Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package etcd for openSUSE:Factory checked in at 2025-07-02 12:11:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/etcd (Old) and /work/SRC/openSUSE:Factory/.etcd.new.7067 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "etcd" Wed Jul 2 12:11:01 2025 rev:47 rq:1289537 version:3.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/etcd/etcd.changes 2025-04-10 21:58:43.055270019 +0200 +++ /work/SRC/openSUSE:Factory/.etcd.new.7067/etcd.changes 2025-07-02 12:14:01.958029612 +0200 @@ -1,0 +2,39 @@ +Tue Jun 10 09:33:50 UTC 2025 - Elisei Roca <er...@suse.com> + +- See upgrade guide: + https://etcd.io/docs/v3.6/upgrades/upgrade_3_6/ + +- Update to version 3.6.1: + * etcd server: + - Replaced the deprecated/removed UnaryServerInterceptor and + StreamServerInterceptor in otelgrpc with NewServerHandler + - Add protection on PromoteMember and UpdateRaftAttributes to prevent panicking + - Fix the issue that --force-new-cluster can't remove all other members in a corner case + - Fix mvcc: avoid double decrement of watcher gauge on close/cancel race + - Add validation to ensure there is no empty v3discovery endpoint + * etcdctl: + - Fix command etcdctl endpoint health doesn't work when options are set via environment variables + +- Update to version 3.6.0: + https://github.com/etcd-io/etcd/compare/v3.5.21...v3.6.0 + * Dropped flags in v3.6.0: + ETCD_ENABLE_V2 + ETCD_PROXY + ETCD_PROXY_DIAL_TIMEOUT + ETCD_PROXY_FAILURE_WAIT + ETCD_PROXY_READ_TIMEOUT + ETCD_PROXY_REFRESH_INTERVAL + ETCD_PROXY_WRITE_TIMEOUT + +------------------------------------------------------------------- +Fri Jun 6 19:46:00 UTC 2025 - Elisei Roca <er...@suse.com> + +- Fix a bug when migrating existing /etc/sysconfig/etcd +- Add suggests for subpackages etcdctl and etcdutl +- Add script for updating etcd.conf + * update-etcd-conf.sh +- Renamed script for vendoring and commented out go_modules + in service file, we use the script + * update-vendor.sh + +------------------------------------------------------------------- Old: ---- etcd-3.5.21.tar.gz system-user-etcd.conf vendor-update.sh New: ---- etcd-3.6.1.tar.gz etcd.sysuser update-etcd-conf.sh update-vendor.sh ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ etcd.spec ++++++ --- /var/tmp/diff_new_pack.7v9vf5/_old 2025-07-02 12:14:03.586096823 +0200 +++ /var/tmp/diff_new_pack.7v9vf5/_new 2025-07-02 12:14:03.586096823 +0200 @@ -1,7 +1,7 @@ # # spec file for package etcd # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,9 +23,9 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: etcd -Version: 3.5.21 +Version: 3.6.1 Release: 0 -Summary: Highly-available key value store for configuration and service discovery +Summary: Reliable key-value store for the most critical data of a distributed system License: Apache-2.0 Group: System/Management URL: https://github.com/etcd-io/etcd @@ -34,21 +34,24 @@ Source11: %{name}.conf Source12: %{name}.service Source13: %{name}.sysconfig +Source14: %{name}.sysuser Source15: README.security -Source16: system-user-etcd.conf -Source17: vendor-update.sh +Source16: update-vendor.sh +Source17: update-etcd-conf.sh BuildRequires: golang(API) >= 1.23 BuildRequires: golang-packaging BuildRequires: systemd-rpm-macros BuildRequires: sysuser-tools BuildRequires: xz Requires(post): %fillup_prereq +Suggests: etcdctl +Suggests: etcdutl ExcludeArch: s390 %{ix86} %sysusers_requires %description -etcd is a distributed, consistent key-value store for shared configuration and -service discovery, with a focus on being: +etcd is a distributed reliable key-value store for the most critical data of a +distributed system, with a focus on being: - Simple: well-defined, user-facing API (gRPC) - Secure: automatic TLS with optional client cert authentication @@ -95,7 +98,7 @@ done cd "$dir" -%sysusers_generate_pre %{SOURCE16} %{name} system-user-etcd.conf +%sysusers_generate_pre %{SOURCE14} %{name} etcd.conf %install install -d %{buildroot}%{_sbindir} @@ -115,13 +118,13 @@ # Additional install -d -m 750 %{buildroot}%{_localstatedir}/lib/%{name} -install -Dm0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/system-user-etcd.conf +install -Dm0644 %{SOURCE14} %{buildroot}%{_sysusersdir}/etcd.conf %pre -f %{name}.pre -if [ ! -e %{etcd_default_file} -a /etc/sysconfig/etcd ] ; then -echo "Migrating existing /etc/sysconfig/etcd to %{etcd_default_file}." -echo "From now on only ETCD_OPTIONS should be in /etc/sysconfig/etcd" -mv -i /etc/sysconfig/etcd %{etcd_default_file} +if [ ! -e %{etcd_default_file} -a -e /etc/sysconfig/etcd ] ; then + echo "Migrating existing /etc/sysconfig/etcd to %{etcd_default_file}." + echo "From now on only ETCD_OPTIONS should be in /etc/sysconfig/etcd" + mv /etc/sysconfig/etcd %{etcd_default_file} fi %service_add_pre %{name}.service @@ -139,7 +142,7 @@ %license LICENSE %doc CONTRIBUTING.md README.md DCO README.security %{_sbindir}/%{name} -%{_sysusersdir}/system-user-etcd.conf +%{_sysusersdir}/%{name}.conf # Service %{_unitdir}/%{name}.service ++++++ README.security ++++++ --- /var/tmp/diff_new_pack.7v9vf5/_old 2025-07-02 12:14:03.626098474 +0200 +++ /var/tmp/diff_new_pack.7v9vf5/_new 2025-07-02 12:14:03.630098640 +0200 @@ -1,11 +1,12 @@ -By default etcd doesn't require authentication. If you configure etcd to be reachable +By default etcd doesn't require authentication. If you configure etcd to be reachable over the network, have untrustworthy local users on the system where etc runs or store data in etcd that needs to be kept confidential please make sure to enable authentication. -You can do that by configuring the settings under [security] in /etc/sysconfig/etcd. -For additional guidance please read -https://etcd.io/docs/v3.5/op-guide/configuration/#security -and -https://etcd.io/docs/v3.5/op-guide/authentication -to ensure that you enforce proper access control +You can do that by configuring the settings under the Security section in /etc/default/etcd. + +For additional guidance please read: +https://etcd.io/docs/v3.6/op-guide/configuration/#security + +And to ensure that you enforce proper access control: +https://etcd.io/docs/v3.6/op-guide/authentication/ ++++++ _service ++++++ --- /var/tmp/diff_new_pack.7v9vf5/_old 2025-07-02 12:14:03.650099465 +0200 +++ /var/tmp/diff_new_pack.7v9vf5/_new 2025-07-02 12:14:03.654099630 +0200 @@ -1,20 +1,19 @@ <services> - <service name="tar_scm" mode="disabled"> + <service name="tar_scm" mode="manual"> <param name="url">https://github.com/etcd-io/etcd.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v3.5.21</param> + <param name="revision">v3.6.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> </service> - <service mode="disabled" name="set_version"> - </service> - <service name="recompress" mode="disabled"> + <service mode="manual" name="set_version"/> + <service name="recompress" mode="manual"> <param name="file">*.tar</param> <param name="compression">gz</param> </service> - <service name="go_modules" mode="disabled"> - </service> + <!-- use ./update-vendor.sh instead --> + <!-- <service name="go_modules" mode="manual"/> --> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.7v9vf5/_old 2025-07-02 12:14:03.674100456 +0200 +++ /var/tmp/diff_new_pack.7v9vf5/_new 2025-07-02 12:14:03.678100621 +0200 @@ -5,6 +5,6 @@ <param name="url">git://github.com/etcd-io/etcd.git</param> <param name="changesrevision">99018a77bea9a9d29962e5169876c64e02739c52</param></service><service name="tar_scm"> <param name="url">https://github.com/etcd-io/etcd.git</param> - <param name="changesrevision">a17edfd59754d1aed29c2db33520ab9d401326a5</param></service></servicedata> + <param name="changesrevision">a4708beb0f5dfba937145762516ac98f15797940</param></service></servicedata> (No newline at EOF) ++++++ etcd-3.5.21.tar.gz -> etcd-3.6.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/etcd/etcd-3.5.21.tar.gz /work/SRC/openSUSE:Factory/.etcd.new.7067/etcd-3.6.1.tar.gz differ: char 12, line 1 ++++++ etcd.conf ++++++ --- /var/tmp/diff_new_pack.7v9vf5/_old 2025-07-02 12:14:03.722102438 +0200 +++ /var/tmp/diff_new_pack.7v9vf5/_new 2025-07-02 12:14:03.726102603 +0200 @@ -1,126 +1,325 @@ +# Please also read README.security for this package. + +# Environment variables: every flag has a corresponding environment variable that has the +# same name but is prefixed with ETCD_ and formatted in all caps and snake case. +# For example, --some-flag would be ETCD_SOME_FLAG. # Caution: If you mix-and-match configuration options, then the following rules apply. -# Command-line flags take precedence over environment variables. -# If you provide a configuration file all command-line flags and environment variables are ignored. +# * Command-line flags take precedence over environment variables. +# * If you provide a configuration file all command-line flags and environment variables are ignored. -# Set commandline options example: ETCD_OPTIONS="--enable-v2=true" to enable the v2 API -#ETCD_OPTIONS="" +# Set commandline options example: ETCD_OPTIONS="--feature-gates=StopGRPCServiceOnDefrag=true" +# ETCD_OPTIONS="" -# [member] -# Human-readable name for this member. +# Member: ETCD_NAME="default" -# Path to the data directory. +# Human-readable name for this member. ETCD_DATA_DIR="/var/lib/etcd/default.etcd" +# Path to the data directory. +# ETCD_WAL_DIR="" # Path to the dedicated wal directory. -#ETCD_WAL_DIR="" -# Number of committed transactions to trigger a snapshot to disk. -#ETCD_SNAPSHOT_COUNT="10000" +# ETCD_SNAPSHOT_COUNT="10000" +# Number of committed transactions to trigger a snapshot to disk. Deprecated in v3.6 and will be decommissioned in v3.7. +# ETCD_HEARTBEAT_INTERVAL="100" # Time (in milliseconds) of a heartbeat interval. -#ETCD_HEARTBEAT_INTERVAL="100" -# Time (in milliseconds) for an election to timeout. -#ETCD_ELECTION_TIMEOUT="1000" -# Raise alarms when backend size exceeds the given quota. 