From 0eabeaff2992624bc3c79bec3aec39539a90724c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mon, 5 Aug 2019 10:54:58 -0400 Subject: [PATCH] import WALinuxAgent-2.2.32-2.el8 --- .WALinuxAgent.metadata | 1 + .gitignore | 1 + ...0001-Add-inital-redhat-build-support.patch | 219 ++++++++++ ...ndling-swap-file-and-other-nit-fixes.patch | 413 ++++++++++++++++++ SPECS/WALinuxAgent.spec | 185 ++++++++ 5 files changed, 819 insertions(+) create mode 100644 .WALinuxAgent.metadata create mode 100644 .gitignore create mode 100644 SOURCES/0001-Add-inital-redhat-build-support.patch create mode 100644 SOURCES/wla-Add-fixes-for-handling-swap-file-and-other-nit-fixes.patch create mode 100644 SPECS/WALinuxAgent.spec diff --git a/.WALinuxAgent.metadata b/.WALinuxAgent.metadata new file mode 100644 index 0000000..6ca4e7b --- /dev/null +++ b/.WALinuxAgent.metadata @@ -0,0 +1 @@ +3b5c6eac24e6545e3ce56262210a7ac8dbdc8ace SOURCES/WALinuxAgent-2.2.32.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b16fa87 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/WALinuxAgent-2.2.32.tar.gz diff --git a/SOURCES/0001-Add-inital-redhat-build-support.patch b/SOURCES/0001-Add-inital-redhat-build-support.patch new file mode 100644 index 0000000..eb7e493 --- /dev/null +++ b/SOURCES/0001-Add-inital-redhat-build-support.patch @@ -0,0 +1,219 @@ +From 00dcd65f731e4a44418029c0a8b7107bbbbefc94 Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Thu, 6 Oct 2016 12:25:35 +0200 +Subject: Add inital redhat build support + +Rebase notes (2.2.32): +- Fix license text + +Rebase notes (2.2.26): +- update to RHEL 8 build +- Do not use INSTALED_FILES for %files + +Rebase notes (2.2.10): +- switched to sha256 +- added .gitpublish profile + +Merged patches (2.2.32): +- ce36fd9 Use Python3 +- 952c830 Remove FIPS setting from the default config +- cc9df73 Switch hardcoded python3 shebangs into the %%{__python3} macro +- 66b6f8c Use correct macro for waagent.service +- 1b15ada Switch to platform-python in systemd unit file +- 59f682b Use sys.executable to find system python + +(cherry picked from commit 19d4f82cd5345fdc52b357afcf3b5aa4bc4ce4d9) +(cherry picked from commit 1676db295321adbd571f04773782eed5b0817d64) +--- + .gitpublish | 8 + + azurelinuxagent/ga/update.py | 12 +- + bin/waagent | 2 +- + bin/waagent2.0 | 2 +- + config/waagent.conf | 3 - + init/arch/waagent.service | 2 +- + init/clearlinux/waagent.service | 2 +- + init/suse/waagent | 2 +- + init/waagent.service | 2 +- + makepkg.py | 2 +- + redhat/.gitignore | 1 + + redhat/Makefile | 72 +++++++ + redhat/Makefile.common | 37 ++++ + redhat/WALinuxAgent.spec.template | 169 +++++++++++++++ + redhat/rpmbuild/BUILD/.gitignore | 2 + + redhat/rpmbuild/RPMS/.gitignore | 2 + + redhat/rpmbuild/SOURCES/.gitignore | 2 + + redhat/rpmbuild/SPECS/.gitignore | 2 + + redhat/rpmbuild/SRPMS/.gitignore | 2 + + redhat/scripts/frh.py | 27 +++ + redhat/scripts/git-backport-diff | 327 ++++++++++++++++++++++++++++++ + redhat/scripts/git-compile-check | 215 ++++++++++++++++++++ + redhat/scripts/process-patches.sh | 79 ++++++++ + redhat/scripts/tarball_checksum.sh | 3 + + setup.py | 2 +- + tests/data/ext/sample_ext-1.3.0/sample.py | 2 +- + 26 files changed, 964 insertions(+), 17 deletions(-) + create mode 100644 .gitpublish + create mode 100644 redhat/.gitignore + create mode 100644 redhat/Makefile + create mode 100644 redhat/Makefile.common + create mode 100644 redhat/WALinuxAgent.spec.template + create mode 100644 redhat/rpmbuild/BUILD/.gitignore + create mode 100644 redhat/rpmbuild/RPMS/.gitignore + create mode 100644 redhat/rpmbuild/SOURCES/.gitignore + create mode 100644 redhat/rpmbuild/SPECS/.gitignore + create