Update 1.23.0-1

- Resolves: RHEL-5345 spec - Remove with_html, instead use built-in .README.html
- Resolves: RHEL-5985 ansible-sshd - Manage SSH certificates
- rhbz#2224648: Remove ad_integration patch and use the latest ad_integration
  version instead. Vendor community-general.ini_files for
- RHEL-1119: ad_integration: Support for dynamic DNS Updates
- Change link to open new issue in galaxy.yml from deprecated BZ to Jira
This commit is contained in:
Sergei Petrosian 2023-09-21 16:06:53 +02:00
parent 44302dfdc5
commit 2f1534c8c5
6 changed files with 157 additions and 268 deletions

29
.gitignore vendored
View File

@ -208,3 +208,32 @@ SOURCES/vpn-1.5.3.tar.gz
/kdump-1.3.6.tar.gz
/storage-1.12.3.tar.gz
/firewall-1.6.3.tar.gz
/ad_integration-1.2.2.tar.gz
/ansible-sshd-v0.21.0.tar.gz
/auto-maintenance-eadd06cfa98d244b096cff24cd11b668428b1613.tar.gz
/certificate-1.2.2.tar.gz
/cockpit-1.4.8.tar.gz
/crypto_policies-1.2.12.tar.gz
/firewall-1.6.4.tar.gz
/ha_cluster-1.10.1.tar.gz
/journald-1.0.6.tar.gz
/kdump-1.3.8.tar.gz
/kernel_settings-1.1.18.tar.gz
/keylime_server-1.0.1.tar.gz
/metrics-1.8.7.tar.gz
/nbde_client-1.2.15.tar.gz
/nbde_server-1.3.9.tar.gz
/network-1.13.2.tar.gz
/podman-1.3.3.tar.gz
/postfix-1.3.9.tar.gz
/postgresql-1.1.1.tar.gz
/rhc-1.2.5.tar.gz
/selinux-1.6.3.tar.gz
/ssh-1.2.2.tar.gz
/storage-1.12.4.tar.gz
/systemd-1.0.2.tar.gz
/timesync-1.7.7.tar.gz
/tlog-1.2.17.tar.gz
/vpn-1.5.9.tar.gz
/community-general-7.4.0.tar.gz
/logging-1.11.10.tar.gz

View File

@ -1,127 +0,0 @@
From 1931ebccaa146bd6ee8365c664ab62d294adaa31 Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Fri, 18 Aug 2023 12:35:44 -0600
Subject: [PATCH] fix: use command stdin for password, and do not log password
Cause: The code was constructing the realm join command to be passed
via the shell module, including piping the password into the command,
and was showing the command, including the password, when using
check mode.
Consequence: The clear text password was available in the logs when
using check mode.
Fix: Use command with stdin for the password instead of shell. The
password is not part of the command. command with stdin is more
secure than using shell. The debug output has been changed to
show the command with the `ad_integration_join_parameters` removed,
because we cannot know if those parameters contain data which should
not be logged. Those parameters will still be passed to the actual
realm join command.
Result: The password is not logged. The role is more secure.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
---
tasks/main.yml | 57 ++++++++++++++++++++++++++++----------------------
1 file changed, 32 insertions(+), 25 deletions(-)
diff --git a/tasks/main.yml b/tasks/main.yml
index fe2602e..265c6fe 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,8 +3,7 @@
- name: Ensure that mandatory variable ad_integration_realm is available
fail:
msg: Variable ad_integration_realm must be provided!