0 means use the -# default quota. -#ETCD_QUOTA_BACKEND_BYTES="0" -# Before changing this setting allowing etcd to be reachable over the network -# or if you have untrustworthy local users on the system where etc runs please -# make sure to enable authentication in the [security] section below. -# Please also read README.security for this package. -# List of comma separated URLs to listen on for peer traffic. -#ETCD_LISTEN_PEER_URLS="http://localhost:2380"; -# List of comma separated URLs to listen on for client traffic. +# ETCD_ELECTION_TIMEOUT="1000" +# Time (in milliseconds) for an election to timeout. See tuning documentation for details. +# ETCD_INITIAL_ELECTION_TICK_ADVANCE="true" +# Whether to fast-forward initial election ticks on boot for faster election. +# ETCD_LISTEN_PEER_URLS="http://localhost:2380"; +# List of URLs to listen on for peer traffic. ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"; -# Maximum number of snapshot files to retain (0 is unlimited). -#ETCD_MAX_SNAPSHOTS="5" +# List of URLs to listen on for client grpc traffic and http as long as --listen-client-http-urls is not specified. +# ETCD_LISTEN_CLIENT_HTTP_URLS="" +# List of URLs to listen on for http only client traffic. Enabling this flag removes http services from --listen-client-urls. +# ETCD_MAX_SNAPSHOTS="5" +# Maximum number of snapshot files to retain (0 is unlimited). Deprecated in v3.6 and will be decommissioned in v3.7. +# ETCD_MAX_WALS="5" # Maximum number of wal files to retain (0 is unlimited). -#ETCD_MAX_WALS="5" -# Comma-separated white list of origins for CORS (cross-origin resource sharing). -#ETCD_CORS="" -# Enable runtime profiling data via HTTP server -#ETCD_ENABLE_PPROF="true" -# Force to create a new one member cluster. -#ETCD_FORCE_NEW_CLUSTER="false" -#ETCD_AUTO_COMPACTION_MODE="periodic" -#ETCD_AUTO_COMPACTION_RETENTION="1" -# -# [cluster] +# ETCD_MEMORY_MLOCK="" +# Enable to enforce etcd pages (in particular bbolt) to stay in RAM. +# ETCD_QUOTA_BACKEND_BYTES="0" +# Raise alarms when backend size exceeds the given quota (0 defaults to low space quota). +# ETCD_BACKEND_BBOLT_FREELIST_TYPE="map" +# BackendFreelistType specifies the type of freelist that boltdb backend uses(array and map are supported types). +# ETCD_BACKEND_BATCH_INTERVAL="" +# BackendBatchInterval is the maximum time before commit the backend transaction. +# ETCD_BACKEND_BATCH_LIMIT="0" +# BackendBatchLimit is the maximum operations before commit the backend transaction. +# ETCD_MAX_TXN_OPS="128" +# Maximum number of operations permitted in a transaction. +# ETCD_MAX_REQUEST_BYTES="1572864" +# Maximum client request size in bytes the server will accept. +# ETCD_MAX_CONCURRENT_STREAMS="math.MaxUint32" +# Maximum concurrent streams that each client can open at a time. +# ETCD_GRPC_KEEPALIVE_MIN_TIME="5s" +# Minimum duration interval that a client should wait before pinging server. +# ETCD_GRPC_KEEPALIVE_INTERVAL="2h" +# Frequency duration of server-to-client ping to check if a connection is alive (0 to disable). +# ETCD_GRPC_KEEPALIVE_TIMEOUT="20s" +# Additional duration of wait before closing a non-responsive connection (0 to disable). +# ETCD_SOCKET_REUSE_PORT="false" +# Enable to set socket option SO_REUSEPORT on listeners allowing rebinding of a port already in use. +# ETCD_SOCKET_REUSE_ADDRESS="false" +# Enable to set socket option SO_REUSEADDR on listeners allowing binding to an address in TIME_WAIT state. +# ETCD_ENABLE_GRPC_GATEWAY="" +# Enable GRPC gateway. +# ETCD_RAFT_READ_TIMEOUT="5s" +# Read timeout set on each rafthttp connection +# ETCD_RAFT_WRITE_TIMEOUT="5s" +# Write timeout set on each rafthttp connection +# ETCD_FEATURE_GATES="" +# A set of key=value pairs that describe server level feature gates for alpha/experimental features. Options are: +# AllAlpha=true|false (ALPHA - default=false) +# AllBeta=true|false (BETA - default=false) +# CompactHashCheck=true|false (ALPHA - default=false) +# InitialCorruptCheck=true|false (ALPHA - default=false) +# LeaseCheckpoint=true|false (ALPHA - default=false) +# LeaseCheckpointPersist=true|false (ALPHA - default=false) +# SetMemberLocalAddr=true|false (ALPHA - default=false) +# StopGRPCServiceOnDefrag=true|false (ALPHA - default=false) +# TxnModeWriteWithSharedBuffer=true|false (BETA - default=true) + +# Clustering: +# ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"; # List of this member's peer URLs to advertise to the rest of the cluster. -# The URLs needed to be a comma-separated list. -#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"; -# List of this member's client URLs to advertise to the public. -# The URLs needed to be a comma-separated list. -ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"; -# Discovery URL used to bootstrap the cluster. -#ETCD_DISCOVERY="" -# Valid values include 'exit', 'proxy' -#ETCD_DISCOVERY_FALLBACK="proxy" -# HTTP proxy to use for traffic to discovery service. -#ETCD_DISCOVERY_PROXY="" -# DNS domain used to bootstrap initial cluster. -#ETCD_DISCOVERY_SRV="" -# Comma separated string of initial cluster configuration for bootstrapping. -# Example: "infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380"; -#ETCD_INITIAL_CLUSTER="" +# ETCD_INITIAL_CLUSTER="default=http://localhost:2380"; +# Initial cluster configuration for bootstrapping. +# ETCD_INITIAL_CLUSTER_STATE="new" +# Initial cluster state ('new' when bootstrapping a new cluster or 'existing' when adding new members to an existing cluster). +# After successful initialization (bootstrapping or adding), flag is ignored on restarts +# ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" # Initial cluster token for the etcd cluster during bootstrap. -#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" -# Initial cluster state ('new' or 'existing'). -#ETCD_INITIAL_CLUSTER_STATE="new" +# Specifying this can protect you from unintended cross-cluster interaction when running multiple clusters. +ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"; +# List of this member's client URLs to advertise to the public. +# The client URLs advertised should be accessible to machines that talk to etcd cluster. etcd client libraries parse these URLs to connect to the cluster. +# ETCD_DISCOVERY="" +# Discovery URL used to bootstrap the cluster for v2 discovery. Will be deprecated in v3.7, and be decommissioned in v3.8. +# ETCD_DISCOVERY_TOKEN="" +# V3 discovery: discovery token for the etcd cluster to be bootstrapped. +# ETCD_DISCOVERY_ENDPOINTS="" +# V3 discovery: List of gRPC endpoints of the discovery service. +# ETCD_DISCOVERY_DIAL_TIMEOUT="2s" +# V3 discovery: dial timeout for client connections. +# ETCD_DISCOVERY_REQUEST_TIMEOUT="5s" +# V3 discovery: timeout for discovery requests (excluding dial timeout). +# ETCD_DISCOVERY_KEEPALIVE_TIME="2s" +# V3 discovery: keepalive time for client connections. +# ETCD_DISCOVERY_KEEPALIVE_TIMEOUT="6s" +# V3 discovery: keepalive timeout for client connections. +# ETCD_DISCOVERY_INSECURE_TRANSPORT="true" +# V3 discovery: disable transport security for client connections. +# ETCD_DISCOVERY_INSECURE_SKIP_TLS_VERIFY="false" +# V3 discovery: skip server certificate verification (CAUTION: this option should be enabled only for testing purposes). +# ETCD_DISCOVERY_CERT="" +# V3 discovery: identify secure client using this TLS certificate file. +# ETCD_DISCOVERY_KEY="" +# V3 discovery: identify secure client using this TLS key file. +# ETCD_DISCOVERY_CACERT="" +# V3 discovery: verify certificates of TLS-enabled secure servers using this CA bundle. +# ETCD_DISCOVERY_USER="" +# V3 discovery: username[:password] for authentication (prompt if password is not supplied). +# ETCD_DISCOVERY_PASSWORD="" +# V3 discovery: password for authentication (if this option is used, --user option shouldn't include password). +# ETCD_DISCOVERY_FALLBACK="exit" +# Expected behavior ('exit') when discovery services fails. Note that v2 proxy is removed. +# ETCD_DISCOVERY_PROXY="" +# HTTP proxy to use for traffic to discovery service. Will be deprecated in v3.7, and be decommissioned in v3.8. +# ETCD_DISCOVERY_SRV="" +# DNS srv domain used to bootstrap the cluster. +# ETCD_DISCOVERY_SRV_NAME="" +# Suffix to the dns srv name queried when bootstrapping. +# ETCD_STRICT_RECONFIG_CHECK="true" # Reject reconfiguration requests that would cause quorum loss. -#ETCD_STRICT_RECONFIG_CHECK="false" -# Accept etcd V2 client requests -#ETCD_ENABLE_V2="true" -# -# [security] +# ETCD_PRE_VOTE="true" +# Enable the raft Pre-Vote algorithm to prevent disruption when a node that has been partitioned away rejoins the cluster. +# ETCD_AUTO_COMPACTION_RETENTION="0" +# Auto compaction retention length. 0 means disable auto compaction. +# ETCD_AUTO_COMPACTION_MODE="periodic" +# Interpret 'auto-compaction-retention' one of: periodic|revision. 'periodic' for duration based retention, defaulting to hours if no time unit is provided (e.g. '5m'). 