import WALinuxAgent-2.2.32-1.el8_0.1

This commit is contained in:
CentOS Sources 2019-06-18 12:38:20 -04:00 committed by Andrew Lukoshko
commit ff50cbadf3
5 changed files with 817 additions and 0 deletions

1
.WALinuxAgent.metadata Normal file
View File

@ -0,0 +1 @@
3b5c6eac24e6545e3ce56262210a7ac8dbdc8ace SOURCES/WALinuxAgent-2.2.32.tar.gz

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/WALinuxAgent-2.2.32.tar.gz

View File

@ -0,0 +1,219 @@
From 00dcd65f731e4a44418029c0a8b7107bbbbefc94 Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Thu, 6 Oct 2016 12:25:35 +0200
Subject: Add inital redhat build support
Rebase notes (2.2.32):
- Fix license text
Rebase notes (2.2.26):
- update to RHEL 8 build
- Do not use INSTALED_FILES for %files
Rebase notes (2.2.10):
- switched to sha256
- added .gitpublish profile
Merged patches (2.2.32):
- ce36fd9 Use Python3
- 952c830 Remove FIPS setting from the default config
- cc9df73 Switch hardcoded python3 shebangs into the %%{__python3} macro
- 66b6f8c Use correct macro for waagent.service
- 1b15ada Switch to platform-python in systemd unit file
- 59f682b Use sys.executable to find system python
(cherry picked from commit 19d4f82cd5345fdc52b357afcf3b5aa4bc4ce4d9)
(cherry picked from commit 1676db295321adbd571f04773782eed5b0817d64)
---
.gitpublish | 8 +
azurelinuxagent/ga/update.py | 12 +-
bin/waagent | 2 +-
bin/waagent2.0 | 2 +-
config/waagent.conf | 3 -
init/arch/waagent.service | 2 +-
init/clearlinux/waagent.service | 2 +-
init/suse/waagent | 2 +-
init/waagent.service | 2 +-
makepkg.py | 2 +-
redhat/.gitignore | 1 +
redhat/Makefile | 72 +++++++
redhat/Makefile.common | 37 ++++
redhat/WALinuxAgent.spec.template | 169 +++++++++++++++
redhat/rpmbuild/BUILD/.gitignore | 2 +
redhat/rpmbuild/RPMS/.gitignore | 2 +
redhat/rpmbuild/SOURCES/.gitignore | 2 +
redhat/rpmbuild/SPECS/.gitignore | 2 +
redhat/rpmbuild/SRPMS/.gitignore | 2 +
redhat/scripts/frh.py | 27 +++
redhat/scripts/git-backport-diff | 327 ++++++++++++++++++++++++++++++
redhat/scripts/git-compile-check | 215 ++++++++++++++++++++
redhat/scripts/process-patches.sh | 79 ++++++++
redhat/scripts/tarball_checksum.sh | 3 +
setup.py | 2 +-
tests/data/ext/sample_ext-1.3.0/sample.py | 2 +-
26 files changed, 964 insertions(+), 17 deletions(-)
create mode 100644 .gitpublish
create mode 100644 redhat/.gitignore
create mode 100644 redhat/Makefile
create mode 100644 redhat/Makefile.common
create mode 100644 redhat/WALinuxAgent.spec.template
create mode 100644 redhat/rpmbuild/BUILD/.gitignore
create mode 100644 redhat/rpmbuild/RPMS/.gitignore
create mode 100644 redhat/rpmbuild/SOURCES/.gitignore
create mode 100644 redhat/rpmbuild/SPECS/.gitignore
create mode 100644 redhat/rpmbuild/SRPMS/.gitignore
create mode 100755 redhat/scripts/frh.py
create mode 100755 redhat/scripts/git-backport-diff
create mode 100755 redhat/scripts/git-compile-check
create mode 100755 redhat/scripts/process-patches.sh
create mode 100755 redhat/scripts/tarball_checksum.sh
diff --git a/azurelinuxagent/ga/update.py b/azurelinuxagent/ga/update.py
index d3c39c1..3617809 100644
--- a/azurelinuxagent/ga/update.py
+++ b/azurelinuxagent/ga/update.py
@@ -92,8 +92,11 @@ def get_update_handler():
def get_python_cmd():
- major_version = platform.python_version_tuple()[0]
- return "python" if int(major_version) <= 2 else "python{0}".format(major_version)
+ if sys.executable:
+ return sys.executable
+ else:
+ major_version = platform.python_version_tuple()[0]
+ return "python" if int(major_version) <= 2 else "python{0}".format(major_version)
class UpdateHandler(object):
@@ -150,9 +153,8 @@ class UpdateHandler(object):
# Launch the correct Python version for python-based agents
cmds = textutil.safe_shlex_split(agent_cmd)
- if cmds[0].lower() == "python":
- cmds[0] = get_python_cmd()
- agent_cmd = " ".join(cmds)
+ cmds[0] = get_python_cmd()
+ agent_cmd = " ".join(cmds)
self._evaluate_agent_health(latest_agent)
diff --git a/bin/waagent b/bin/waagent
index 4039e03..10836c2 100755
--- a/bin/waagent
+++ b/bin/waagent
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
#
# Azure Linux Agent
#
diff --git a/bin/waagent2.0 b/bin/waagent2.0
index 25aa0ce..a868211 100644
--- a/bin/waagent2.0
+++ b/bin/waagent2.0
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
#
# Azure Linux Agent
#
diff --git a/config/waagent.conf b/config/waagent.conf
index 79daacb..513cbf2 100644
--- a/config/waagent.conf
+++ b/config/waagent.conf
@@ -62,9 +62,6 @@ ResourceDisk.MountOptions=None
# Enable verbose logging (y|n)
Logs.Verbose=n
-# Is FIPS enabled
-OS.EnableFIPS=n
-
# Root device timeout in seconds.
OS.RootDeviceScsiTimeout=300
diff --git a/init/arch/waagent.service b/init/arch/waagent.service
index d426eb2..ff1ebab 100644
--- a/init/arch/waagent.service
+++ b/init/arch/waagent.service
@@ -8,7 +8,7 @@ ConditionPathExists=/etc/waagent.conf
[Service]
Type=simple
-ExecStart=/usr/bin/python -u /usr/bin/waagent -daemon
+ExecStart=/usr/bin/python3 -u /usr/bin/waagent -daemon
Restart=always
RestartSec=5
diff --git a/init/clearlinux/waagent.service b/init/clearlinux/waagent.service
index 9afee45..c29fc1b 100644
--- a/init/clearlinux/waagent.service
+++ b/init/clearlinux/waagent.service
@@ -8,7 +8,7 @@ ConditionPathExists=/usr/share/defaults/waagent/waagent.conf
[Service]
Type=simple
-ExecStart=/usr/bin/python -u /usr/bin/waagent -daemon
+ExecStart=/usr/bin/python3 -u /usr/bin/waagent -daemon
Restart=always
RestartSec=5
diff --git a/init/suse/waagent b/init/suse/waagent
index b77b0fa..317e89e 100755
--- a/init/suse/waagent
+++ b/init/suse/waagent
@@ -34,7 +34,7 @@
# Description: Start the MicrosoftAzureLinuxAgent
### END INIT INFO
-PYTHON=/usr/bin/python
+PYTHON=/usr/bin/python3
WAZD_BIN=/usr/sbin/waagent
WAZD_CONF=/etc/waagent.conf
WAZD_PIDFILE=/var/run/waagent.pid
diff --git a/init/waagent.service b/init/waagent.service
index e91f143..3c7710f 100644
--- a/init/waagent.service
+++ b/init/waagent.service
@@ -8,7 +8,7 @@ ConditionPathExists=/etc/waagent.conf
[Service]
Type=simple
-ExecStart=/usr/bin/python -u /usr/sbin/waagent -daemon
+ExecStart=/usr/libexec/platform-python -u /usr/sbin/waagent -daemon
Restart=always
RestartSec=5
diff --git a/makepkg.py b/makepkg.py
index 52e0eae..51c263c 100755
--- a/makepkg.py
+++ b/makepkg.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
import glob
import os
diff --git a/setup.py b/setup.py
index e15a2d4..6fbf0ba 100755
--- a/setup.py
+++ b/setup.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
#
# Microsoft Azure Linux Agent setup.py
#
diff --git a/tests/data/ext/sample_ext-1.3.0/sample.py b/tests/data/ext/sample_ext-1.3.0/sample.py
index 74bd839..bf6ed99 100755
--- a/tests/data/ext/sample_ext-1.3.0/sample.py
+++ b/tests/data/ext/sample_ext-1.3.0/sample.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
import os
--
1.8.3.1

View File

@ -0,0 +1,413 @@
From c0d49d739d39573b59c827c89f56386d162d9381 Mon Sep 17 00:00:00 2001
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Wed, 13 Mar 2019 18:44:24 +0000
Subject: [PATCH] Add fixes for handling swap file and other nit fixes (#1485)
RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-id: <20190313184424.29299-1-vkuznets@redhat.com>
Patchwork-id: 84860
O-Subject: [RHEL8 WALinuxAgent PATCH] Add fixes for handling swap file and other nit fixes (#1485)
Bugzilla: 1688276
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1684181
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=20581233
Tested: by me
This is to fix CVE-2019-0804: swapfile is created with weak permission.
