diff --git a/.gitignore b/.gitignore index 447ae3e..3135d5a 100644 --- a/.gitignore +++ b/.gitignore @@ -208,3 +208,32 @@ SOURCES/vpn-1.5.3.tar.gz /kdump-1.3.6.tar.gz /storage-1.12.3.tar.gz /firewall-1.6.3.tar.gz +/ad_integration-1.2.2.tar.gz +/ansible-sshd-v0.21.0.tar.gz +/auto-maintenance-eadd06cfa98d244b096cff24cd11b668428b1613.tar.gz +/certificate-1.2.2.tar.gz +/cockpit-1.4.8.tar.gz +/crypto_policies-1.2.12.tar.gz +/firewall-1.6.4.tar.gz +/ha_cluster-1.10.1.tar.gz +/journald-1.0.6.tar.gz +/kdump-1.3.8.tar.gz +/kernel_settings-1.1.18.tar.gz +/keylime_server-1.0.1.tar.gz +/metrics-1.8.7.tar.gz +/nbde_client-1.2.15.tar.gz +/nbde_server-1.3.9.tar.gz +/network-1.13.2.tar.gz +/podman-1.3.3.tar.gz +/postfix-1.3.9.tar.gz +/postgresql-1.1.1.tar.gz +/rhc-1.2.5.tar.gz +/selinux-1.6.3.tar.gz +/ssh-1.2.2.tar.gz +/storage-1.12.4.tar.gz +/systemd-1.0.2.tar.gz +/timesync-1.7.7.tar.gz +/tlog-1.2.17.tar.gz +/vpn-1.5.9.tar.gz +/community-general-7.4.0.tar.gz +/logging-1.11.10.tar.gz diff --git a/0001-fix-use-command-stdin-for-password-and-do-not-log-pa.patch b/0001-fix-use-command-stdin-for-password-and-do-not-log-pa.patch deleted file mode 100644 index bba4a2b..0000000 --- a/0001-fix-use-command-stdin-for-password-and-do-not-log-pa.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 1931ebccaa146bd6ee8365c664ab62d294adaa31 Mon Sep 17 00:00:00 2001 -From: Rich Megginson -Date: Fri, 18 Aug 2023 12:35:44 -0600 -Subject: [PATCH] fix: use command stdin for password, and do not log password - -Cause: The code was constructing the realm join command to be passed -via the shell module, including piping the password into the command, -and was showing the command, including the password, when using -check mode. - -Consequence: The clear text password was available in the logs when -using check mode. - -Fix: Use command with stdin for the password instead of shell. The -password is not part of the command. command with stdin is more -secure than using shell. The debug output has been changed to -show the command with the `ad_integration_join_parameters` removed, -because we cannot know if those parameters contain data which should -not be logged. Those parameters will still be passed to the actual -realm join command. - -Result: The password is not logged. The role is more secure. - -Signed-off-by: Rich Megginson ---- - tasks/main.yml | 57 ++++++++++++++++++++++++++++---------------------- - 1 file changed, 32 insertions(+), 25 deletions(-) - -diff --git a/tasks/main.yml b/tasks/main.yml -index fe2602e..265c6fe 100644 ---- a/tasks/main.yml -+++ b/tasks/main.yml -@@ -3,8 +3,7 @@ - - name: Ensure that mandatory variable ad_integration_realm is available - fail: - msg: Variable ad_integration_realm must be provided! -- when: -- - not ad_integration_realm -+ when: not ad_integration_realm - - - name: Assume managing timesync if timesource is set - set_fact: -@@ -26,8 +25,7 @@ - - name: Assume managing crypto policies if allow_rc4_crypto is set - set_fact: - ad_integration_manage_crypto_policies: true -- when: -- - ad_integration_allow_rc4_crypto | bool -+ when: ad_integration_allow_rc4_crypto | bool - - - name: Ensure manage_crypt_policies is set with crypto_allow_rc4 - fail: -@@ -141,41 +139,50 @@ - - - name: Build Command - Join to a specific Domain Controller - set_fact: -- __ad_integration_join_command: | -- set -euo pipefail -- echo {{ ad_integration_password | quote }} | realm join -U \ -- {{ ad_integration_user | quote }} --membership-software \ -- {{ ad_integration_membership_software | quote }} \ -- {{ ad_integration_join_parameters }} \ -- {{ ad_integration_join_to_dc | quote }} -+ __ad_integration_join_command: >- -+ realm join -U {{ ad_integration_user | quote }} --membership-software -+ {{ ad_integration_membership_software | quote }} -+ {{ ad_integration_join_parameters }} -+ {{ ad_integration_join_to_dc | quote }} -+ __ad_integration_debug_command: >- -+ realm join -U {{ ad_integration_user | quote }} --membership-software -+ {{ ad_integration_membership_software | quote }} -+ {{ ad_integration_join_to_dc | quote }} - no_log: true -- when: -- - ad_integration_join_to_dc is not none -+ when: ad_integration_join_to_dc is not none - - - name: Build Join Command - Perform discovery-based realm join operation - set_fact: -- __ad_integration_join_command: | -- set -euo pipefail -- echo {{ ad_integration_password | quote }} | realm join -U \ -- {{ ad_integration_user | quote }} --membership-software \ -- {{ ad_integration_membership_software | quote }} \ -- {{ ad_integration_join_parameters }} \ -- {{ ad_integration_realm | quote }} -+ __ad_integration_join_command: >- -+ realm join -U {{ ad_integration_user | quote }} --membership-software -+ {{ ad_integration_membership_software | quote }} -+ {{ ad_integration_join_parameters }} -+ {{ ad_integration_realm | quote }} -+ __ad_integration_debug_command: >- -+ realm join -U {{ ad_integration_user | quote }} --membership-software -+ {{ ad_integration_membership_software | quote }} -+ {{ ad_integration_realm | quote }} - no_log: true -- when: -- - ad_integration_join_to_dc is none -+ when: ad_integration_join_to_dc is none - - - name: Show the join command for debug - debug: -- msg: "Would run: '{{ __ad_integration_join_command }}'" -+ msg: -+ - >- -+ Would run the following command. Note that -+ ad_integration_join_parameters have been removed for security purposes, -+ the role will pass them to the actual realm join command when running -+ without check mode. -+ - "{{ __ad_integration_debug_command }}" - when: - - ad_integration_join_to_dc == __ad_integration_sample_dc - or ad_integration_realm == __ad_integration_sample_realm - or ansible_check_mode - - - name: Run realm join command -- # noqa command-instead-of-shell -- shell: "{{ __ad_integration_join_command }}" -+ command: "{{ __ad_integration_join_command }}" -+ args: -+ stdin: "{{ ad_integration_password }}" - no_log: true - when: - - ad_integration_join_to_dc != __ad_integration_sample_dc --- -2.41.0 - diff --git a/extrasources.inc b/extrasources.inc index 8ee7e1f..abde626 100644 --- a/extrasources.inc +++ b/extrasources.inc @@ -1,9 +1,9 @@ Source801: https://galaxy.ansible.com/download/ansible-posix-1.5.4.tar.gz -Source901: https://galaxy.ansible.com/download/community-general-7.3.0.tar.gz +Source901: https://galaxy.ansible.com/download/community-general-7.4.0.tar.gz Source902: https://galaxy.ansible.com/download/containers-podman-1.10.3.tar.gz Provides: bundled(ansible-collection(ansible.posix)) = 1.5.4 -Provides: bundled(ansible-collection(community.general)) = 7.3.0 +Provides: bundled(ansible-collection(community.general)) = 7.4.0 Provides: bundled(ansible-collection(containers.podman)) = 1.10.3 Source996: CHANGELOG.rst diff --git a/rhel-system-roles.spec b/rhel-system-roles.spec index 0e201df..e9ed556 100644 --- a/rhel-system-roles.spec +++ b/rhel-system-roles.spec @@ -11,14 +11,6 @@ BuildRequires: ansible-core >= 2.11.0 %bcond_with collection_artifact -%if 0%{?fedora} || 0%{?rhel} >= 8 -%bcond_without html -%else -# pandoc is not supported in rhel 7 and older, -# which is needed for converting .md to .html. -%bcond_with html -%endif - %if 0%{?rhel} Name: rhel-system-roles %else @@ -26,7 +18,7 @@ Name: linux-system-roles %endif Url: https://github.com/linux-system-roles Summary: Set of interfaces for unified system management -Version: 1.22.0 +Version: 1.23.0 Release: 1%{?dist} License: GPLv3+ and MIT and BSD and Python @@ -86,92 +78,92 @@ Requires: (ansible-core >= 2.11.0 or ansible >= 2.9.0) %%global rolestodir %%{?rolestodir} %%{roletodir%{1}} } -%global mainid e010c878833e363195dd707d1334ff48a254b092 +%global mainid eadd06cfa98d244b096cff24cd11b668428b1613 Source: %{url}/auto-maintenance/archive/%{mainid}/auto-maintenance-%{mainid}.tar.gz # BEGIN AUTOGENERATED SOURCES %global rolename1 postfix -%deftag 1 1.3.8 +%deftag 1 1.3.9 %global rolename2 selinux -%deftag 2 1.6.1 +%deftag 2 1.6.3 %global rolename3 timesync -%deftag 3 1.7.6 +%deftag 3 1.7.7 %global rolename4 kdump -%deftag 4 1.3.6 +%deftag 4 1.3.8 %global rolename5 network -%deftag 5 1.13.1 +%deftag 5 1.13.2 %global rolename6 storage -%deftag 6 1.12.3 +%deftag 6 1.12.4 %global rolename7 metrics -%deftag 7 1.8.6 +%deftag 7 1.8.7 %global rolename8 tlog -%deftag 8 1.2.16 +%deftag 8 1.2.17 %global rolename9 kernel_settings -%deftag 9 1.1.17 +%deftag 9 1.1.18 %global rolename10 logging -%deftag 10 1.11.9 +%deftag 10 1.11.10 %global rolename11 nbde_server -%deftag 11 1.3.8 +%deftag 11 1.3.9 %global rolename12 nbde_client -%deftag 12 1.2.14 +%deftag 12 1.2.15 %global rolename13 certificate -%deftag 13 1.2.1 +%deftag 13 1.2.2 %global rolename14 crypto_policies -%deftag 14 1.2.11 +%deftag 14 1.2.12 %global forgeorg15 https://github.com/willshersystems %global repo15 ansible-sshd %global rolename15 sshd -%deftag 15 v0.19.0 +%deftag 15 v0.21.0 %global rolename16 ssh -%deftag 16 1.2.1 +%deftag 16 1.2.2 %global rolename17 ha_cluster -%deftag 17 1.10.0 +%deftag 17 1.10.1 %global rolename18 vpn -%deftag 18 1.5.8 +%deftag 18 1.5.9 %global rolename19 firewall -%deftag 19 1.6.3 +%deftag 19 1.6.4 %global rolename20 cockpit -%deftag 20 1.4.7 +%deftag 20 1.4.8 %global rolename21 podman -%deftag 21 1.3.2 +%deftag 21 1.3.3 %global rolename22 ad_integration -%deftag 22 1.1.3 +%deftag 22 1.2.2 %global rolename23 rhc -%deftag 23 1.2.4 +%deftag 23 1.2.5 %global rolename24 journald -%deftag 24 1.0.5 +%deftag 24 1.0.6 %global rolename25 postgresql -%deftag 25 1.1.0 +%deftag 25 1.1.1 %global rolename26 systemd -%deftag 26 1.0.1 +%deftag 26 1.0.2 %global rolename27 keylime_server -%deftag 27 1.0.0 +%deftag 27 1.0.1 Source1: %{archiveurl1} Source2: %{archiveurl2} @@ -217,21 +209,8 @@ Source1004: vendoring-build.inc Source995: CHANGELOG.md -Patch2201: 0001-fix-use-command-stdin-for-password-and-do-not-log-pa.patch - BuildArch: noarch -%if %{with html} -# Requirements for md2html.sh to build the documentation -%if 0%{?fedora} || 0%{?rhel} >= 9 -BuildRequires: rubygem-kramdown-parser-gfm -%else -BuildRequires: pandoc -BuildRequires: asciidoc -BuildRequires: highlight -%endif -%endif - # Requirements for galaxy_transform.py BuildRequires: python3 BuildRequires: python%{python3_pkgversion}-ruamel-yaml @@ -297,6 +276,8 @@ for rolename in %{rolenames}; do fi fi mv "$dir_from_archive" ${rolename} + # Move a hidden .README.html to a not hidden README.html + mv $rolename/.README.html $rolename/README.html done %if 0%{?rhel} @@ -314,7 +295,7 @@ find -P tests examples -name \*.yml | while read file; do -e "s/ansible-sshd/linux-system-roles.sshd/" \ -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" "$file" done -sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" README.md +sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" README.md README.html sed -r -i -e 's/min_ansible_version: 2.8/min_ansible_version: "2.9"/' meta/main.yml cd .. @@ -331,10 +312,6 @@ if [ "$rolesdir" != "$realrolesdir" ]; then fi cd .. -cd %{rolename22} -%patch2201 -p1 -cd .. - # vendoring build steps, if any %include %{SOURCE1004} @@ -369,29 +346,43 @@ find -type f -executable -name '*.py' -exec \ # remove upstream-only documentation - for example, documentation # about collection dependencies is not needed in Fedora and EL RPMs # since the dependencies are already provided -sed -e '/^## Requirements/,/^#/s/^See below$/None/' \ - -e '/^### Collection requirements/,/^#/ {/^### Collection/d;/^#/!d}' \ +sed -e '/# Requirements/,/^#/s/^See below$/None/' \ + -e '/# Collection requirements/,/^#/ {/# Collection requirements/d;/^#/!d}' \ -i */README.md +sed -e '/id="requirements">Requirements<\/h/,/^/,/^/d;/^/{for(x=NR-2;x<=NR+1;x++)d[x];} \ + {a[NR]=$0} \ + END{for(i=1;i<=NR;i++)if(!(i in d))print a[i]}' \ + $role/README.html > $role/README.html.tmp + mv $role/README.html.tmp $role/README.html +done + # sshd README is not in the same format -sed -e '/^### Optional requirements/,/^Role variables/ {/^### Optional/d;/^Role variables/!d}' \ +sed -e '/# Optional requirements/,/# Role variables/ {/# Optional/d;/# Role variables/!d}' \ -i sshd/README.md +sed -e '/id="optional-requirements">/,/^/d;/^/{for(x=NR-2;x<=NR+1;x++)d[x];} \ + {a[NR]=$0} \ + END{for(i=1;i<=NR;i++)if(!(i in d))print a[i]}' \ + sshd/README.html > sshd/README.html.tml +mv sshd/README.html.tml sshd/README.html - -%if %{with html} -# HACK HACK HACK -# pandoc/asciidoc on rhel 8.9 does not like the journald README badge links -# remove all of the badge links from all README.md files -# in the first 14 lines of the file, remove any line that looks like a -# github action badge -# HACK HACK HACK -readmes="" matchstr="actions/workflows/" for role in %{rolenames}; do + # in the first 14 lines of README.md, remove any line that looks like a + # github action badge. README.html doesn't have these lines. sed -e "1,14 {\\,${matchstr},d; /\!\[/d}" -i $role/README.md - readmes="${readmes} $role/README.md" done -sh md2html.sh $readmes -%endif mkdir .collections %if 0%{?rhel} @@ -402,7 +393,7 @@ mkdir .collections "https://linux-system-roles.github.io" \ "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/administration_and_configuration_tasks_using_system_roles_in_rhel" \ "https://access.redhat.com/articles/3050101" \ - "https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%208&component=rhel-system-roles" \ + "https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332745&summary=Your%20request%20summary&issuetype=1&priority=10200&labels=Partner-Feature-Request&components=12380283" \ > galaxy.yml.tmp # we vendor-in all of the dependencies on rhel, so remove them rm -f lsr_role2collection/collection_requirements.txt @@ -434,13 +425,6 @@ LANG=C.utf-8 LC_ALL=C.utf-8 %{python3} release_collection.py --galaxy-yml galaxy --src-path $(pwd) --dest-path $(pwd)/.collections $includes --force --no-update \ --src-owner %{name} --skip-git --skip-check --skip-changelog $extra_mapping --debug -# Remove table of contents from logging README.md -# It is not needed for html and AH/Galaxy -sed -i -e 's/^\(## Table of Contents\)/## Background\n\1/' \ - .collections/ansible_collections/%{collection_namespace}/%{collection_name}/roles/logging/README.md -sed -i -e '/^## Table of Contents/,/^## Background/d' \ - .collections/ansible_collections/%{collection_namespace}/%{collection_name}/roles/logging/README.md - # Remove internal links from readme files # They are not rendered properly on AH. for role in %{rolenames}; do @@ -489,10 +473,8 @@ for role in %{rolenames}; do "%{buildroot}%{_pkgdocdir}/$role" ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.md" \ "%{buildroot}%{_pkgdocdir}/$role" -%if %{with html} ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.html" \ "%{buildroot}%{_pkgdocdir}/$role" -%endif if [ -f "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" ]; then ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" \ "%{buildroot}%{_pkglicensedir}/$role.COPYING" @@ -551,7 +533,7 @@ ln -sr %{buildroot}%{ansible_collection_files}%{collection_name}/README.md \ %{buildroot}%{_pkgdocdir}/collection for rolename in %{rolenames}; do - for file in CHANGELOG.md README.md; do + for file in CHANGELOG.md README.md README.html; do if [ -f %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file ]; then if [ ! -d %{buildroot}%{_pkgdocdir}/collection/roles/${rolename} ]; then mkdir -p %{buildroot}%{_pkgdocdir}/collection/roles/${rolename} @@ -562,15 +544,6 @@ for rolename in %{rolenames}; do done done -%if %{with html} -# converting README.md to README.html for collection in %%{buildroot}%%{_pkgdocdir}/collection -readmes="%{buildroot}%{_pkgdocdir}/collection/README.md" -for role in %{rolenames}; do - readmes="${readmes} %{buildroot}%{_pkgdocdir}/collection/roles/${role}/README.md" -done -sh md2html.sh $readmes -%endif - %if %{with collection_artifact} # Copy collection artifact to /usr/share/ansible/collections/ for collection-artifact pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/ @@ -672,6 +645,14 @@ find %{buildroot}%{ansible_roles_dir} -mindepth 1 -maxdepth 1 | \ %endif %changelog +* Wed Sep 20 2023 Sergei Petrosian - 1.23.0-1 +- Resolves: RHEL-5345 spec - Remove with_html, instead use built-in .README.html +- Resolves: RHEL-5985 ansible-sshd - Manage SSH certificates +- rhbz#2224648: Remove ad_integration patch and use the latest ad_integration + version instead. Vendor community-general.ini_files for +- RHEL-1119: ad_integration: Support for dynamic DNS Updates +- Change link to open new issue in galaxy.yml from deprecated BZ to Jira + * Tue Aug 15 2023 Rich Megginson - 1.22.0-1 - Resolves:rhbz#2233183 : ad_integration - red hat "rhel system role" ad_integration leaks credentials when in check_mode - Resolves:rhbz#2232391 : kdump - role: "Write new authorized_keys if needed" task idempotency issues diff --git a/sources b/sources index 78f046a..b73a1e9 100644 --- a/sources +++ b/sources @@ -1,31 +1,31 @@ -SHA512 (ad_integration-1.1.3.tar.gz) = 271465fc159fe716167eca40c1a9ce002201fb823e0b17c10e6b6ddc80fb87fa8b6d25b7691fc9a3652924b93c99a4269b74d61cb670834be6301e434c97f4ec +SHA512 (ad_integration-1.2.2.tar.gz) = 09ff168403363d2196c6bb1987201017300a6258c11ebcef31572083059f10384302e4b903473ce5483f4eb4ba0251f315d4e675d3d900be326a4ec5d1c689e4 SHA512 (ansible-posix-1.5.4.tar.gz) = 63321c2b439bb2c707c5bea2fba61eaefecb0ce1c832c4cfc8ee8bb89448c8af10e447bf580e8ae6d325c0b5891b609683ff2ba46b78040e2c4d3d8b6bdcd724 -SHA512 (ansible-sshd-v0.19.0.tar.gz) = 06103696ee1810a8cdbb7f26e0542e85e53c6b758dbc9d87e47a3fd024c8c7fb77b54934e227b0ece4712483d89d52b1e94b1ee5cb667e420261928e8e994b53 -SHA512 (auto-maintenance-e010c878833e363195dd707d1334ff48a254b092.tar.gz) = 01c4fbf9762d789f94dfea3f30a4bae5c7a8e37f551bd84efdd281bc7b84250aa45c6e9c6f4bfd0e41bce34ef2643e47718f6fd2b6ffade286758b1d625182fd -SHA512 (certificate-1.2.1.tar.gz) = 7ca0dd56de62ffcfeb3d2d438f125f5bc04009357085053f2ab2fc281fd4fa659a9d77bf7aa37264c980f057db501e64cd6c72cd7545096850053e8b0a6c75f9 -SHA512 (cockpit-1.4.7.tar.gz) = 4241a400e26abfdc188d016dc367a62cb51979bcaa41f579714e9b01d2a84548ba06f24f011936248bfe18e05c706a70e5e1367307d306f4c65fdcd9a6a83fa6 -SHA512 (community-general-7.3.0.tar.gz) = 