mode 100644 redhat/rpmbuild/SRPMS/.gitignore + create mode 100755 redhat/scripts/frh.py + create mode 100755 redhat/scripts/git-backport-diff + create mode 100755 redhat/scripts/git-compile-check + create mode 100755 redhat/scripts/process-patches.sh + create mode 100755 redhat/scripts/tarball_checksum.sh + +diff --git a/azurelinuxagent/ga/update.py b/azurelinuxagent/ga/update.py +index d3c39c1..3617809 100644 +--- a/azurelinuxagent/ga/update.py ++++ b/azurelinuxagent/ga/update.py +@@ -92,8 +92,11 @@ def get_update_handler(): + + + def get_python_cmd(): +- major_version = platform.python_version_tuple()[0] +- return "python" if int(major_version) <= 2 else "python{0}".format(major_version) ++ if sys.executable: ++ return sys.executable ++ else: ++ major_version = platform.python_version_tuple()[0] ++ return "python" if int(major_version) <= 2 else "python{0}".format(major_version) + + + class UpdateHandler(object): +@@ -150,9 +153,8 @@ class UpdateHandler(object): + + # Launch the correct Python version for python-based agents + cmds = textutil.safe_shlex_split(agent_cmd) +- if cmds[0].lower() == "python": +- cmds[0] = get_python_cmd() +- agent_cmd = " ".join(cmds) ++ cmds[0] = get_python_cmd() ++ agent_cmd = " ".join(cmds) + + self._evaluate_agent_health(latest_agent) + +diff --git a/bin/waagent b/bin/waagent +index 4039e03..10836c2 100755 +--- a/bin/waagent ++++ b/bin/waagent +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + # + # Azure Linux Agent + # +diff --git a/bin/waagent2.0 b/bin/waagent2.0 +index 25aa0ce..a868211 100644 +--- a/bin/waagent2.0 ++++ b/bin/waagent2.0 +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + # + # Azure Linux Agent + # +diff --git a/config/waagent.conf b/config/waagent.conf +index 79daacb..513cbf2 100644 +--- a/config/waagent.conf ++++ b/config/waagent.conf +@@ -62,9 +62,6 @@ ResourceDisk.MountOptions=None + # Enable verbose logging (y|n) + Logs.Verbose=n + +-# Is FIPS enabled +-OS.EnableFIPS=n +- + # Root device timeout in seconds. + OS.RootDeviceScsiTimeout=300 + +diff --git a/init/arch/waagent.service b/init/arch/waagent.service +index d426eb2..ff1ebab 100644 +--- a/init/arch/waagent.service ++++ b/init/arch/waagent.service +@@ -8,7 +8,7 @@ ConditionPathExists=/etc/waagent.conf + + [Service] + Type=simple +-ExecStart=/usr/bin/python -u /usr/bin/waagent -daemon ++ExecStart=/usr/bin/python3 -u /usr/bin/waagent -daemon + Restart=always + RestartSec=5 + +diff --git a/init/clearlinux/waagent.service b/init/clearlinux/waagent.service +index 9afee45..c29fc1b 100644 +--- a/init/clearlinux/waagent.service ++++ b/init/clearlinux/waagent.service +@@ -8,7 +8,7 @@ ConditionPathExists=/usr/share/defaults/waagent/waagent.conf + + [Service] + Type=simple +-ExecStart=/usr/bin/python -u /usr/bin/waagent -daemon ++ExecStart=/usr/bin/python3 -u /usr/bin/waagent -daemon + Restart=always + RestartSec=5 + +diff --git a/init/suse/waagent b/init/suse/waagent +index b77b0fa..317e89e 100755 +--- a/init/suse/waagent ++++ b/init/suse/waagent +@@ -34,7 +34,7 @@ + # Description: Start the MicrosoftAzureLinuxAgent + ### END INIT INFO + +-PYTHON=/usr/bin/python ++PYTHON=/usr/bin/python3 + WAZD_BIN=/usr/sbin/waagent + WAZD_CONF=/etc/waagent.conf + WAZD_PIDFILE=/var/run/waagent.pid +diff --git a/init/waagent.service b/init/waagent.service +index e91f143..3c7710f 100644 +--- a/init/waagent.service ++++ b/init/waagent.service +@@ -8,7 +8,7 @@ ConditionPathExists=/etc/waagent.conf + + [Service] + Type=simple +-ExecStart=/usr/bin/python -u /usr/sbin/waagent -daemon ++ExecStart=/usr/libexec/platform-python -u /usr/sbin/waagent -daemon + Restart=always + RestartSec=5 + +diff --git a/makepkg.py b/makepkg.py +index 52e0eae..51c263c 100755 +--- a/makepkg.py ++++ b/makepkg.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + import glob + import os +diff --git a/setup.py b/setup.py +index e15a2d4..6fbf0ba 100755 +--- a/setup.py ++++ b/setup.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + # + # Microsoft Azure Linux Agent setup.py + # +diff --git a/tests/data/ext/sample_ext-1.3.0/sample.py b/tests/data/ext/sample_ext-1.3.0/sample.py +index 74bd839..bf6ed99 100755 +--- a/tests/data/ext/sample_ext-1.3.0/sample.py ++++ b/tests/data/ext/sample_ext-1.3.0/sample.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + import os + +-- +1.8.3.1 + diff --git a/SOURCES/wla-Add-fixes-for-handling-swap-file-and-other-nit-fixes.patch b/SOURCES/wla-Add-fixes-for-handling-swap-file-and-other-nit-fixes.patch new file mode 100644 index 0000000..1f217e3 --- /dev/null +++ b/SOURCES/wla-Add-fixes-for-handling-swap-file-and-other-nit-fixes.patch @@ -0,0 +1,413 @@ +From c0d49d739d39573b59c827c89f56386d162d9381 Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov +Date: Wed, 13 Mar 2019 18:44:24 +0000 +Subject: [PATCH] Add fixes for handling swap file and other nit fixes (#1485) + +RH-Author: Vitaly Kuznetsov +Message-id: <20190313184424.29299-1-vkuznets@redhat.com> +Patchwork-id: 84860 +O-Subject: [RHEL8 WALinuxAgent PATCH] Add fixes for handling swap file and other nit fixes (#1485) +Bugzilla: 1688276 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Mohammed Gamal + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1684181 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=20581233 +Tested: by me + +This is to fix CVE-2019-0804: swapfile is created with weak permission. + +commit 8b2fa7d6051d0ee9952be4b42185c24d2a2eacff +Author: Varad Meru +Date: Tue Mar 12 12:54:08 2019 -0700 + + Add fixes for handling swap file and other nit fixes (#1485) + + * Add fixes for handling swap file and other nit fixes + + * Fixing bytearray and other nits + +Signed-off-by: Danilo C. L. de Paula + +Conflicts: + azurelinuxagent/daemon/resourcedisk/freebsd.py + (requires additional commits, irrelevant to RHEL) + +Signed-off-by: Vitaly Kuznetsov +Signed-off-by: Danilo C. L. de Paula +--- + azurelinuxagent/daemon/resourcedisk/default.py | 74 +++++++++++++++++++------- + azurelinuxagent/daemon/resourcedisk/freebsd.py | 53 ++++++++++++------ + tests/distro/test_resourceDisk.py | 47 ++++++++++++++-- + 3 files changed, 133 insertions(+), 41 deletions(-) + +diff --git a/azurelinuxagent/daemon/resourcedisk/default.py b/azurelinuxagent/daemon/resourcedisk/default.py +index 0f0925d..cfb76d2 100644 +--- a/azurelinuxagent/daemon/resourcedisk/default.py ++++ b/azurelinuxagent/daemon/resourcedisk/default.py +@@ -17,6 +17,7 @@ + + import os + import re ++import stat + import sys + import threading + from time import sleep +@@ -124,12 +125,13 @@ class ResourceDiskHandler(object): + force_option = 'F' + if self.fs == 'xfs': + force_option = 'f' +- mkfs_string = "mkfs.{0} -{2} {1}".format(self.fs, partition, force_option) ++ mkfs_string = "mkfs.{0} -{2} {1}".format( ++ self.fs, partition, force_option) + + if "gpt" in ret[1]: + logger.info("GPT detected, finding partitions") + parts = [x for x in ret[1].split("\n") if +- re.match("^\s*[0-9]+", x)] ++ re.match(r"^\s*[0-9]+", x)] + logger.info("Found {0} GPT partition(s).", len(parts)) + if len(parts) > 1: + logger.info("Removing old GPT partitions") +@@ -138,18 +140,23 @@ class ResourceDiskHandler(object): + shellutil.run("parted {0} rm {1}".format(device, i)) + + logger.info("Creating new GPT partition") +- shellutil.run("parted {0} mkpart primary 0% 100%".format(device)) ++ shellutil.run( ++ "parted {0} mkpart primary 0% 100%".format(device)) + + logger.info("Format partition [{0}]", mkfs_string) + shellutil.run(mkfs_string) + else: + logger.info("GPT not detected, determining filesystem") +- ret = self.change_partition_type(suppress_message=True, option_str="{0} 1 -n".format(device)) ++ ret = self.change_partition_type( ++ suppress_message=True, ++ option_str="{0} 1 -n".format(device)) + ptype = ret[1].strip() + if ptype == "7" and self.fs != "ntfs": + logger.info("The partition is formatted with ntfs, updating " + "partition type to 83") +- self.change_partition_type(suppress_message=False, option_str="{0} 1 83".format(device)) ++ self.change_partition_type( ++ suppress_message=False, ++ option_str="{0} 1 83".format(device)) + self.reread_partition_table(device) + logger.info("Format partition [{0}]", mkfs_string) + shellutil.run(mkfs_string) +@@ -169,7 +176,8 @@ class ResourceDiskHandler(object): + attempts -= 1 + + if not os.path.exists(partition): +- raise ResourceDiskError("Partition was not created [{0}]".format(partition)) ++ raise ResourceDiskError( ++ "Partition was not created [{0}]".format(partition)) + + logger.info("Mount resource disk [{0}]", mount_string) + ret, output = shellutil.run_get_output(mount_string, chk_err=False) +@@ -215,14 +223,19 @@ class ResourceDiskHandler(object): + """ + + command_to_use = '--part-type' +- input = "sfdisk {0} {1} {2}".format(command_to_use, '-f' if suppress_message else '', option_str) +- err_code, output = shellutil.run_get_output(input, chk_err=False, log_cmd=True) ++ input = "sfdisk {0} {1} {2}".format( ++ command_to_use, '-f' if suppress_message else '', option_str) ++ err_code, output = shellutil.run_get_output( ++ input, chk_err=False, log_cmd=True) + + # fall back to -c + if err_code != 0: +- logger.info("sfdisk with --part-type failed [{0}], retrying with -c", err_code) ++ logger.info( ++ "sfdisk with --part-type failed [{0}], retrying with -c", ++ err_code) + command_to_use = '-c' +- input = "sfdisk {0} {1} {2}".format(command_to_use, '-f' if suppress_message else '', option_str) ++ input = "sfdisk {0} {1} {2}".format( ++ command_to_use, '-f' if suppress_message else '', option_str) + err_code, output = shellutil.run_get_output(input, log_cmd=True) + + if err_code == 0: +@@ -245,16 +258,30 @@ class ResourceDiskHandler(object): + else: + return 'mount {0} {1}'.format(partition, mount_point) + ++ @staticmethod ++ def check_existing_swap_file(swapfile, swaplist, size): ++ if swapfile in swaplist and os.path.isfile( ++ swapfile) and os.path.getsize(swapfile) == size: ++ logger.info("Swap already enabled") ++ # restrict access to owner (remove all access from group, others) ++ swapfile_mode = os.stat(swapfile).st_mode ++ if swapfile_mode & (stat.S_IRWXG | stat.S_IRWXO): ++ swapfile_mode = swapfile_mode & ~(stat.S_IRWXG | stat.S_IRWXO) ++ logger.info( ++ "Changing mode of {0} to {1:o}".format( ++ swapfile, swapfile_mode)) ++ os.chmod(swapfile, swapfile_mode) ++ return True ++ ++ return False ++ + def create_swap_space(self, mount_point, size_mb): + size_kb = size_mb * 1024 + size = size_kb * 1024 + swapfile = os.path.join(mount_point, 'swapfile') + swaplist = shellutil.run_get_output("swapon -s")[1] + +- if swapfile in swaplist \ +- and os.path.isfile(swapfile) \ +- and os.path.getsize(swapfile) == size: +- logger.info("Swap already enabled") ++ if self.check_existing_swap_file(swapfile, swaplist, size): + return + + if os.path.isfile(swapfile) and os.path.getsize(swapfile) != size: +@@ -296,7 +323,8 @@ class ResourceDiskHandler(object): + os.remove(filename) + + # If file system is xfs, use dd right away as we have been reported that +- # swap