rpms/augeas
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase to Fedora Rawhide

Browse Source 
Remove patches which are upstream
resolves: RHEL-56802
This commit is contained in:
Richard W.M. Jones 2024-09-02 13:09:58 +01:00
parent c3f08fe3d5
commit 062bda2567
8 changed files with 45 additions and 775 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
0001-Chrony-add-new-directives-and-options-745.patch
View File

@ -1,109 +0,0 @@
From 1a68d8afa2b23b3133a605d5fdf994139e60682f Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 2 Mar 2022 14:54:39 +0100
Subject: [PATCH 1/6] Chrony: add new directives and options (#745)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Support new configuration added in chrony 4.1 and 4.2.
Co-authored-by: Raphaël Pinson <github+aem1eeshi1@raphink.net>
(cherry picked from commit 5f3a566511626c35f69961598f1f332db01ed7a1)
---
lenses/chrony.aug | 11 ++++++++---
lenses/tests/test_chrony.aug | 9 +++++++--
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/lenses/chrony.aug b/lenses/chrony.aug
index 91c8ed51..d1c29531 100644
--- a/lenses/chrony.aug
+++ b/lenses/chrony.aug
@@ -57,8 +57,11 @@ module Chrony =
(************************************************************************
* Group: Create required expressions
************************************************************************)
+ (* Variable: hex *)
+ let hex = /[0-9a-fA-F]+/
+
(* Variable: number *)
- let number = integer | decimal | decimal . /[eE]/ . integer
+ let number = integer | decimal | decimal . /[eE]/ . integer | hex
(* Variable: address_re *)
let address_re = Rx.ip | Rx.hostname
@@ -79,6 +82,8 @@ module Chrony =
Server/Peer/Pool options with values
*)
let cmd_options = "asymmetry"
+ | "certset"
+ | "extfield"
| "filter"
| "key"
| /maxdelay((dev)?ratio)?/
@@ -96,7 +101,7 @@ module Chrony =
Server/Peer/Pool options without values
*)
let cmd_flags = "auto_offline"|"iburst"|"noselect"|"offline"|"prefer"
- |"require"|"trust"|"xleave"|"burst"|"nts"
+ |"copy"|"require"|"trust"|"xleave"|"burst"|"nts"
(* Variable: ntp_source
Server/Peer/Pool key names
@@ -183,7 +188,7 @@ module Chrony =
| "nocerttimecheck" | "ntsdumpdir" | "ntsntpserver"
| "ntsport" | "ntsprocesses" | "ntsrefresh" | "ntsrotate"
| "ntsservercert" | "ntsserverkey" | "ntstrustedcerts"
- | "ntpsigndsocket" | "pidfile"
+ | "ntpsigndsocket" | "pidfile" | "ptpport"
| "port" | "reselectdist" | "rtcautotrim" | "rtcdevice"
| "rtcfile" | "sched_priority" | "stratumweight" | "user"
diff --git a/lenses/tests/test_chrony.aug b/lenses/tests/test_chrony.aug
index 0c86cde7..691e63f7 100644
--- a/lenses/tests/test_chrony.aug
+++ b/lenses/tests/test_chrony.aug
@@ -17,8 +17,8 @@ module Test_Chrony =
server ntp1.example.com
server ntp2.example.com iburst
server ntp3.example.com presend 2
-server ntp4.example.com offline polltarget 4
-server ntp5.example.com maxdelay 2 offline
+server ntp4.example.com offline polltarget 4 extfield F323 copy
+server ntp5.example.com maxdelay 2 offline certset 1
server ntp6.example.com maxdelay 2 iburst presend 2 xleave offset 1e-4
server ntp7.example.com iburst presend 2 offline prefer trust require
server ntp8.example.com minsamples 8 maxsamples 16 version 3
@@ -88,6 +88,7 @@ ntsport 123
ntsprocesses 2
ntsrefresh 86400
ntsrotate 86400
+ptpport 319
"
test Chrony.lns get exampleconf =
@@ -110,10 +111,13 @@ ntsrotate 86400
{ "server" = "ntp4.example.com"
{ "offline" }
{ "polltarget" = "4" }
+ { "extfield" = "F323" }
+ { "copy" }
}
{ "server" = "ntp5.example.com"
{ "maxdelay" = "2" }
{ "offline" }
+ { "certset" = "1" }
}
{ "server" = "ntp6.example.com"
{ "maxdelay" = "2" }
@@ -312,6 +316,7 @@ ntsrotate 86400
{ "ntsprocesses" = "2" }
{ "ntsrefresh" = "86400" }
{ "ntsrotate" = "86400" }
+ { "ptpport" = "319" }
(* Local Variables: *)
--
2.45.2

7
0006-lenses-fstab.aug-Allow-comma-after-the-last-option-8.patch → 0001-lenses-fstab.aug-Allow-comma-after-the-last-option-8.patch
View File

@ -1,8 +1,7 @@
From ac6c3962d38c14d887fe7486330c19d477ab034d Mon Sep 17 00:00:00 2001
From 1cba85ead1ecf582666568e2abde06b3d7830a2f Mon Sep 17 00:00:00 2001
From: Cosmin Tupangiu <cosmin@redhat.com>
Date: Thu, 18 Jul 2024 13:02:20 +0200
Subject: [PATCH 6/6] lenses/fstab.aug: Allow comma after the last option
(#838)
Subject: [PATCH] lenses/fstab.aug: Allow comma after the last option (#838)
This PR adds a new lens that allows a comma after the last option:
@ -61,5 +60,5 @@ index 438f619a..4a912e59 100644
(* mode: caml *)
(* End: *)
--
2.45.2
2.43.0

276
0002-Kdump-parse-auto_reset_crashkernel-754.patch
View File

@ -1,276 +0,0 @@
From 5cc865803bd62df17e732c360787fbc263a9942a Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@users.noreply.github.com>
Date: Wed, 20 Apr 2022 10:13:06 +0200
Subject: [PATCH 2/6] Kdump: parse "auto_reset_crashkernel" (#754)
The "auto_reset_crashkernel" keyword was introduced in the following
kexec-tools patch set:
[PATCH v5 00/13] crashkernel=auto: support fadump and remove
crashkernel.default
https://lists.fedoraproject.org/archives/list/kexec@lists.fedoraproject.org/thread/V5WPTRAPJR65QXSTNW6W6E7ZBAUCQNUH/#V5WPTRAPJR65QXSTNW6W6E7ZBAUCQNUH
Related upstream commit:
https://src.fedoraproject.org/rpms/kexec-tools/c/73ced7f451a72
Recognize "auto_reset_crashkernel" in "kdump.aug". Update the test case.
Also copy "kdump.conf" from kexec-tools @ 73ced7f451a72 to
"tests/root/etc/kdump.conf".
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2042772
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 288a028da531a5f58d9ee89bc29fd73e7483bf24)
---
lenses/kdump.aug | 4 +
lenses/tests/test_kdump.aug | 2 +
tests/root/etc/kdump.conf | 192 ++++++++++++++++++++++++++++++++++++
3 files changed, 198 insertions(+)
create mode 100644 tests/root/etc/kdump.conf
diff --git a/lenses/kdump.aug b/lenses/kdump.aug
index ddf50ede..e50486c3 100644
--- a/lenses/kdump.aug
+++ b/lenses/kdump.aug
@@ -25,6 +25,7 @@ let empty = Util.empty
let comment = Util.comment
let value_to_eol = store /[^ \t\n#][^\n#]*[^ \t\n#]|[^ \t\n#]/
let int_to_eol = store Rx.integer
+let yn_to_eol = store ("yes" | "no")
let delimiter = Util.del_ws_spc
let eol = Util.eol
let value_to_spc = store Rx.neg1
@@ -64,9 +65,12 @@ let simple_kws = "raw" | "net" | "path" | "core_collector" | "kdump_post"
let int_kws = "force_rebuild" | "override_resettable" | "debug_mem_level"
| "link_delay" | "disk_timeout"
+let yn_kws = "auto_reset_crashkernel"
+
let option = Build.key_value_line_comment ( simple_kws | fs_types )
delimiter value_to_eol comment
| Build.key_value_line_comment int_kws delimiter int_to_eol comment
+ | Build.key_value_line_comment yn_kws delimiter yn_to_eol comment
| list "extra_bins"
| list "extra_modules"
| list "blacklist"
diff --git a/lenses/tests/test_kdump.aug b/lenses/tests/test_kdump.aug
index 51c79a38..ff82af05 100644
--- a/lenses/tests/test_kdump.aug
+++ b/lenses/tests/test_kdump.aug
@@ -11,6 +11,7 @@ module Test_Kdump =
#comment after empty line
#
#comment after empty comment
+auto_reset_crashkernel yes
path /var/crash #comment after entry
core_collector makedumpfile -c
default poweroff
@@ -49,6 +50,7 @@ blacklist gfs2
{ "#comment" = "comment after empty line" }
{ }
{ "#comment" = "comment after empty comment" }
+ { "auto_reset_crashkernel" = "yes" }
{ "path" = "/var/crash"
{ "#comment" = "comment after entry" } }
{ "core_collector" = "makedumpfile -c" }
diff --git a/tests/root/etc/kdump.conf b/tests/root/etc/kdump.conf
new file mode 100644
index 00000000..d4fc78b0
--- /dev/null
+++ b/tests/root/etc/kdump.conf
@@ -0,0 +1,192 @@
+# This file contains a series of commands to perform (in order) in the kdump
+# kernel after a kernel crash in the crash kernel(1st kernel) has happened.
+#
+# Directives in this file are only applicable to the kdump initramfs, and have
+# no effect once the root filesystem is mounted and the normal init scripts are
+# processed.
+#
+# Currently, only one dump target and path can be specified. If the dumping to
+# the configured target fails, the failure action which can be configured via
+# the "failure_action" directive will be performed.
+#
+# Supported options:
+#
+# auto_reset_crashkernel <yes|no>
+# - whether to reset kernel crashkernel to new default value
+# or not when kexec-tools updates the default crashkernel value and
+# existing kernels using the old default kernel crashkernel value.
+# The default value is yes.
+#
+# raw <partition>
+# - Will dd /proc/vmcore into <partition>.
+# Use persistent device names for partition devices,
+# such as /dev/vg/<devname>.
+#
+# nfs <nfs mount>
+# - Will mount nfs to <mnt>, and copy /proc/vmcore to
+# <mnt>/<path>/%HOST-%DATE/, supports DNS.
+#
+# ssh <user@server>
+# - Will save /proc/vmcore to <user@server>:<path>/%HOST-%DATE/,
+# supports DNS.
+# NOTE: make sure the user has write permissions on the server.
+#
+# sshkey <path>
+# - Will use the sshkey to do ssh dump.
+# Specify the path of the ssh key to use when dumping
+# via ssh. The default value is /root/.ssh/kdump_id_rsa.
+#
+# <fs type> <partition>
+# - Will mount -t <fs type> <partition> <mnt>, and copy
+# /proc/vmcore to <mnt>/<path>/%HOST_IP-%DATE/.
+# NOTE: <partition> can be a device node, label or uuid.
+# It's recommended to use persistent device names
+# such as /dev/vg/<devname>.
+# Otherwise it's suggested to use label or uuid.
+#
+# path <path>
+# - "path" represents the file system path in which vmcore
+# will be saved. If a dump target is specified in
+# kdump.conf, then "path" is relative to the specified
+# dump target.
+#
+# Interpretation of "path" changes a bit if the user didn't
+# specify any dump target explicitly in kdump.conf. In this
+# case, "path" represents the absolute path from root. The
+# dump target and adjusted path are arrived at automatically
+# depending on what's mounted in the current system.
+#
+# Ignored for raw device dumps. If unset, will use the default
+# "/var/crash".
+#
+# core_collector <command> <options>
+# - This allows you to specify the command to copy
+# the vmcore. The default is makedumpfile, which on
+# some architectures can drastically reduce vmcore size.
+# See /sbin/makedumpfile --help for a list of options.
+# Note that the -i and -g options are not needed here,
+# as the initrd will automatically be populated with a
+# config file appropriate for the running kernel.
+# The default core_collector for raw/ssh dump is:
+# "makedumpfile -F -l --message-level 7 -d 31".
+# The default core_collector for other targets is:
+# "makedumpfile -l --message-level 7 -d 31".
+#
+# "makedumpfile -F" will create a flattened vmcore.
+# You need to use "makedumpfile -R" to rearrange the dump data to
+# a normal dumpfile readable with analysis tools. For example:
+# "makedumpfile -R vmcore < vmcore.flat".
+#
+# For core_collector format details, you can refer to
+# kexec-kdump-howto.txt or kdump.conf manpage.
+#
+# kdump_post <binary | script>
+# - This directive allows you to run a executable binary
+# or script after the vmcore dump process terminates.
+# The exit status of the current dump process is fed to
+# the executable binary or script as its first argument.
+# All files under /etc/kdump/post.d are collectively sorted
+# and executed in lexical order, before binary or script
+# specified kdump_post parameter is executed.
+#
+# kdump_pre <binary | script>
+# - Works like the "kdump_post" directive, but instead of running
+# after the dump process, runs immediately before it.
+# Exit status of this binary is interpreted as follows:
+# 0 - continue with dump process as usual
+# non 0 - run the final action (reboot/poweroff/halt)
+# All files under /etc/kdump/pre.d are collectively sorted and
+# executed in lexical order, after binary or script specified
+# kdump_pre parameter is executed.
+# Even if the binary or script in /etc/kdump/pre.d directory
+# returns non 0 exit status, the processing is continued.
+#
+# extra_bins <binaries | shell scripts>
+# - This directive allows you to specify additional binaries or
+# shell scripts to be included in the kdump initrd.
+# Generally they are useful in conjunction with a kdump_post
+# or kdump_pre binary or script which depends on these extra_bins.
+#
+# extra_modules <module(s)>
+# - This directive allows you to specify extra kernel modules
+# that you want to be loaded in the kdump initrd.
+# Multiple modules can be listed, separated by spaces, and any
+# dependent modules will automatically be included.
+#
+# failure_action <reboot | halt | poweroff | shell | dump_to_rootfs>
+# - Action to perform in case dumping fails.
+# reboot: Reboot the system.
+# halt: Halt the system.
+# poweroff: Power down the system.
+# shell: Drop to a bash shell.
+# Exiting the shell reboots the system by default,
+# or perform "final_action".
+# dump_to_rootfs: Dump vmcore to rootfs from initramfs context and
+# reboot by default or perform "final_action".
+# Useful when non-root dump target is specified.
+# The default option is "reboot".
+#
+# default <reboot | halt | poweroff | shell | dump_to_rootfs>
+# - Same as the "failure_action" directive above, but this directive
+# is obsolete and will be removed in the future.
+#
+# final_action <reboot | halt | poweroff>
+# - Action to perform in case dumping succeeds. Also performed
+# when "shell" or "dump_to_rootfs" failure action finishes.
+# Each action is same as the "failure_action" directive above.
+# The default is "reboot".
+#
+# force_rebuild <0 | 1>
+# - By default, kdump initrd will only be rebuilt when necessary.
+# Specify 1 to force rebuilding kdump initrd every time when kdump
+# service starts.
+#
+# force_no_rebuild <0 | 1>
+# - By default, kdump initrd will be rebuilt when necessary.
+# Specify 1 to bypass rebuilding of kdump initrd.
+#
+# force_no_rebuild and force_rebuild options are mutually
+# exclusive and they should not be set to 1 simultaneously.
+#
+# override_resettable <0 | 1>
+# - Usually an unresettable block device can't be a dump target.
+# Specifying 1 when you want to dump even though the block
+# target is unresettable
+# By default, it is 0, which will not try dumping destined to fail.
+#
+# dracut_args <arg(s)>
+# - Pass extra dracut options when rebuilding kdump initrd.
+#
+# fence_kdump_args <arg(s)>
+# - Command line arguments for fence_kdump_send (it can contain
+# all valid arguments except hosts to send notification to).
+#
+# fence_kdump_nodes <node(s)>
+# - List of cluster node(s) except localhost, separated by spaces,
+# to send fence_kdump notifications to.
+# (this option is mandatory to enable fence_kdump).
+#
+
+#raw /dev/vg/lv_kdump
+#ext4 /dev/vg/lv_kdump
+#ext4 LABEL=/boot
+#ext4 UUID=03138356-5e61-4ab3-b58e-27507ac41937
+#nfs my.server.com:/export/tmp
+#nfs [2001:db8::1:2:3:4]:/export/tmp
+#ssh user@my.server.com
+#ssh user@2001:db8::1:2:3:4
+#sshkey /root/.ssh/kdump_id_rsa
+auto_reset_crashkernel yes
+path /var/crash
+core_collector makedumpfile -l --message-level 7 -d 31
+#core_collector scp
+#kdump_post /var/crash/scripts/kdump-post.sh
+#kdump_pre /var/crash/scripts/kdump-pre.sh
+#extra_bins /usr/bin/lftp
+#extra_modules gfs2
+#failure_action shell
+#force_rebuild 1
+#force_no_rebuild 1
+#dracut_args --omit-drivers "cfg80211 snd" --add-drivers "ext2 ext3"
+#fence_kdump_args -p 7410 -f auto -c 0 -i 10
+#fence_kdump_nodes node1 node2
--
2.45.2

148
0003-semanage-Fix-parsing-of-ignoredirs-758.patch
View File

@ -1,148 +0,0 @@
From 864ca7e256a3cf7236bf4d096e265672baed2fbb Mon Sep 17 00:00:00 2001
From: rwmjones <rjones@redhat.com>
Date: Thu, 6 Oct 2022 12:15:56 +0100
Subject: [PATCH 3/6] semanage: Fix parsing of ignoredirs (#758)
From /etc/selinux/semanage.conf from a RHEL 9.1 system, this line
caused problems:
ignoredirs=/root;/bin;/boot;/dev;/etc [...]
Parse this as a list of modified Rx.fspath, generating a tree like:
/files/etc/selinux/semanage.conf/ignoredirs/1 = /root
/files/etc/selinux/semanage.conf/ignoredirs/2 = /bin
/files/etc/selinux/semanage.conf/ignoredirs/3 = /dev
/files/etc/selinux/semanage.conf/ignoredirs/4 = /etc
[...]
Also this adds the RHEL 9 file as another test case and adjusts the
output of the existing test case.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2077120
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit a3ba6e2d32b95507e2474a219e788ac3d54bc4a1)
---
lenses/semanage.aug | 7 +++-
lenses/tests/test_semanage.aug | 4 +-
tests/root/etc/selinux/semanage.conf | 60 ++++++++++++++++++++++++++++
tests/xpath.tests | 1 +
4 files changed, 70 insertions(+), 2 deletions(-)
create mode 100644 tests/root/etc/selinux/semanage.conf
diff --git a/lenses/semanage.aug b/lenses/semanage.aug
index 46f93b32..edd97131 100644
--- a/lenses/semanage.aug
+++ b/lenses/semanage.aug
@@ -23,7 +23,12 @@ let sep = IniFile.sep "=" "="
let empty = IniFile.empty
let eol = IniFile.eol
-let entry = IniFile.entry IniFile.entry_re sep comment
+let list_keys = "ignoredirs"
+let scl = del ";" ";"
+let fspath = /[^ \t\n;#]+/ (* Rx.fspath without ; or # *)
+
+let entry = IniFile.entry_list list_keys sep fspath scl comment
+ | IniFile.entry (IniFile.entry_re - list_keys) sep comment
| empty
let title = IniFile.title_label "@group" (IniFile.record_re - /^end$/)
diff --git a/lenses/tests/test_semanage.aug b/lenses/tests/test_semanage.aug
index a6ceaca0..f76b95f3 100644
--- a/lenses/tests/test_semanage.aug
+++ b/lenses/tests/test_semanage.aug
@@ -68,7 +68,9 @@ test Semanage.lns get conf =
{ "usepasswd" = "False" }
{ "bzip-small" = "true" }
{ "bzip-blocksize" = "5" }
- { "ignoredirs" = "/root" }
+ { "ignoredirs"
+ { "1" = "/root" }
+ }
{ }
{ "@group" = "sefcontext_compile"
{ "path" = "/usr/sbin/sefcontext_compile" }
diff --git a/tests/root/etc/selinux/semanage.conf b/tests/root/etc/selinux/semanage.conf
new file mode 100644
index 00000000..406f16f1
--- /dev/null
+++ b/tests/root/etc/selinux/semanage.conf
@@ -0,0 +1,60 @@
+# Authors: Jason Tang <jtang@tresys.com>
+#
+# Copyright (C) 2004-2005 Tresys Technology, LLC
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#
+# Specify how libsemanage will interact with a SELinux policy manager.
+# The four options are:
+#
+# "source" - libsemanage manipulates a source SELinux policy
+# "direct" - libsemanage will write directly to a module store.
+# /foo/bar - Write by way of a policy management server, whose
+# named socket is at /foo/bar. The path must begin
+# with a '/'.
+# foo.com:4242 - Establish a TCP connection to a remote policy
+# management server at foo.com. If there is a colon
+# then the remainder is interpreted as a port number;
+# otherwise default to port 4242.
+module-store = direct
+
+# When generating the final linked and expanded policy, by default
+# semanage will set the policy version to POLICYDB_VERSION_MAX, as
+# given in <sepol/policydb.h>. Change this setting if a different
+# version is necessary.
+#policy-version = 19
+
+# expand-check check neverallow rules when executing all semanage
+# commands. There might be a penalty in execution time if this
+# option is enabled.
+expand-check=0
+
+# usepasswd check tells semanage to scan all pass word records for home directories
+# and setup the labeling correctly. If this is turned off, SELinux will label only /home
+# and home directories of users with SELinux login mappings defined, see
+# semanage login -l for the list of such users.
+# If you want to use a different home directory, you will need to use semanage fcontext command.
+# For example, if you had home dirs in /althome directory you would have to execute
+# semanage fcontext -a -e /home /althome
+usepasswd=False
+bzip-small=true
+bzip-blocksize=5
+ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var
+optimize-policy=true
+
+[sefcontext_compile]
+path = /usr/sbin/sefcontext_compile
+args = -r $@
+[end]
diff --git a/tests/xpath.tests b/tests/xpath.tests
index a7db8d83..feab7584 100644
--- a/tests/xpath.tests
+++ b/tests/xpath.tests
@@ -109,6 +109,7 @@ test descendant-or-self /files/descendant-or-self :: 4
/files/etc/ssh/ssh_config/Host/SendEnv[1]/4 = LC_TIME
/files/etc/ssh/ssh_config/Host/SendEnv[2]/4 = LC_TELEPHONE
/files/etc/aliases/4
+ /files/etc/selinux/semanage.conf/ignoredirs/4 = /dev
/files/etc/fstab/4
/files/etc/pam.d/login/4
/files/etc/pam.d/newrole/4
--
2.45.2

164
0004-Tmpfiles-allow-for-letter-types-allow-as-prefix-for-.patch
View File

@ -1,164 +0,0 @@
From c696b4851f057a0340ce6d445bac22078d333a61 Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Fri, 24 Mar 2023 11:26:46 +0100
Subject: [PATCH 4/6] Tmpfiles: allow '=', '~', '^' for letter types, allow ":"
as prefix for the mode
* Tmpfiles: allow '=', '~', '^' for letter types
Allow an equal sign, a tilde character and/or a caret for the type
specification:
- equal: strict file type enforcing
- tilde: base64-encoded content in the argument
- caret: credential name in the argument
Fixes: #795
* Tmpfiles: allow ":" as prefix for the mode
Represents a mode to be set only for new inodes.
(cherry picked from commit 41b2a33ff02687fa53d69a012a1d47141b196a86)
---
lenses/tests/test_tmpfiles.aug | 78 ++++++++++++++++++++++++++++++++++
lenses/tmpfiles.aug | 9 ++--
2 files changed, 83 insertions(+), 4 deletions(-)
diff --git a/lenses/tests/test_tmpfiles.aug b/lenses/tests/test_tmpfiles.aug
index 6ced069f..4bbd06a2 100644
--- a/lenses/tests/test_tmpfiles.aug
+++ b/lenses/tests/test_tmpfiles.aug
@@ -97,6 +97,60 @@ Tree for <minus_tree> *)
{ "argument" = "-" }
}
+ (* Variable: equal
+Example with an equal sign in the type *)
+ let equal = "d= /tmp/foo 0755 root root - -\n"
+
+ (* Variable: equal_tree
+Tree for <equal> *)
+ let equal_tree =
+ {
+ "1"
+ { "type" = "d=" }
+ { "path" = "/tmp/foo" }
+ { "mode" = "0755" }
+ { "uid" = "root" }
+ { "gid" = "root" }
+ { "age" = "-" }
+ { "argument" = "-" }
+ }
+
+ (* Variable: tilde
+Example with a tilde character in the type *)
+ let tilde = "w~ /tmp/foo 0755 root root - dGVzdAo=\n"
+
+ (* Variable: tilde_tree
+Tree for <tilde> *)
+ let tilde_tree =
+ {
+ "1"
+ { "type" = "w~" }
+ { "path" = "/tmp/foo" }
+ { "mode" = "0755" }
+ { "uid" = "root" }
+ { "gid" = "root" }
+ { "age" = "-" }
+ { "argument" = "dGVzdAo=" }
+ }
+
+ (* Variable: caret
+Example with a caret in the type *)
+ let caret = "f^ /etc/motd.d/50-provision.conf - - - - login.motd\n"
+
+ (* Variable: caret_tree
+Tree for <caret> *)
+ let caret_tree =
+ {
+ "1"
+ { "type" = "f^" }
+ { "path" = "/etc/motd.d/50-provision.conf" }
+ { "mode" = "-" }
+ { "uid" = "-" }
+ { "gid" = "-" }
+ { "age" = "-" }
+ { "argument" = "login.motd" }
+ }
+
(* Variable: short
Example with only type and path *)
let short = "A+ /tmp/foo\n"
@@ -337,6 +391,22 @@ Tree for <mode3> *)
{ "mode" = "755" }
}
+ (* Variable: mode_colon
+Mode field with colon prefix *)
+ let mode_colon = "d- /root :0700 root :root\n"
+
+ (* Variable: mode_colon_tree
+Tree for <mode_colon> *)
+ let mode_colon_tree =
+ {
+ "1"
+ { "type" = "d-" }
+ { "path" = "/root" }
+ { "mode" = ":0700" }
+ { "uid" = "root" }
+ { "gid" = ":root" }
+ }
+
(************************************************************************
* Group: INVALID EXAMPLES
*************************************************************************)
@@ -377,6 +447,12 @@ Invalid example that contain invalid mode (letter) *)
test Tmpfiles.lns get minus = minus_tree
+ test Tmpfiles.lns get equal = equal_tree
+
+ test Tmpfiles.lns get tilde = tilde_tree
+
+ test Tmpfiles.lns get caret = caret_tree
+
test Tmpfiles.lns get short = short_tree
test Tmpfiles.lns get short_mode = short_mode_tree
@@ -405,6 +481,8 @@ Invalid example that contain invalid mode (letter) *)
test Tmpfiles.lns get mode3 = mode3_tree
+ test Tmpfiles.lns get mode_colon = mode_colon_tree
+
(* failure cases *)
diff --git a/lenses/tmpfiles.aug b/lenses/tmpfiles.aug
index 01b3003a..1163c84a 100644
--- a/lenses/tmpfiles.aug
+++ b/lenses/tmpfiles.aug
@@ -50,15 +50,16 @@ Empty lines *)
(* View: type
One letter. Some of them can have a "+" and all can have an
-exclamation mark ("!") and/or minus sign ("-").
+exclamation mark ("!"), a minus sign ("-"), an equal sign ("="),
+a tilde character ("~") and/or a caret ("^").
Not all letters are valid.
*)
- let type = /([fFwdDevqQpLcbCxXrRzZtThHaAm]|[fFwpLcbaA]\+)!?-?/
+ let type = /([fFwdDevqQpLcbCxXrRzZtThHaAm]|[fFwpLcbaA]\+)[-!=~^]*/
(* View: mode
-"-", or 3-4 bytes. Optionally starts with a "~". *)
- let mode = /(-|~?[0-7]{3,4})/
+"-", or 3-4 bytes. Optionally starts with a "~" or a ":". *)
+ let mode = /(-|(~|:)?[0-7]{3,4})/
(* View: age
"-", or one of the formats seen in the manpage: 10d, 5seconds, 1y5days.
--
2.45.2

44
0005-lenses-Allow-whitespace-at-the-end-of-kernel-commnd-.patch
View File

@ -1,44 +0,0 @@
From 61a489a7c9f276be8bb717c4d532beebc2b64fef Mon Sep 17 00:00:00 2001
From: rwmjones <rjones@redhat.com>
Date: Sun, 5 Mar 2023 10:30:43 +0000
Subject: [PATCH 5/6] lenses: Allow whitespace at the end of kernel commnd line
(#798)
Reported-by: Yongkui Guo
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2159282
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 801aa73db3c356378467622a7e02dea21ccf4332)
---
lenses/cmdline.aug | 2 +-
lenses/tests/test_cmdline.aug | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/lenses/cmdline.aug b/lenses/cmdline.aug
index b8b5176d..30e9aac7 100644
--- a/lenses/cmdline.aug
+++ b/lenses/cmdline.aug
@@ -13,7 +13,7 @@ module Cmdline =
let entry = [ key Rx.word . Util.del_str "=" . store Rx.no_spaces ] | [ key Rx.word ]
-let lns = (Build.opt_list entry Sep.space)? . del /\n?/ ""
+let lns = (Build.opt_list entry Sep.space)? . del /[ \t]*\n?/ ""
let filter = incl "/etc/kernel/cmdline"
. incl "/proc/cmdline"
diff --git a/lenses/tests/test_cmdline.aug b/lenses/tests/test_cmdline.aug
index 0624a0b2..77a429d8 100644
--- a/lenses/tests/test_cmdline.aug
+++ b/lenses/tests/test_cmdline.aug
@@ -4,6 +4,7 @@ let lns = Cmdline.lns
test lns get "foo\nbar" = *
test lns get "foo\n" = { "foo" }
+test lns get "foo \n" = { "foo" }
test lns get "foo" = { "foo" }
test lns get "foo bar" = { "foo" } { "bar" }
test lns get "foo bar" = { "foo" } { "bar" }
--
2.45.2

70
augeas.spec
View File

@ -1,42 +1,18 @@
Name: augeas
Version: 1.13.0
Release: 6%{?dist}
Version: 1.14.1
Release: 2%{?dist}
Summary: A library for changing configuration files
License: LGPLv2+
License: LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND Kazlib AND GPL-2.0-or-later AND BSD-2-Clause AND LicenseRef-Fedora-Public-Domain
URL: http://augeas.net/
# The upstream release tarballs on github don't work, see:
# https://github.com/hercules-team/augeas/pull/744
# The website release tarballs were not created for 1.13:
# http://download.augeas.net/
#Source0: https://github.com/hercules-team/augeas/archive/refs/tags/release-%{version}.tar.gz
# So I had to create a tarball myself using make dist.
Source0: %{name}-%{version}.tar.gz
# Add new directives and options for chrony.
# Upstream commit 5f3a566511626c35f69961598f1f332db01ed7a1
Patch1: 0001-Chrony-add-new-directives-and-options-745.patch
# Parse auto_reset_crashkernel in kdump (RHBZ#2042772).
# Upstream commit 288a028da531a5f58d9ee89bc29fd73e7483bf24
Patch2: 0002-Kdump-parse-auto_reset_crashkernel-754.patch
# Fix parsing of /etc/selinux/semanage.conf in RHEL 9 (RHBZ#2077120).
# Upstream commit a3ba6e2d32b95507e2474a219e788ac3d54bc4a1
Patch3: 0003-semanage-Fix-parsing-of-ignoredirs-758.patch
# Fix parsing of /usr/lib/tmpfiles.d/provision.conf
# Upstream commit 41b2a33ff02687fa53d69a012a1d47141b196a86
Patch4: 0004-Tmpfiles-allow-for-letter-types-allow-as-prefix-for-.patch
# Fix parsing of /etc/kernel/cmdline
# Upstream commit 801aa73db3c356378467622a7e02dea21ccf4332
Patch5: 0005-lenses-Allow-whitespace-at-the-end-of-kernel-commnd-.patch
Source0: https://github.com/hercules-team/augeas/releases/download/release-%{version}/%{name}-%{version}.tar.gz
# Fix parsing of /etc/fstab
# Upstream commit 5246ef07381033a9b20426370156dae9f8f97a2c
Patch6: 0006-lenses-fstab.aug-Allow-comma-after-the-last-option-8.patch
Patch: 0001-lenses-fstab.aug-Allow-comma-after-the-last-option-8.patch
Provides: bundled(gnulib)
@ -45,6 +21,10 @@ BuildRequires: gcc
BuildRequires: readline-devel
BuildRequires: libselinux-devel
BuildRequires: libxml2-devel
BuildRequires: bash-completion
%if !0%{?rhel}
BuildRequires: bash-completion-devel
%endif
Requires: %{name}-libs = %{version}-%{release}
@ -88,6 +68,19 @@ The %{name}-static package contains static libraries needed to produce
static builds using %{name}.
%package bash-completion
Summary: Bash tab-completion for %{name}
BuildArch: noarch
Requires: bash-completion >= 2.0
# Don't use _isa here because it's a noarch package. This dependency
# is just to ensure that the subpackage is updated along with augeas.
Requires: %{name} = %{version}-%{release}
%description bash-completion
Install this package if you want intelligent bash tab-completion
for %{name}.
%prep
%autosetup -p1
@ -130,6 +123,7 @@ rm -f $RPM_BUILD_ROOT/usr/bin/dump
%files
%{_bindir}/augmatch
%{_bindir}/augparse
%{_bindir}/augprint
%{_bindir}/augtool
%{_bindir}/fadot
%doc %{_mandir}/man1/*
@ -153,7 +147,25 @@ rm -f $RPM_BUILD_ROOT/usr/bin/dump
%{_libdir}/libaugeas.a
%{_libdir}/libfa.a
%files bash-completion
%if !0%{?rhel}
%dir %{bash_completions_dir}
%{bash_completions_dir}/augmatch
%{bash_completions_dir}/augprint
%{bash_completions_dir}/augtool
%else
%dir %{_datadir}/bash-completion/completions
%{_datadir}/bash-completion/completions/augmatch
%{_datadir}/bash-completion/completions/augprint
%{_datadir}/bash-completion/completions/augtool
%endif
%changelog
* Mon Sep 02 2023 Richard W.M. Jones <rjones@redhat.com> - 1.14.1-1
- Rebase to Fedora Rawhide
- Remove patches which are upstream
- resolves: RHEL-56802
* Fri Jul 19 2024 Cosmin Tupangiu <cosmin@redhat.com> - 1.13.0-5
- Fix parsing /etc/fstab by allowing comma after last option
resolves: RHEL-35873

2
sources
View File

@ -1 +1 @@
SHA512 (augeas-1.13.0.tar.gz) = e66327cfbe335fa83a8442ec1bd72f258e8e4d4a42d234ee5077ac60741e2c26bc67db39a6cc920a19e71c27247395bd145ed5288545170cd463d4cf22b2c184
SHA512 (augeas-1.14.1.tar.gz) = fddb2e243f979e71fc09f9d45d569d6307b35485b2d885bf7bcbc032ba5617fe7ab2071a041422c3efe2dd62eda74aba41016d248c0636e947d4f1c9144375aa