8f7b6d31b3b6c9c5534f984ec9c7954ab3e7c0c5cbe78bf4e9178398bba1aa8371773a83fcdf37abf4cb6df3c3ebda88c29f20aa506fd27d4b428150fc107bf5 +SHA512 (ansible-sshd-v0.21.0.tar.gz) = 38230da8389f3edbbe3c146756cf4697ede181f6cbed02cc215b35efeec948ef42c241fb02c8d5eece3dc1b6eec21a8ea4666d8ec8dab36885b2bdd0d368bba8 +SHA512 (auto-maintenance-eadd06cfa98d244b096cff24cd11b668428b1613.tar.gz) = 0e5e45f8d7a05a4fee7916edb5628cdb105bab9f7770bb752fd229d13ea0d586b2938d8de5d60c14b2ff9d28d5f1bca7201b6197abf2af1e223404f0a8742068 +SHA512 (certificate-1.2.2.tar.gz) = cea7ef52def7d5f12360cb12cc41341eebeff52639a1bf56c6d46d72598f7944d743abba05e23fab241a144cd4ea605d45ad1b60bb5ce9e6dc2c52cf557cf476 +SHA512 (cockpit-1.4.8.tar.gz) = 266d03d517d4e0d4eee9b39af5f4bfc0f921f5faeb7f6dd757e8a440df60b355d67a84c7cc3fe50827b8c37e6cfd5780435b35daef5b7894ccd5e22c4408de6c +SHA512 (community-general-7.4.0.tar.gz) = 68e51cdc8cabf05db2b46cf4ee2a373cfc2588fda1475655f9319a8f1f270a69ffa380656a6924fd9f6e10af4bdb9c988232931b7a744c47277ebc17c1b19498 SHA512 (containers-podman-1.10.3.tar.gz) = 5234d12ab5a870bc08553e5a51d06f75dfa73f22764378ffb2053b55cb306fc7ec1f24d399f414cac8213de4c34211c33d947c02d823da6ef2ee31bdbb7c1fad -SHA512 (crypto_policies-1.2.11.tar.gz) = b3bac1bf3b960b44f437ed2a42d2208406956166c18a1d0e711c44b75997ec26dd6628e0257b72ba1e540e62ac88d968287a47b0750b42961a90fa508febf1e3 -SHA512 (firewall-1.6.3.tar.gz) = 0e08a4494cd9c346d3bb1aace78deeb7868b3e121247d5baa024109b5f880a5aa7ed55a41d005b5a8252e9a92e0046a361e856138734741397c230998122fb5c -SHA512 (ha_cluster-1.10.0.tar.gz) = 961145301b607def32352bd79f46f31d33866d3c3f588649135cab061966f65157a9fe3923881a294e80b87d6671697446a6074da4cf1b8645af11affc89500d -SHA512 (journald-1.0.5.tar.gz) = 905d7b354f411f6b053e3ee6ada6771da8f5d310df5ef9c8eff5e88e6c31d968275cec1155bf8bbeeafa5c6436eb859f4d1dfdaefe097aa4feaea015559213cf -SHA512 (kdump-1.3.6.tar.gz) = 196d49bde461e0325adeaa1c9dda41c567974e3e79e9134f7f7f185832b834ce2bcdbcc3bb2558afa0717c07c2fe56ea36377596c2f79c0436e06bb4fd8607eb -SHA512 (kernel_settings-1.1.17.tar.gz) = 1d5fcb9d369a06409c718b84d052d123412c90d81ff29124f6ad0eaa31616b95fdda5b5a5e838acade9553f8c8a6ea1d1a33c4a6bf4cd334980b45c7ffbaa46b -SHA512 (keylime_server-1.0.0.tar.gz) = 0366331302ad198da675abbb700ffe81c15b364357d834b89ab383b945fa57301ede1a48efa6ffb766c7f3b0b5165fd5c7961642d4826749dd079d71cf1c70a1 -SHA512 (logging-1.11.9.tar.gz) = ed06e51b86a7b23ed469afdb35e7f314812faa7e7e5a53022e5008d9d1a309ff3bfbdd61fdeb25d44ff8093bc31e2d786de0db00f265a39c2ccf99832104f1ce -SHA512 (metrics-1.8.6.tar.gz) = a1eea695a4c151004d614335e40cde58598af5bba6b4040336307bc24638b1fce0663076b78a1b7993f61a0554e09c88487bf317ab32530505cc5b3e70eafb98 -SHA512 (nbde_client-1.2.14.tar.gz) = eef8b6e55adddc6b2aabfaa1fd210a55a67c8b9e9fdb74a6fd91779525565460a727b71550ecd8c432636bde89ae90d3d27c85a1665ccbe85f1d222284d12f99 -SHA512 (nbde_server-1.3.8.tar.gz) = a3267b1fc50f79cad49a77a3214abbff698929021d55a31d7a00a698d0b0dfb01eb72adf0187879df92b8213ab7805057e586eaeb480d1be3caf97b1307f4a0d -SHA512 (network-1.13.1.tar.gz) = edc4ada1f54b8487144b87d2adbd145641f1c28a96bc41dcf242835e8ab4841a6025190f818fe0d2747a630c7d9cf1e202039baf90672bdc74c3ca2ab81ee688 -SHA512 (podman-1.3.2.tar.gz) = 74172656558306d8e1e03f9ee5c5ccebf6057f05dec0d9f8c79b66b156d2f1a89175b161ba740437f9bb4eb11b672580da588e7347d8d309e6503a81cc0d88ef -SHA512 (postfix-1.3.8.tar.gz) = 95afd83bf883a820fe90264d2a6276336b1f5d49a9214cbbd9304e4ce3c05a990ee88f13552020fb37382c9ea26b851216dd5d59ed819fe118aa79d06f993a21 -SHA512 (postgresql-1.1.0.tar.gz) = fcc324a9ca431c441a911443db573a952e6f41e121c1a1f7f1090d22e80970ef346c291c54155df4131cc3535367b0d17b6a0990f0ad1d1b8ea3a7ebe054663d -SHA512 (rhc-1.2.4.tar.gz) = e1b3599b0bb545144c4192e6264bde807db03f5dd7309f627624a79f7dedd427e55fc9579440f648f1561dbd6192ffa2659538761bb7e9956e77c0de727ecd4b -SHA512 (selinux-1.6.1.tar.gz) = 05a8f341860cff7b20b1914401559a40ae1e2a84cb14e8e3ddb9a293940000053cf9c0f31a7b6f3c2b6964f6e60f9e1acd35741667eb0daa3a9d73bf33053d89 -SHA512 (ssh-1.2.1.tar.gz) = 6a83c1d730ca5003e025c90de9843362201d7b09b32646d32620c46edaf79c0fa2e431534ed31a5c4f661f6f499df725953e9dd532444a430bdf3db51b1b275e -SHA512 (storage-1.12.3.tar.gz) = 54c06ca657e3c24565103e6f13c31cd8bcd51e63073d41ea57430bcca6d88411afb92166fb129adc77395c1599e9b0c11620445d7cb6fda85dcae94be3af2170 -SHA512 (systemd-1.0.1.tar.gz) = da7f765d7b3ced84dee4dbb888bfa492ac535a52fe589fc0a91d7840374a6fa6702f5f64b3b2dd96f5c6b8c5e5ba513de18ada6b9e551c64a80f273146667c6a -SHA512 (timesync-1.7.6.tar.gz) = 20801e5bfa7ee97863d128a26f8a39e38cf8c5ce8140f73cecc5cce62e2ed71700c5d4c2c68d7cc366df9cddfc00a6d5311957fb42a1ef8fbaa75ca28e394d3c -SHA512 (tlog-1.2.16.tar.gz) = 2c6ae40bfc90f839e7baa507687d04f3a83a2bcee01fe0de02f71820f8617f3e2bcb1257675bcf3aa3795f4fcc1b9efe74aa79d548502a79188be7659528d6bd -SHA512 (vpn-1.5.8.tar.gz) = ae1055c7e219cf76bc277c7613f6735d4d7fb1d1c03da7f8a2fdacded9ca76ab65094688685e79beaa036d93c336248d4a2dcb994ea75a710ef529c2aafd33ec +SHA512 (crypto_policies-1.2.12.tar.gz) = 01d290536616147ab07571dfbb597681d406bad7623cb370bfae53c4a5d234d7467eda1127cc89527771936eec571f019eeb73d1819c7951c7ef74f29b03238b +SHA512 (firewall-1.6.4.tar.gz) = b8aa8182b35d51d2797d92538b13df9a94ea60864dc97e4736c0fbdb7134ac2b0f8f058b5cfe86b5725e77db94c1d72a582201de210fa69ba21d1a6dbf224f95 +SHA512 (ha_cluster-1.10.1.tar.gz) = b5d12aa0c495b209f4858699892b2fae8d57290b9d42cc567593164286d70b91147ce5aa6c727053b6ced28c9ef6bdaa97ac65a9bab042e9fe2f8c681f05f1ac +SHA512 (journald-1.0.6.tar.gz) = 64cc62b9209a9447e03a14fe2782c72516ffbd35b36ff3a629eb65a4d48b18cd5d1a3511312300e18951531d41141d23c10fa1fcebdbd447877e415565c84bf8 +SHA512 (kdump-1.3.8.tar.gz) = f415cd3e95e2f803dc20f19c98bf3e09fa2e3e8e3bef681af30cbe7cade9e7efdedc5671feddb532d66306d69acea1605f5ca0cd0cd7119a9b6dade493adf3e8 +SHA512 (kernel_settings-1.1.18.tar.gz) = ee5917dbd2f186e43cebdb04d6b4553fa322d8e466f8874e9141f069317ecd15aa60003f898bb701dd056ccc96c1a4f94109e393d3915cbf282cd46f4365c4a7 +SHA512 (keylime_server-1.0.1.tar.gz) = d0cd3599dae71662f9ca926e5f52b27ff9f9530870e181a25bd0c9ef51772600b0c540d478154558278330527bf8dac46b436b52952aba4b536af61c50640b19 +SHA512 (logging-1.11.10.tar.gz) = d606ba04c91e22795c078c72651d34a84e4a9eecd3b83eedc745a3a062338b014731d5306eb3fce3abae8450d9ca78bd240b51c2d529160b3675966fd7ef2097 +SHA512 (metrics-1.8.7.tar.gz) = fa6fedb4f3d17ad8e24a4f878267653bb4e18f3c114245efd1b8cba2113d56471481ad1d67e5a106d9b648859fe2d3f1cc37d24aa718f846d54d73d397bfb15b +SHA512 (nbde_client-1.2.15.tar.gz) = 6d3527018cf570f15fc35dc20e5cca9d1685e5a5213397387579e8a17172a766c90625da99ac744a38e75107b582c3106b772c6e7d2ecbab32ba7b3262781796 +SHA512 (nbde_server-1.3.9.tar.gz) = 3bf6fdd5a55acd6a46f8f03af793fdac8c33a5f509b992b97318b52e9a53f33987ee0f20b36da52fca97e4693118d098fd7af7c0ae01503633a563ad22021bd0 +SHA512 (network-1.13.2.tar.gz) = 55ea84a7ec0ff52f7f5855c5e1d8b8c1a5dc5878b118430b9dbde2edf50cf0e80660e71d687a47943369ef525625c4c41cade2d170623f526953c587caebc235 +SHA512 (podman-1.3.3.tar.gz) = 984bdc6b5972774965b8bfbbfa66fbe9c1d436b95c6b3c5cbcff9748f3d28d2b3e17bc014ffb5edcf13231ed25f5692fdad4af3bba88b7f7097542cf6bcf8566 +SHA512 (postfix-1.3.9.tar.gz) = 34ae431a8a73ee6eec35a50a8845c10ca5d2eec82d5181416a4c86838b22ad777ce2913540fb0c40ab7e899946bca09d950912a3453589505cda194ebcfdf3c5 +SHA512 (postgresql-1.1.1.tar.gz) = 988d6a673bee25a7438877890ceedcb28f0c9cc366934696cb38b170eff99571a1616c65c8d6f8e37ef09fcd5b9d05311a103f80741e33d6c18e3a408495032b +SHA512 (rhc-1.2.5.tar.gz) = 5c7ab5c687078f69d35e852b7cb6f805e5daafae0c9333bac2a0a654fb848d3b8ce7b07a1115e6eeede02931d80c8b0de10206d48efacfc2bb9bec819c580c06 +SHA512 (selinux-1.6.3.tar.gz) = 110a736a5e91cd68bb5fd2e6a7ea35482f710b0d997187a2502b7b9f8f891569a19b48ecbadce403a4a8d208b1032aad9a800176e8442eac0b6d215a8e9802ee +SHA512 (ssh-1.2.2.tar.gz) = 3eb83f66cefe0b696ad853feceae6b556bf195c41f18edb122353226e7eff187d2befd9a83a0b3483d7b545e291d2ce45c8e5655bf89764dc65de394a708a6a2 +SHA512 (storage-1.12.4.tar.gz) = 3dd2e2e5096c532ab351e4b2112739f31e78045c477098fa8835cb37542463dae7a90dc5e2160757002dbc8a2eaf8d2e66992c0c8a65f1ed55470bfc69a525c5 +SHA512 (systemd-1.0.2.tar.gz) = 83a0f52d0b271f80aabf298dfddc1782d68d96ba800f1cba86da68895f6d6ed5d0f2e3eb4a433ede496f88a92b8c8ddf1fb3ac2940329501255a420e993031d2 +SHA512 (timesync-1.7.7.tar.gz) = 9446bea552ce4c7c794671440b72c692b3c7326a0e1d606dc43f928e1b18fadbc6bffc63ceb93abf891e8833ed7e790a6efe66688dc41126bc95323560b078aa +SHA512 (tlog-1.2.17.tar.gz) = 404cbe1909824af707342b9bc95f656742a02a18077953b4b45326cf9e033beb02165ffeb649a39a97c802b1756f49b3cdc502535da0c6bf3b747673f767609a +SHA512 (vpn-1.5.9.tar.gz) = ac8ee6dab70f7a92d7314a7bca3903adb699281d86be6444d2864fea6cc18e8e74e00ff1d0a9df3a1ce7f287e1e2ff3546881b420c472f213a8c7c3b17d86992 diff --git a/vendoring-build.inc b/vendoring-build.inc index 090e67b..ccc99e6 100644 --- a/vendoring-build.inc +++ b/vendoring-build.inc @@ -28,31 +28,37 @@ done # community.general: # - library: # - Module seport, sefcontext and selogin for the selinux role rolename2 -# - Module ini_file for role tlog +# - Module ini_file for role ad_integration, tlog # - rhc modules # - ha_cluster uses modprobe -module_map=( ["seport.py"]="selinux" ["sefcontext.py"]="selinux" ["selogin.py"]="selinux" ["ini_file.py"]="tlog" - ["redhat_subscription.py"]="rhc" ["rhsm_release.py"]="rhc" ["rhsm_repository.py"]="rhc" +module_map=( ["seport.py"]="selinux" + ["sefcontext.py"]="selinux" + ["selogin.py"]="selinux" + ["ini_file.py"]="ad_integration tlog" + ["redhat_subscription.py"]="rhc" + ["rhsm_release.py"]="rhc" + ["rhsm_repository.py"]="rhc" ["modprobe.py"]="ha_cluster" ) for module in "${!module_map[@]}"; do - role="${module_map[${module}]}" - if [ ! -d $role/library ]; then - mkdir $role/library - fi - # version 5.x seems to be broken? - moduledir=.external/community/general/plugins/modules - if [ ! -f $moduledir/$module ]; then - moduledir=.external/community/general/plugins/modules/system - fi - if [ ! -f $moduledir/$module ]; then - moduledir=.external/community/general/plugins/modules/files - fi - cp -pL $moduledir/$module $role/library/$module - ls -alrtF $role/library/$module - sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module + for role in ${module_map[${module}]}; do + if [ ! -d $role/library ]; then + mkdir $role/library + fi + # version 5.x seems to be broken? + moduledir=.external/community/general/plugins/modules + if [ ! -f $moduledir/$module ]; then + moduledir=.external/community/general/plugins/modules/system + fi + if [ ! -f $moduledir/$module ]; then + moduledir=.external/community/general/plugins/modules/files + fi + cp -pL $moduledir/$module $role/library/$module + ls -alrtF $role/library/$module + sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module - # Remove doc_fragments - sed -i '/^extends_documentation_fragment:/,/^[^ -]/{/^extends/d;/^[ -]/d}' $role/library/$module + # Remove doc_fragments + sed -i '/^extends_documentation_fragment:/,/^[^ -]/{/^extends/d;/^[ -]/d}' $role/library/$module + done done # containers.podman: