From 2809434c73fae267b74c6dbeb6e34344e2266638 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 27 Sep 2022 05:00:03 -0400 Subject: [PATCH] import ignition-2.14.0-1.el9 --- .gitignore | 2 +- .ignition.metadata | 2 +- SOURCES/luks-volume-reuse.patch | 56 --------------------- SPECS/ignition.spec | 88 +++++++++++++++++++++++---------- 4 files changed, 64 insertions(+), 84 deletions(-) delete mode 100644 SOURCES/luks-volume-reuse.patch diff --git a/.gitignore b/.gitignore index 73c092c..6f6ba9e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/ignition-2.13.0.tar.gz +SOURCES/ignition-2.14.0.tar.gz diff --git a/.ignition.metadata b/.ignition.metadata index d122ae5..db3772d 100644 --- a/.ignition.metadata +++ b/.ignition.metadata @@ -1 +1 @@ -c3434d20b78cde599c03820a86c1b4107f0e8e5c SOURCES/ignition-2.13.0.tar.gz +0341fb877cadf55f6fe74adf066e7ed72ec57ce0 SOURCES/ignition-2.14.0.tar.gz diff --git a/SOURCES/luks-volume-reuse.patch b/SOURCES/luks-volume-reuse.patch deleted file mode 100644 index b27f481..0000000 --- a/SOURCES/luks-volume-reuse.patch +++ /dev/null @@ -1,56 +0,0 @@ -From aed47c18aee593d155d45c0fe9ba29a9e3123cf6 Mon Sep 17 00:00:00 2001 -From: Benjamin Gilbert -Date: Mon, 17 Jan 2022 21:17:08 -0500 -Subject: [PATCH] disks: fix reuse of statically keyed LUKS volume - -We need to persist a volume's keyfile to the real root even if we take -the early `continue` when reusing the volume. Rather than copying code, -enable persistence up front and then disable it afterward if we decide -not to persist the key. - -Fixes error: - - CRITICAL : Ignition failed: creating crypttab entries: missing persisted keyfile for [...] - -Fixes: https://github.com/coreos/ignition/issues/1305 -Fixes: 65e9c1611128 ("stages/disks: use State to persist keyfiles for files stage") ---- - internal/exec/stages/disks/luks.go | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/internal/exec/stages/disks/luks.go b/internal/exec/stages/disks/luks.go -index 77ecc24e..5fa15e70 100644 ---- a/internal/exec/stages/disks/luks.go -+++ b/internal/exec/stages/disks/luks.go -@@ -156,6 +156,13 @@ func (s *stage) createLuks(config types.Config) error { - } - } - } -+ // store the key to be persisted into the real root -+ // do this here so device reuse works correctly -+ key, err := ioutil.ReadFile(keyFilePath) -+ if err != nil { -+ return fmt.Errorf("failed to read keyfile %q: %w", keyFilePath, err) -+ } -+ s.State.LuksPersistKeyFiles[luks.Name] = dataurl.EncodeBytes(key) - - if !util.IsTrue(luks.WipeVolume) { - // If the volume isn't forcefully being created, then we need -@@ -329,13 +336,7 @@ func (s *stage) createLuks(config types.Config) error { - ); err != nil { - return fmt.Errorf("removing key file from luks device: %v", err) - } -- } else { -- // store the key to be persisted into the real root -- key, err := ioutil.ReadFile(keyFilePath) -- if err != nil { -- return fmt.Errorf("failed to read keyfile %q: %w", keyFilePath, err) -- } -- s.State.LuksPersistKeyFiles[luks.Name] = dataurl.EncodeBytes(key) -+ delete(s.State.LuksPersistKeyFiles, luks.Name) - } - } - --- -2.33.1 - diff --git a/SPECS/ignition.spec b/SPECS/ignition.spec index 2c42301..ac78e86 100644 --- a/SPECS/ignition.spec +++ b/SPECS/ignition.spec @@ -2,7 +2,7 @@ %if 0%{?fedora} %bcond_without check %else -# %gocheck isn't currently provided on CentOS/RHEL +# %%gocheck isn't currently provided on CentOS/RHEL # https://bugzilla.redhat.com/show_bug.cgi?id=1982298 %bcond_with check %endif @@ -10,7 +10,7 @@ # https://github.com/coreos/ignition %global goipath github.com/coreos/ignition %global gomodulesmode GO111MODULE=on -Version: 2.13.0 +Version: 2.14.0 %gometa @@ -26,10 +26,9 @@ Summary: First boot installer and configuration tool License: ASL 2.0 URL: %{gourl} Source0: %{gosource} -# https://github.com/coreos/ignition/pull/1307 -Patch0: luks-volume-reuse.patch BuildRequires: libblkid-devel +BuildRequires: systemd-rpm-macros # Requires for 'disks' stage %if 0%{?fedora} @@ -95,27 +94,28 @@ Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/s3iface)) = 1.30.2 Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/s3manager)) = 1.30.28 Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts)) = 1.30.28 Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts/stsiface)) = 1.30.28 +Provides: bundled(golang(github.com/beevik/etree)) = 1.1.1-0.20200718192613.git4a2f8b9d084c Provides: bundled(golang(github.com/coreos/go-semver/semver)) = 0.3.0 Provides: bundled(golang(github.com/coreos/go-systemd/v22/dbus)) = 22.0.0 Provides: bundled(golang(github.com/coreos/go-systemd/v22/journal)) = 22.0.0 Provides: bundled(golang(github.com/coreos/go-systemd/v22/unit)) = 22.0.0 -Provides: bundled(golang(github.com/coreos/vcontext/json)) = 0.0.0-20210407161507.git4ee6c745c8bd -Provides: bundled(golang(github.com/coreos/vcontext/path)) = 0.0.0-20210407161507.git4ee6c745c8bd -Provides: bundled(golang(github.com/coreos/vcontext/report)) = 0.0.0-20210407161507.git4ee6c745c8bd -Provides: bundled(golang(github.com/coreos/vcontext/tree)) = 0.0.0-20210407161507.git4ee6c745c8bd -Provides: bundled(golang(github.com/coreos/vcontext/validate)) = 0.0.0-20210407161507.git4ee6c745c8bd +Provides: bundled(golang(github.com/coreos/vcontext/json)) = 0.0.0-20211021162308.gitf1dbbca7bef4 +Provides: bundled(golang(github.com/coreos/vcontext/path)) = 0.0.0-20211021162308.gitf1dbbca7bef4 +Provides: bundled(golang(github.com/coreos/vcontext/report)) = 0.0.0-20211021162308.gitf1dbbca7bef4 +Provides: bundled(golang(github.com/coreos/vcontext/tree)) = 0.0.0-20211021162308.gitf1dbbca7bef4 +Provides: bundled(golang(github.com/coreos/vcontext/validate)) = 0.0.0-20211021162308.gitf1dbbca7bef4 Provides: bundled(golang(github.com/google/renameio)) = 0.1.0 Provides: bundled(golang(github.com/google/uuid)) = 1.1.1 Provides: bundled(golang(github.com/pin/tftp)) = 2.1.0 Provides: bundled(golang(github.com/pin/tftp/netascii)) = 2.1.0 -Provides: bundled(golang(github.com/stretchr/testify/assert)) = 1.5.1 -Provides: bundled(golang(github.com/vincent-petithory/dataurl)) = 0.0.0-20160330182126.git9a301d65acbb -Provides: bundled(golang(github.com/vmware/vmw-guestinfo/bdoor)) = 0.0.0-20170707015358.git25eff159a728 -Provides: bundled(golang(github.com/vmware/vmw-guestinfo/message)) = 0.0.0-20170707015358.git25eff159a728 -Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcout)) = 0.0.0-20170707015358.git25eff159a728 -Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcvmx)) = 0.0.0-20170707015358.git25eff159a728 -Provides: bundled(golang(github.com/vmware/vmw-guestinfo/vmcheck)) = 0.0.0-20170707015358.git25eff159a728 -Provides: bundled(golang(github.com/vmware/vmw-ovflib)) = 0.0.0-20170608004843.git1f217b9dc714 +Provides: bundled(golang(github.com/spf13/pflag)) = 1.0.6-0.20210604193023.gitd5e0c0615ace +Provides: bundled(golang(github.com/stretchr/testify/assert)) = 1.7.0 +Provides: bundled(golang(github.com/vincent-petithory/dataurl)) = 1.0.0 +Provides: bundled(golang(github.com/vmware/vmw-guestinfo/bdoor)) = 0.0.0-20220317130741.git510905f0efa3 +Provides: bundled(golang(github.com/vmware/vmw-guestinfo/message)) = 0.0.0-20220317130741.git510905f0efa3 +Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcout)) = 0.0.0-20220317130741.git510905f0efa3 +Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcvmx)) = 0.0.0-20220317130741.git510905f0efa3 +Provides: bundled(golang(github.com/vmware/vmw-guestinfo/vmcheck)) = 0.0.0-20220317130741.git510905f0efa3 Provides: bundled(golang(golang.org/x/net/context)) = 0.0.0-20200602114024.git627f9648deb9 Provides: bundled(golang(golang.org/x/net/context/ctxhttp)) = 0.0.0-20200602114024.git627f9648deb9 Provides: bundled(golang(golang.org/x/net/http2)) = 0.0.0-20200602114024.git627f9648deb9 @@ -217,22 +217,26 @@ the configuration. This package contains a tool for validating Ignition configurations. -############## validate-nonlinux subpackage ############## +############## validate-redistributable subpackage ############## %if 0%{?fedora} -%package validate-nonlinux +%package validate-redistributable -Summary: Validation tool for Ignition configs for macOS and Windows +Summary: Statically linked validation tool for Ignition configs License: ASL 2.0 BuildArch: noarch Conflicts: ignition < 0.31.0-3 -%description validate-nonlinux -This package contains macOS and Windows ignition-validate binaries built -through cross-compilation. Do not install it. It is only used for -building binaries to sign by Fedora release engineering and include on the -Ignition project's Github releases page. +# In case someone has this subpackage installed, obsolete the old name +# Drop in Fedora 38 +Obsoletes: ignition-validate-nonlinux < 2.13.0-4 + +%description validate-redistributable +This package contains statically linked Linux, macOS, and Windows +ignition-validate binaries built through cross-compilation. Do not install it. +It is only used for building release binaries to be signed by Fedora release +engineering and uploaded to the Ignition GitHub releases page. %endif %prep @@ -260,6 +264,12 @@ echo "Building ignition-validate..." %global gocrossbuild go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %if 0%{?fedora} +echo "Building statically-linked Linux ignition-validate..." +CGO_ENABLED=0 GOARCH=arm64 GOOS=linux %gocrossbuild -o ./ignition-validate-aarch64-unknown-linux-gnu-static validate/main.go +CGO_ENABLED=0 GOARCH=ppc64le GOOS=linux %gocrossbuild -o ./ignition-validate-ppc64le-unknown-linux-gnu-static validate/main.go +CGO_ENABLED=0 GOARCH=s390x GOOS=linux %gocrossbuild -o ./ignition-validate-s390x-unknown-linux-gnu-static validate/main.go +CGO_ENABLED=0 GOARCH=amd64 GOOS=linux %gocrossbuild -o ./ignition-validate-x86_64-unknown-linux-gnu-static validate/main.go + echo "Building macOS ignition-validate..." GOARCH=amd64 GOOS=darwin %gocrossbuild -o ./ignition-validate-x86_64-apple-darwin validate/main.go @@ -271,6 +281,10 @@ GOARCH=amd64 GOOS=windows %gocrossbuild -o ./ignition-validate-x86_64-pc-windows # dracut modules install -d -p %{buildroot}/%{dracutlibdir}/modules.d cp -r dracut/* %{buildroot}/%{dracutlibdir}/modules.d/ +install -m 0644 -D -t %{buildroot}/%{_unitdir} systemd/ignition-delete-config.service +install -m 0755 -d %{buildroot}/%{_libexecdir} +ln -sf ../lib/dracut/modules.d/30ignition/ignition %{buildroot}/%{_libexecdir}/ignition-apply +ln -sf ../lib/dracut/modules.d/30ignition/ignition %{buildroot}/%{_libexecdir}/ignition-rmcfg # ignition install -d -p %{buildroot}%{_bindir} @@ -278,8 +292,12 @@ install -p -m 0755 ./ignition-validate %{buildroot}%{_bindir} %if 0%{?fedora} install -d -p %{buildroot}%{_datadir}/ignition +install -p -m 0644 ./ignition-validate-aarch64-unknown-linux-gnu-static %{buildroot}%{_datadir}/ignition +install -p -m 0644 ./ignition-validate-ppc64le-unknown-linux-gnu-static %{buildroot}%{_datadir}/ignition +install -p -m 0644 ./ignition-validate-s390x-unknown-linux-gnu-static %{buildroot}%{_datadir}/ignition install -p -m 0644 ./ignition-validate-x86_64-apple-darwin %{buildroot}%{_datadir}/ignition install -p -m 0644 ./ignition-validate-x86_64-pc-windows-gnu.exe %{buildroot}%{_datadir}/ignition +install -p -m 0644 ./ignition-validate-x86_64-unknown-linux-gnu-static %{buildroot}%{_datadir}/ignition %endif # The ignition binary is only for dracut, and is dangerous to run from @@ -296,6 +314,9 @@ install -p -m 0755 ./ignition %{buildroot}/%{dracutlibdir}/modules.d/30ignition %license %{golicenses} %doc %{godocs} %{dracutlibdir}/modules.d/* +%{_unitdir}/*.service +%{_libexecdir}/ignition-apply +%{_libexecdir}/ignition-rmcfg %files validate %doc README.md @@ -303,14 +324,29 @@ install -p -m 0755 ./ignition %{buildroot}/%{dracutlibdir}/modules.d/30ignition %{_bindir}/ignition-validate %if 0%{?fedora} -%files validate-nonlinux +%files validate-redistributable %license %{golicenses} %dir %{_datadir}/ignition +%{_datadir}/ignition/ignition-validate-aarch64-unknown-linux-gnu-static +%{_datadir}/ignition/ignition-validate-ppc64le-unknown-linux-gnu-static +%{_datadir}/ignition/ignition-validate-s390x-unknown-linux-gnu-static %{_datadir}/ignition/ignition-validate-x86_64-apple-darwin %{_datadir}/ignition/ignition-validate-x86_64-pc-windows-gnu.exe +%{_datadir}/ignition/ignition-validate-x86_64-unknown-linux-gnu-static %endif %changelog +* Thu May 26 2022 Benjamin Gilbert - 2.14.0-1 +- New release +- Add ignition-apply symlink +- Add ignition-rmcfg symlink and ignition-delete-config.service + +* Mon Mar 21 2022 Sohan Kunkerkar - 2.13.0-2 +- Rename -validate-nonlinux subpackage to -validate-redistributable +- Add static Linux binaries to -redistributable +- Fix macro invocation in comment +- Avoid kernel lockdown on VMware when running with secure boot + * Thu Jan 20 2022 Benjamin Gilbert - 2.13.0-1 - New release - Fix LUKS volume reuse