- when:
- - not ad_integration_realm
+ when: not ad_integration_realm
- name: Assume managing timesync if timesource is set
set_fact:
@@ -26,8 +25,7 @@
- name: Assume managing crypto policies if allow_rc4_crypto is set
set_fact:
ad_integration_manage_crypto_policies: true
- when:
- - ad_integration_allow_rc4_crypto | bool
+ when: ad_integration_allow_rc4_crypto | bool
- name: Ensure manage_crypt_policies is set with crypto_allow_rc4
fail:
@@ -141,41 +139,50 @@
- name: Build Command - Join to a specific Domain Controller
set_fact:
- __ad_integration_join_command: |
- set -euo pipefail
- echo {{ ad_integration_password | quote }} | realm join -U \
- {{ ad_integration_user | quote }} --membership-software \
- {{ ad_integration_membership_software | quote }} \
- {{ ad_integration_join_parameters }} \
- {{ ad_integration_join_to_dc | quote }}
+ __ad_integration_join_command: >-
+ realm join -U {{ ad_integration_user | quote }} --membership-software
+ {{ ad_integration_membership_software | quote }}
+ {{ ad_integration_join_parameters }}
+ {{ ad_integration_join_to_dc | quote }}
+ __ad_integration_debug_command: >-
+ realm join -U {{ ad_integration_user | quote }} --membership-software
+ {{ ad_integration_membership_software | quote }}
+ {{ ad_integration_join_to_dc | quote }}
no_log: true
- when:
- - ad_integration_join_to_dc is not none
+ when: ad_integration_join_to_dc is not none
- name: Build Join Command - Perform discovery-based realm join operation
set_fact:
- __ad_integration_join_command: |
- set -euo pipefail
- echo {{ ad_integration_password | quote }} | realm join -U \
- {{ ad_integration_user | quote }} --membership-software \
- {{ ad_integration_membership_software | quote }} \
- {{ ad_integration_join_parameters }} \
- {{ ad_integration_realm | quote }}
+ __ad_integration_join_command: >-
+ realm join -U {{ ad_integration_user | quote }} --membership-software
+ {{ ad_integration_membership_software | quote }}
+ {{ ad_integration_join_parameters }}
+ {{ ad_integration_realm | quote }}
+ __ad_integration_debug_command: >-
+ realm join -U {{ ad_integration_user | quote }} --membership-software
+ {{ ad_integration_membership_software | quote }}
+ {{ ad_integration_realm | quote }}
no_log: true
- when:
- - ad_integration_join_to_dc is none
+ when: ad_integration_join_to_dc is none
- name: Show the join command for debug
debug:
- msg: "Would run: '{{ __ad_integration_join_command }}'"
+ msg:
+ - >-
+ Would run the following command. Note that
+ ad_integration_join_parameters have been removed for security purposes,
+ the role will pass them to the actual realm join command when running
+ without check mode.
+ - "{{ __ad_integration_debug_command }}"
when:
- ad_integration_join_to_dc == __ad_integration_sample_dc
or ad_integration_realm == __ad_integration_sample_realm
or ansible_check_mode
- name: Run realm join command
- # noqa command-instead-of-shell
- shell: "{{ __ad_integration_join_command }}"
+ command: "{{ __ad_integration_join_command }}"
+ args:
+ stdin: "{{ ad_integration_password }}"
no_log: true
when:
- ad_integration_join_to_dc != __ad_integration_sample_dc
--
2.41.0

View File

@ -1,9 +1,9 @@
Source801: https://galaxy.ansible.com/download/ansible-posix-1.5.4.tar.gz
Source901: https://galaxy.ansible.com/download/community-general-7.3.0.tar.gz
Source901: https://galaxy.ansible.com/download/community-general-7.4.0.tar.gz
Source902: https://galaxy.ansible.com/download/containers-podman-1.10.3.tar.gz
Provides: bundled(ansible-collection(ansible.posix)) = 1.5.4
Provides: bundled(ansible-collection(community.general)) = 7.3.0
Provides: bundled(ansible-collection(community.general)) = 7.4.0
Provides: bundled(ansible-collection(containers.podman)) = 1.10.3
Source996: CHANGELOG.rst

View File

@ -11,14 +11,6 @@ BuildRequires: ansible-core >= 2.11.0
%bcond_with collection_artifact
%if 0%{?fedora} || 0%{?rhel} >= 8
%bcond_without html
%else
# pandoc is not supported in rhel 7 and older,
# which is needed for converting .md to .html.
%bcond_with html
%endif
%if 0%{?rhel}
Name: rhel-system-roles
%else
@ -26,7 +18,7 @@ Name: linux-system-roles
%endif
Url: https://github.com/linux-system-roles
Summary: Set of interfaces for unified system management
Version: 1.22.0
Version: 1.23.0
Release: 1%{?dist}
License: GPLv3+ and MIT and BSD and Python
@ -86,92 +78,92 @@ Requires: (ansible-core >= 2.11.0 or ansible >= 2.9.0)
%%global rolestodir %%{?rolestodir} %%{roletodir%{1}}
}
%global mainid e010c878833e363195dd707d1334ff48a254b092
%global mainid eadd06cfa98d244b096cff24cd11b668428b1613
Source: %{url}/auto-maintenance/archive/%{mainid}/auto-maintenance-%{mainid}.tar.gz
# BEGIN AUTOGENERATED SOURCES
%global rolename1 postfix
%deftag 1 1.3.8
%deftag 1 1.3.9
%global rolename2 selinux
%deftag 2 1.6.1
%deftag 2 1.6.3
%global rolename3 timesync
%deftag 3 1.7.6
%deftag 3 1.7.7
%global rolename4 kdump
%deftag 4 1.3.6
%deftag 4 1.3.8
%global rolename5 network
%deftag 5 1.13.1
%deftag 5 1.13.2
%global rolename6 storage
%deftag 6 1.12.3
%deftag 6 1.12.4
%global rolename7 metrics
%deftag 7 1.8.6
%deftag 7 1.8.7
%global rolename8 tlog
%deftag 8 1.2.16
%deftag 8 1.2.17
%global rolename9 kernel_settings
%deftag 9 1.1.17
%deftag 9 1.1.18
%global rolename10 logging
%deftag 10 1.11.9
%deftag 10 1.11.10
%global rolename11 nbde_server
%deftag 11 1.3.8
%deftag 11 1.3.9
%global rolename12 nbde_client
%deftag 12 1.2.14
%deftag 12 1.2.15
%global rolename13 certificate
%deftag 13 1.2.1
%deftag 13 1.2.2
%global rolename14 crypto_policies
%deftag 14 1.2.11
%deftag 14 1.2.12
%global forgeorg15 https://github.com/willshersystems
%global repo15 ansible-sshd
%global rolename15 sshd
%deftag 15 v0.19.0
%deftag 15 v0.21.0
%global rolename16 ssh
%deftag 16 1.2.1
%deftag 16 1.2.2
%global rolename17 ha_cluster
%deftag 17 1.10.0
%deftag 17 1.10.1
%global rolename18 vpn
%deftag 18 1.5.8
%deftag 18 1.5.9
%global rolename19 firewall
%deftag 19 1.6.3
%deftag 19 1.6.4
%global rolename20 cockpit
%deftag 20 1.4.7
%deftag 20 1.4.8
%global rolename21 podman
%deftag 21 1.3.2
%deftag 21 1.3.3
%global rolename22 ad_integration
%deftag 22 1.1.3
%deftag 22 1.2.2
%global rolename23 rhc
%deftag 23 1.2.4
%deftag 23 1.2.5
%global rolename24 journald
%deftag 24 1.0.5
%deftag 24 1.0.6
%global rolename25 postgresql
%deftag 25 1.1.0
%deftag 25 1.1.1
%global rolename26 systemd
%deftag 26 1.0.1
%deftag 26 1.0.2
%global rolename27 keylime_server
%deftag 27 1.0.0
%deftag 27 1.0.1
Source1: %{archiveurl1}
Source2: %{archiveurl2}
@ -217,21 +209,8 @@ Source1004: vendoring-build.inc
Source995: CHANGELOG.md
Patch2201: 0001-fix-use-command-stdin-for-password-and-do-not-log-pa.patch
BuildArch: noarch
%if %{with html}
# Requirements for md2html.sh to build the documentation
%if 0%{?fedora} || 0%{?rhel} >= 9
BuildRequires: rubygem-kramdown-parser-gfm
%else
BuildRequires: pandoc
BuildRequires: asciidoc
BuildRequires: highlight
%endif
%endif
# Requirements for galaxy_transform.py
BuildRequires: python3
BuildRequires: python%{python3_pkgversion}-ruamel-yaml
@ -297,6 +276,8 @@ for rolename in %{rolenames}; do
fi
fi
mv "$dir_from_archive" ${rolename}
# Move a hidden .README.html to a not hidden README.html
mv $rolename/.README.html $rolename/README.html
done
%if 0%{?rhel}
@ -314,7 +295,7 @@ find -P tests examples -name \*.yml | while read file; do
-e "s/ansible-sshd/linux-system-roles.sshd/" \
-e "s/ willshersystems.sshd/ linux-system-roles.sshd/" "$file"
done
sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" README.md
sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" README.md README.html
sed -r -i -e 's/min_ansible_version: 2.8/min_ansible_version: "2.9"/' meta/main.yml
cd ..
@ -331,10 +312,6 @@ if [ "$rolesdir" != "$realrolesdir" ]; then
fi
cd ..
cd %{rolename22}
%patch2201 -p1
cd ..
# vendoring build steps, if any
%include %{SOURCE1004}
@ -369,29 +346,43 @@ find -type f -executable -name '*.py' -exec \
# remove upstream-only documentation - for example, documentation
# about collection dependencies is not needed in Fedora and EL RPMs
# since the dependencies are already provided
sed -e '/^## Requirements/,/^#/s/^See below$/None/' \
-e '/^### Collection requirements/,/^#/ {/^### Collection/d;/^#/!d}' \
sed -e '/# Requirements/,/^#/s/^See below$/None/' \
-e '/# Collection requirements/,/^#/ {/# Collection requirements/d;/^#/!d}' \
-i */README.md
sed -e '/id="requirements">Requirements<\/h/,/^<h/s/See below/None/' \
-e '/id="collection-requirements">/,/^<h/ {/id="collection-requirements">/d;/^<h/!d}' \
-i */README.html
for role in %{rolenames}; do
# awk: Remove collection-requirements from README.html TOC
# 1. If match found, add the line and -2,+1 lines' line number in an array "d".
# 2. Save all lines in an array with line number as index
# 3. Print only those index not in array "d"
awk '/id="toc-collection-requirements">/{for(x=NR-2;x<=NR+1;x++)d[x];} \
{a[NR]=$0} \
END{for(i=1;i<=NR;i++)if(!(i in d))print a[i]}' \
$role/README.html > $role/README.html.tmp
mv $role/README.html.tmp $role/README.html
done
# sshd README is not in the same format
sed -e '/^### Optional requirements/,/^Role variables/ {/^### Optional/d;/^Role variables/!d}' \
sed -e '/# Optional requirements/,/# Role variables/ {/# Optional/d;/# Role variables/!d}' \
-i sshd/README.md
sed -e '/id="optional-requirements">/,/^<h/ {/id="optional-requirements">/d;/^<h/!d}' \
-i sshd/README.html
# Remove optional-requirements from README.html TOC
awk '/id="toc-optional-requirements">/{for(x=NR-2;x<=NR+1;x++)d[x];} \
{a[NR]=$0} \
END{for(i=1;i<=NR;i++)if(!(i in d))print a[i]}' \
sshd/README.html > sshd/README.html.tml
mv sshd/README.html.tml sshd/README.html
%if %{with html}
# HACK HACK HACK
# pandoc/asciidoc on rhel 8.9 does not like the journald README badge links
# remove all of the badge links from all README.md files
# in the first 14 lines of the file, remove any line that looks like a
# github action badge
# HACK HACK HACK
readmes=""
matchstr="actions/workflows/"
for role in %{rolenames}; do
# in the first 14 lines of README.md, remove any line that looks like a
# github action badge. README.html doesn't have these lines.
sed -e "1,14 {\\,${matchstr},d; /\!\[/d}" -i $role/README.md
readmes="${readmes} $role/README.md"
done
sh md2html.sh $readmes
%endif
mkdir .collections
%if 0%{?rhel}
@ -402,7 +393,7 @@ mkdir .collections
"https://linux-system-roles.github.io" \
"https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/administration_and_configuration_tasks_using_system_roles_in_rhel" \
"https://access.redhat.com/articles/3050101" \
"https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%208&component=rhel-system-roles" \
"https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332745&summary=Your%20request%20summary&issuetype=1&priority=10200&labels=Partner-Feature-Request&components=12380283" \
> galaxy.yml.tmp
# we vendor-in all of the dependencies on rhel, so remove them
rm -f lsr_role2collection/collection_requirements.txt
@ -434,13 +425,6 @@ LANG=C.utf-8 LC_ALL=C.utf-8 %{python3} release_collection.py --galaxy-yml galaxy
--src-path $(pwd) --dest-path $(pwd)/.collections $includes --force --no-update \
--src-owner %{name} --skip-git --skip-check --skip-changelog $extra_mapping --debug
# Remove table of contents from logging README.md
# It is not needed for html and AH/Galaxy
sed -i -e 's/^\(## Table of Contents\)/## Background\n\1/' \
.collections/ansible_collections/%{collection_namespace}/%{collection_name}/roles/logging/README.md
sed -i -e '/^## Table of Contents/,/^## Background/d' \
.collections/ansible_collections/%{collection_namespace}/%{collection_name}/roles/logging/README.md
# Remove internal links from readme files
# They are not rendered properly on AH.
for role in %{rolenames}; do
@ -489,10 +473,8 @@ for role in %{rolenames}; do
"%{buildroot}%{_pkgdocdir}/$role"
ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.md" \
"%{buildroot}%{_pkgdocdir}/$role"
%if %{with html}
ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.html" \
"%{buildroot}%{_pkgdocdir}/$role"
%endif
if [ -f "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" ]; then
ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" \
"%{buildroot}%{_pkglicensedir}/$role.COPYING"
@ -551,7 +533,7 @@ ln -sr %{buildroot}%{ansible_collection_files}%{collection_name}/README.md \
%{buildroot}%{_pkgdocdir}/collection
for rolename in %{rolenames}; do
for file in CHANGELOG.md README.md; do
for file in CHANGELOG.md README.md README.html; do
if [ -f %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file ]; then
if [ ! -d %{buildroot}%{_pkgdocdir}/collection/roles/${rolename} ]; then
mkdir -p %{buildroot}%{_pkgdocdir}/collection/roles/${rolename}
@ -562,15 +544,6 @@ for rolename in %{rolenames}; do
done
done
%if %{with html}
# converting README.md to README.html for collection in %%{buildroot}%%{_pkgdocdir}/collection
readmes="%{buildroot}%{_pkgdocdir}/collection/README.md"
for role in %{rolenames}; do
readmes="${readmes} %{buildroot}%{_pkgdocdir}/collection/roles/${role}/README.md"
done
sh md2html.sh $readmes
%endif
%if %{with collection_artifact}
# Copy collection artifact to /usr/share/ansible/collections/ for collection-artifact
pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/
@ -672,6 +645,14 @@ find %{buildroot}%{ansible_roles_dir} -mindepth 1 -maxdepth 1 | \
%endif
%changelog
* Wed Sep 20 2023 Sergei Petrosian <spetrosi@redhat.com> - 1.23.0-1
- Resolves: RHEL-5345 spec - Remove with_html, instead use built-in .README.html
- Resolves: RHEL-5985 ansible-sshd - Manage SSH certificates
- rhbz#2224648: Remove ad_integration patch and use the latest ad_integration
version instead. Vendor community-general.ini_files for
- RHEL-1119: ad_integration: Support for dynamic DNS Updates
- Change link to open new issue in galaxy.yml from deprecated BZ to Jira
* Tue Aug 15 2023 Rich Megginson <rmeggins@redhat.com> - 1.22.0-1
- Resolves:rhbz#2233183 : ad_integration - red hat "rhel system role" ad_integration leaks credentials when in check_mode
- Resolves:rhbz#2232391 : kdump - role: "Write new authorized_keys if needed" task idempotency issues

58
sources
View File

@ -1,31 +1,31 @@
SHA512 (ad_integration-1.1.3.tar.gz) = 271465fc159fe716167eca40c1a9ce002201fb823e0b17c10e6b6ddc80fb87fa8b6d25b7691fc9a3652924b93c99a4269b74d61cb670834be6301e434c97f4ec
SHA512 (ad_integration-1.2.2.tar.gz) = 09ff168403363d2196c6bb1987201017300a6258c11ebcef31572083059f10384302e4b903473ce5483f4eb4ba0251f315d4e675d3d900be326a4ec5d1c689e4
SHA512 (ansible-posix-1.5.4.tar.gz) = 63321c2b439bb2c707c5bea2fba61eaefecb0ce1c832c4cfc8ee8bb89448c8af10e447bf580e8ae6d325c0b5891b609683ff2ba46b78040e2c4d3d8b6bdcd724
SHA512 (ansible-sshd-v0.19.0.tar.gz) = 06103696ee1810a8cdbb7f26e0542e85e53c6b758dbc9d87e47a3fd024c8c7fb77b54934e227b0ece4712483d89d52b1e94b1ee5cb667e420261928e8e994b53
SHA512 (auto-maintenance-e010c878833e363195dd707d1334ff48a254b092.tar.gz) = 01c4fbf9762d789f94dfea3f30a4bae5c7a8e37f551bd84efdd281bc7b84250aa45c6e9c6f4bfd0e41bce34ef2643e47718f6fd2b6ffade286758b1d625182fd
SHA512 (certificate-1.2.1.tar.gz) = 7ca0dd56de62ffcfeb3d2d438f125f5bc04009357085053f2ab2fc281fd4fa659a9d77bf7aa37264c980f057db501e64cd6c72cd7545096850053e8b0a6c75f9
SHA512 (cockpit-1.4.7.tar.gz) = 4241a400e26abfdc188d016dc367a62cb51979bcaa41f579714e9b01d2a84548ba06f24f011936248bfe18e05c706a70e5e1367307d306f4c65fdcd9a6a83fa6
SHA512 (community-general-7.3.0.tar.gz) = 8f7b6d31b3b6c9c5534f984ec9c7954ab3e7c0c5cbe78bf4e9178398bba1aa8371773a83fcdf37abf4cb6df3c3ebda88c29f20aa506fd27d4b428150fc107bf5
SHA512 (ansible-sshd-v0.21.0.tar.gz) = 38230da8389f3edbbe3c146756cf4697ede181f6cbed02cc215b35efeec948ef42c241fb02c8d5eece3dc1b6eec21a8ea4666d8ec8dab36885b2bdd0d368bba8
SHA512 (auto-maintenance-eadd06cfa98d244b096cff24cd11b668428b1613.tar.gz) = 0e5e45f8d7a05a4fee7916edb5628cdb105bab9f7770bb752fd229d13ea0d586b2938d8de5d60c14b2ff9d28d5f1bca7201b6197abf2af1e223404f0a8742068
SHA512 (certificate-1.2.2.tar.gz) = cea7ef52def7d5f12360cb12cc41341eebeff52639a1bf56c6d46d72598f7944d743abba05e23fab241a144cd4ea605d45ad1b60bb5ce9e6dc2c52cf557cf476
SHA512 (cockpit-1.4.8.tar.gz) = 266d03d517d4e0d4eee9b39af5f4bfc0f921f5faeb7f6dd757e8a440df60b355d67a84c7cc3fe50827b8c37e6cfd5780435b35daef5b7894ccd5e22c4408de6c
SHA512 (community-general-7.4.0.tar.gz) = 68e51cdc8cabf05db2b46cf4ee2a373cfc2588fda1475655f9319a8f1f270a69ffa380656a6924fd9f6e10af4bdb9c988232931b7a744c47277ebc17c1b19498
SHA512 (containers-podman-1.10.3.tar.gz) = 5234d12ab5a870bc08553e5a51d06f75dfa73f22764378ffb2053b55cb306fc7ec1f24d399f414cac8213de4c34211c33d947c02d823da6ef2ee31bdbb7c1fad
SHA512 (crypto_policies-1.2.11.tar.gz) = b3bac1bf3b960b44f437ed2a42d2208406956166c18a1d0e711c44b75997ec26dd6628e0257b72ba1e540e62ac88d968287a47b0750b42961a90fa508febf1e3
SHA512 (firewall-1.6.3.tar.gz) = 0e08a4494cd9c346d3bb1aace78deeb7868b3e121247d5baa024109b5f880a5aa7ed55a41d005b5a8252e9a92e0046a361e856138734741397c230998122fb5c
SHA512 (ha_cluster-1.10.0.tar.gz) = 961145301b607def32352bd79f46f31d33866d3c3f588649135cab061966f65157a9fe3923881a294e80b87d6671697446a6074da4cf1b8645af11affc89500d
SHA512 (journald-1.0.5.tar.gz) = 905d7b354f411f6b053e3ee6ada6771da8f5d310df5ef9c8eff5e88e6c31d968275cec1155bf8bbeeafa5c6436eb859f4d1dfdaefe097aa4feaea015559213cf
SHA512 (kdump-1.3.6.tar.gz) = 196d49bde461e0325adeaa1c9dda41c567974e3e79e9134f7f7f185832b834ce2bcdbcc3bb2558afa0717c07c2fe56ea36377596c2f79c0436e06bb4fd8607eb
SHA512 (kernel_settings-1.1.17.tar.gz) = 1d5fcb9d369a06409c718b84d052d123412c90d81ff29124f6ad0eaa31616b95fdda5b5a5e838acade9553f8c8a6ea1d1a33c4a6bf4cd334980b45c7ffbaa46b
SHA512 (keylime_server-1.0.0.tar.gz) = 0366331302ad198da675abbb700ffe81c15b364357d834b89ab383b945fa57301ede1a48efa6ffb766c7f3b0b5165fd5c7961642d4826749dd079d71cf1c70a1
SHA512 (logging-1.11.9.tar.gz) = ed06e51b86a7b23ed469afdb35e7f314812faa7e7e5a53022e5008d9d1a309ff3bfbdd61fdeb25d44ff8093bc31e2d786de0db00f265a39c2ccf99832104f1ce
SHA512 (metrics-1.8.6.tar.gz) = a1eea695a4c151004d614335e40cde58598af5bba6b4040336307bc24638b1fce0663076b78a1b7993f61a0554e09c88487bf317ab32530505cc5b3e70eafb98
SHA512 (nbde_client-1.2.14.tar.gz) = eef8b6e55adddc6b2aabfaa1fd210a55a67c8b9e9fdb74a6fd91779525565460a727b71550ecd8c432636bde89ae90d3d27c85a1665ccbe85f1d222284d12f99
SHA512 (nbde_server-1.3.8.tar.gz) = a3267b1fc50f79cad49a77a3214abbff698929021d55a31d7a00a698d0b0dfb01eb72adf0187879df92b8213ab7805057e586eaeb480d1be3caf97b1307f4a0d
SHA512 (network-1.13.1.tar.gz) = edc4ada1f54b8487144b87d2adbd145641f1c28a96bc41dcf242835e8ab4841a6025190f818fe0d2747a630c7d9cf1e202039baf90672bdc74c3ca2ab81ee688
SHA512 (podman-1.3.2.tar.gz) = 74172656558306d8e1e03f9ee5c5ccebf6057f05dec0d9f8c79b66b156d2f1a89175b161ba740437f9bb4eb11b672580da588e7347d8d309e6503a81cc0d88ef
SHA512 (postfix-1.3.8.tar.gz) = 95afd83bf883a820fe90264d2a6276336b1f5d49a9214cbbd9304e4ce3c05a990ee88f13552020fb37382c9ea26b851216dd5d59ed819fe118aa79d06f993a21
SHA512 (postgresql-1.1.0.tar.gz) = fcc324a9ca431c441a911443db573a952e6f41e121c1a1f7f1090d22e80970ef346c291c54155df4131cc3535367b0d17b6a0990f0ad1d1b8ea3a7ebe054663d
