diff --git a/2073.patch b/2073.patch new file mode 100644 index 0000000..b0a602f --- /dev/null +++ b/2073.patch @@ -0,0 +1,162 @@ +From 9ab893043254e7c8fdc219579fbc958366d32ca8 Mon Sep 17 00:00:00 2001 +From: Shreenidhi Shedi +Date: Tue, 14 Mar 2023 15:51:15 +0530 +Subject: [PATCH 1/5] cc_ca_certs.py: store distro_cfg['ca_cert_config'] in a + variable + +Signed-off-by: Shreenidhi Shedi +--- + cloudinit/config/cc_ca_certs.py | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py +index b1c4a2bf01..77375285b2 100644 +--- a/cloudinit/config/cc_ca_certs.py ++++ b/cloudinit/config/cc_ca_certs.py +@@ -177,14 +177,20 @@ def disable_system_ca_certs(distro_cfg): + + @param distro_cfg: A hash providing _distro_ca_certs_configs function. + """ +- if distro_cfg["ca_cert_config"] is None: ++ ++ ca_cert_cfg_fn = distro_cfg["ca_cert_config"] ++ ++ if ca_cert_cfg_fn is None: + return ++ + header_comment = ( + "# Modified by cloud-init to deselect certs due to user-data" + ) ++ + added_header = False +- if os.stat(distro_cfg["ca_cert_config"]).st_size != 0: +- orig = util.load_file(distro_cfg["ca_cert_config"]) ++ ++ if os.stat(ca_cert_cfg_fn).st_size != 0: ++ orig = util.load_file(ca_cert_cfg_fn) + out_lines = [] + for line in orig.splitlines(): + if line == header_comment: +@@ -198,7 +204,7 @@ def disable_system_ca_certs(distro_cfg): + added_header = True + out_lines.append("!" + line) + util.write_file( +- distro_cfg["ca_cert_config"], "\n".join(out_lines) + "\n", omode="wb" ++ ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb" + ) + + + +From 4f999f14b112b2b57a4596acf4de080967bca73b Mon Sep 17 00:00:00 2001 +From: Shreenidhi Shedi +Date: Tue, 14 Mar 2023 15:52:40 +0530 +Subject: [PATCH 2/5] cc_ca_certs.py: check for cert file existence before stat + +Signed-off-by: Shreenidhi Shedi +--- + cloudinit/config/cc_ca_certs.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py +index 77375285b2..bff27f4b45 100644 +--- a/cloudinit/config/cc_ca_certs.py ++++ b/cloudinit/config/cc_ca_certs.py +@@ -180,7 +180,7 @@ def disable_system_ca_certs(distro_cfg): + + ca_cert_cfg_fn = distro_cfg["ca_cert_config"] + +- if ca_cert_cfg_fn is None: ++ if not ca_cert_cfg_fn or not os.path.exists(ca_cert_cfg_fn): + return + + header_comment = ( + +From ea4b0042ea9bde41473e664b351d530e467c0a71 Mon Sep 17 00:00:00 2001 +From: Shreenidhi Shedi +Date: Tue, 14 Mar 2023 15:55:50 +0530 +Subject: [PATCH 3/5] cc_ca_certs.py: remove redundant check for zero + +Signed-off-by: Shreenidhi Shedi +--- + cloudinit/config/cc_ca_certs.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py +index bff27f4b45..2c0b1f335c 100644 +--- a/cloudinit/config/cc_ca_certs.py ++++ b/cloudinit/config/cc_ca_certs.py +@@ -189,7 +189,7 @@ def disable_system_ca_certs(distro_cfg): + + added_header = False + +- if os.stat(ca_cert_cfg_fn).st_size != 0: ++ if os.stat(ca_cert_cfg_fn).st_size: + orig = util.load_file(ca_cert_cfg_fn) + out_lines = [] + for line in orig.splitlines(): + +From 562222dc8c40b9d0a5d1e2c33dc5619f0f2e8c22 Mon Sep 17 00:00:00 2001 +From: Shreenidhi Shedi +Date: Tue, 14 Mar 2023 15:56:38 +0530 +Subject: [PATCH 4/5] cc_ca_certs.py: move util.write_file with if block + +if cert file size if zero, out_lines won't get initialized + +Signed-off-by: Shreenidhi Shedi +--- + cloudinit/config/cc_ca_certs.py | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py +index 2c0b1f335c..54153638e3 100644 +--- a/cloudinit/config/cc_ca_certs.py ++++ b/cloudinit/config/cc_ca_certs.py +@@ -203,9 +203,10 @@ def disable_system_ca_certs(distro_cfg): + out_lines.append(header_comment) + added_header = True + out_lines.append("!" + line) +- util.write_file( +- ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb" +- ) ++ ++ util.write_file( ++ ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb" ++ ) + + + def remove_default_ca_certs(distro_cfg): + +From d31144ededa0dd829405f0a21e372d254b082050 Mon Sep 17 00:00:00 2001 +From: Shreenidhi Shedi +Date: Tue, 14 Mar 2023 17:52:30 +0530 +Subject: [PATCH 5/5] test_cc_ca_certs.py: add tests for non existent ca-cert + config + +Signed-off-by: Shreenidhi Shedi +--- + tests/unittests/config/test_cc_ca_certs.py | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/tests/unittests/config/test_cc_ca_certs.py b/tests/unittests/config/test_cc_ca_certs.py +index adc3609a8e..07a2939523 100644 +--- a/tests/unittests/config/test_cc_ca_certs.py ++++ b/tests/unittests/config/test_cc_ca_certs.py +@@ -367,6 +367,18 @@ def test_commands(self): + else: + assert mock_subp.call_count == 0 + ++ def test_non_existent_cert_cfg(self): ++ self.m_stat.return_value.st_size = 0 ++ ++ for distro_name in cc_ca_certs.distros: ++ conf = cc_ca_certs._distro_ca_certs_configs(distro_name) ++ with ExitStack() as mocks: ++ mocks.enter_context( ++ mock.patch.object(util, "delete_dir_contents") ++ ) ++ mocks.enter_context(mock.patch.object(subp, "subp")) ++ cc_ca_certs.disable_default_ca_certs(distro_name, conf) ++ + + class TestCACertsSchema: + """Directly test schema rather than through handle.""" diff --git a/Fedora-Enable-CA-handling.patch b/Fedora-Enable-CA-handling.patch new file mode 100644 index 0000000..4d19bc6 --- /dev/null +++ b/Fedora-Enable-CA-handling.patch @@ -0,0 +1,63 @@ +From 7ea5446f0e46d0e7a8a6226cf1f5949b44f83d72 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= +Date: Wed, 22 Mar 2023 11:51:52 +0100 +Subject: [PATCH] Fedora: Enable CA handling + +Fedora wasn't previously supported for CA handling. Enabling this +allows the testsuite to pass when ran on a Fedora system. The conf +override is the same as for rhel. +--- + cloudinit/config/cc_ca_certs.py | 9 ++++++++- + tests/unittests/config/test_cc_ca_certs.py | 2 ++ + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py +index 169b0e18..599145c8 100644 +--- a/cloudinit/config/cc_ca_certs.py ++++ b/cloudinit/config/cc_ca_certs.py +@@ -25,6 +25,13 @@ DEFAULT_CONFIG = { + "ca_cert_update_cmd": ["update-ca-certificates"], + } + DISTRO_OVERRIDES = { ++ "fedora": { ++ "ca_cert_path": "/etc/pki/ca-trust/", ++ "ca_cert_local_path": "/usr/share/pki/ca-trust-source/", ++ "ca_cert_filename": "anchors/cloud-init-ca-cert-{cert_index}.crt", ++ "ca_cert_config": None, ++ "ca_cert_update_cmd": ["update-ca-trust"], ++ }, + "rhel": { + "ca_cert_path": "/etc/pki/ca-trust/", + "ca_cert_local_path": "/usr/share/pki/ca-trust-source/", +@@ -48,7 +55,7 @@ configuration option ``remove_defaults``. + Alpine Linux requires the ca-certificates package to be installed in + order to provide the ``update-ca-certificates`` command. + """ +-distros = ["alpine", "debian", "rhel", "ubuntu"] ++distros = ["alpine", "debian", "fedora", "rhel", "ubuntu"] + + meta: MetaSchema = { + "id": "cc_ca_certs", +diff --git a/tests/unittests/config/test_cc_ca_certs.py b/tests/unittests/config/test_cc_ca_certs.py +index 19e5d422..6db17485 100644 +--- a/tests/unittests/config/test_cc_ca_certs.py ++++ b/tests/unittests/config/test_cc_ca_certs.py +@@ -311,6 +311,7 @@ class TestRemoveDefaultCaCerts(TestCase): + "cloud_dir": tmpdir, + } + ) ++ self.add_patch("cloudinit.config.cc_ca_certs.os.stat", "m_stat") + + def test_commands(self): + ca_certs_content = "# line1\nline2\nline3\n" +@@ -318,6 +319,7 @@ class TestRemoveDefaultCaCerts(TestCase): + "# line1\n# Modified by cloud-init to deselect certs due to" + " user-data\n!line2\n!line3\n" + ) ++ self.m_stat.return_value.st_size = 1 + + for distro_name in cc_ca_certs.distros: + conf = cc_ca_certs._distro_ca_certs_configs(distro_name) +-- +2.39.2 + diff --git a/cloud-init-22.3-nm-default.patch b/cloud-init-22.3-nm-default.patch deleted file mode 100644 index fdca268..0000000 --- a/cloud-init-22.3-nm-default.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 7703aa98b89c8daba207c28a0422268ead10019a Mon Sep 17 00:00:00 2001 -From: Emanuele Giuseppe Esposito -Date: Thu, 19 May 2022 15:05:01 +0200 -Subject: [PATCH] Use Network-Manager and Netplan as default renderers for RHEL - and Fedora (#1465) - -This is adapted from Neal Gompa's PR: -https://github.com/canonical/cloud-init/pull/1435 - -The only difference is that we are not modifying renderers.py (thus -modifying the priority of all distros), but just tweaking cloud.cfg to -apply this change to Fedora and RHEL. Other distros can optionally -add themselves afterwards. - - net: Prefer Netplan and NetworkManager renderers by default - - NetworkManager is used by default on a variety of Linux distributions, - and exists as a cross-distribution network management service. - - Additionally, add information about the NetworkManager renderer to - the cloud-init documentation. - - Because Netplan can be explicitly used to manage NetworkManager, - it needs to be preferred before NetworkManager. - - This change is a follow-up to #1224, which added the native - NetworkManager renderer. - This patch has been deployed on Fedora's cloud-init package throughout - the development of Fedora Linux 36 to verify that it works. - - This should also make it tremendously easier for Linux distributions - to use cloud-init because now a standard configuration is supported - by default. - - Signed-off-by: Neal Gompa - -Signed-off-by: Emanuele Giuseppe Esposito ---- - config/cloud.cfg.tmpl | 3 +++ - doc/rtd/topics/network-config.rst | 12 +++++++++++- - 2 files changed, 14 insertions(+), 1 deletion(-) - -diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl -index 6951a0e3..707a050c 100644 ---- a/config/cloud.cfg.tmpl -+++ b/config/cloud.cfg.tmpl -@@ -349,4 +349,7 @@ system_info: - {% elif variant in ["dragonfly"] %} - network: - renderers: ['freebsd'] -+{% elif variant in ["rhel", "fedora"] %} -+ network: -+ renderers: ['netplan', 'network-manager', 'networkd', 'sysconfig', 'eni'] - {% endif %} -diff --git a/doc/rtd/topics/network-config.rst b/doc/rtd/topics/network-config.rst -index c461a3fe..f503caab 100644 ---- a/doc/rtd/topics/network-config.rst -+++ b/doc/rtd/topics/network-config.rst -@@ -188,6 +188,15 @@ generated configuration into an internal network configuration state. From - this state `Cloud-init`_ delegates rendering of the configuration to Distro - supported formats. The following ``renderers`` are supported in cloud-init: - -+- **NetworkManager** -+ -+`NetworkManager `_ is the standard Linux network -+configuration tool suite. It supports a wide range of networking setups. -+Configuration is typically stored in ``/etc/NetworkManager``. -+ -+It is the default for a number of Linux distributions, notably Fedora; -+CentOS/RHEL; and derivatives. -+ - - **ENI** - - /etc/network/interfaces or ``ENI`` is supported by the ``ifupdown`` package -@@ -215,6 +224,7 @@ is as follows: - - ENI - - Sysconfig - - Netplan -+- NetworkManager - - When applying the policy, `Cloud-init`_ checks if the current instance has the - correct binaries and paths to support the renderer. The first renderer that -@@ -223,7 +233,7 @@ supplying an updated configuration in cloud-config. :: - - system_info: - network: -- renderers: ['netplan', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd'] -+ renderers: ['netplan', 'network-manager', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd'] - - - Network Configuration Tools --- -2.36.1 - diff --git a/cloud-init.spec b/cloud-init.spec index f9596e0..8f56074 100644 --- a/cloud-init.spec +++ b/cloud-init.spec @@ -1,6 +1,6 @@ Name: cloud-init -Version: 22.2 -Release: 5%{?dist} +Version: 23.1.1 +Release: 1%{?dist} Summary: Cloud instance init scripts License: ASL 2.0 or GPLv3 URL: http://launchpad.net/cloud-init @@ -8,10 +8,11 @@ URL: http://launchpad.net/cloud-init Source0: https://launchpad.net/cloud-init/trunk/%{version}/+download/%{name}-%{version}.tar.gz Source1: cloud-init-tmpfiles.conf -# Default to NetworkManager for configuration renderer -# https://bugzilla.redhat.com/show_bug.cgi?id=2014701 -# From: https://github.com/canonical/cloud-init/commit/7703aa98b89c8daba207c28a0422268ead10019a -Patch1: cloud-init-22.3-nm-default.patch +# https://github.com/canonical/cloud-init/pull/2073 +Patch1: 2073.patch +# Cherry pick of https://github.com/canonical/cloud-init/pull/2086 +# and part of https://github.com/canonical/cloud-init/pull/2036 +Patch2: Fedora-Enable-CA-handling.patch BuildArch: noarch @@ -148,6 +149,7 @@ python3 -m pytest tests/unittests %license LICENSE LICENSE-Apache2.0 LICENSE-GPLv3 %doc ChangeLog %doc doc/* +%doc %{_sysconfdir}/cloud/clean.d/README %{_mandir}/man1/* %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg %dir %{_sysconfdir}/cloud/cloud.cfg.d @@ -159,7 +161,7 @@ python3 -m pytest tests/unittests %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf %{_sysconfdir}/NetworkManager/dispatcher.d/hook-network-manager %{_sysconfdir}/dhcp/dhclient-exit-hooks.d/hook-dhclient -/lib/udev/rules.d/66-azure-ephemeral.rules +%{_udevrulesdir}/66-azure-ephemeral.rules %{_unitdir}/cloud-config.service %{_unitdir}/cloud-final.service %{_unitdir}/cloud-init.service @@ -181,6 +183,9 @@ python3 -m pytest tests/unittests %changelog +* Wed Mar 22 2023 Frantisek Zatloukal - 23.1.1-1 +- Rebase to 23.1.1 + * Thu Jan 19 2023 Fedora Release Engineering - 22.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild diff --git a/sources b/sources index 14834d3..d2fb51f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cloud-init-22.2.tar.gz) = 07fec2f1d6eab20a1161672bb339a0c6b2826540bcb03936f95458b179fcb1b3142773c9a4038fe02b30bb05a5ca48a4153b6b0f59015b43bd6c6602832f9d6f +SHA512 (cloud-init-23.1.1.tar.gz) = f84cf9085760e59111b52d3f8dc2f899b67fdf6b332a7a6ee1f04be97749be1acead820cd2b787a888839547fdd9c9e0ab04f10e7db25504811f48428bb8bbf6