'revision' for revision number based retention. +# ETCD_V2_DEPRECATION="write-only" +# Phase of v2store deprecation. Deprecated and scheduled for removal in v3.8. The default value is enforced, ignoring user input. +# Supported values: +# 'not-yet' // Issues a warning if v2store have meaningful content (default in v3.5) +# 'write-only' // Custom v2 state is not allowed (default in v3.6) +# 'write-only-drop-data' // Custom v2 state will get DELETED ! (planned default in v3.7) +# 'gone' // v2store is not maintained any longer. (planned to cleanup anything related to v2store in v3.8) + +# Security: +# ETCD_CERT_FILE="" # Path to the client server TLS cert file. -#ETCD_CERT_FILE="" +# ETCD_KEY_FILE="" # Path to the client server TLS key file. -#ETCD_KEY_FILE="" +# ETCD_CLIENT_CERT_AUTH="false" # Enable client cert authentication. -#ETCD_CLIENT_CERT_AUTH="false" +# ETCD_CLIENT_CERT_FILE="" +# Path to an explicit peer client TLS cert file otherwise cert file will be used when client auth is required. +# ETCD_CLIENT_KEY_FILE="" +# Path to an explicit peer client TLS key file otherwise key file will be used when client auth is required. +# ETCD_CLIENT_CRL_FILE="" +# Path to the client certificate revocation list file. +# ETCD_CLIENT_CERT_ALLOWED_HOSTNAME="" +# Comma-separated list of SAN hostnames for client cert authentication. +# ETCD_TRUSTED_CA_FILE="" # Path to the client server TLS trusted CA cert file. -#ETCD_TRUSTED_CA_FILE="" -# Client TLS using generated certificates -#ETCD_AUTO_TLS="false" +# ETCD_AUTO_TLS="false" +# Client TLS using generated certificates. +# ETCD_PEER_CERT_FILE="" # Path to the peer server TLS cert file. -#ETCD_PEER_CERT_FILE="" +# ETCD_PEER_KEY_FILE="" # Path to the peer server TLS key file. -#ETCD_PEER_KEY_FILE="" +# ETCD_PEER_CLIENT_CERT_AUTH="false" # Enable peer client cert authentication. -#ETCD_PEER_CLIENT_CERT_AUTH="false" -# Path to the peer server TLS trusted CA cert file. -#ETCD_PEER_TRUSTED_CA_FILE="" -# Peer TLS using generated certificates. -#ETCD_PEER_AUTO_TLS="false" -# Allowed CN for inter peer authentication. -#ETCD_PEER_ALLOWED_CN="" -# Allowed TLS hostname for inter peer authentication. -#ETCD_PEER_ALLOWED_HOSTNAME="" -# The validity period of the self-signed certificate, the unit is year. -#ETCD_SELF_SIGNED_CERT_VALIDITY="1" -# Limit etcd to a specific set of tls cipher suites -#ETCD_CIPHER_SUITES="" -# Limit etcd to specific TLS protocol versions -#ETCD_TLS_MIN_VERSION="TLS1.2" -#ETCD_TLS_MAX_VERSION="TLS1.3" -# -# [logging] -# Enable debug-level logging for etcd. -#ETCD_LOG_LEVEL="debug" -#ETCD_LOGGER="zap" -# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd. -#ETCD_LOG_OUTPUTS="stderr" -# -# [proxy] Note: flags will be deprecated in v3.6. "proxy" supports v2 API only. -# Valid values include 'on', 'readonly', 'off' -#ETCD_PROXY="off" -# Time (in milliseconds) an endpoint will be held in a failed state. -#ETCD_PROXY_FAILURE_WAIT="5000" -# Time (in milliseconds) of the endpoints refresh interval. -#ETCD_PROXY_REFRESH_INTERVAL="30000" -# Time (in milliseconds) for a dial to timeout. -#ETCD_PROXY_DIAL_TIMEOUT="1000" -# Time (in milliseconds) for a write to timeout. -#ETCD_PROXY_WRITE_TIMEOUT="5000" -# Time (in milliseconds) for a read to timeout. -#ETCD_PROXY_READ_TIMEOUT="0" +# ETCD_PEER_CLIENT_CERT_FILE="" +# Path to an explicit peer client TLS cert file otherwise peer cert file will be used when client auth is required. +# ETCD_PEER_CLIENT_KEY_FILE="" +# Path to an explicit peer client TLS key file otherwise peer key file will be used when client auth is required. +# ETCD_PEER_TRUSTED_CA_FILE="" +# Path to the peer server TLS trusted CA file. +# ETCD_PEER_CERT_ALLOWED_CN="" +# Comma-separated list of allowed CNs for inter-peer TLS authentication. +# ETCD_PEER_CERT_ALLOWED_HOSTNAME="" +# Comma-separated list of allowed SAN hostnames for inter-peer TLS authentication. +# ETCD_PEER_AUTO_TLS="false" +# Peer TLS using self-generated certificates if --peer-key-file and --peer-cert-file are not provided. +# ETCD_SELF_SIGNED_CERT_VALIDITY="1" +# The validity period of the client and peer certificates that are automatically generated by etcd when you specify ClientAutoTLS and PeerAutoTLS, the unit is year, and the default is 1. +# ETCD_PEER_CRL_FILE="" +# Path to the peer certificate revocation list file. +# ETCD_CIPHER_SUITES="" +# Comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go). +# ETCD_CORS="*" +# Comma-separated whitelist of origins for CORS, or cross-origin resource sharing, (empty or * means allow all). +# ETCD_HOST_WHITELIST="*" +# Acceptable hostnames from HTTP client requests, if server is not secure (empty or * means allow all). +# ETCD_TLS_MIN_VERSION="TLS1.2" +# Minimum TLS version supported by etcd. Possible values: TLS1.2, TLS1.3. +# ETCD_TLS_MAX_VERSION="" +# Maximum TLS version supported by etcd. Possible values: TLS1.2, TLS1.3 (empty will be auto-populated by Go). + +# Auth: +# ETCD_AUTH_TOKEN="simple" +# Specify a v3 authentication token type and its options ('simple' or 'jwt'). +# ETCD_BCRYPT_COST="10" +# Specify the cost / strength of the bcrypt algorithm for hashing auth passwords. Valid values are between 4 and 31. +# ETCD_AUTH_TOKEN_TTL="300" +# Time (in seconds) of the auth-token-ttl. + +# Profiling and Monitoring: +# ETCD_ENABLE_PPROF="false" +# Enable runtime profiling data via HTTP server. Address is at client URL + "/debug/pprof/" +# ETCD_METRICS="basic" +# Set level of detail for exported metrics, specify 'extensive' to include server side grpc histogram metrics. +# ETCD_LISTEN_METRICS_URLS="" +# List of URLs to listen on for the /metrics and /health endpoints. For https, the client URL TLS info is used. + +# Logging: +# ETCD_LOGGER="zap" +# Currently only supports 'zap' for structured logging. +# ETCD_LOG_OUTPUTS="default" +# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd, or list of comma separated output targets. +# ETCD_LOG_LEVEL="info" +# Configures log level. Only supports debug, info, warn, error, panic, or fatal. +# ETCD_LOG_FORMAT="json" +# Configures log format. Only supports json, console. +# ETCD_ENABLE_LOG_ROTATION="false" +# Enable log rotation of a single log-outputs file target. +# ETCD_LOG_ROTATION_CONFIG_JSON="{"maxsize": 100, "maxage": 0, "maxbackups": 0, "localtime": false, "compress": false}" +# Configures log rotation if enabled with a JSON logger config. MaxSize(MB), MaxAge(days,0=no limit), MaxBackups(0=no limit), LocalTime(use computers local time), Compress(gzip)". +# ETCD_WARNING_UNARY_REQUEST_DURATION="300ms" +# Set time duration after which a warning is logged if a unary request takes more than this duration. + +# Experimental distributed tracing: +# ETCD_EXPERIMENTAL_ENABLE_DISTRIBUTED_TRACING="false" +# Enable experimental distributed tracing. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--enable-distributed-tracing' instead. +# ETCD_ENABLE_DISTRIBUTED_TRACING="false" +# Enable distributed tracing. +# ETCD_EXPERIMENTAL_DISTRIBUTED_TRACING_ADDRESS="localhost:4317" +# Distributed tracing collector address. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--distributed-tracing-address' instead. +# ETCD_DISTRIBUTED_TRACING_ADDRESS="localhost:4317" +# Distributed tracing collector address. +# ETCD_EXPERIMENTAL_DISTRIBUTED_TRACING_SERVICE_NAME="etcd" +# Distributed tracing service name, must be same across all etcd instances. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--distributed-tracing-service-name' instead. +# ETCD_DISTRIBUTED_TRACING_SERVICE_NAME="etcd" +# Distributed tracing service name, must be same across all etcd instances. +# ETCD_EXPERIMENTAL_DISTRIBUTED_TRACING_INSTANCE_ID="" +# Distributed tracing instance ID, must be unique per each etcd instance. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--distributed-tracing-instance-id' instead. +# ETCD_DISTRIBUTED_TRACING_INSTANCE_ID="" +# Distributed tracing instance ID, must be unique per each etcd instance. +# ETCD_EXPERIMENTAL_DISTRIBUTED_TRACING_SAMPLING_RATE="0" +# Number of samples to collect per million spans for distributed tracing. Disabled by default. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--distributed-tracing-sampling-rate' instead. +# ETCD_DISTRIBUTED_TRACING_SAMPLING_RATE="0" +# Number of samples to collect per million spans for distributed tracing. + +# Experimental feature: +# ETCD_EXPERIMENTAL_INITIAL_CORRUPT_CHECK="false" +# Enable to check data corruption before serving any client/peer traffic. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--feature-gates=InitialCorruptCheck=true' instead. +# ETCD_EXPERIMENTAL_CORRUPT_CHECK_TIME="0s" +# Duration of time between cluster corruption check passes. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--corrupt-check-time' instead. +# ETCD_CORRUPT_CHECK_TIME="0s" +# Duration of time between cluster corruption check passes. +# ETCD_EXPERIMENTAL_COMPACT_HASH_CHECK_ENABLED="false" +# Enable leader to periodically check followers compaction hashes. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--feature-gates=CompactHashCheck=true' instead. +# ETCD_EXPERIMENTAL_COMPACT_HASH_CHECK_TIME="1m" +# Duration of time between leader checks followers compaction hashes. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--compact-hash-check-time' instead. +# ETCD_COMPACT_HASH_CHECK_TIME="1m" +# Duration of time between leader checks followers compaction hashes. +# ETCD_EXPERIMENTAL_ENABLE_LEASE_CHECKPOINT="false" +# ExperimentalEnableLeaseCheckpoint enables primary lessor to persist lease remainingTTL to prevent indefinite auto-renewal of long lived leases. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--feature-gates=LeaseCheckpoint=true' instead. +# ETCD_EXPERIMENTAL_COMPACTION_BATCH_LIMIT="1000" +# ExperimentalCompactionBatchLimit sets the maximum revisions deleted in each compaction batch. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--compaction-batch-limit' instead. +# ETCD_COMPACTION_BATCH_LIMIT="1000" +# CompactionBatchLimit sets the maximum revisions deleted in each compaction batch. +# ETCD_EXPERIMENTAL_PEER_SKIP_CLIENT_SAN_VERIFICATION="false" +# Skip verification of SAN field in client certificate for peer connections. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--peer-skip-client-san-verification' instead. +# ETCD_PEER_SKIP_CLIENT_SAN_VERIFICATION="false" +# Skip verification of SAN field in client certificate for peer connections. +# ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL="10m" +# Duration of periodical watch progress notification. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--watch-progress-notify-interval' instead. +# ETCD_WATCH_PROGRESS_NOTIFY_INTERVAL="10m" +# Duration of periodical watch progress notification. +# ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION="100ms" +# Warning is generated if requests take more than this duration. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--warning-apply-duration' instead. +# ETCD_WARNING_APPLY_DURATION="100ms" +# Warning is generated if requests take more than this duration. +# ETCD_EXPERIMENTAL_TXN_MODE_WRITE_WITH_SHARED_BUFFER="true" +# Enable the write transaction to use a shared buffer in its readonly check operations. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--feature-gates=TxnModeWriteWithSharedBuffer=true' instead. +# ETCD_EXPERIMENTAL_BOOTSTRAP_DEFRAG_THRESHOLD_MEGABYTES="" +# Enable the defrag during etcd server bootstrap on condition that it will free at least the provided threshold of disk space. Needs to be set to non-zero value to take effect. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--bootstrap-defrag-threshold-megabytes' instead. +# ETCD_BOOTSTRAP_DEFRAG_THRESHOLD_MEGABYTES="" +# Enable the defrag during etcd server bootstrap on condition that it will free at least the provided threshold of disk space. Needs to be set to non-zero value to take effect. +# ETCD_EXPERIMENTAL_WARNING_UNARY_REQUEST_DURATION="300ms" +# Set time duration after which a warning is generated if a unary request takes more than this duration. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--warning-unary-request-duration' instead. +# ETCD_MAX_LEARNERS="1" +# Set the max number of learner members allowed in the cluster membership. +# ETCD_EXPERIMENTAL_SNAPSHOT_CATCH_UP_ENTRIES="5000" +# Number of entries for a slow follower to catch up after compacting the raft storage entries. +# ETCD_EXPERIMENTAL_COMPACTION_SLEEP_INTERVAL="" +# Sets the sleep interval between each compaction batch. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--compaction-sleep-interval' instead. +# ETCD_COMPACTION_SLEEP_INTERVAL="" +# Sets the sleep interval between each compaction batch. +# ETCD_EXPERIMENTAL_DOWNGRADE_CHECK_TIME="" +# Duration of time between two downgrade status checks. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--downgrade-check-time' instead. +# ETCD_DOWNGRADE_CHECK_TIME="" +# Duration of time between two downgrade status checks. +# ETCD_EXPERIMENTAL_ENABLE_LEASE_CHECKPOINT_PERSIST="false" +# Enable persisting remainingTTL to prevent indefinite auto-renewal of long lived leases. Always enabled in v3.6. Should be used to ensure smooth upgrade from v3.5 clusters with this feature enabled. Requires experimental-enable-lease-checkpoint to be enabled. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--feature-gates=LeaseCheckpointPersist=true' instead. +# ETCD_EXPERIMENTAL_MEMORY_MLOCK="" +# Enable to enforce etcd pages (in particular bbolt) to stay in RAM. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--memory-mlock' instead. +# ETCD_EXPERIMENTAL_SNAPSHOT_CATCHUP_ENTRIES="" +# Number of entries for a slow follower to catch up after compacting the raft storage entries. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--snapshot-catchup-entries' instead. +# ETCD_SNAPSHOT_CATCHUP_ENTRIES="" +# Number of entries for a slow follower to catch up after compacting the raft storage entries. +# ETCD_EXPERIMENTAL_STOP_GRPC_SERVICE_ON_DEFRAG="" +# Enable etcd gRPC service to stop serving client requests on defragmentation. Deprecated in v3.6 and will be decommissioned in v3.7. Use '--feature-gates=StopGRPCServiceOnDefrag=true' instead. + +# Unsafe feature: +# ETCD_FORCE_NEW_CLUSTER="false" +# Force to create a new one-member cluster. +# ETCD_UNSAFE_NO_FSYNC="false" +# Disables fsync, unsafe, will cause data loss. + +# CAUTIOUS with unsafe flag! It may break the guarantees given by the consensus protocol! + ++++++ etcd.sysconfig ++++++ --- /var/tmp/diff_new_pack.7v9vf5/_old 2025-07-02 12:14:03.758103924 +0200 +++ /var/tmp/diff_new_pack.7v9vf5/_new 2025-07-02 12:14:03.766104254 +0200 @@ -4,7 +4,7 @@ ## Default: "" ## ServiceRestart: etcd # -# additional options to pass to etcd. e.g. --enable-v2=true +# additional options to pass to etcd: # ETCD_OPTIONS="" ++++++ etcd.sysuser ++++++ #Type Name ID GECOS Home directory Shell u etcd - "etcd daemon" /var/lib/etcd - ++++++ update-etcd-conf.sh ++++++ #!