import rhel-system-roles-1.9.0-2.el9

2021-12-07 12:46:55 -05:00 · 2021-12-07 12:46:55 -05:00 · 51ae03eff9
parent ce52ef4f7c
commit 51ae03eff9
3 changed files with 160 additions and 34 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,19 +1,22 @@
-SOURCES/ansible-sshd-1c5c48835e01adc176febf945e1fd36b7d9af7fd.tar.gz
+SOURCES/ansible-netcommon-2.4.0.tar.gz
+SOURCES/ansible-posix-1.3.0.tar.gz
+SOURCES/ansible-sshd-v0.14.1.tar.gz
 SOURCES/auto-maintenance-2dd50c8a16af647e4c7a768c481335e97735958a.tar.gz
 SOURCES/certificate-1.1.0.tar.gz
+SOURCES/community-general-3.6.0.tar.gz
 SOURCES/crypto_policies-1.2.0.tar.gz
-SOURCES/ha_cluster-1.3.0.tar.gz
-SOURCES/kdump-1.1.0.tar.gz
+SOURCES/ha_cluster-1.3.1.tar.gz
+SOURCES/kdump-1.1.1.tar.gz
 SOURCES/kernel_settings-1.1.0.tar.gz
-SOURCES/logging-1.5.1.tar.gz
+SOURCES/logging-1.6.0.tar.gz
 SOURCES/metrics-1.3.1.tar.gz
 SOURCES/nbde_client-1.1.0.tar.gz
 SOURCES/nbde_server-1.1.0.tar.gz
-SOURCES/network-1.4.0.tar.gz
+SOURCES/network-c0f603808217f691f603d535becf7ff307790cac.tar.gz
 SOURCES/postfix-1.1.0.tar.gz
-SOURCES/selinux-1.3.0.tar.gz
-SOURCES/ssh-1.1.0.tar.gz
-SOURCES/storage-1.6.1.tar.gz
-SOURCES/timesync-1.6.0.tar.gz
+SOURCES/selinux-1.3.2.tar.gz
+SOURCES/ssh-1.1.1.tar.gz
+SOURCES/storage-1.6.2.tar.gz
+SOURCES/timesync-1.6.1.tar.gz
 SOURCES/tlog-1.2.0.tar.gz
-SOURCES/vpn-1.2.0.tar.gz
+SOURCES/vpn-1.2.1.tar.gz
--- a/.rhel-system-roles.metadata
+++ b/.rhel-system-roles.metadata
@ -1,19 +1,22 @@
-81dc493a73559dc310a806c8dad6c310f2456512 SOURCES/ansible-sshd-1c5c48835e01adc176febf945e1fd36b7d9af7fd.tar.gz
+2ab6e8b033f65ed628f2f2ae41863e48da5fa96c SOURCES/ansible-netcommon-2.4.0.tar.gz
+d2d2382c38eaf34d2295aba2aa4652d75ebbaeef SOURCES/ansible-posix-1.3.0.tar.gz
+534d8bed26ab113833885f32a2b1e1ffdf6f4e95 SOURCES/ansible-sshd-v0.14.1.tar.gz
 88baab8db9cba232b8deb8c690dccf2d3ef77b31 SOURCES/auto-maintenance-2dd50c8a16af647e4c7a768c481335e97735958a.tar.gz
 b677782b53c4ffe790528b4b2c12f31b07523b4c SOURCES/certificate-1.1.0.tar.gz
+e0d38d1d9b688476dc8523321f32a1a8d994970f SOURCES/community-general-3.6.0.tar.gz
 1dea114d52dd032bde01a2a64a9b8233daeaa8dc SOURCES/crypto_policies-1.2.0.tar.gz
-d3c6ec22b1e60ad3b53b07009ac54e946355aa75 SOURCES/ha_cluster-1.3.0.tar.gz
-3e3e61b4a8fecc8fb649ab32a3751bd3a3930281 SOURCES/kdump-1.1.0.tar.gz
+c10b2536aa764b47c7d8580003b8c7cae1209466 SOURCES/ha_cluster-1.3.1.tar.gz
+f11ff27eae83718110ab58c907243d0930dcc498 SOURCES/kdump-1.1.1.tar.gz
 90ea8d850a2c46988e4128df36c1254b787d2fb7 SOURCES/kernel_settings-1.1.0.tar.gz
-61127d1b542bf7501ca16834c1716cb01883abfa SOURCES/logging-1.5.1.tar.gz
+04b2d0cfe1ec88831ee7ffb3b0fb2b6045818c69 SOURCES/logging-1.6.0.tar.gz
 170825f78241811a16095f795a93cc9144c39a98 SOURCES/metrics-1.3.1.tar.gz
 f3298859354c92921a3b68fa76f877d4596915d6 SOURCES/nbde_client-1.1.0.tar.gz
 a2c85f6a850285c8afb8635de0cbbb7eb2b46530 SOURCES/nbde_server-1.1.0.tar.gz
-73207015b9e48cd2bdf86fab68f8f34e2181a94b SOURCES/network-1.4.0.tar.gz
+f8e5d33d0f2cf3ea5febb34c019ab34468d5c9de SOURCES/network-c0f603808217f691f603d535becf7ff307790cac.tar.gz
 8f10d7be6d7ea3d855cf5d22f32b5ba7bb8302be SOURCES/postfix-1.1.0.tar.gz
-0f6894033fc2110eac6b81b5e6b4ca9ca0af6632 SOURCES/selinux-1.3.0.tar.gz
-b5e0786216e22508435c13b4da7b6fcce4ad82fe SOURCES/ssh-1.1.0.tar.gz
-5820c668d774e9a267011376138cca5a64fb23dd SOURCES/storage-1.6.1.tar.gz
-7bf364246b52dd8df3de6b6c9bf4553410983439 SOURCES/timesync-1.6.0.tar.gz
+d75a23e6d488a297016ff38b9b402f0357a4d56d SOURCES/selinux-1.3.2.tar.gz
+03049a38fe3cb7356910db62b692b5cd58ed2a5e SOURCES/ssh-1.1.1.tar.gz
+bc8533a5fb21d4b594535ba2a4498ef899cd75e1 SOURCES/storage-1.6.2.tar.gz
+ef208ec219dcd11f5325717f33fe606bda1a5bd0 SOURCES/timesync-1.6.1.tar.gz
 ad38181af7223caa21b602e91d0feeb9085451e0 SOURCES/tlog-1.2.0.tar.gz
-9f91e40a6657e262893f85158706934954bcbcb2 SOURCES/vpn-1.2.0.tar.gz
+13d6b7168f13eebe890967e1221c633ea58840f4 SOURCES/vpn-1.2.1.tar.gz
--- a/SPECS/linux-system-roles.spec
+++ b/SPECS/linux-system-roles.spec
@ -21,11 +21,11 @@ Name: linux-system-roles
 %endif
 Url: https://github.com/linux-system-roles
 Summary: Set of interfaces for unified system management
-Version: 1.8.3
+Version: 1.9.0
 Release: 2%{?dist}