enabling fails in xfs fs when disk space is allocated with fallocate ++ # swap enabling fails in xfs fs when disk space is allocated with ++ # fallocate + ret = 0 + fn_sh = shellutil.quote((filename,)) + if self.fs != 'xfs': +@@ -305,13 +333,21 @@ class ResourceDiskHandler(object): + # Probable errors: + # - OSError: Seen on Cygwin, libc notimpl? + # - AttributeError: What if someone runs this under... ++ fd = None ++ + try: +- with open(filename, 'w') as f: +- os.posix_fallocate(f.fileno(), 0, nbytes) +- return 0 +- except: ++ fd = os.open( ++ filename, ++ os.O_CREAT | os.O_WRONLY | os.O_EXCL, ++ stat.S_IRUSR | stat.S_IWUSR) ++ os.posix_fallocate(fd, 0, nbytes) ++ return 0 ++ except BaseException: + # Not confident with this thing, just keep trying... + pass ++ finally: ++ if fd is not None: ++ os.close(fd) + + # fallocate command + ret = shellutil.run( +diff --git a/azurelinuxagent/daemon/resourcedisk/freebsd.py b/azurelinuxagent/daemon/resourcedisk/freebsd.py +index a65d7f8..a29df3a 100644 +--- a/azurelinuxagent/daemon/resourcedisk/freebsd.py ++++ b/azurelinuxagent/daemon/resourcedisk/freebsd.py +@@ -22,6 +22,7 @@ import azurelinuxagent.common.utils.shellutil as shellutil + from azurelinuxagent.common.exception import ResourceDiskError + from azurelinuxagent.daemon.resourcedisk.default import ResourceDiskHandler + ++ + class FreeBSDResourceDiskHandler(ResourceDiskHandler): + """ + This class handles resource disk mounting for FreeBSD. +@@ -34,6 +35,7 @@ class FreeBSDResourceDiskHandler(ResourceDiskHandler): + 1. MBR: The resource disk partition is /dev/da1s1 + 2. GPT: The resource disk partition is /dev/da1p2, /dev/da1p1 is for reserved usage. + """ ++ + def __init__(self): + super(FreeBSDResourceDiskHandler, self).__init__() + +@@ -50,25 +52,30 @@ class FreeBSDResourceDiskHandler(ResourceDiskHandler): + def mount_resource_disk(self, mount_point): + fs = self.fs + if fs != 'ufs': +- raise ResourceDiskError("Unsupported filesystem type:{0}, only ufs is supported.".format(fs)) ++ raise ResourceDiskError( ++ "Unsupported filesystem type:{0}, only ufs is supported.".format(fs)) + + # 1. Detect device + err, output = shellutil.run_get_output('gpart list') + if err: +- raise ResourceDiskError("Unable to detect resource disk device:{0}".format(output)) ++ raise ResourceDiskError( ++ "Unable to detect resource disk device:{0}".format(output)) + disks = self.parse_gpart_list(output) + + device = self.osutil.device_for_ide_port(1) +- if device is None or not device in disks: +- # fallback logic to find device +- err, output = shellutil.run_get_output('camcontrol periphlist 2:1:0') ++ if device is None or device not in disks: ++ # fallback logic to find device ++ err, output = shellutil.run_get_output( ++ 'camcontrol periphlist 2:1:0') + if err: + # try again on "3:1:0" +- err, output = shellutil.run_get_output('camcontrol periphlist 3:1:0') ++ err, output = shellutil.run_get_output( ++ 'camcontrol periphlist 3:1:0') + if err: +- raise ResourceDiskError("Unable to detect resource disk device:{0}".format(output)) ++ raise ResourceDiskError( ++ "Unable to detect resource disk device:{0}".format(output)) + +- # 'da1: generation: 4 index: 1 status: MORE\npass2: generation: 4 index: 2 status: LAST\n' ++ # 'da1: generation: 4 index: 1 status: MORE\npass2: generation: 4 index: 2 status: LAST\n' + for line in output.split('\n'): + index = line.find(':') + if index > 0: +@@ -89,9 +96,11 @@ class FreeBSDResourceDiskHandler(ResourceDiskHandler): + elif partition_table_type == 'GPT': + provider_name = device + 'p2' + else: +- raise ResourceDiskError("Unsupported partition table type:{0}".format(output)) ++ raise ResourceDiskError( ++ "Unsupported partition table type:{0}".format(output)) + +- err, output = shellutil.run_get_output('gpart show -p {0}'.format(device)) ++ err, output = shellutil.run_get_output( ++ 'gpart show -p {0}'.format(device)) + if err or output.find(provider_name) == -1: + raise ResourceDiskError("Resource disk partition not found.") + +@@ -110,14 +119,24 @@ class FreeBSDResourceDiskHandler(ResourceDiskHandler): + mount_cmd = 'mount -t {0} {1} {2}'.format(fs, partition, mount_point) + err = shellutil.run(mount_cmd, chk_err=False) + if err: +- logger.info('Creating {0} filesystem on partition {1}'.format(fs, partition)) +- err, output = shellutil.run_get_output('newfs -U {0}'.format(partition)) ++ logger.info( ++ 'Creating {0} filesystem on partition {1}'.format( ++ fs, partition)) ++ err, output = shellutil.run_get_output( ++ 'newfs -U {0}'.format(partition)) + if err: +- raise ResourceDiskError("Failed to create new filesystem on partition {0}, error:{1}" +- .format(partition, output)) ++ raise ResourceDiskError( ++ "Failed to create new filesystem on partition {0}, error:{1}" .format( ++ partition, output)) + err, output = shellutil.run_get_output(mount_cmd, chk_err=False) + if err: +- raise ResourceDiskError("Failed to mount partition {0}, error {1}".format(partition, output)) +- +- logger.info("Resource disk partition {0} is mounted at {1} with fstype {2}", partition, mount_point, fs) ++ raise ResourceDiskError( ++ "Failed to mount partition {0}, error {1}".format( ++ partition, output)) ++ ++ logger.info( ++ "Resource disk partition {0} is mounted at {1} with fstype {2}", ++ partition, ++ mount_point, ++ fs) + return mount_point +diff --git a/tests/distro/test_resourceDisk.py b/tests/distro/test_resourceDisk.py +index d2ce6e1..5f9db0a 100644 +--- a/tests/distro/test_resourceDisk.py ++++ b/tests/distro/test_resourceDisk.py +@@ -18,6 +18,8 @@ + # http://msdn.microsoft.com/en-us/library/cc227282%28PROT.10%29.aspx + # http://msdn.microsoft.com/en-us/library/cc227259%28PROT.13%29.aspx + ++import os ++import stat + import sys + from azurelinuxagent.common.utils import shellutil + from azurelinuxagent.daemon.resourcedisk import get_resourcedisk_handler +@@ -38,6 +40,11 @@ class TestResourceDisk(AgentTestCase): + # assert + assert os.path.exists(test_file) + ++ # only the owner should have access ++ mode = os.stat(test_file).st_mode & ( ++ stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO) ++ assert mode == stat.S_IRUSR | stat.S_IWUSR ++ + # cleanup + os.remove(test_file) + +@@ -49,7 +56,7 @@ class TestResourceDisk(AgentTestCase): + file_size = 1024 * 128 + + # execute +- if sys.version_info >= (3,3): ++ if sys.version_info >= (3, 3): + with patch("os.posix_fallocate", + side_effect=Exception('failure')): + get_resourcedisk_handler().mkfile(test_file, file_size) +@@ -76,20 +83,20 @@ class TestResourceDisk(AgentTestCase): + resource_disk_handler.mkfile(test_file, file_size) + + # assert +- if sys.version_info >= (3,3): ++ if sys.version_info >= (3, 3): + with patch("os.posix_fallocate") as posix_fallocate: + self.assertEqual(0, posix_fallocate.call_count) + + assert run_patch.call_count == 1 + assert "dd if" in run_patch.call_args_list[0][0][0] + +- + def test_change_partition_type(self): + resource_handler = get_resourcedisk_handler() + # test when sfdisk --part-type does not exist + with patch.object(shellutil, "run_get_output", + side_effect=[[1, ''], [0, '']]) as run_patch: +- resource_handler.change_partition_type(suppress_message=True, option_str='') ++ resource_handler.change_partition_type( ++ suppress_message=True, option_str='') + + # assert + assert run_patch.call_count == 2 +@@ -99,12 +106,42 @@ class TestResourceDisk(AgentTestCase): + # test when sfdisk --part-type exists + with patch.object(shellutil, "run_get_output", + side_effect=[[0, '']]) as run_patch: +- resource_handler.change_partition_type(suppress_message=True, option_str='') ++ resource_handler.change_partition_type( ++ suppress_message=True, option_str='') + + # assert + assert run_patch.call_count == 1 + assert "sfdisk --part-type" in run_patch.call_args_list[0][0][0] + ++ def test_check_existing_swap_file(self): ++ test_file = os.path.join(self.tmp_dir, 'test_swap_file') ++ file_size = 1024 * 128 ++ if os.path.exists(test_file): ++ os.remove(test_file) ++ ++ with open(test_file, "wb") as file: ++ file.write(bytearray(file_size)) ++ ++ os.chmod(test_file, stat.S_ISUID | stat.S_ISGID | stat.S_IRUSR | ++ stat.S_IWUSR | stat.S_IRWXG | stat.S_IRWXO) # 0o6677 ++ ++ def swap_on(_): # mimic the output of "swapon -s" ++ return [ ++ "Filename Type Size Used Priority", ++ "{0} partition 16498684 0 -2".format(test_file) ++ ] ++ ++ with patch.object(shellutil, "run_get_output", side_effect=swap_on): ++ get_resourcedisk_handler().check_existing_swap_file( ++ test_file, test_file, file_size) ++ ++ # it should remove access from group, others ++ mode = os.stat(test_file).st_mode & (stat.S_ISUID | stat.S_ISGID | ++ stat.S_IRWXU | stat.S_IWUSR | stat.S_IRWXG | stat.S_IRWXO) # 0o6777 ++ assert mode == stat.S_ISUID | stat.S_ISGID | stat.S_IRUSR | stat.S_IWUSR # 0o6600 ++ ++ os.remove(test_file) ++ + + if __name__ == '__main__': + unittest.main() +-- +1.8.3.1 + diff --git a/SPECS/WALinuxAgent.spec b/SPECS/WALinuxAgent.spec new file mode 100644 index 0000000..991bbb5 --- /dev/null +++ b/SPECS/WALinuxAgent.spec @@ -0,0 +1,185 @@ +Summary: Microsoft Azure Linux Agent +Name: WALinuxAgent +Version: 2.2.32 +Release: 2%{?dist} + +License: Apache License Version 2.0 +Group: Development/Libraries +Url: https://github.com/Azure/WALinuxAgent +Source0: WALinuxAgent-2.2.32.tar.gz + +BuildArch: noarch +Patch0001: 0001-Add-inital-redhat-build-support.patch +# For bz#1684181 - CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions +# For bz#1688276 - CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions [rhel-8] +Patch2: wla-Add-fixes-for-handling-swap-file-and-other-nit-fixes.patch + +# rhel requirements +BuildRequires: python3-devel +BuildRequires: python3-setuptools +Requires: openssh +Requires: openssh-server +Requires: openssl +Requires: parted +Requires: python3-pyasn1 + +BuildRequires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description +The Azure Linux Agent supports the provisioning and running of Linux +VMs in the Azure cloud. This package should be installed on Linux disk +images that are built to run in the Azure environment. + + +%prep +%setup -q + +%patch0001 -p1 +%patch2 -p1 + +%build +%py3_build + +%install +%{__python3} setup.py install --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES + +# Change the shebang to the __python3 macro instead of leaving it hardcoded +pathfix.py -pni "%{__python3}" %{buildroot}%{_sbindir}/waagent + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +%systemd_post waagent.service + +%preun +%systemd_preun waagent.service + +%postun +%systemd_postun_with_restart waagent.service + +%files +%defattr(-,root,root) +%{python3_sitelib}/* +%config(noreplace) %{_sysconfdir}/waagent.conf +%{_sysconfdir}/logrotate.d/waagent.logrotate +%{_sbindir}/waagent +%{_sbindir}/waagent2.0 +%{_unitdir}/waagent.service +/etc/udev/rules.d/66-azure-storage.rules +/etc/udev/rules.d/99-azure-product-uuid.rules + +%changelog +* Tue Apr 30 2019 Danilo Cesar Lemes de Paula - 2.2.32-2.el8 +- wla-Add-fixes-for-handling-swap-file-and-other-nit-fixes.patch [bz#1684181 bz#1688276] +- Resolves: bz#1684181 + (CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions) +- Resolves: bz#1688276 + (CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions [rhel-8]) + +* Fri Dec 14 2018 Miroslav Rezanina - 2.2.32-1.el8 +- Rebase to 2.2.32 [bz#1639498] +- Resolves: bz#1639498] + (walinuxagent 2.2.32 packaging request for RHEL 8) + +* Tue Oct 23 2018 Miroslav Rezanina - 2.2.26-6.el8 +- wala-Use-sys.executable-to-find-system-python.patch [bz#1639775] +- Resolves: bz#1639775 + (WALinuxAgent: Systemd unit file will fail to execute) + +* Mon Oct 22 2018 Miroslav Rezanina - 2.2.26-5.el8 +- wala-Switch-to-platform-python-in-systemd-unit-file.patch [bz#1639775] +- Resolves: bz#1639775 + (WALinuxAgent: Systemd unit file will fail to execute) + +* Wed Aug 29 2018 Miroslav Rezanina - 2.2.26-4.el8 +- Fix unit file location [bz#1637545] +- Resolves: bz#1637545 + (Wrong macro used for systemd unit file location) + +* Wed Jul 04 2018 Tomas Orsava - 2.2.26-3 +- Switch hardcoded python3 shebangs into the %%{__python3} macro + +* Tue Jul 03 2018 Miroslav Rezanina - 2.2.26-2.el8 +- Include 7.6 patches + +* Tue Jul 03 2018 Miroslav Rezanina - 2.2.26-1.el7 +- Rebase to 2.2.26 [bz#1571523] +- Resolves: bz#1571523 + (Rebase WALinuxAgent in RHEL-8.0) + +* Thu May 03 2018 Miroslav Rezanina - 2.2.18-2.el7 +- wa-Add-show-configuration-option.patch [bz#1508340] +- Resolves: bz#1508340 + ([WALA] WALA usage prompt lack of " waagent -show-configuration") + +* Tue Oct 10 2017 Miroslav Rezanina - 2.2.18-1.el7 +- Rebase to 2.2.18 [bz#1491873] +- Resolves: bz#1491873 + ([WALA]Request to package WALA 2.2.18 into RHEL 7 Repo) + + +* Tue Jul 04 2017 Miroslav Rezanina - 2.2.14-1.el7 +- Rebase to 2.2.14 [bz#1451172] +- wla-Remove-FIPS-setting-from-the-default-config.patch [bz#1467553] +- Resolves: bz#1451172 + ([WALA] Request to package WALA 2.2.14 into RHEL 7 Repo) +- Resolves: bz#1467553 + ([WALA] Remove FIPS from default config in WALA-2.2.14) + +* Wed Apr 26 2017 Miroslav Rezanina - 2.2.10-1.el7 +- Rebase to 2.2.10 [bz#1443425] +- Resolves: bz#1443425 + ([WALA]Request to package WALA 2.2.10 into RHEL 7 Repo) + +* Wed Apr 19 2017 Miroslav Rezanina - 2.2.4-2.el7 +- Enable AutoUpdate by default [bz#1434933] +- Resolves: bz#1434933 + ([WALA][RHEL-7] Enable AutoUpdate by default) + +* Wed Mar 01 2017 Miroslav Rezanina - 2.2.4-1.el7 +- Rebase to 2.2.4 [bz#1419201] +- resolves: bz#1419201 + WALA 2.2.4 + +* Mon Jan 16 2017 Miroslav Rezanina - 2.2.0-4.el7 +- agent-RHEL-7-hostname-533.patch [bz#1413674] +- agent-fix-for-hostnamectl-534.patch [bz#1413674] +- Resolves: bz#1413674 + ([WALA] Fail to send hostname to DHCP server during provisioning) + +* Fri Sep 30 2016 Dave Anderson - 2.2.0-1 +- Update to v2.2.0 + Resolves: rhbz#1360492 + +* Wed Sep 21 2016 Dave Anderson - 2.1.5-2 +- Several QE updates to this file + Resolves: rhbz#1360492 + +* Tue Sep 13 2016 Dave Anderson - 2.1.5-1 +- Update to v2.1.5 + Resolves: rhbz#1360492 + +* Thu Jan 14 2016 Dave Anderson - 2.0.16-1 +- Update to 2.0.16 + Resolves: rhbz#1296360 + +* Mon Jun 01 2015 Dave Anderson - 2.0.13-1 +- Update to upstream 2.0.13 package. +- Remove global commit md5sum and fix Source0 to point to correct location. +- Fix setup to deal with "WALinuxAgent-WALinuxAgent" naming scheme +- Added files reference for /udev/rules.d/99-azure-product-uuid.rules + +* Thu May 07 2015 Dave Anderson - 2.0.11-3 +- Remove Requires: ntfsprogs for RHEL7 + +* Sat Jan 10 2015 Scott K Logan - 2.0.11-2 +- Use systemd for rhel7 +- Own logrotate.d +- Fix python2-devel dep + +* Sat Dec 20 2014 Scott K Logan - 2.0.11-1 +- Initial package