/usr/bin/bash # # Script to update etcd configuration # Intended to be run after updating sources # Author: Elisei Roca #------------------------------------------ set -euo pipefail #set -x DRY_RUN=0 REBUILD_IMAGE=0 NEW_CONF=".update-etcd-conf.new" RPM_CACHE=".update-etcd-conf-latest.rpm" while [ "$#" -gt 0 ]; do case $1 in --clean|-c) echo "Clean $NEW_CONF and $RPM_CACHE" rm -f "$NEW_CONF" "$RPM_CACHE" exit 0 ;; --dry-run|-d) DRY_RUN=1 ;; --rebuild|-r) REBUILD_IMAGE=1 ;; --help|-h) echo "Usage: $0 [--clean|-c] [--dry-run|-d] [--rebuild|-r]" echo " --clean, -c : remove $NEW_CONF and $RPM_CACHE" echo " --dry-run, -d : create '$NEW_CONF' instead of updating etcd.conf" echo " --rebuild, -r : rebuild the RPM and container image" exit 0 ;; *) echo "Unknown argument: $1" >&2 exit 1 ;; esac shift done BODY_TMP=$(mktemp "./.etcd-conf-update.body.XXXXXX") HELP_TMP=$(mktemp "./.etcd-conf-update.help.XXXXXX") OSC_LOG=$(mktemp "./.etcd-conf-update.osc.XXXXXX") TEMP_FILES="$HELP_TMP $BODY_TMP $OSC_LOG" cleanup() { rm -f $TEMP_FILES } trap cleanup EXIT if [ "$REBUILD_IMAGE" -eq 1 ] || [ ! -f "$RPM_CACHE" ]; then rm -f "$RPM_CACHE" echo 'osc build --local-package --no-service' osc build --local-package --no-service --clean | tee "$OSC_LOG" RPM_PATH=$(tail -n10 "$OSC_LOG" | grep -Eo '/[^ ]*/etcd-[^ ]*\.rpm' | tail -1) [ -z "$RPM_PATH" ] || [ ! -f "$RPM_PATH" ] && { echo '| No etcd RPM found after osc build |'; exit 1; } cp -v "$RPM_PATH" "$RPM_CACHE" echo "Copied newly built RPM to: $RPM_CACHE" else echo "Using cached RPM: $RPM_CACHE" fi if [ "$REBUILD_IMAGE" -eq 1 ] || ! podman image exists etcd-oscrpm; then podman build . -t etcd-oscrpm -f - <<EOF FROM registry.opensuse.org/opensuse/tumbleweed:latest COPY $RPM_CACHE /tmp/etcd.rpm RUN old /etc/zypp/repos.d/*.repo RUN zypper -n install --allow-unsigned-rpm /tmp/etcd.rpm EOF fi ETCD_VERSION=$(podman run --rm etcd-oscrpm etcd --version 2>/dev/null | awk '/^etcd Version:/ {print $3}') [ -z "$ETCD_VERSION" ] && { echo "Failed to extract etcd version from container"; exit 1; } echo "Version: $ETCD_VERSION" if ! podman run --rm etcd-oscrpm etcd --help > "$HELP_TMP" 2>/dev/null; then echo "Error: Failed to run etcd --help in container" >&2 exit 1 fi [ -s "$HELP_TMP" ] || { echo "Error: etcd --help output is empty" >&2; exit 1; } HEADER_CONTENT='# Please also read README.security for this package. # Environment variables: every flag has a corresponding environment variable that has the # same name but is prefixed with ETCD_ and formatted in all caps and snake case. # For example, --some-flag would be ETCD_SOME_FLAG. # Caution: If you mix-and-match configuration options, then the following rules apply. # * Command-line flags take precedence over environment variables. # * If you provide a configuration file all command-line flags and environment variables are ignored. # Set commandline options example: ETCD_OPTIONS="--feature-gates=StopGRPCServiceOnDefrag=true" # ETCD_OPTIONS=""' awk ' /^[[:space:]]*--[A-Za-z0-9-]+/ { match($0, "^[[:space:]]*--([A-Za-z0-9-]+)([[:space:]]+\x27([^\x27]*)\x27|[[:space:]]+([^[:space:]]+))?", arr) var = arr[1] gsub("-", "_", var) var = toupper(var) if (arr[3] != "") val = arr[3] else if (arr[4] != "") val = arr[4] else val = "" print "# ETCD_" var "=\"" val "\"" next } /^[[:space:]]*$/ { print ""; next } { sub(/^[[:space:]]*/, "", $0); print "# " $0 } ' "$HELP_TMP" > "$BODY_TMP" echo "$HEADER_CONTENT" > "$NEW_CONF" cat "$BODY_TMP" >> "$NEW_CONF" # Uncomment default configuration options for line in ETCD_NAME ETCD_DATA_DIR ETCD_LISTEN_CLIENT_URLS ETCD_ADVERTISE_CLIENT_URLS; do sed -i "/# $line=/s/^# //" "$NEW_CONF" done # Modify ETCD_DATA_DIR to default value sed -i 's|^ETCD_DATA_DIR=.*$|ETCD_DATA_DIR="/var/lib/etcd/default.etcd"|' "$NEW_CONF" if [ "$DRY_RUN" -eq 0 ]; then mv "$NEW_CONF" etcd.conf echo "Updated etcd.conf" else echo "Dry run: created $NEW_CONF" fi ++++++ update-vendor.sh ++++++ #!/usr/bin/bash # # Script to update the vendor tarball # Author: Elisei Roca #------------------------------------ set -eo pipefail # set -x NAME=etcd STACK=("server" "etcdctl" "etcdutl") VERSION=$(grep -oP '(?<=Version:)(.*)' etcd.spec | xargs) [ ! -f "$NAME-$VERSION".tar.gz ] && echo "$NAME-$VERSION.tar.gz does not exist" && exit 1 echo "Updating vendor file..." tempdir="$(mktemp -d --suffix=.etcd)" function cleanup() { rm -rf "${tempdir}" } trap cleanup EXIT mkdir -p "${tempdir}/vendor" tar --strip-components=1 -xvf "$NAME-$VERSION".tar.gz -C "${tempdir}" &> /dev/null dir=$(pwd) for item in ${STACK[*]}; do mkdir "${tempdir}/vendor/${item}" cd "${tempdir}/${item}" go mod vendor mv vendor/ ../vendor/"$item" done cd "$dir" fdupes -r -1 "${tempdir}/vendor/" | while read line; do target=""; for file in ${line[*]}; do if [ "x${target}" == "x" ]; then target=$file; else ln -f "${target}" "${file}"; fi; done; done tar -czvf vendor.tar.gz -C "${tempdir}" vendor &> /dev/null echo "Repacked to vendor.tar.gz" ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/etcd/vendor.tar.gz /work/SRC/openSUSE:Factory/.etcd.new.7067/vendor.tar.gz differ: char 12, line 1
