import ignition-2.14.0-1.el9
This commit is contained in:
parent
45d5dc173a
commit
d4a184c022
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/ignition-2.13.0.tar.gz
|
SOURCES/ignition-2.14.0.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
c3434d20b78cde599c03820a86c1b4107f0e8e5c SOURCES/ignition-2.13.0.tar.gz
|
0341fb877cadf55f6fe74adf066e7ed72ec57ce0 SOURCES/ignition-2.14.0.tar.gz
|
||||||
|
@ -1,56 +0,0 @@
|
|||||||
From aed47c18aee593d155d45c0fe9ba29a9e3123cf6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Benjamin Gilbert <bgilbert@redhat.com>
|
|
||||||
Date: Mon, 17 Jan 2022 21:17:08 -0500
|
|
||||||
Subject: [PATCH] disks: fix reuse of statically keyed LUKS volume
|
|
||||||
|
|
||||||
We need to persist a volume's keyfile to the real root even if we take
|
|
||||||
the early `continue` when reusing the volume. Rather than copying code,
|
|
||||||
enable persistence up front and then disable it afterward if we decide
|
|
||||||
not to persist the key.
|
|
||||||
|
|
||||||
Fixes error:
|
|
||||||
|
|
||||||
CRITICAL : Ignition failed: creating crypttab entries: missing persisted keyfile for [...]
|
|
||||||
|
|
||||||
Fixes: https://github.com/coreos/ignition/issues/1305
|
|
||||||
Fixes: 65e9c1611128 ("stages/disks: use State to persist keyfiles for files stage")
|
|
||||||
---
|
|
||||||
internal/exec/stages/disks/luks.go | 15 ++++++++-------
|
|
||||||
1 file changed, 8 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/internal/exec/stages/disks/luks.go b/internal/exec/stages/disks/luks.go
|
|
||||||
index 77ecc24e..5fa15e70 100644
|
|
||||||
--- a/internal/exec/stages/disks/luks.go
|
|
||||||
+++ b/internal/exec/stages/disks/luks.go
|
|
||||||
@@ -156,6 +156,13 @@ func (s *stage) createLuks(config types.Config) error {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ // store the key to be persisted into the real root
|
|
||||||
+ // do this here so device reuse works correctly
|
|
||||||
+ key, err := ioutil.ReadFile(keyFilePath)
|
|
||||||
+ if err != nil {
|
|
||||||
+ return fmt.Errorf("failed to read keyfile %q: %w", keyFilePath, err)
|
|
||||||
+ }
|
|
||||||
+ s.State.LuksPersistKeyFiles[luks.Name] = dataurl.EncodeBytes(key)
|
|
||||||
|
|
||||||
if !util.IsTrue(luks.WipeVolume) {
|
|
||||||
// If the volume isn't forcefully being created, then we need
|
|
||||||
@@ -329,13 +336,7 @@ func (s *stage) createLuks(config types.Config) error {
|
|
||||||
); err != nil {
|
|
||||||
return fmt.Errorf("removing key file from luks device: %v", err)
|
|
||||||
}
|
|
||||||
- } else {
|
|
||||||
- // store the key to be persisted into the real root
|
|
||||||
- key, err := ioutil.ReadFile(keyFilePath)
|
|
||||||
- if err != nil {
|
|
||||||
- return fmt.Errorf("failed to read keyfile %q: %w", keyFilePath, err)
|
|
||||||
- }
|
|
||||||
- s.State.LuksPersistKeyFiles[luks.Name] = dataurl.EncodeBytes(key)
|
|
||||||
+ delete(s.State.LuksPersistKeyFiles, luks.Name)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.33.1
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
|||||||
%if 0%{?fedora}
|
%if 0%{?fedora}
|
||||||
%bcond_without check
|
%bcond_without check
|
||||||
%else
|
%else
|
||||||
# %gocheck isn't currently provided on CentOS/RHEL
|
# %%gocheck isn't currently provided on CentOS/RHEL
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1982298
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1982298
|
||||||
%bcond_with check
|
%bcond_with check
|
||||||
%endif
|
%endif
|
||||||
@ -10,7 +10,7 @@
|
|||||||
# https://github.com/coreos/ignition
|
# https://github.com/coreos/ignition
|
||||||
%global goipath github.com/coreos/ignition
|
%global goipath github.com/coreos/ignition
|
||||||
%global gomodulesmode GO111MODULE=on
|
%global gomodulesmode GO111MODULE=on
|
||||||
Version: 2.13.0
|
Version: 2.14.0
|
||||||
|
|
||||||
%gometa
|
%gometa
|
||||||
|
|
||||||
@ -26,10 +26,9 @@ Summary: First boot installer and configuration tool
|
|||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: %{gourl}
|
URL: %{gourl}
|
||||||
Source0: %{gosource}
|
Source0: %{gosource}
|
||||||
# https://github.com/coreos/ignition/pull/1307
|
|
||||||
Patch0: luks-volume-reuse.patch
|
|
||||||
|
|
||||||
BuildRequires: libblkid-devel
|
BuildRequires: libblkid-devel
|
||||||
|
BuildRequires: systemd-rpm-macros
|
||||||
|
|
||||||
# Requires for 'disks' stage
|
# Requires for 'disks' stage
|
||||||
%if 0%{?fedora}
|
%if 0%{?fedora}
|
||||||
@ -95,27 +94,28 @@ Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/s3iface)) = 1.30.2
|
|||||||
Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/s3manager)) = 1.30.28
|
Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/s3manager)) = 1.30.28
|
||||||
Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts)) = 1.30.28
|
Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts)) = 1.30.28
|
||||||
Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts/stsiface)) = 1.30.28
|
Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts/stsiface)) = 1.30.28
|
||||||
|
Provides: bundled(golang(github.com/beevik/etree)) = 1.1.1-0.20200718192613.git4a2f8b9d084c
|
||||||
Provides: bundled(golang(github.com/coreos/go-semver/semver)) = 0.3.0
|
Provides: bundled(golang(github.com/coreos/go-semver/semver)) = 0.3.0
|
||||||
Provides: bundled(golang(github.com/coreos/go-systemd/v22/dbus)) = 22.0.0
|
Provides: bundled(golang(github.com/coreos/go-systemd/v22/dbus)) = 22.0.0
|
||||||
Provides: bundled(golang(github.com/coreos/go-systemd/v22/journal)) = 22.0.0
|
Provides: bundled(golang(github.com/coreos/go-systemd/v22/journal)) = 22.0.0
|
||||||
Provides: bundled(golang(github.com/coreos/go-systemd/v22/unit)) = 22.0.0
|
Provides: bundled(golang(github.com/coreos/go-systemd/v22/unit)) = 22.0.0
|
||||||
Provides: bundled(golang(github.com/coreos/vcontext/json)) = 0.0.0-20210407161507.git4ee6c745c8bd
|
Provides: bundled(golang(github.com/coreos/vcontext/json)) = 0.0.0-20211021162308.gitf1dbbca7bef4
|
||||||
Provides: bundled(golang(github.com/coreos/vcontext/path)) = 0.0.0-20210407161507.git4ee6c745c8bd
|
Provides: bundled(golang(github.com/coreos/vcontext/path)) = 0.0.0-20211021162308.gitf1dbbca7bef4
|
||||||
Provides: bundled(golang(github.com/coreos/vcontext/report)) = 0.0.0-20210407161507.git4ee6c745c8bd
|
Provides: bundled(golang(github.com/coreos/vcontext/report)) = 0.0.0-20211021162308.gitf1dbbca7bef4
|
||||||
Provides: bundled(golang(github.com/coreos/vcontext/tree)) = 0.0.0-20210407161507.git4ee6c745c8bd
|
Provides: bundled(golang(github.com/coreos/vcontext/tree)) = 0.0.0-20211021162308.gitf1dbbca7bef4
|
||||||
Provides: bundled(golang(github.com/coreos/vcontext/validate)) = 0.0.0-20210407161507.git4ee6c745c8bd
|
Provides: bundled(golang(github.com/coreos/vcontext/validate)) = 0.0.0-20211021162308.gitf1dbbca7bef4
|
||||||
Provides: bundled(golang(github.com/google/renameio)) = 0.1.0
|
Provides: bundled(golang(github.com/google/renameio)) = 0.1.0
|
||||||
Provides: bundled(golang(github.com/google/uuid)) = 1.1.1
|
Provides: bundled(golang(github.com/google/uuid)) = 1.1.1
|
||||||
Provides: bundled(golang(github.com/pin/tftp)) = 2.1.0
|
Provides: bundled(golang(github.com/pin/tftp)) = 2.1.0
|
||||||
Provides: bundled(golang(github.com/pin/tftp/netascii)) = 2.1.0
|
Provides: bundled(golang(github.com/pin/tftp/netascii)) = 2.1.0
|
||||||
Provides: bundled(golang(github.com/stretchr/testify/assert)) = 1.5.1
|
Provides: bundled(golang(github.com/spf13/pflag)) = 1.0.6-0.20210604193023.gitd5e0c0615ace
|
||||||
Provides: bundled(golang(github.com/vincent-petithory/dataurl)) = 0.0.0-20160330182126.git9a301d65acbb
|
Provides: bundled(golang(github.com/stretchr/testify/assert)) = 1.7.0
|
||||||
Provides: bundled(golang(github.com/vmware/vmw-guestinfo/bdoor)) = 0.0.0-20170707015358.git25eff159a728
|
Provides: bundled(golang(github.com/vincent-petithory/dataurl)) = 1.0.0
|
||||||
Provides: bundled(golang(github.com/vmware/vmw-guestinfo/message)) = 0.0.0-20170707015358.git25eff159a728
|
Provides: bundled(golang(github.com/vmware/vmw-guestinfo/bdoor)) = 0.0.0-20220317130741.git510905f0efa3
|
||||||
Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcout)) = 0.0.0-20170707015358.git25eff159a728
|
Provides: bundled(golang(github.com/vmware/vmw-guestinfo/message)) = 0.0.0-20220317130741.git510905f0efa3
|
||||||
Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcvmx)) = 0.0.0-20170707015358.git25eff159a728
|
Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcout)) = 0.0.0-20220317130741.git510905f0efa3
|
||||||
Provides: bundled(golang(github.com/vmware/vmw-guestinfo/vmcheck)) = 0.0.0-20170707015358.git25eff159a728
|
Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcvmx)) = 0.0.0-20220317130741.git510905f0efa3
|
||||||
Provides: bundled(golang(github.com/vmware/vmw-ovflib)) = 0.0.0-20170608004843.git1f217b9dc714
|
Provides: bundled(golang(github.com/vmware/vmw-guestinfo/vmcheck)) = 0.0.0-20220317130741.git510905f0efa3
|
||||||
Provides: bundled(golang(golang.org/x/net/context)) = 0.0.0-20200602114024.git627f9648deb9
|
Provides: bundled(golang(golang.org/x/net/context)) = 0.0.0-20200602114024.git627f9648deb9
|
||||||
Provides: bundled(golang(golang.org/x/net/context/ctxhttp)) = 0.0.0-20200602114024.git627f9648deb9
|
Provides: bundled(golang(golang.org/x/net/context/ctxhttp)) = 0.0.0-20200602114024.git627f9648deb9
|
||||||
Provides: bundled(golang(golang.org/x/net/http2)) = 0.0.0-20200602114024.git627f9648deb9
|
Provides: bundled(golang(golang.org/x/net/http2)) = 0.0.0-20200602114024.git627f9648deb9
|
||||||
@ -217,22 +217,26 @@ the configuration.
|
|||||||
|
|
||||||
This package contains a tool for validating Ignition configurations.
|
This package contains a tool for validating Ignition configurations.
|
||||||
|
|
||||||
############## validate-nonlinux subpackage ##############
|
############## validate-redistributable subpackage ##############
|
||||||
|
|
||||||
%if 0%{?fedora}
|
%if 0%{?fedora}
|
||||||
%package validate-nonlinux
|
%package validate-redistributable
|
||||||
|
|
||||||
Summary: Validation tool for Ignition configs for macOS and Windows
|
Summary: Statically linked validation tool for Ignition configs
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
Conflicts: ignition < 0.31.0-3
|
Conflicts: ignition < 0.31.0-3
|
||||||
|
|
||||||
%description validate-nonlinux
|
# In case someone has this subpackage installed, obsolete the old name
|
||||||
This package contains macOS and Windows ignition-validate binaries built
|
# Drop in Fedora 38
|
||||||
through cross-compilation. Do not install it. It is only used for
|
Obsoletes: ignition-validate-nonlinux < 2.13.0-4
|
||||||
building binaries to sign by Fedora release engineering and include on the
|
|
||||||
Ignition project's Github releases page.
|
%description validate-redistributable
|
||||||
|
This package contains statically linked Linux, macOS, and Windows
|
||||||
|
ignition-validate binaries built through cross-compilation. Do not install it.
|
||||||
|
It is only used for building release binaries to be signed by Fedora release
|
||||||
|
engineering and uploaded to the Ignition GitHub releases page.
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
@ -260,6 +264,12 @@ echo "Building ignition-validate..."
|
|||||||
%global gocrossbuild go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x
|
%global gocrossbuild go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x
|
||||||
|
|
||||||
%if 0%{?fedora}
|
%if 0%{?fedora}
|
||||||
|
echo "Building statically-linked Linux ignition-validate..."
|
||||||
|
CGO_ENABLED=0 GOARCH=arm64 GOOS=linux %gocrossbuild -o ./ignition-validate-aarch64-unknown-linux-gnu-static validate/main.go
|
||||||
|
CGO_ENABLED=0 GOARCH=ppc64le GOOS=linux %gocrossbuild -o ./ignition-validate-ppc64le-unknown-linux-gnu-static validate/main.go
|
||||||
|
CGO_ENABLED=0 GOARCH=s390x GOOS=linux %gocrossbuild -o ./ignition-validate-s390x-unknown-linux-gnu-static validate/main.go
|
||||||
|
CGO_ENABLED=0 GOARCH=amd64 GOOS=linux %gocrossbuild -o ./ignition-validate-x86_64-unknown-linux-gnu-static validate/main.go
|
||||||
|
|
||||||
echo "Building macOS ignition-validate..."
|
echo "Building macOS ignition-validate..."
|
||||||
GOARCH=amd64 GOOS=darwin %gocrossbuild -o ./ignition-validate-x86_64-apple-darwin validate/main.go
|
GOARCH=amd64 GOOS=darwin %gocrossbuild -o ./ignition-validate-x86_64-apple-darwin validate/main.go
|
||||||
|
|
||||||
@ -271,6 +281,10 @@ GOARCH=amd64 GOOS=windows %gocrossbuild -o ./ignition-validate-x86_64-pc-windows
|
|||||||
# dracut modules
|
# dracut modules
|
||||||
install -d -p %{buildroot}/%{dracutlibdir}/modules.d
|
install -d -p %{buildroot}/%{dracutlibdir}/modules.d
|
||||||
cp -r dracut/* %{buildroot}/%{dracutlibdir}/modules.d/
|
cp -r dracut/* %{buildroot}/%{dracutlibdir}/modules.d/
|
||||||
|
install -m 0644 -D -t %{buildroot}/%{_unitdir} systemd/ignition-delete-config.service
|
||||||
|
install -m 0755 -d %{buildroot}/%{_libexecdir}
|
||||||
|
ln -sf ../lib/dracut/modules.d/30ignition/ignition %{buildroot}/%{_libexecdir}/ignition-apply
|
||||||
|
ln -sf ../lib/dracut/modules.d/30ignition/ignition %{buildroot}/%{_libexecdir}/ignition-rmcfg
|
||||||
|
|
||||||
# ignition
|
# ignition
|
||||||
install -d -p %{buildroot}%{_bindir}
|
install -d -p %{buildroot}%{_bindir}
|
||||||
@ -278,8 +292,12 @@ install -p -m 0755 ./ignition-validate %{buildroot}%{_bindir}
|
|||||||
|
|
||||||
%if 0%{?fedora}
|
%if 0%{?fedora}
|
||||||
install -d -p %{buildroot}%{_datadir}/ignition
|
install -d -p %{buildroot}%{_datadir}/ignition
|
||||||
|
install -p -m 0644 ./ignition-validate-aarch64-unknown-linux-gnu-static %{buildroot}%{_datadir}/ignition
|
||||||
|
install -p -m 0644 ./ignition-validate-ppc64le-unknown-linux-gnu-static %{buildroot}%{_datadir}/ignition
|
||||||
|
install -p -m 0644 ./ignition-validate-s390x-unknown-linux-gnu-static %{buildroot}%{_datadir}/ignition
|
||||||
install -p -m 0644 ./ignition-validate-x86_64-apple-darwin %{buildroot}%{_datadir}/ignition
|
install -p -m 0644 ./ignition-validate-x86_64-apple-darwin %{buildroot}%{_datadir}/ignition
|
||||||
install -p -m 0644 ./ignition-validate-x86_64-pc-windows-gnu.exe %{buildroot}%{_datadir}/ignition
|
install -p -m 0644 ./ignition-validate-x86_64-pc-windows-gnu.exe %{buildroot}%{_datadir}/ignition
|
||||||
|
install -p -m 0644 ./ignition-validate-x86_64-unknown-linux-gnu-static %{buildroot}%{_datadir}/ignition
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# The ignition binary is only for dracut, and is dangerous to run from
|
# The ignition binary is only for dracut, and is dangerous to run from
|
||||||
@ -296,6 +314,9 @@ install -p -m 0755 ./ignition %{buildroot}/%{dracutlibdir}/modules.d/30ignition
|
|||||||
%license %{golicenses}
|
%license %{golicenses}
|
||||||
%doc %{godocs}
|
%doc %{godocs}
|
||||||
%{dracutlibdir}/modules.d/*
|
%{dracutlibdir}/modules.d/*
|
||||||
|
%{_unitdir}/*.service
|
||||||
|
%{_libexecdir}/ignition-apply
|
||||||
|
%{_libexecdir}/ignition-rmcfg
|
||||||
|
|
||||||
%files validate
|
%files validate
|
||||||
%doc README.md
|
%doc README.md
|
||||||
@ -303,14 +324,29 @@ install -p -m 0755 ./ignition %{buildroot}/%{dracutlibdir}/modules.d/30ignition
|
|||||||
%{_bindir}/ignition-validate
|
%{_bindir}/ignition-validate
|
||||||
|
|
||||||
%if 0%{?fedora}
|
%if 0%{?fedora}
|
||||||
%files validate-nonlinux
|
%files validate-redistributable
|
||||||
%license %{golicenses}
|
%license %{golicenses}
|
||||||
%dir %{_datadir}/ignition
|
%dir %{_datadir}/ignition
|
||||||
|
%{_datadir}/ignition/ignition-validate-aarch64-unknown-linux-gnu-static
|
||||||
|
%{_datadir}/ignition/ignition-validate-ppc64le-unknown-linux-gnu-static
|
||||||
|
%{_datadir}/ignition/ignition-validate-s390x-unknown-linux-gnu-static
|
||||||
%{_datadir}/ignition/ignition-validate-x86_64-apple-darwin
|
%{_datadir}/ignition/ignition-validate-x86_64-apple-darwin
|
||||||
%{_datadir}/ignition/ignition-validate-x86_64-pc-windows-gnu.exe
|
%{_datadir}/ignition/ignition-validate-x86_64-pc-windows-gnu.exe
|
||||||
|
%{_datadir}/ignition/ignition-validate-x86_64-unknown-linux-gnu-static
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 26 2022 Benjamin Gilbert <bgilbert@redhat.com> - 2.14.0-1
|
||||||
|
- New release
|
||||||
|
- Add ignition-apply symlink
|
||||||
|
- Add ignition-rmcfg symlink and ignition-delete-config.service
|
||||||
|
|
||||||
|
* Mon Mar 21 2022 Sohan Kunkerkar <skunkerk@redhat.com> - 2.13.0-2
|
||||||
|
- Rename -validate-nonlinux subpackage to -validate-redistributable
|
||||||
|
- Add static Linux binaries to -redistributable
|
||||||
|
- Fix macro invocation in comment
|
||||||
|
- Avoid kernel lockdown on VMware when running with secure boot
|
||||||
|
|
||||||
* Thu Jan 20 2022 Benjamin Gilbert <bgilbert@redhat.com> - 2.13.0-1
|
* Thu Jan 20 2022 Benjamin Gilbert <bgilbert@redhat.com> - 2.13.0-1
|
||||||
- New release
|
- New release
|
||||||
- Fix LUKS volume reuse
|
- Fix LUKS volume reuse
|
||||||
|
Loading…
Reference in New Issue
Block a user