 #Group: Development/Libraries
-License: GPLv3+ and MIT and BSD
+License: GPLv3+ and MIT and BSD and Python
 %global installbase %{_datadir}/linux-system-roles
 %global _pkglicensedir %{_licensedir}/%{name}
 %global rolealtprefix linux-system-roles.
@ -113,23 +113,23 @@ BuildRequires: ansible >= 2.9.10

 #%%defcommit 2 9fe6eb36772e83b53dcfb8ceb73608fd4f72eeda
 %global rolename2 selinux
-%deftag 2 1.3.0
+%deftag 2 1.3.2

 #%%defcommit 3 8db8f9ed9088432bac7abf68f1b284475a3baa38
 %global rolename3 timesync
-%deftag 3 1.6.0
+%deftag 3 1.6.1

 #%%defcommit 4 02fc72b482e165472624b2f68eecd2ddce1d93b1
 %global rolename4 kdump
-%deftag 4 1.1.0
+%deftag 4 1.1.1

-#%%defcommit 5 b08a0b3748ee87aa3bdbcf1f0b7e41ef4971bbee
+%defcommit 5 c0f603808217f691f603d535becf7ff307790cac
 %global rolename5 network
-%deftag 5 1.4.0
+#%%deftag 5 1.4.0

 #%%defcommit 6 b3b456183edb7b8aa6ceff7ce667d8e22009ef6a
 %global rolename6 storage
-%deftag 6 1.6.1
+%deftag 6 1.6.2

 #%%defcommit 7 0673d842fb32c437501e2aada2e38921da98e115
 %global rolename7 metrics
@ -145,7 +145,7 @@ BuildRequires: ansible >= 2.9.10

 #%%defcommit 10 20dd3e5520ca06dcccaa9b3f1fb428d055e0c23f
 %global rolename10 logging
-%deftag 10 1.5.1
+%deftag 10 1.6.0

 #%%defcommit 11 c57d0b1f3384c525738fa26ba4bdca485e162567
 %global rolename11 nbde_server
@ -166,20 +166,20 @@ BuildRequires: ansible >= 2.9.10
 %global forgeorg15 https://github.com/willshersystems
 %global repo15 ansible-sshd
 %global rolename15 sshd
-%defcommit 15 1c5c48835e01adc176febf945e1fd36b7d9af7fd
-#%%deftag 15 v0.13.1
+#%%defcommit 15 57c54e5268d9c09ab31b1357558cdcaa68116015
+%deftag 15 v0.14.1

 #%%defcommit 16 59b9fd7b25607d8bd33bdb082748955f2652846a
 %global rolename16 ssh
-%deftag 16 1.1.0
+%deftag 16 1.1.1

 #%%defcommit 17 f901239cb91878719c9e7461760ef8d4789d626d
 %global rolename17 ha_cluster
-%deftag 17 1.3.0
+%deftag 17 1.3.1

 #%%defcommit 18 5f6cb73e6753fbdbb219b7d3079f0378b2d3bdb3
 %global rolename18 vpn
-%deftag 18 1.2.0
+%deftag 18 1.2.1

 %global mainid 2dd50c8a16af647e4c7a768c481335e97735958a
 Source: %{url}/auto-maintenance/archive/%{mainid}/auto-maintenance-%{mainid}.tar.gz
@ -202,6 +202,15 @@ Source16: %{archiveurl16}
 Source17: %{archiveurl17}
 Source18: %{archiveurl18}

+# Collection tarballs from Automation Hub
+# Not used on Fedora.
+Source801: ansible-posix-1.3.0.tar.gz
+Source802: ansible-netcommon-2.4.0.tar.gz
+
+# Collection tarballs from Galaxy
+# Not used on Fedora.
+Source901: community-general-3.6.0.tar.gz
+
 # Script to convert the collection README to Automation Hub.
 # Not used on Fedora.
 Source998: collection_readme.sh
@ -269,6 +278,18 @@ Collection artifact for %{name}. This package contains %{collection_namespace}-%
 %prep
 %setup -q -a1 -a2 -a3 -a4 -a5 -a6 -a7 -a8 -a9 -a10 -a11 -a12 -a13 -a14 -a15 -a16 -a17 -a18 -n %{getarchivedir 0}

+for file in %_sourcedir/*.tar.gz; do
+    if [[ "$file" =~ %_sourcedir/([^-]+)-([^-]+)-(.+).tar.gz ]]; then
+        ns=${BASH_REMATCH[1]}
+        name=${BASH_REMATCH[2]}
+        ver=${BASH_REMATCH[3]}
+        mkdir -p .external/$ns/$name
+        pushd .external/$ns/$name > /dev/null
+        tar xfz "$file"
+        popd > /dev/null
+    fi
+done
+
 declare -A ROLESTODIR=(%{rolestodir})
 for rolename in %{rolenames}; do
    dir_from_archive="${ROLESTODIR[${rolename}]}"
@ -301,6 +322,63 @@ sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" tests/*.yml exa
 sed -r -i -e "s/min_ansible_version: 2.8/min_ansible_version: 2.9/" meta/main.yml
 cd ..

+%if 0%{?rhel}
+# Unpack tar.gz to retrieve to be vendored modules and place them in the roles library.
+# ansible.posix:
+#   - library:
+#     - Module selinux and seboolean for the selinux role
+#     - Module mount for the storage role
+declare -A module_map=( ["selinux.py"]="selinux" ["seboolean.py"]="selinux"  ["mount.py"]="storage" )
+for module in "${!module_map[@]}"; do
+  role="${module_map[${module}]}"
+  if [ ! -d $role/library ]; then
+    mkdir $role/library
+  fi
+  cp -pL .external/ansible/posix/plugins/modules/$module $role/library/$module
+  sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' -e "s/ansible_collections.ansible.posix.plugins.module_utils/ansible.module_utils.${role}_lsr/" $role/library/$module
+done
+
+# ansible.posix:
+#   - module_utils:
+#     - Module_util mount for the storage role
+module_map=( ["mount.py"]="storage" )
+for module in "${!module_map[@]}"; do
+  role="${module_map[${module}]}"
+  if [ ! -d $role/module_utils/${role}_lsr ]; then
+    mkdir -p $role/module_utils/${role}_lsr
+  fi
+  cp -pL .external/ansible/posix/plugins/module_utils/$module $role/module_utils/${role}_lsr/$module
+  sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module
+done
+
+# ansible.netcommon:
+#   - filter_plugins:
+#     - Filter ipaddr for the vpn role
+declare -A module_map=( ["ipaddr.py"]="vpn" )
+for module in "${!module_map[@]}"; do
+  role="${module_map[${module}]}"
+  if [ ! -d $role/filter_plugins ]; then
+    mkdir $role/filter_plugins
+  fi
+  cp -pL .external/ansible/netcommon/plugins/filter/$module $role/filter_plugins/$module
+  sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/filter_plugins/$module
+done
+
+# community.general:
+#   - library:
+#     - Module seport, sefcontext and selogin for the selinux role rolename2
+module_map=( ["seport.py"]="selinux" ["sefcontext.py"]="selinux"  ["selogin.py"]="selinux" )
+for module in "${!module_map[@]}"; do
+  role="${module_map[${module}]}"
+  if [ ! -d $role/library ]; then
+    mkdir $role/library
+  fi
+  cp -pL .external/community/general/plugins/modules/$module $role/library/$module
+  ls -alrtF $role/library/$module
+  sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module
+done
+%endif
+
 # Replacing "linux-system-roles.rolename" with "rhel-system-roles.rolename" in each role
 %if "%{roleprefix}" != "linux-system-roles."
 for rolename in %{rolenames}; do
@ -357,6 +435,18 @@ for role in %{rolenames}; do
        --namespace %{collection_namespace} --collection %{collection_name}
 done

+%if 0%{?rhel}
+# Convert vendored plugins to FQCN for collection
+#   ansible.netcommon:
+#     - filter_plugins:
+#       - Filter ipaddr for the vpn role
+declare -A module_map=( ["ipaddr"]="vpn" )
+for module in "${!module_map[@]}"; do
+  role="${module_map[${module}]}"
+  find .collections/ansible_collections/%{collection_namespace}/%{collection_name}/*/vpn \( -iname "*.yml" -o -iname "*.j2" \) -exec sed -i -e "s/\<$module\>/%{collection_namespace}.%{collection_name}.&/g" {} \;
+done
+%endif
+
 # copy requirements.txt and bindep.txt from auto-maintenance/lsr_role2collection
 if [ -f lsr_role2collection/collection_requirements.txt ]; then
    cp lsr_role2collection/collection_requirements.txt \
@ -623,6 +713,36 @@ fi
 %endif

 %changelog
+* Tue Oct 26 2021 Sergei Petrosian <spetrosi@redhat.com> - 1.9.0-2
+- Change the PFSL license to Python because this is how PFSL is reffered to in
+  rpminspect-data packages in Fedora, CentOS, and RHEL
+  Related: rhbz#2006076
+
+* Mon Oct 11 2021 Sergei Petrosian <spetrosi@redhat.com> - 1.9.0-1
+- Support ansible-core and improve roles:
+  - selinux: Add support for Rocky Linux 8, fix ansible_distribution_major_version
+  - timesync: Support ansible-core, use ansible_managed | comment
+  - kdump: Support ansible-core, use ansible_managed | comment
+  - network: Support ansible-core; deprecate RHEL 9 in readme; validate that ipv6_disabled is conflicting with other settings; specify PCI address to configure profile - adds match and path settings)
+  - storage: Support ansible-core, add skip checks feature to speed up the tests
+  - logging: Support ansible-core, add the `uid` option for elasticsearch, improve performance, use ansible_manged | comment
+    Resolves: rhbz#1990490 (EL9)
+  - ssh: Use ansible_manged | comment
+  - sshd: Use ansible_managed | comment
+  - ha_cluster: Support ansible-core, fix password_hash salt length
+  - vpn: Support ansible-core, use wait_for_connection instead of wait_for with ssh
+  - ansible_managed | comment BZs:
+    Resolves: rhbz#2006230 (EL9)
+    Resolves: rhbz#2006231 (EL8)
+    Resolves: rhbz#2006233 (EL7)
+- untar the collection tarballs and copy the files
+- Add vendoring code for rhel / centos
+  - selinux: selinux, seboolean, seport, selogin, sefcontext
+  - storage: mount
+  - vpn: ipaddr
+    Resolves: rhbz#2006076 (EL9)
+    Resolves: rhbz#2006081 (EL8)
+
 * Thu Aug 26 2021 Rich Megginson <rmeggins@redhat.com> - 1.8.3-2
 - selinux - tag tests_selinux_disabled.yml with tests::avc
  Resolves rhbz#1996315 (EL9)