From 4b177d32d9455e85f467f71145366b056e5b5743 Mon Sep 17 00:00:00 2001
From: RH Virt Maint Bot <8309305-rh-virt-maint-bot@users.noreply.gitlab.com>
Date: Thu, 27 Apr 2023 14:14:06 +0000
Subject: [PATCH] * Thu Apr 27 2023 Camilla Conte <cconte@redhat.com> -
 23.1.1-3

- 0008-Don-t-change-permissions-of-netrules-target-2076.patch [bz#2182948]
- Resolves: bz#2182948
---
 0001-Add-initial-redhat-changes.patch         |   4 +-
 ...CONTROLLED-no-in-generated-interface.patch |   4 +-
 ...autoconnect-priority-for-network-scr.patch |   4 +-
 0004-limit-permissions-on-def_log_file.patch  |   4 +-
 ...e-Network-Manager-and-Netplan-as-def.patch |   4 +-
 ...d-native-NetworkManager-support-1224.patch |   4 +-
 ...revious-hostname-file-ends-with-a-ne.patch |   4 +-
 ...-permissions-of-netrules-target-2076.patch | 124 ++++++++++++++++++
 cloud-init.spec                               |   9 +-
 sources                                       |   2 +-
 10 files changed, 146 insertions(+), 17 deletions(-)
 create mode 100644 0008-Don-t-change-permissions-of-netrules-target-2076.patch

diff --git a/0001-Add-initial-redhat-changes.patch b/0001-Add-initial-redhat-changes.patch
index fcbcf09..bb32299 100644
--- a/0001-Add-initial-redhat-changes.patch
+++ b/0001-Add-initial-redhat-changes.patch
@@ -1,7 +1,7 @@
 From c4d66915520554adedff9be7396f877cd1a5525c Mon Sep 17 00:00:00 2001
 From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
 Date: Mon, 6 Mar 2023 16:37:20 +0100
-Subject: [PATCH 1/7] Add initial redhat changes
+Subject: [PATCH 1/8] Add initial redhat changes
 
 Adding minimal set of changes necessary for successful build of the package
 on RHEL/CentOS 9 Stream koji.
@@ -60,5 +60,5 @@ index 8684d003..edbb217d 100644
      },
      "vendor_data": {"enabled": True, "prefix": []},
 -- 
-2.39.2
+2.40.0
 
diff --git a/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch b/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch
index baa9671..fe340f7 100644
--- a/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch
+++ b/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch
@@ -1,7 +1,7 @@
 From b3b96bff187e9d0bfcbfefd5fca05c61bd50d368 Mon Sep 17 00:00:00 2001
 From: Eduardo Otubo <otubo@redhat.com>
 Date: Fri, 7 May 2021 13:36:06 +0200
-Subject: [PATCH 2/7] Do not write NM_CONTROLLED=no in generated interface
+Subject: [PATCH 2/8] Do not write NM_CONTROLLED=no in generated interface
  config files
 
 Conflicts 20.3:
@@ -279,5 +279,5 @@ index 056aaeb6..0f523ff8 100644
  TYPE=Ethernet
  USERCTL=no
 -- 
-2.39.2
+2.40.0
 
diff --git a/0003-Setting-highest-autoconnect-priority-for-network-scr.patch b/0003-Setting-highest-autoconnect-priority-for-network-scr.patch
index 1097771..090704d 100644
--- a/0003-Setting-highest-autoconnect-priority-for-network-scr.patch
+++ b/0003-Setting-highest-autoconnect-priority-for-network-scr.patch
@@ -1,7 +1,7 @@
 From c589da20eb92231ef08e10c9724e3e6c663e6ce2 Mon Sep 17 00:00:00 2001
 From: Eduardo Otubo <otubo@redhat.com>
 Date: Thu, 17 Feb 2022 15:32:35 +0100
-Subject: [PATCH 3/7] Setting highest autoconnect priority for network-scripts
+Subject: [PATCH 3/8] Setting highest autoconnect priority for network-scripts
 
 RH-Author: Eduardo Otubo <otubo@redhat.com>
 RH-MergeRequest: 22: Setting highest autoconnect priority for network-scripts
@@ -41,5 +41,5 @@ index a7dbe55b..4262cd48 100644
          "suse": {"BOOTPROTO": "static", "STARTMODE": "auto"},
      }
 -- 
-2.39.2
+2.40.0
 
diff --git a/0004-limit-permissions-on-def_log_file.patch b/0004-limit-permissions-on-def_log_file.patch
index 3020816..10dd2be 100644
--- a/0004-limit-permissions-on-def_log_file.patch
+++ b/0004-limit-permissions-on-def_log_file.patch
@@ -1,7 +1,7 @@
 From dfff374f66904e84fb07ca157ba010fac6b5f1de Mon Sep 17 00:00:00 2001
 From: Eduardo Otubo <otubo@redhat.com>
 Date: Fri, 7 May 2021 13:36:08 +0200
-Subject: [PATCH 4/7] limit permissions on def_log_file
+Subject: [PATCH 4/8] limit permissions on def_log_file
 
 This sets a default mode of 0600 on def_log_file, and makes this
 configurable via the def_log_file_mode option in cloud.cfg.
@@ -68,5 +68,5 @@ index 15d788f3..b6d16c9c 100644
  
  # you can set passwords for a user or multiple users
 -- 
-2.39.2
+2.40.0
 
diff --git a/0005-Manual-revert-Use-Network-Manager-and-Netplan-as-def.patch b/0005-Manual-revert-Use-Network-Manager-and-Netplan-as-def.patch
index f9c95ff..770b95b 100644
--- a/0005-Manual-revert-Use-Network-Manager-and-Netplan-as-def.patch
+++ b/0005-Manual-revert-Use-Network-Manager-and-Netplan-as-def.patch
@@ -1,7 +1,7 @@
 From ecae81f98ce230266eb99671b74534a4ede660f0 Mon Sep 17 00:00:00 2001
 From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
 Date: Fri, 10 Mar 2023 11:51:48 +0100
-Subject: [PATCH 5/7] Manual revert "Use Network-Manager and Netplan as default
+Subject: [PATCH 5/8] Manual revert "Use Network-Manager and Netplan as default
  renderers for RHEL and Fedora (#1465)"
 
 This reverts changes done in commit 7703aa98b.
@@ -91,5 +91,5 @@ index ea331f1c..bc52afa5 100644
  Network configuration tools
  ===========================
 -- 
-2.39.2
+2.40.0
 
diff --git a/0006-Revert-Add-native-NetworkManager-support-1224.patch b/0006-Revert-Add-native-NetworkManager-support-1224.patch
index ce42877..48f37a3 100644
--- a/0006-Revert-Add-native-NetworkManager-support-1224.patch
+++ b/0006-Revert-Add-native-NetworkManager-support-1224.patch
@@ -1,7 +1,7 @@
 From b1dd14ffafad2d2ca84326c525962b2ca086b292 Mon Sep 17 00:00:00 2001
 From: Ani Sinha <anisinha@redhat.com>
 Date: Wed, 22 Mar 2023 16:31:58 +0530
-Subject: [PATCH 6/7] Revert "Add native NetworkManager support (#1224)"
+Subject: [PATCH 6/8] Revert "Add native NetworkManager support (#1224)"
 
 This reverts commit feda344e6cf9d37b09bc13cf333a717d1654c26c.
 
@@ -1386,5 +1386,5 @@ index afd9056a..b735ea9e 100644
      @patch("cloudinit.subp.subp", return_value=("", ""))
      def test_bring_up_interfaces(
 -- 
-2.39.2
+2.40.0
 
diff --git a/0007-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch b/0007-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch
index 44cd470..a8ccd73 100644
--- a/0007-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch
+++ b/0007-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch
@@ -1,7 +1,7 @@
 From ac0cf308318d423162ce3b7be32dcbf88f20ff50 Mon Sep 17 00:00:00 2001
 From: Ani Sinha <anisinha@redhat.com>
 Date: Tue, 4 Apr 2023 19:59:07 +0530
-Subject: [PATCH 7/7] rhel: make sure previous-hostname file ends with a new
+Subject: [PATCH 7/8] rhel: make sure previous-hostname file ends with a new
  line (#2108)
 
 cloud-init strips new line from "/etc/hostname" on rhel distro when processing
@@ -53,5 +53,5 @@ index d8cca015..457dacf4 100644
  aswinrajamannar
  beantaxi
 -- 
-2.39.2
+2.40.0
 
diff --git a/0008-Don-t-change-permissions-of-netrules-target-2076.patch b/0008-Don-t-change-permissions-of-netrules-target-2076.patch
new file mode 100644
index 0000000..da4b54e
--- /dev/null
+++ b/0008-Don-t-change-permissions-of-netrules-target-2076.patch
@@ -0,0 +1,124 @@
+From 34ef256dc614c7dcf5b04a431d410030e333d82b Mon Sep 17 00:00:00 2001
+From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date: Mon, 17 Apr 2023 10:20:16 +0200
+Subject: [PATCH 8/8] Don't change permissions of netrules target (#2076)
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2182948
+
+commit 56c88cafd1b3606e814069a79f4ec265fc427c87
+Author: James Falcon <james.falcon@canonical.com>
+Date:   Thu Mar 23 10:21:56 2023 -0500
+
+    Don't change permissions of netrules target (#2076)
+
+    Set permissions if file doesn't exist. Leave them if it does.
+
+    LP: #2011783
+
+    Co-authored-by: Chad Smith <chad.smith@canonical.com>
+
+ Conflicts:
+       cloudinit/net/sysconfig.py: enable_ifcfg_rh missing upstream
+
+Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+---
+ cloudinit/net/eni.py                      |  4 +++-
+ cloudinit/net/sysconfig.py                |  7 ++++++-
+ tests/unittests/distros/test_netconfig.py | 20 ++++++++++++++++++--
+ 3 files changed, 27 insertions(+), 4 deletions(-)
+
+diff --git a/cloudinit/net/eni.py b/cloudinit/net/eni.py
+index 53bd35ca..1de3bec2 100644
+--- a/cloudinit/net/eni.py
++++ b/cloudinit/net/eni.py
+@@ -576,7 +576,9 @@ class Renderer(renderer.Renderer):
+             netrules = subp.target_path(target, self.netrules_path)
+             util.ensure_dir(os.path.dirname(netrules))
+             util.write_file(
+-                netrules, self._render_persistent_net(network_state)
++                netrules,
++                content=self._render_persistent_net(network_state),
++                preserve_mode=True,
+             )
+ 
+ 
+diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
+index 765c248a..e08c0c69 100644
+--- a/cloudinit/net/sysconfig.py
++++ b/cloudinit/net/sysconfig.py
+@@ -1034,7 +1034,12 @@ class Renderer(renderer.Renderer):
+         if self.netrules_path:
+             netrules_content = self._render_persistent_net(network_state)
+             netrules_path = subp.target_path(target, self.netrules_path)
+-            util.write_file(netrules_path, netrules_content, file_mode)
++            util.write_file(
++                netrules_path,
++                content=netrules_content,
++                mode=file_mode,
++                preserve_mode=True,
++            )
+         if available_nm(target=target):
+             enable_ifcfg_rh(subp.target_path(target, path=NM_CFG_FILE))
+ 
+diff --git a/tests/unittests/distros/test_netconfig.py b/tests/unittests/distros/test_netconfig.py
+index e9fb0591..b1c89ce3 100644
+--- a/tests/unittests/distros/test_netconfig.py
++++ b/tests/unittests/distros/test_netconfig.py
+@@ -458,8 +458,16 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase):
+     def eni_path(self):
+         return "/etc/network/interfaces.d/50-cloud-init.cfg"
+ 
++    def rules_path(self):
++        return "/etc/udev/rules.d/70-persistent-net.rules"
++
+     def _apply_and_verify_eni(
+-        self, apply_fn, config, expected_cfgs=None, bringup=False
++        self,
++        apply_fn,
++        config,
++        expected_cfgs=None,
++        bringup=False,
++        previous_files=(),
+     ):
+         if not expected_cfgs:
+             raise ValueError("expected_cfg must not be None")
+@@ -467,7 +475,11 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase):
+         tmpd = None
+         with mock.patch("cloudinit.net.eni.available") as m_avail:
+             m_avail.return_value = True
++            path_modes = {}
+             with self.reRooted(tmpd) as tmpd:
++                for previous_path, content, mode in previous_files:
++                    util.write_file(previous_path, content, mode=mode)
++                    path_modes[previous_path] = mode
+                 apply_fn(config, bringup)
+ 
+         results = dir2dict(tmpd)
+@@ -478,7 +490,9 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase):
+             print(results[cfgpath])
+             print("----------")
+             self.assertEqual(expected, results[cfgpath])
+-            self.assertEqual(0o644, get_mode(cfgpath, tmpd))
++            self.assertEqual(
++                path_modes.get(cfgpath, 0o644), get_mode(cfgpath, tmpd)
++            )
+ 
+     def test_apply_network_config_and_bringup_filters_priority_eni_ub(self):
+         """Network activator search priority can be overridden from config."""
+@@ -527,11 +541,13 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase):
+     def test_apply_network_config_eni_ub(self):
+         expected_cfgs = {
+             self.eni_path(): V1_NET_CFG_OUTPUT,
++            self.rules_path(): "",
+         }
+         self._apply_and_verify_eni(
+             self.distro.apply_network_config,
+             V1_NET_CFG,
+             expected_cfgs=expected_cfgs.copy(),
++            previous_files=((self.rules_path(), "something", 0o660),),
+         )
+ 
+     def test_apply_network_config_ipv6_ub(self):
+-- 
+2.40.0
+
diff --git a/cloud-init.spec b/cloud-init.spec
index 79cd67b..3193890 100644
--- a/cloud-init.spec
+++ b/cloud-init.spec
@@ -1,10 +1,10 @@
 Name:           cloud-init
 Version:        23.1.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Cloud instance init scripts
 License:        ASL 2.0 or GPLv3
 URL:            http://launchpad.net/cloud-init
-Source0:        https://launchpad.net/cloud-init/trunk/%{version}/+download/%{name}-%{version}.tar.gz
+Source0:        https://github.com/canonical/cloud-init/archive/refs/tags/%{version}.tar.gz
 Source1:        cloud-init-tmpfiles.conf
 
 # Source-git patches
@@ -15,6 +15,7 @@ Patch4: 0004-limit-permissions-on-def_log_file.patch
 Patch5: 0005-Manual-revert-Use-Network-Manager-and-Netplan-as-def.patch
 Patch6: 0006-Revert-Add-native-NetworkManager-support-1224.patch
 Patch7: 0007-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch
+Patch8: 0008-Don-t-change-permissions-of-netrules-target-2076.patch
 
 BuildArch:      noarch
 
@@ -204,6 +205,10 @@ fi
 %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf
 
 %changelog
+* Thu Apr 27 2023 Camilla Conte <cconte@redhat.com> - 23.1.1-3
+- 0008-Don-t-change-permissions-of-netrules-target-2076.patch [bz#2182948]
+- Resolves: bz#2182948
+
 * Tue Apr 18 2023 Camilla Conte <cconte@redhat.com> - 23.1.1-2
 - 0007-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch [bz#2184608]
 - Resolves: bz#2184608
diff --git a/sources b/sources
index d2fb51f..f28af5b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (cloud-init-23.1.1.tar.gz) = f84cf9085760e59111b52d3f8dc2f899b67fdf6b332a7a6ee1f04be97749be1acead820cd2b787a888839547fdd9c9e0ab04f10e7db25504811f48428bb8bbf6
+SHA512 (23.1.1.tar.gz) = 387d11d09e4c6443125216617893d72c9a060bbd086316a3101076206409f315e50ba580eb445e125179fbcf7bd97c264d3c3b7ebe970d9c536e71f3362e1c66