL - but what about CentOS Stream? #%%{!?ansible_collection_url:%%define ansible_collection_url() https://galaxy.ansible.com/%%{collection_namespace}/%%{collection_name}} - -%if 0%{?fedora} || 0%{?rhel} >= 8 -%{!?ansible_collection_files:%define ansible_collection_files %{_datadir}/ansible/collections/ansible_collections/%{collection_namespace}/} +%if 0%{?rhel} +Provides: ansible-collection(%{collection_namespace}.%{collection_name}) = %{collection_version} +%global ansible_collection_files %{_datadir}/ansible/collections/ansible_collections/%{collection_namespace}/ +%define ansible_roles_dir %{_datadir}/ansible/roles +%if %{without ansible} +# Untar and copy everything instead of galaxy-installing the built artifact when ansible is not available +%define ansible_collection_build() tar -cf %{_tmppath}/%{collection_namespace}-%{collection_name}-%{version}.tar.gz . +%define ansible_collection_install() mkdir -p %{buildroot}%{ansible_collection_files}%{collection_name}; (cd %{buildroot}%{ansible_collection_files}%{collection_name}; tar -xf %{_tmppath}/%{collection_namespace}-%{collection_name}-%{version}.tar.gz) %else -# Define undefined macro using "!?ansible_collection_files:..." does not work for rhel-7 -%if %{?ansible_collection_files:0}%{!?ansible_collection_files:1} -%define ansible_collection_files %{_datadir}/ansible/collections/ansible_collections/%{collection_namespace}/ +%define ansible_collection_build() ansible-galaxy collection build +%define ansible_collection_install() ansible-galaxy collection install -n -p %{buildroot}%{_datadir}/ansible/collections %{collection_namespace}-%{collection_name}-%{version}.tar.gz %endif %endif +# be compatible with the usual Fedora Provides: +Provides: ansible-collection-%{collection_namespace}-%{collection_name} = %{collection_version}-%{release} # ansible-core is in rhel 8.6 and later - default to ansible-core, but allow # the use of ansible if present - we may revisit this if the automatic dependency @@ -83,18 +77,6 @@ License: GPLv3+ and MIT and BSD and Python Requires: (ansible-core >= 2.11.0 or ansible >= 2.9.0) %endif -%if %{with ansible} -BuildRequires: %{ansible_build_dep} -%endif - -%if %{without ansible} -# We don't have ansible-galaxy. -# Simply copy everything instead of galaxy-installing the built artifact. -%define ansible_collection_build_install() tar -cf %{_tmppath}/%{collection_namespace}-%{collection_name}-%{version}.tar.gz .; mkdir -p %{buildroot}%{ansible_collection_files}%{collection_name}; (cd %{buildroot}%{ansible_collection_files}%{collection_name}; tar -xf %{_tmppath}/%{collection_namespace}-%{collection_name}-%{version}.tar.gz) -%else -%define ansible_collection_build_install() ansible-galaxy collection build; ansible-galaxy collection install -n -p %{buildroot}%{_datadir}/ansible/collections %{collection_namespace}-%{collection_name}-%{version}.tar.gz -%endif - # For each role, call either defcommit() or deftag(). The other macros # (%%id and %%shortid) can be then used in the same way in both cases. # This way the rest of the spec file des not need to know whether we are @@ -143,7 +125,7 @@ BuildRequires: %{ansible_build_dep} #%%defcommit 5 a74092634adfe45f76cf761138abab1811692b4b %global rolename5 network -%deftag 5 1.9.1 +%deftag 5 1.10.1 #%%defcommit 6 50d2b8ccc98a8f4cb9d1d550d21adc227181e9fa %global rolename6 storage @@ -193,11 +175,11 @@ BuildRequires: %{ansible_build_dep} #%%defcommit 17 f901239cb91878719c9e7461760ef8d4789d626d %global rolename17 ha_cluster -%deftag 17 1.7.4 +%deftag 17 1.8.1 #%%defcommit 18 5f6cb73e6753fbdbb219b7d3079f0378b2d3bdb3 %global rolename18 vpn -%deftag 18 1.3.5 +%deftag 18 1.5.1 %global rolename19 firewall %deftag 19 1.4.0 @@ -205,7 +187,7 @@ BuildRequires: %{ansible_build_dep} %global rolename20 cockpit %deftag 20 1.3.0 -%global mainid c22eff88d40972158cd5c413b7468b4e904cc76c +%global mainid e3ac549bee05349d7ae033971448f861415ad608 Source: %{url}/auto-maintenance/archive/%{mainid}/auto-maintenance-%{mainid}.tar.gz Source1: %{archiveurl1} Source2: %{archiveurl2} @@ -228,31 +210,30 @@ Source18: %{archiveurl18} Source19: %{archiveurl19} Source20: %{archiveurl20} -# Collection tarballs from Automation Hub -# Not used on Fedora. -Source801: ansible-posix-1.4.0.tar.gz - -# Collection tarballs from Galaxy -# Not used on Fedora. -Source901: community-general-5.4.0.tar.gz +# Not conditionalizing sources per FPC: +# https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/#_do_not_conditionalize_sources +# Collections to vendor on RHEL only, Fedora has these available from RPMs +Source801: https://galaxy.ansible.com/download/ansible-posix-1.4.0.tar.gz +Source901: https://galaxy.ansible.com/download/community-general-6.0.1.tar.gz +#Source902: https://galaxy.ansible.com/download/containers-podman-1.9.4.tar.gz +%if 0%{?rhel} +Provides: bundled(ansible-collection(ansible.posix)) = 1.4.0 +Provides: bundled(ansible-collection(community.general)) = 6.0.1 +#Provides: bundled(ansible-collection(containers.podman)) = 1.9.4 +%endif -# changelog is auto generated on Fedora -Source996: CHANGELOG.md +# RHEL only, changelog is auto generated on Fedora +Source995: CHANGELOG.md +Source996: CHANGELOG.rst -# Script to convert spec %changelog into collection CHANGELOG.md -# only used on Fedora +# Fedora only, script to convert spec %%changelog into collection CHANGELOG.md Source997: spec-to-changelog-md.sh -# Script to convert the collection README to Automation Hub. -# Not used on Fedora. +# RHEL only, script to convert the collection README from Galaxy to Automation Hub Source998: collection_readme.sh Patch51: network-disable-bondtests.diff -Patch1501: 0001-sshd-Add-final-version-of-RequiredRSASize.patch - -Patch1601: 0001-ssh-Add-final-version-of-the-option-RequiredRSASize-53.patch - BuildArch: noarch %if %{with html} @@ -268,22 +249,9 @@ BuildRequires: highlight # Requirements for galaxy_transform.py BuildRequires: python3 -%if 0%{?fedora} || 0%{?rhel} >= 8 -BuildRequires: %{py3_dist ruamel.yaml} -%else -BuildRequires: python3-ruamel-yaml -%endif - -Obsoletes: rhel-system-roles-techpreview < 1.0-3 - -%if %{undefined __ansible_provides} -Provides: ansible-collection(%{collection_namespace}.%{collection_name}) = %{collection_version} -%endif -# be compatible with the usual Fedora Provides: -Provides: ansible-collection-%{collection_namespace}-%{collection_name} = %{version}-%{release} +BuildRequires: python%{python3_pkgversion}-ruamel-yaml -# We need to put %%description within the if block to avoid empty -# lines showing up. +# We must put %%description within the if block to avoid empty lines showing up. %if 0%{?rhel} %description Collection of Ansible roles and modules that provide a stable and @@ -304,11 +272,30 @@ Summary: Collection artifact to import to Automation Hub / Ansible Galaxy Collection artifact for %{name}. This package contains %{collection_namespace}-%{collection_name}-%{version}.tar.gz %endif +# Fix issue with package update introduce with changing symlink to directory +# in 1.21.1-5 +%pretrans -p +roles = { + "certificate", "cockpit", "crypto_policies", "firewall", "ha_cluster", + "kdump", "kernel_settings", "logging", "metrics", "nbde_client", + "nbde_server", "network", "postfix", "selinux", "ssh", "sshd", "storage", + "timesync", "tlog", "vpn" +} +for i,v in ipairs(roles) do + path = "/usr/share/ansible/roles/linux-system-roles." .. v + st = posix.stat(path) + if st and st.type == "link" then + os.remove(path) + end +end + %prep %setup -q -a1 -a2 -a3 -a4 -a5 -a6 -a7 -a8 -a9 -a10 -a11 -a12 -a13 -a14 -a15 -a16 -a17 -a18 -a19 -a20 -n %{getarchivedir 0} -for file in %_sourcedir/*.tar.gz; do - if [[ "$file" =~ %_sourcedir/([^-]+)-([^-]+)-(.+).tar.gz ]]; then +%if 0%{?rhel} +# Untar vendored collection tarballs to corresponding directories +for file in %{SOURCE801} %{SOURCE901}; do + if [[ "$(basename $file)" =~ ([^-]+)-([^-]+)-(.+).tar.gz ]]; then ns=${BASH_REMATCH[1]} name=${BASH_REMATCH[2]} ver=${BASH_REMATCH[3]} @@ -318,6 +305,7 @@ for file in %_sourcedir/*.tar.gz; do popd > /dev/null fi done +%endif declare -A ROLESTODIR=(%{rolestodir}) for rolename in %{rolenames}; do @@ -344,6 +332,7 @@ cd ../.. cd %{rolename5} %patch51 -p1 cd .. + cd %{rolename15} find -P tests examples -name \*.yml | while read file; do sed -r -i -e "s/ansible-sshd/linux-system-roles.sshd/" \ @@ -366,14 +355,6 @@ if [ "$rolesdir" != "$realrolesdir" ]; then fi cd .. -cd %{rolename15} -%patch1501 -p1 -cd .. - -cd %{rolename16} -%patch1601 -p1 -cd .. - %if 0%{?rhel} # Unpack tar.gz to retrieve to be vendored modules and place them in the roles library. # ansible.posix: @@ -400,7 +381,6 @@ for module in "${!module_map[@]}"; do mkdir -p $role/module_utils/${role}_lsr fi cp -pL .external/ansible/posix/plugins/module_utils/$module $role/module_utils/${role}_lsr/$module - sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module done # community.general: @@ -425,13 +405,21 @@ for module in "${!module_map[@]}"; do ls -alrtF $role/library/$module sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module done -%endif + +# remove the temporary .external directory after vendoring +rm -rf .external # Replacing "linux-system-roles.rolename" with "rhel-system-roles.rolename" in each role -%if "%{roleprefix}" != "linux-system-roles." +# Replacing "fedora.linux_system_roles." with "redhat.rhel_system_roles" in each role +# This is for the "roles calling other roles" case +# for podman, change the FQCN - using a non-FQCN module name doesn't seem to work, +# even for the legacy role format for rolename in %{rolenames}; do find $rolename -type f -exec \ - sed "s/linux-system-roles[.]${rolename}\\>/%{roleprefix}${rolename}/g" -i {} \; + sed -e "s/linux-system-roles[.]${rolename}\\>/%{roleinstprefix}${rolename}/g" \ + -e "s/fedora[.]linux_system_roles[.]/%{collection_namespace}.%{collection_name}./g" \ + -e "s/containers[.]podman[.]/%{collection_namespace}.%{collection_name}./g" \ + -i {} \; done %endif @@ -494,13 +482,20 @@ for role in %{rolenames}; do includes="$includes --include $role" %if 0%{?rhel} # we vendor-in all of the dependencies on rhel, so remove them - rm -f "$role/meta/requirements.yml" "$role/meta/collection-requirements.yml" + rm -f "$role/meta/requirements.yml" "$role/meta/collection-requirements.yml" \ + "$role/tests/collection-requirements.yml" %endif done -LANG=en_US.utf-8 LC_ALL=en_US.utf-8 python3 release_collection.py --galaxy-yml galaxy.yml \ +# do not process changelogs on RHEL +%if 0%{?rhel} +extra_mapping="--extra-mapping fedora.linux_system_roles:%{collection_namespace}.%{collection_name}" +%else +extra_mapping="" +%endif +LANG=C.utf-8 LC_ALL=C.utf-8 python3 release_collection.py --galaxy-yml galaxy.yml \ --src-path $(pwd) --dest-path $(pwd)/.collections $includes --force --no-update \ - --src-owner %{name} --skip-git --skip-check --debug + --src-owner %{name} --skip-git --skip-check --skip-changelog $extra_mapping --debug # Remove table of contents from logging README.md # It is not needed for html and AH/Galaxy @@ -517,50 +512,58 @@ for role in %{rolenames}; do done %if 0%{?rhel} -cp %{SOURCE996} \ +cp %{SOURCE995} \ .collections/ansible_collections/%{collection_namespace}/%{collection_name}/docs/CHANGELOG.md +cp %{SOURCE996} \ + .collections/ansible_collections/%{collection_namespace}/%{collection_name}/CHANGELOG.rst %else # Build the collection CHANGELOG.md %{SOURCE997} %{_specdir}/%{name}.spec \ .collections/ansible_collections/%{collection_namespace}/%{collection_name}/docs/CHANGELOG.md %endif +# Build the collection +pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/ +%ansible_collection_build +popd + %install -mkdir -p $RPM_BUILD_ROOT%{installbase} -mkdir -p $RPM_BUILD_ROOT%{_datadir}/ansible/roles +mkdir -p %{buildroot}%{ansible_roles_dir} for role in %{rolenames}; do - cp -pR "$role" "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role" + cp -pR "$role" "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role" done -%if 0%{?rolealtprefix:1} +%if 0%{?rhel} +# Create symlinks for roles in /usr/share/ansible/roles/linux-system-roles.$rolename +# That's required to make roles work with upstream naming too for role in %{rolenames}; do - ln -s "%{rolealtrelpath}%{roleinstprefix}$role" "$RPM_BUILD_ROOT%{_datadir}/ansible/roles/%{rolealtprefix}$role" + ln -s "%{name}.$role" "%{buildroot}%{ansible_roles_dir}/linux-system-roles.$role" done %endif -mkdir -p $RPM_BUILD_ROOT%{_pkglicensedir} -rm $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}network/examples/roles +mkdir -p %{buildroot}%{_pkglicensedir} +rm %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}network/examples/roles for role in %{rolenames}; do - mkdir -p "$RPM_BUILD_ROOT%{_pkgdocdir}/$role" - cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/CHANGELOG.md" \ - "$RPM_BUILD_ROOT%{_pkgdocdir}/$role" - cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/README.md" \ - "$RPM_BUILD_ROOT%{_pkgdocdir}/$role" + mkdir -p "%{buildroot}%{_pkgdocdir}/$role" + ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/CHANGELOG.md" \ + "%{buildroot}%{_pkgdocdir}/$role" + ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.md" \ + "%{buildroot}%{_pkgdocdir}/$role" %if %{with html} - cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/README.html" \ - "$RPM_BUILD_ROOT%{_pkgdocdir}/$role" + ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.html" \ + "%{buildroot}%{_pkgdocdir}/$role" %endif - if [ -f "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/COPYING" ]; then - cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/COPYING" \ - "$RPM_BUILD_ROOT%{_pkglicensedir}/$role.COPYING" + if [ -f "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" ]; then + ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" \ + "%{buildroot}%{_pkglicensedir}/$role.COPYING" fi - if [ -f "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/LICENSE" ]; then - cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/LICENSE" \ - "$RPM_BUILD_ROOT%{_pkglicensedir}/$role.LICENSE" + if [ -f "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/LICENSE" ]; then + ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/LICENSE" \ + "%{buildroot}%{_pkglicensedir}/$role.LICENSE" fi - if [ -d "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples" ]; then - for file in "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples/"*.yml ; do + if [ -d "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples" ]; then + for file in "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples/"*.yml ; do basename=$(basename "$file" .yml) newname="$basename" if [[ "$newname" != example-* ]]; then @@ -569,57 +572,58 @@ for role in %{rolenames}; do if [[ "$newname" != *-playbook ]]; then newname="${newname}-playbook" fi - cp "$file" "$RPM_BUILD_ROOT%{_pkgdocdir}/$role/${newname}.yml" + cp "$file" "%{buildroot}%{_pkgdocdir}/$role/${newname}.yml" rm "$file" done - if [ -f "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples/inventory" ]; then - cp "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples/inventory" \ - "$RPM_BUILD_ROOT%{_pkgdocdir}/$role/example-inventory" - rm "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples/inventory" + if [ -f "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples/inventory" ]; then + cp "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples/inventory" \ + "%{buildroot}%{_pkgdocdir}/$role/example-inventory" + rm "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples/inventory" fi # special case for network # this will error if the directory is unexpectedly empty - rmdir "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples" + rmdir "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples" fi done -rm $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}*/semaphore -rm -r $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}*/molecule +rm %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/semaphore +rm -r %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/molecule -rm -r $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}*/.[A-Za-z]* -rm $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}*/tests/.git* +rm -r %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/.[A-Za-z]* +rm %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/tests/.git* # NOTE: sshd/examples/example-root-login.yml is # referenced in the configuring-openssh-servers-using-the-sshd-system-role documentation module # must be updated if changing the file path +# Install the collection pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/ -%ansible_collection_build_install +%ansible_collection_install popd -mkdir -p $RPM_BUILD_ROOT%{_pkgdocdir}/collection -mkdir -p $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles +mkdir -p %{buildroot}%{_pkgdocdir}/collection +mkdir -p %{buildroot}%{_pkgdocdir}/collection/roles -cp -p %{buildroot}%{ansible_collection_files}%{collection_name}/README.md \ - $RPM_BUILD_ROOT%{_pkgdocdir}/collection +ln -sr %{buildroot}%{ansible_collection_files}%{collection_name}/README.md \ + %{buildroot}%{_pkgdocdir}/collection for rolename in %{rolenames}; do for file in CHANGELOG.md README.md; do if [ -f %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file ]; then - if [ ! -d $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${rolename} ]; then - mkdir -p $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${rolename} + if [ ! -d %{buildroot}%{_pkgdocdir}/collection/roles/${rolename} ]; then + mkdir -p %{buildroot}%{_pkgdocdir}/collection/roles/${rolename} fi - cp -p %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file \ - $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${rolename} + ln -sr %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file \ + %{buildroot}%{_pkgdocdir}/collection/roles/${rolename} fi done done %if %{with html} -# converting README.md to README.html for collection in $RPM_BUILD_ROOT%{_pkgdocdir}/collection -readmes="$RPM_BUILD_ROOT%{_pkgdocdir}/collection/README.md" +# converting README.md to README.html for collection in %%{buildroot}%%{_pkgdocdir}/collection +readmes="%{buildroot}%{_pkgdocdir}/collection/README.md" for role in %{rolenames}; do - readmes="${readmes} $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${role}/README.md" + readmes="${readmes} %{buildroot}%{_pkgdocdir}/collection/roles/${role}/README.md" done sh md2html.sh $readmes %endif @@ -627,21 +631,21 @@ sh md2html.sh $readmes %if %{with collection_artifact} # Copy collection artifact to /usr/share/ansible/collections/ for collection-artifact pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/ -if [ -f %{collection_namespace}-%{collection_name}-%{version}.tar.gz ]; then mv %{collection_namespace}-%{collection_name}-%{version}.tar.gz \ - $RPM_BUILD_ROOT%{_datadir}/ansible/collections/ -fi + %{buildroot}%{_datadir}/ansible/collections/ popd %endif -# generate the %files section in the file files_section.txt +# Generate the %%files section in files_section.txt +# Bulk files inclusion is not possible because roles store doc and licence +# files together with other files format_item_for_files() { # $1 is directory or file name in buildroot - # $2 - if true, and item is a directory, use %dir + # $2 - if true, and item is a directory, use %%dir local item local files_item - item="$1" - files_item=${item##"%{buildroot}"} + item="$1" # full path including buildroot + files_item=${item##"%{buildroot}"} # path with cut buildroot to be added to %%files if [ -L "$item" ]; then echo "$files_item" elif [ -d "$item" ]; then @@ -654,14 +658,14 @@ format_item_for_files() { fi elif [[ "$item" == */README.md ]] || [[ "$item" == */README.html ]] || [[ "$item" == */CHANGELOG.md ]]; then if [[ "$item" == */private_* ]]; then - # mark as regular file, not %doc + # mark as regular file, not %%doc echo "$files_item" else echo "%doc $files_item" fi - elif [[ "$item" != */COPYING* ]] && [[ "$item" != */LICENSE* ]]; then - # Avoid dynamically using the license macro since the license macro - # is replaced with the value of License directive in the older rpmbuild. + elif [[ "$item" == */COPYING* ]] || [[ "$item" == */LICENSE* ]]; then + echo "%""%""license" "$files_item" + else echo "$files_item" fi } @@ -669,15 +673,7 @@ format_item_for_files() { files_section=files_section.txt rm -f $files_section touch $files_section -%if %{without ansible} -echo '%dir %{_datadir}/ansible' >> $files_section -echo '%dir %{_datadir}/ansible/roles' >> $files_section -%endif -%if "%{installbase}" != "%{_datadir}/ansible/roles" -echo '%dir %{installbase}' >> $files_section -%endif -echo '%dir %{ansible_collection_files}' >> $files_section -echo '%dir %{ansible_collection_files}%{collection_name}' >> $files_section +# Dynamically generate files section entries for %%{ansible_collection_files} find %{buildroot}%{ansible_collection_files}%{collection_name} -mindepth 1 -maxdepth 1 | \ while read item; do if [[ "$item" == */roles ]]; then @@ -693,7 +689,8 @@ find %{buildroot}%{ansible_collection_files}%{collection_name} -mindepth 1 -maxd fi done -find %{buildroot}%{installbase} -mindepth 1 -maxdepth 1 | \ +# Dynamically generate files section entries for %%{ansible_roles_dir} +find %{buildroot}%{ansible_roles_dir} -mindepth 1 -maxdepth 1 | \ while read item; do if [ -d "$item" ]; then format_item_for_files "$item" true >> $files_section @@ -704,48 +701,23 @@ find %{buildroot}%{installbase} -mindepth 1 -maxdepth 1 | \ format_item_for_files "$item" >> $files_section fi done -if [ "%{installbase}" != "%{_datadir}/ansible/roles" ]; then - find %{buildroot}%{_datadir}/ansible/roles -mindepth 1 -maxdepth 1 | \ - while read item; do - if [ -d "$item" ]; then - format_item_for_files "$item" true >> $files_section - find "$item" -mindepth 1 -maxdepth 1 | while read roles_item; do - format_item_for_files "$roles_item" >> $files_section - done - else - format_item_for_files "$item" >> $files_section - fi - done -fi -# cat files_section.txt -# done with files_section.txt generation - %files -f files_section.txt -%{_pkgdocdir}/*/CHANGELOG.md -%{_pkgdocdir}/*/README.md -%if %{with html} -%{_pkgdocdir}/*/README.html -%endif -%{_pkgdocdir}/*/example-* -%{_pkgdocdir}/collection/roles/*/CHANGELOG.md -%{_pkgdocdir}/collection/roles/*/README.md -%if %{with html} -%{_pkgdocdir}/collection/roles/*/README.html -%endif -%license %{_pkglicensedir}/* -%license %{installbase}/*/COPYING* -%license %{installbase}/*/LICENSE* -%license %{ansible_collection_files}/%{collection_name}/COPYING* -%license %{ansible_collection_files}/%{collection_name}/LICENSE* -%if 0%{?rhel} < 8 +%dir %{_datadir}/ansible +%dir %{ansible_roles_dir} +%dir %{ansible_collection_files} +%dir %{ansible_collection_files}%{collection_name} +%doc %{_pkgdocdir} +%license %{_pkglicensedir} + +%if 0%{?rhel} && 0%{?rhel} < 8 # Needs to list excluded files in this hardcoded style since when # format_item_for_files is executed, brp-python-bytecompile is not # executed yet. -%exclude %{installbase}/*/*.py? -%exclude %{installbase}/*/*/*.py? -%exclude %{installbase}/*/*/*/*.py? -%exclude %{installbase}/*/*/*/*/*.py? +%exclude %{ansible_roles_dir}/*/*.py? +%exclude %{ansible_roles_dir}/*/*/*.py? +%exclude %{ansible_roles_dir}/*/*/*/*.py? +%exclude %{ansible_roles_dir}/*/*/*/*/*.py? %exclude %{ansible_collection_files}/%{collection_name}/*/*/*.py? %exclude %{ansible_collection_files}/%{collection_name}/*/*/*/*.py? %exclude %{ansible_collection_files}/%{collection_name}/*/*/*/*/*.py? @@ -757,8 +729,15 @@ fi %endif %changelog -* Tue Sep 27 2022 Rich Megginson - 1.20.1-1 -- Resolves:rhbz#2129875 : ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles +* Tue Nov 15 2022 Rich Megginson - 1.21.0-0.2.network +- Resolves:rhbz#2134201 : network - [RFE] Support setting the metric of the default route for initscripts provider +- Resolves:rhbz#2133856 : network - [RFE] Support the DNS priority +- Resolves:rhbz#2129620 : network - Support looking up named route table in routing rule +- includes ha_cluster, vpn - README.md had headings that were too long causing problems + for md to adoc to html conversion on el8 +- includes changing network role to support ansible-core 2.14 +- includes community.general 6.0.1 +- adds back network bondtests patch - bond tests still failing in beaker * Tue Aug 09 2022 Rich Megginson - 1.20.0-1 - Resolves:rhbz#2115159 : cockpit - Add customization of port