commit 8b2fa7d6051d0ee9952be4b42185c24d2a2eacff
Author: Varad Meru <vrdmr@users.noreply.github.com>
Date: Tue Mar 12 12:54:08 2019 -0700
Add fixes for handling swap file and other nit fixes (#1485)
* Add fixes for handling swap file and other nit fixes
* Fixing bytearray and other nits
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Conflicts:
azurelinuxagent/daemon/resourcedisk/freebsd.py
(requires additional commits, irrelevant to RHEL)
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
azurelinuxagent/daemon/resourcedisk/default.py | 74 +++++++++++++++++++-------
azurelinuxagent/daemon/resourcedisk/freebsd.py | 53 ++++++++++++------
tests/distro/test_resourceDisk.py | 47 ++++++++++++++--
3 files changed, 133 insertions(+), 41 deletions(-)
diff --git a/azurelinuxagent/daemon/resourcedisk/default.py b/azurelinuxagent/daemon/resourcedisk/default.py
index 0f0925d..cfb76d2 100644
--- a/azurelinuxagent/daemon/resourcedisk/default.py
+++ b/azurelinuxagent/daemon/resourcedisk/default.py
@@ -17,6 +17,7 @@
import os
import re
+import stat
import sys
import threading
from time import sleep
@@ -124,12 +125,13 @@ class ResourceDiskHandler(object):
force_option = 'F'
if self.fs == 'xfs':
force_option = 'f'
- mkfs_string = "mkfs.{0} -{2} {1}".format(self.fs, partition, force_option)
+ mkfs_string = "mkfs.{0} -{2} {1}".format(
+ self.fs, partition, force_option)
if "gpt" in ret[1]:
logger.info("GPT detected, finding partitions")
parts = [x for x in ret[1].split("\n") if
- re.match("^\s*[0-9]+", x)]
+ re.match(r"^\s*[0-9]+", x)]
logger.info("Found {0} GPT partition(s).", len(parts))
if len(parts) > 1:
logger.info("Removing old GPT partitions")
@@ -138,18 +140,23 @@ class ResourceDiskHandler(object):
shellutil.run("parted {0} rm {1}".format(device, i))
logger.info("Creating new GPT partition")
- shellutil.run("parted {0} mkpart primary 0% 100%".format(device))
+ shellutil.run(
+ "parted {0} mkpart primary 0% 100%".format(device))
logger.info("Format partition [{0}]", mkfs_string)
shellutil.run(mkfs_string)
else:
logger.info("GPT not detected, determining filesystem")
- ret = self.change_partition_type(suppress_message=True, option_str="{0} 1 -n".format(device))
+ ret = self.change_partition_type(
+ suppress_message=True,
+ option_str="{0} 1 -n".format(device))
ptype = ret[1].strip()
if ptype == "7" and self.fs != "ntfs":
logger.info("The partition is formatted with ntfs, updating "
"partition type to 83")
- self.change_partition_type(suppress_message=False, option_str="{0} 1 83".format(device))
+ self.change_partition_type(
+ suppress_message=False,
+ option_str="{0} 1 83".format(device))
self.reread_partition_table(device)
logger.info("Format partition [{0}]", mkfs_string)
shellutil.run(mkfs_string)
@@ -169,7 +176,8 @@ class ResourceDiskHandler(object):
attempts -= 1
if not os.path.exists(partition):
- raise ResourceDiskError("Partition was not created [{0}]".format(partition))
+ raise ResourceDiskError(
+ "Partition was not created [{0}]".format(partition))
logger.info("Mount resource disk [{0}]", mount_string)
ret, output = shellutil.run_get_output(mount_string, chk_err=False)
@@ -215,14 +223,19 @@ class ResourceDiskHandler(object):
"""
command_to_use = '--part-type'
- input = "sfdisk {0} {1} {2}".format(command_to_use, '-f' if suppress_message else '', option_str)
- err_code, output = shellutil.run_get_output(input, chk_err=False, log_cmd=True)
+ input = "sfdisk {0} {1} {2}".format(
+ command_to_use, '-f' if suppress_message else '', option_str)
+ err_code, output = shellutil.run_get_output(
+ input, chk_err=False, log_cmd=True)
# fall back to -c
if err_code != 0:
- logger.info("sfdisk with --part-type failed [{0}], retrying with -c", err_code)
+ logger.info(
+ "sfdisk with --part-type failed [{0}], retrying with -c",
+ err_code)
command_to_use = '-c'
- input = "sfdisk {0} {1} {2}".format(command_to_use, '-f' if suppress_message else '', option_str)
+ input = "sfdisk {0} {1} {2}".format(
+ command_to_use, '-f' if suppress_message else '', option_str)
err_code, output = shellutil.run_get_output(input, log_cmd=True)
if err_code == 0:
@@ -245,16 +258,30 @@ class ResourceDiskHandler(object):
else:
return 'mount {0} {1}'.format(partition, mount_point)
+ @staticmethod
+ def check_existing_swap_file(swapfile, swaplist, size):
+ if swapfile in swaplist and os.path.isfile(
+ swapfile) and os.path.getsize(swapfile) == size:
+ logger.info("Swap already enabled")
+ # restrict access to owner (remove all access from group, others)
+ swapfile_mode = os.stat(swapfile).st_mode
+ if swapfile_mode & (stat.S_IRWXG | stat.S_IRWXO):
+ swapfile_mode = swapfile_mode & ~(stat.S_IRWXG | stat.S_IRWXO)
+ logger.info(
+ "Changing mode of {0} to {1:o}".format(
+ swapfile, swapfile_mode))
+ os.chmod(swapfile, swapfile_mode)
+ return True
+
+ return False
+
def create_swap_space(self, mount_point, size_mb):
size_kb = size_mb * 1024
size = size_kb * 1024
swapfile = os.path.join(mount_point, 'swapfile')
swaplist = shellutil.run_get_output("swapon -s")[1]
- if swapfile in swaplist \
- and os.path.isfile(swapfile) \
- and os.path.getsize(swapfile) == size:
- logger.info("Swap already enabled")
+ if self.check_existing_swap_file(swapfile, swaplist, size):
return
if os.path.isfile(swapfile) and os.path.getsize(swapfile) != size:
@@ -296,7 +323,8 @@ class ResourceDiskHandler(object):
os.remove(filename)
# If file system is xfs, use dd right away as we have been reported that
- # swap enabling fails in xfs fs when disk space is allocated with fallocate
+ # swap enabling fails in xfs fs when disk space is allocated with
+ # fallocate
ret = 0
fn_sh = shellutil.quote((filename,))
if self.fs != 'xfs':
@@ -305,13 +333,21 @@ class ResourceDiskHandler(object):
# Probable errors:
# - OSError: Seen on Cygwin, libc notimpl?
# - AttributeError: What if someone runs this under...
+ fd = None
+
try:
- with open(filename, 'w') as f:
- os.posix_fallocate(f.fileno(), 0, nbytes)
- return 0
- except:
+ fd = os.open(
+ filename,
+ os.O_CREAT | os.O_WRONLY | os.O_EXCL,
+ stat.S_IRUSR | stat.S_IWUSR)
+ os.posix_fallocate(fd, 0, nbytes)
+ return 0
+ except BaseException:
# Not confident with this thing, just keep trying...
pass
+ finally:
+ if fd is not None:
+ os.close(fd)
# fallocate command
ret = shellutil.run(
diff --git a/azurelinuxagent/daemon/resourcedisk/freebsd.py b/azurelinuxagent/daemon/resourcedisk/freebsd.py
index a65d7f8..a29df3a 100644
--- a/azurelinuxagent/daemon/resourcedisk/freebsd.py
+++ b/azurelinuxagent/daemon/resourcedisk/freebsd.py
@@ -22,6 +22,7 @@ import azurelinuxagent.common.utils.shellutil as shellutil
from azurelinuxagent.common.exception import ResourceDiskError
from azurelinuxagent.daemon.resourcedisk.default import ResourceDiskHandler
+
class FreeBSDResourceDiskHandler(ResourceDiskHandler):
"""
This class handles resource disk mounting for FreeBSD.
@@ -34,6 +35,7 @@ class FreeBSDResourceDiskHandler(ResourceDiskHandler):
1. MBR: The resource disk partition is /dev/da1s1
2. GPT: The resource disk partition is /dev/da1p2, /dev/da1p1 is for reserved usage.
"""
+
def __init__(self):
super(FreeBSDResourceDiskHandler, self).__init__()
@@ -50,25 +52,30 @@ class FreeBSDResourceDiskHandler(ResourceDiskHandler):
def mount_resource_disk(self, mount_point):
fs = self.fs
if fs != 'ufs':
- raise ResourceDiskError("Unsupported filesystem type:{0}, only ufs is supported.".format(fs))
+ raise ResourceDiskError(
+ "Unsupported filesystem type:{0}, only ufs is supported.".format(fs))
# 1. Detect device
err, output = shellutil.run_get_output('gpart list')
if err:
- raise ResourceDiskError("Unable to detect resource disk device:{0}".format(output))
+ raise ResourceDiskError(
+ "Unable to detect resource disk device:{0}".format(output))
disks = self.parse_gpart_list(output)
device = self.osutil.device_for_ide_port(1)
- if device is None or not device in disks:
- # fallback logic to find device
- err, output = shellutil.run_get_output('camcontrol periphlist 2:1:0')
+ if device is None or device not in disks:
+ # fallback logic to find device
+ err, output = shellutil.run_get_output(
+ 'camcontrol periphlist 2:1:0')
if err:
# try again on "3:1:0"
- err, output = shellutil.run_get_output('camcontrol periphlist 3:1:0')
+ err, output = shellutil.run_get_output(
+ 'camcontrol periphlist 3:1:0')
if err:
- raise ResourceDiskError("Unable to detect resource disk device:{0}".format(output))
+ raise ResourceDiskError(
+ "Unable to detect resource disk device:{0}".format(output))
- # 'da1: generation: 4 index: 1 status: MORE\npass2: generation: 4 index: 2 status: LAST\n'
+ # 'da1: generation: 4 index: 1 status: MORE\npass2: generation: 4 index: 2 status: LAST\n'
for line in output.split('\n'):
index = line.find(':')
if index > 0:
@@ -89,9 +96,11 @@ class FreeBSDResourceDiskHandler(ResourceDiskHandler):
elif partition_table_type == 'GPT':
provider_name = device + 'p2'
else:
- raise ResourceDiskError("Unsupported partition table type:{0}".format(output))
+ raise ResourceDiskError(
+ "Unsupported partition table type:{0}".format(output))
- err, output = shellutil.run_get_output('gpart show -p {0}'.format(device))
+ err, output = shellutil.run_get_output(
+ 'gpart show -p {0}'.format(device))
if err or output.find(provider_name) == -1:
raise ResourceDiskError("Resource disk partition not found.")
@@ -110,14 +119,24 @@ class FreeBSDResourceDiskHandler(ResourceDiskHandler):
mount_cmd = 'mount -t {0} {1} {2}'.format(fs, partition, mount_point)
err = shellutil.run(mount_cmd, chk_err=False)
if err:
- logger.info('Creating {0} filesystem on partition {1}'.format(fs, partition))
- err, output = shellutil.run_get_output('newfs -U {0}'.format(partition))
+ logger.info(
+ 'Creating {0} filesystem on partition {1}'.format(
+ fs, partition))
+ err, output = shellutil.run_get_output(
+ 'newfs -U {0}'.format(partition))
if err:
- raise ResourceDiskError("Failed to create new filesystem on partition {0}, error:{1}"
- .format(partition, output))
+ raise ResourceDiskError(
+ "Failed to create new filesystem on partition {0}, error:{1}" .format(
+ partition, output))
err, output = shellutil.run_get_output(mount_cmd, chk_err=False)
if err:
- raise ResourceDiskError("Failed to mount partition {0}, error {1}".format(partition, output))
-
- logger.info("Resource disk partition {0} is mounted at {1} with fstype {2}", partition, mount_point, fs)
+ raise ResourceDiskError(
+ "Failed to mount partition {0}, error {1}".format(
+ partition, output))
+
+ logger.info(
+ "Resource disk partition {0} is mounted at {1} with fstype {2}",
+ partition,
+ mount_point,
+ fs)
return mount_point
diff --git a/tests/distro/test_resourceDisk.py b/tests/distro/test_resourceDisk.py
index d2ce6e1..5f9db0a 100644
--- a/tests/distro/test_resourceDisk.py
+++ b/tests/distro/test_resourceDisk.py
@@ -18,6 +18,8 @@
# http://msdn.microsoft.com/en-us/library/cc227282%28PROT.10%29.aspx
# http://msdn.microsoft.com/en-us/library/cc227259%28PROT.13%29.aspx
+import os
+import stat
import sys
from azurelinuxagent.common.utils import shellutil
from azurelinuxagent.daemon.resourcedisk import get_resourcedisk_handler
@@ -38,6 +40,11 @@ class TestResourceDisk(AgentTestCase):
# assert
assert os.path.exists(test_file)
+ # only the owner should have access
+ mode = os.stat(test_file).st_mode & (
+ stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO)
+ assert mode == stat.S_IRUSR | stat.S_IWUSR
+
# cleanup
os.remove(test_file)
@@ -49,7 +56,7 @@ class TestResourceDisk(AgentTestCase):
file_size = 1024 * 128
# execute
- if sys.version_info >= (3,3):
+ if sys.version_info >= (3, 3):
with patch("os.posix_fallocate",
side_effect=Exception('failure')):
get_resourcedisk_handler().mkfile(test_file, file_size)
@@ -76,20 +83,20 @@ class TestResourceDisk(AgentTestCase):
resource_disk_handler.mkfile(test_file, file_size)
# assert
- if sys.version_info >= (3,3):
+ if sys.version_info >= (3, 3):
with patch("os.posix_fallocate") as posix_fallocate:
self.assertEqual(0, posix_fallocate.call_count)
assert run_patch.call_count == 1
assert "dd if" in run_patch.call_args_list[0][0][0]
-
def test_change_partition_type(self):
resource_handler = get_resourcedisk_handler()
# test when sfdisk --part-type does not exist
with patch.object(shellutil, "run_get_output",
side_effect=[[1, ''], [0, '']]) as run_patch:
- resource_handler.change_partition_type(suppress_message=True, option_str='')
+ resource_handler.change_partition_type(
+ suppress_message=True, option_str='')
# assert
assert run_patch.call_count == 2
@@ -99,12 +106,42 @@ class TestResourceDisk(AgentTestCase):
# test when sfdisk --part-type exists
with patch.object(shellutil, "run_get_output",
side_effect=[[0, '']]) as run_patch:
- resource_handler.change_partition_type(suppress_message=True, option_str='')
+ resource_handler.change_partition_type(
+ suppress_message=True, option_str='')
# assert
assert run_patch.call_count == 1
assert "sfdisk --part-type" in run_patch.call_args_list[0][0][0]
+ def test_check_existing_swap_file(self):
+ test_file = os.path.join(self.tmp_dir, 'test_swap_file')
+ file_size = 1024 * 128
+ if os.path.exists(test_file):
+ os.remove(test_file)
+
+ with open(test_file, "wb") as file:
+ file.write(bytearray(file_size))
+
+ os.chmod(test_file, stat.S_ISUID | stat.S_ISGID | stat.S_IRUSR |
+ stat.S_IWUSR | stat.S_IRWXG | stat.S_IRWXO) # 0o6677
+
+ def swap_on(_): # mimic the output of "swapon -s"
+ return [
+ "Filename Type Size Used Priority",
+ "{0} partition 16498684 0 -2".format(test_file)
+ ]
+
+ with patch.object(shellutil, "run_get_output", side_effect=swap_on):
+ get_resourcedisk_handler().check_existing_swap_file(
+ test_file, test_file, file_size)
+
+ # it should remove access from group, others
+ mode = os.stat(test_file).st_mode & (stat.S_ISUID | stat.S_ISGID |
+ stat.S_IRWXU | stat.S_IWUSR | stat.S_IRWXG | stat.S_IRWXO) # 0o6777
+ assert mode == stat.S_ISUID | stat.S_ISGID | stat.S_IRUSR | stat.S_IWUSR # 0o6600
+
+ os.remove(test_file)
+
if __name__ == '__main__':
unittest.main()
--
1.8.3.1

183
SPECS/WALinuxAgent.spec Normal file
View File

@ -0,0 +1,183 @@
Summary: Microsoft Azure Linux Agent
Name: WALinuxAgent
Version: 2.2.32
Release: 1%{?dist}.1
License: Apache License Version 2.0
Group: Development/Libraries
Url: https://github.com/Azure/WALinuxAgent
Source0: WALinuxAgent-2.2.32.tar.gz
BuildArch: noarch
Patch0001: 0001-Add-inital-redhat-build-support.patch
# For bz#1684181 - CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions
# For bz#1688276 - CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions [rhel-8]
Patch2: wla-Add-fixes-for-handling-swap-file-and-other-nit-fixes.patch
# rhel requirements
BuildRequires: python3-devel
BuildRequires: python3-setuptools
Requires: openssh
Requires: openssh-server
Requires: openssl
Requires: parted
Requires: python3-pyasn1
BuildRequires: systemd
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
%description
The Azure Linux Agent supports the provisioning and running of Linux
VMs in the Azure cloud. This package should be installed on Linux disk
images that are built to run in the Azure environment.
%prep
%setup -q
%patch0001 -p1
%patch2 -p1
%build
%py3_build
%install
%{__python3} setup.py install --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES
# Change the shebang to the __python3 macro instead of leaving it hardcoded
pathfix.py -pni "%{__python3}" %{buildroot}%{_sbindir}/waagent
%clean
rm -rf $RPM_BUILD_ROOT
%post
%systemd_post waagent.service
%preun
%systemd_preun waagent.service
%postun
%systemd_postun_with_restart waagent.service
%files
%defattr(-,root,root)
%{python3_sitelib}/*
%config(noreplace) %{_sysconfdir}/waagent.conf
%{_sysconfdir}/logrotate.d/waagent.logrotate
%{_sbindir}/waagent
%{_sbindir}/waagent2.0
%{_unitdir}/waagent.service
/etc/udev/rules.d/66-azure-storage.rules
/etc/udev/rules.d/99-azure-product-uuid.rules
%changelog
* Mon May 20 2019 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.32-1.el8_0.1
- wla-Add-fixes-for-handling-swap-file-and-other-nit-fixes.patch [bz#1711338]
- Resolves: bz#1711338
(CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions [rhel-8])
* Fri Dec 14 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.32-1.el8
- Rebase to 2.2.32 [bz#1639498]
- Resolves: bz#1639498]
(walinuxagent 2.2.32 packaging request for RHEL 8)
* Tue Oct 23 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.26-6.el8
- wala-Use-sys.executable-to-find-system-python.patch [bz#1639775]
- Resolves: bz#1639775
(WALinuxAgent: Systemd unit file will fail to execute)
* Mon Oct 22 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.26-5.el8
- wala-Switch-to-platform-python-in-systemd-unit-file.patch [bz#1639775]
- Resolves: bz#1639775
(WALinuxAgent: Systemd unit file will fail to execute)
* Wed Aug 29 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.26-4.el8
- Fix unit file location [bz#1637545]
- Resolves: bz#1637545
(Wrong macro used for systemd unit file location)
* Wed Jul 04 2018 Tomas Orsava <torsava@redhat.com> - 2.2.26-3
- Switch hardcoded python3 shebangs into the %%{__python3} macro
* Tue Jul 03 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.26-2.el8
- Include 7.6 patches
* Tue Jul 03 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.26-1.el7
- Rebase to 2.2.26 [bz#1571523]
- Resolves: bz#1571523
(Rebase WALinuxAgent in RHEL-8.0)
* Thu May 03 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.18-2.el7
- wa-Add-show-configuration-option.patch [bz#1508340]
- Resolves: bz#1508340
([WALA] WALA usage prompt lack of " waagent -show-configuration")
* Tue Oct 10 2017 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.18-1.el7
- Rebase to 2.2.18 [bz#1491873]
- Resolves: bz#1491873
([WALA]Request to package WALA 2.2.18 into RHEL 7 Repo)
* Tue Jul 04 2017 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.14-1.el7
- Rebase to 2.2.14 [bz#1451172]
- wla-Remove-FIPS-setting-from-the-default-config.patch [bz#1467553]
- Resolves: bz#1451172
([WALA] Request to package WALA 2.2.14 into RHEL 7 Repo)
- Resolves: bz#1467553
([WALA] Remove FIPS from default config in WALA-2.2.14)
* Wed Apr 26 2017 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.10-1.el7
- Rebase to 2.2.10 [bz#1443425]
- Resolves: bz#1443425
([WALA]Request to package WALA 2.2.10 into RHEL 7 Repo)
* Wed Apr 19 2017 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.4-2.el7
- Enable AutoUpdate by default [bz#1434933]
- Resolves: bz#1434933
([WALA][RHEL-7] Enable AutoUpdate by default)
* Wed Mar 01 2017 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.4-1.el7
- Rebase to 2.2.4 [bz#1419201]
- resolves: bz#1419201
WALA 2.2.4
* Mon Jan 16 2017 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.0-4.el7
- agent-RHEL-7-hostname-533.patch [bz#1413674]
- agent-fix-for-hostnamectl-534.patch [bz#1413674]
- Resolves: bz#1413674
([WALA] Fail to send hostname to DHCP server during provisioning)
* Fri Sep 30 2016 Dave Anderson <anderson@redhat.com> - 2.2.0-1
- Update to v2.2.0
Resolves: rhbz#1360492
* Wed Sep 21 2016 Dave Anderson <anderson@redhat.com> - 2.1.5-2
- Several QE updates to this file
Resolves: rhbz#1360492
* Tue Sep 13 2016 Dave Anderson <anderson@redhat.com> - 2.1.5-1
- Update to v2.1.5
Resolves: rhbz#1360492
* Thu Jan 14 2016 Dave Anderson <anderson@redhat.com> - 2.0.16-1
- Update to 2.0.16
Resolves: rhbz#1296360
* Mon Jun 01 2015 Dave Anderson <anderson@redhat.com> - 2.0.13-1
- Update to upstream 2.0.13 package.
- Remove global commit md5sum and fix Source0 to point to correct location.
- Fix setup to deal with "WALinuxAgent-WALinuxAgent" naming scheme
- Added files reference for /udev/rules.d/99-azure-product-uuid.rules
* Thu May 07 2015 Dave Anderson <anderson@redhat.com> - 2.0.11-3
- Remove Requires: ntfsprogs for RHEL7
* Sat Jan 10 2015 Scott K Logan <logans@cottsay.net> - 2.0.11-2
- Use systemd for rhel7
- Own logrotate.d
- Fix python2-devel dep
* Sat Dec 20 2014 Scott K Logan <logans@cottsay.net> - 2.0.11-1
- Initial package