SHA512 (rhc-1.2.4.tar.gz) = e1b3599b0bb545144c4192e6264bde807db03f5dd7309f627624a79f7dedd427e55fc9579440f648f1561dbd6192ffa2659538761bb7e9956e77c0de727ecd4b
SHA512 (selinux-1.6.1.tar.gz) = 05a8f341860cff7b20b1914401559a40ae1e2a84cb14e8e3ddb9a293940000053cf9c0f31a7b6f3c2b6964f6e60f9e1acd35741667eb0daa3a9d73bf33053d89
SHA512 (ssh-1.2.1.tar.gz) = 6a83c1d730ca5003e025c90de9843362201d7b09b32646d32620c46edaf79c0fa2e431534ed31a5c4f661f6f499df725953e9dd532444a430bdf3db51b1b275e
SHA512 (storage-1.12.3.tar.gz) = 54c06ca657e3c24565103e6f13c31cd8bcd51e63073d41ea57430bcca6d88411afb92166fb129adc77395c1599e9b0c11620445d7cb6fda85dcae94be3af2170
SHA512 (systemd-1.0.1.tar.gz) = da7f765d7b3ced84dee4dbb888bfa492ac535a52fe589fc0a91d7840374a6fa6702f5f64b3b2dd96f5c6b8c5e5ba513de18ada6b9e551c64a80f273146667c6a
SHA512 (timesync-1.7.6.tar.gz) = 20801e5bfa7ee97863d128a26f8a39e38cf8c5ce8140f73cecc5cce62e2ed71700c5d4c2c68d7cc366df9cddfc00a6d5311957fb42a1ef8fbaa75ca28e394d3c
SHA512 (tlog-1.2.16.tar.gz) = 2c6ae40bfc90f839e7baa507687d04f3a83a2bcee01fe0de02f71820f8617f3e2bcb1257675bcf3aa3795f4fcc1b9efe74aa79d548502a79188be7659528d6bd
SHA512 (vpn-1.5.8.tar.gz) = ae1055c7e219cf76bc277c7613f6735d4d7fb1d1c03da7f8a2fdacded9ca76ab65094688685e79beaa036d93c336248d4a2dcb994ea75a710ef529c2aafd33ec
SHA512 (crypto_policies-1.2.12.tar.gz) = 01d290536616147ab07571dfbb597681d406bad7623cb370bfae53c4a5d234d7467eda1127cc89527771936eec571f019eeb73d1819c7951c7ef74f29b03238b
SHA512 (firewall-1.6.4.tar.gz) = b8aa8182b35d51d2797d92538b13df9a94ea60864dc97e4736c0fbdb7134ac2b0f8f058b5cfe86b5725e77db94c1d72a582201de210fa69ba21d1a6dbf224f95
SHA512 (ha_cluster-1.10.1.tar.gz) = b5d12aa0c495b209f4858699892b2fae8d57290b9d42cc567593164286d70b91147ce5aa6c727053b6ced28c9ef6bdaa97ac65a9bab042e9fe2f8c681f05f1ac
SHA512 (journald-1.0.6.tar.gz) = 64cc62b9209a9447e03a14fe2782c72516ffbd35b36ff3a629eb65a4d48b18cd5d1a3511312300e18951531d41141d23c10fa1fcebdbd447877e415565c84bf8
SHA512 (kdump-1.3.8.tar.gz) = f415cd3e95e2f803dc20f19c98bf3e09fa2e3e8e3bef681af30cbe7cade9e7efdedc5671feddb532d66306d69acea1605f5ca0cd0cd7119a9b6dade493adf3e8
SHA512 (kernel_settings-1.1.18.tar.gz) = ee5917dbd2f186e43cebdb04d6b4553fa322d8e466f8874e9141f069317ecd15aa60003f898bb701dd056ccc96c1a4f94109e393d3915cbf282cd46f4365c4a7
SHA512 (keylime_server-1.0.1.tar.gz) = d0cd3599dae71662f9ca926e5f52b27ff9f9530870e181a25bd0c9ef51772600b0c540d478154558278330527bf8dac46b436b52952aba4b536af61c50640b19
SHA512 (logging-1.11.10.tar.gz) = d606ba04c91e22795c078c72651d34a84e4a9eecd3b83eedc745a3a062338b014731d5306eb3fce3abae8450d9ca78bd240b51c2d529160b3675966fd7ef2097
SHA512 (metrics-1.8.7.tar.gz) = fa6fedb4f3d17ad8e24a4f878267653bb4e18f3c114245efd1b8cba2113d56471481ad1d67e5a106d9b648859fe2d3f1cc37d24aa718f846d54d73d397bfb15b
SHA512 (nbde_client-1.2.15.tar.gz) = 6d3527018cf570f15fc35dc20e5cca9d1685e5a5213397387579e8a17172a766c90625da99ac744a38e75107b582c3106b772c6e7d2ecbab32ba7b3262781796
SHA512 (nbde_server-1.3.9.tar.gz) = 3bf6fdd5a55acd6a46f8f03af793fdac8c33a5f509b992b97318b52e9a53f33987ee0f20b36da52fca97e4693118d098fd7af7c0ae01503633a563ad22021bd0
SHA512 (network-1.13.2.tar.gz) = 55ea84a7ec0ff52f7f5855c5e1d8b8c1a5dc5878b118430b9dbde2edf50cf0e80660e71d687a47943369ef525625c4c41cade2d170623f526953c587caebc235
SHA512 (podman-1.3.3.tar.gz) = 984bdc6b5972774965b8bfbbfa66fbe9c1d436b95c6b3c5cbcff9748f3d28d2b3e17bc014ffb5edcf13231ed25f5692fdad4af3bba88b7f7097542cf6bcf8566
SHA512 (postfix-1.3.9.tar.gz) = 34ae431a8a73ee6eec35a50a8845c10ca5d2eec82d5181416a4c86838b22ad777ce2913540fb0c40ab7e899946bca09d950912a3453589505cda194ebcfdf3c5
SHA512 (postgresql-1.1.1.tar.gz) = 988d6a673bee25a7438877890ceedcb28f0c9cc366934696cb38b170eff99571a1616c65c8d6f8e37ef09fcd5b9d05311a103f80741e33d6c18e3a408495032b
SHA512 (rhc-1.2.5.tar.gz) = 5c7ab5c687078f69d35e852b7cb6f805e5daafae0c9333bac2a0a654fb848d3b8ce7b07a1115e6eeede02931d80c8b0de10206d48efacfc2bb9bec819c580c06
SHA512 (selinux-1.6.3.tar.gz) = 110a736a5e91cd68bb5fd2e6a7ea35482f710b0d997187a2502b7b9f8f891569a19b48ecbadce403a4a8d208b1032aad9a800176e8442eac0b6d215a8e9802ee
SHA512 (ssh-1.2.2.tar.gz) = 3eb83f66cefe0b696ad853feceae6b556bf195c41f18edb122353226e7eff187d2befd9a83a0b3483d7b545e291d2ce45c8e5655bf89764dc65de394a708a6a2
SHA512 (storage-1.12.4.tar.gz) = 3dd2e2e5096c532ab351e4b2112739f31e78045c477098fa8835cb37542463dae7a90dc5e2160757002dbc8a2eaf8d2e66992c0c8a65f1ed55470bfc69a525c5
SHA512 (systemd-1.0.2.tar.gz) = 83a0f52d0b271f80aabf298dfddc1782d68d96ba800f1cba86da68895f6d6ed5d0f2e3eb4a433ede496f88a92b8c8ddf1fb3ac2940329501255a420e993031d2
SHA512 (timesync-1.7.7.tar.gz) = 9446bea552ce4c7c794671440b72c692b3c7326a0e1d606dc43f928e1b18fadbc6bffc63ceb93abf891e8833ed7e790a6efe66688dc41126bc95323560b078aa
SHA512 (tlog-1.2.17.tar.gz) = 404cbe1909824af707342b9bc95f656742a02a18077953b4b45326cf9e033beb02165ffeb649a39a97c802b1756f49b3cdc502535da0c6bf3b747673f767609a
SHA512 (vpn-1.5.9.tar.gz) = ac8ee6dab70f7a92d7314a7bca3903adb699281d86be6444d2864fea6cc18e8e74e00ff1d0a9df3a1ce7f287e1e2ff3546881b420c472f213a8c7c3b17d86992

View File

@ -28,31 +28,37 @@ done
# community.general:
# - library:
# - Module seport, sefcontext and selogin for the selinux role rolename2
# - Module ini_file for role tlog
# - Module ini_file for role ad_integration, tlog
# - rhc modules
# - ha_cluster uses modprobe
module_map=( ["seport.py"]="selinux" ["sefcontext.py"]="selinux" ["selogin.py"]="selinux" ["ini_file.py"]="tlog"
["redhat_subscription.py"]="rhc" ["rhsm_release.py"]="rhc" ["rhsm_repository.py"]="rhc"
module_map=( ["seport.py"]="selinux"
["sefcontext.py"]="selinux"
["selogin.py"]="selinux"
["ini_file.py"]="ad_integration tlog"
["redhat_subscription.py"]="rhc"
["rhsm_release.py"]="rhc"
["rhsm_repository.py"]="rhc"
["modprobe.py"]="ha_cluster" )
for module in "${!module_map[@]}"; do
role="${module_map[${module}]}"
if [ ! -d $role/library ]; then
mkdir $role/library
fi
# version 5.x seems to be broken?
moduledir=.external/community/general/plugins/modules
if [ ! -f $moduledir/$module ]; then
moduledir=.external/community/general/plugins/modules/system
fi
if [ ! -f $moduledir/$module ]; then
moduledir=.external/community/general/plugins/modules/files
fi
cp -pL $moduledir/$module $role/library/$module
ls -alrtF $role/library/$module
sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module
for role in ${module_map[${module}]}; do
if [ ! -d $role/library ]; then
mkdir $role/library
fi
# version 5.x seems to be broken?
moduledir=.external/community/general/plugins/modules
if [ ! -f $moduledir/$module ]; then
moduledir=.external/community/general/plugins/modules/system
fi
if [ ! -f $moduledir/$module ]; then
moduledir=.external/community/general/plugins/modules/files
fi
cp -pL $moduledir/$module $role/library/$module
ls -alrtF $role/library/$module
sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module
# Remove doc_fragments
sed -i '/^extends_documentation_fragment:/,/^[^ -]/{/^extends/d;/^[ -]/d}' $role/library/$module
# Remove doc_fragments
sed -i '/^extends_documentation_fragment:/,/^[^ -]/{/^extends/d;/^[ -]/d}' $role/library/$module
done
done
# containers.podman: