Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2019-05-06 13:28:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.5148 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openvswitch"
Mon May 6 13:28:11 2019 rev:40 rq:700964 version:2.11.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2019-03-26
15:45:40.848074513 +0100
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.5148/openvswitch.changes
2019-05-06 13:28:18.705393139 +0200
@@ -1,0 +2,59 @@
+Mon Apr 29 14:12:36 UTC 2019 - <jcaam...@suse.com>
+
+- Fix problem preventing new installs to run as non root (bsc#1132029),
+ including:
+ * Align with upstream so that no running configuration is changed on
+ upgrades, specifically to avoid changes on the user Open vSwitch runs
+ under.
+ * hugetblfs groups is created as system group.
+- Add missing opnvswitch-ipsec package and systemd service.
+- Add patch to use strongswan instead of libreswan for openvswitch-ipsec.
+ libreswan package not available currently.
+ * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
+- Add missing ovs-delete-transient-ports systemd service.
+- Align installed headers with upstream.
+- Fix problem preventing rpm build '--with check'.
+- Fix python environment that had directories pointing to /usr/local.
+- Version bump to 2.11.1. Some of the changes are:
+ * netdev-tc-offloads: Fix probe tc block support
+ * rhel: Include all header files in the Fedora's devel package
+ * reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT.
+ * OVN: Make periodic RAs consistent with RA responder.
+ * OVN: Always send prefix option in RAs
+ * OVN: Use offset instead of pointer into ofpbuf
+ * ofproto: fix the bug of bucket counter is not updated
+ * netdev-dpdk: Print netdev name for txq mapping.
+ * dpif-netdev-perf: Fix millisecond stats precision with slower TSC.
+ * ifupdown.sh: Add missing "--may-exist" option
+ * dpif-netdev-perf: Fix double update of perf histograms.
+ * dpdk: Stop dumping memzones to stdout.
+ * dpctl: Drop parser debug information.
+ * netdev-tc-offloads: Properly get the block id on flow del/get
+ * netdev-tc-offloads: Improve log message for icmpv6 offload not supported
+ * conntrack: Replace structure copy by memcpy().
+ * conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
+ * conntrack: Fix race for NAT cleanup.
+ * ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic
addresses.
+ * datapath-windows: Add annotations to find vport functions
+ * datapath-windows: Guard vport usage in user.c
+ * datapath-windows: Fix potential deadlock in event subscription
+ * datapath-windows: Fix race condition during port creation
+ * datapath-windows: Fix nbl cleanup when memory allocation fails
+ * netdev-linux: Remove ingress qdisc before trying to add shared block
+ * netdev-tc-offloads: Remove ingress qdisc on tc init flow api
+ * ovsdb-idl: Fix memory leak of idl->remote.
+ * travis: Remove 'sudo' configuration.
+ * OVN: Add port addresses to IPAM after all ports are joined.
+ * dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete
+ * OVN: update RA next_announce according to {min, max}_interval
+ * rconn: Avoid occasional immediate connection failures.
+ * dpdk: Fix case-sensitivity of dpdk-init knob.
+ * NEWS: Clean up the 2.11.0 release notes a bit.
+ * conntrack: Fix L4 csum for V6 extension hdr pkts.
+ * packets: Change return type for 'packet_csum_upperlayer6()'.
+ * ovsdb-client: Fix typo.
+ * ovn-nbctl: Daemon mode should retry when IDL connection lost.
+ * ofctl: break the loop if ovs_pcap_read returns error
+ * netlink: added check to prevent netlink attribute overflow
+
+-------------------------------------------------------------------
Old:
----
openvswitch-2.11.0.tar.gz
New:
----
0001-Use-strongswan-for-openvswitch-ipsec-service.patch
openvswitch-2.11.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openvswitch.spec ++++++
--- /var/tmp/diff_new_pack.pBS9LU/_old 2019-05-06 13:28:20.405396840 +0200
+++ /var/tmp/diff_new_pack.pBS9LU/_new 2019-05-06 13:28:20.445396927 +0200
@@ -41,7 +41,7 @@
# Disable building the external kernel datapath by default
%bcond_with kmp
Name: openvswitch
-Version: 2.11.0
+Version: 2.11.1
Release: 0
Summary: A multilayer virtual network switch
# All code is Apache-2.0 except
@@ -53,6 +53,8 @@
Source0: http://openvswitch.org/releases/openvswitch-%{version}.tar.gz
Source1: preamble
Source89: Module.supported.updates
+# PATCH-FIX-OPENSUSE: Use-strongswan-for-openvswitch-ipsec-service.patch
+Patch0: 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: graphviz
@@ -270,6 +272,17 @@
Open vSwitch is a full-featured software-based Ethernet switch.
+%package ipsec
+Summary: Open vSwitch IPsec tunneling support
+License: Apache-2.0
+Group: Productivity/Networking/System
+Requires: %{name} = %{version}
+Requires: python-openvswitch = %{version}
+Requires: strongswan
+
+%description ipsec
+This package provides IPsec tunneling support for OVS tunnels.
+
%package -n python2-ovs
Summary: Python2 bindings for Open vSwitch
License: Apache-2.0
@@ -322,6 +335,7 @@
%prep
%setup -q -n openvswitch-%{version}
+%patch0 -p1
%build
set -- * .travis* .mailmap .cirrus.yml
@@ -383,6 +397,13 @@
%check
%if %{with check}
pushd source
+touch resolv.conf
+export OVS_RESOLV_CONF=$(pwd)/resolv.conf
+
+# Python build macros have moved out of the build directory some
+# extra_dist files that are required for check, put them back.
+cp python/_build.tmp/*.py python/build/
+
# Recheck tests before we declare them broken. If that fails, dump
# the log and exit. >2.5.0 uses the RECHECK env variable so this
# needs to be taken into consideration for future releases.
@@ -412,13 +433,21 @@
%make_install
# Install extra headers not included with 'make install'
-for header in $(find lib -type f -name "*.h"); do
- install -d -m 755 %{buildroot}%{_includedir}/%{name}/"$(dirname
$header)"
- install -m 644 "$header" %{buildroot}%{_includedir}/%{name}/"$(dirname
$header)"
-done
+copy_headers() {
+ src=$1
+ dst=$RPM_BUILD_ROOT/$2
+ install -d -m 0755 $dst
+ install -m 0644 $src/*.h $dst
+}
+copy_headers include/sparse %{_includedir}/openvswitch/sparse
+copy_headers include/sparse/arpa %{_includedir}/openvswitch/sparse/arpa
+copy_headers include/sparse/netinet %{_includedir}/openvswitch/sparse/netinet
+copy_headers include/sparse/sys %{_includedir}/openvswitch/sparse/sys
+copy_headers lib %{_includedir}/openvswitch/lib
for service in openvswitch ovn-controller ovn-controller-vtep \
- ovn-northd ovsdb-server ovs-vswitchd; do
+ ovn-northd ovsdb-server ovs-vswitchd ovs-delete-transient-ports \
+ openvswitch-ipsec; do
install -D -m 644 rhel/usr_lib_systemd_system_${service}.service \
%{buildroot}%{_unitdir}/${service}.service
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc${service}
@@ -485,6 +514,18 @@
export LDFLAGS="${LDFLAGS} -L %{buildroot}%{_libdir}"
export CPPFLAGS="-I ../include"
+# Set python environment
+sed \
+ -e '/^##/d' \
+ -e 's,[@]pkgdatadir[@],%{_datadir}/%{name},g' \
+ -e 's,[@]RUNDIR[@],%{_rundir},g' \
+ -e 's,[@]LOGDIR[@],%{_localstatedir}/log,g' \
+ -e 's,[@]bindir[@],%{_bindir},g' \
+ -e 's,[@]sysconfdir[@],%{_sysconfdir},g' \
+ -e 's,[@]DBDIR[@],%{_sysconfdir}/%{name},g' \
+ < ovs/dirs.py.template \
+ > ovs/dirs.py
+
%if 0%{?suse_version}
# SLES
%{python_build}
@@ -509,24 +550,29 @@
%post
/sbin/ldconfig
-%{fillup_only -n openvswitch}
if [ $1 -eq 1 ]; then
- sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:'
%{_sysconfdir}/sysconfig/openvswitch
- sed -i 's:\(.*su\).*:\1 openvswitch openvswitch:'
%{_sysconfdir}/logrotate.d/openvswitch
+ # Follow the upstream strategy that no running openvswitch
+ # configuration is changed on upgrade so use fillup only for new installs.
+ %{?suse_version: %fillup_only -n openvswitch}
%if %{with dpdk}
+ %define rgroup hugetlbfs
+%else
+ %define rgroup openvswitch
+%endif
+
sed -i \
-
's@OVS_USER_ID="openvswitch:openvswitch"@OVS_USER_ID="openvswitch:hugetlbfs"@'\
+
's@^#OVS_USER_ID="openvswitch:openvswitch"@OVS_USER_ID="openvswitch:%{rgroup}"@'\
%{_sysconfdir}/sysconfig/openvswitch
-%endif
+ sed -i 's:\(.*su\).*:\1 openvswitch %{rgroup}:'
%{_sysconfdir}/logrotate.d/openvswitch
+
# In the case of upgrade, this is not needed
chown -R openvswitch:openvswitch %{_sysconfdir}/openvswitch
- chown -R openvswitch:openvswitch %{_localstatedir}/log/openvswitch
+ chown -R openvswitch:%{rgroup} %{_localstatedir}/log/openvswitch
fi
%if 0%{?suse_version}
- %service_add_post ovsdb-server.service ovs-vswitchd.service
openvswitch.service
- %{fillup_only -n openvswitch}
+ %service_add_post ovsdb-server.service ovs-vswitchd.service
openvswitch.service ovs-delete-transient-ports.service
%else
%if 0%{?systemd_post:1}
%systemd_post %{name}.service
@@ -538,6 +584,11 @@
%endif
%endif
+%post ipsec
+%if 0%{?suse_version}
+ %service_add_post openvswitch-ipsec.service
+%endif
+
%posttrans
# Save the "enabled" state across the transition of ownership
# of openvswitch.service from openvswitch-switch to
@@ -557,7 +608,7 @@
# admin decide when it's the best time for an OvS restart.
# 5771f476573445710834234a6a9f7bd999a027e7 ("fedora: do not restart the
service on a pkg upgrade")
%if 0%{?suse_version}
- %service_del_postun -n ovsdb-server.service -n ovs-vswitchd.service -n
openvswitch.service
+ %service_del_postun -n ovsdb-server.service -n ovs-vswitchd.service -n
openvswitch.service -n ovs-delete-transient-ports.service
%else
%if 0%{?systemd_postun:1}
%systemd_postun %{name}.service
@@ -566,9 +617,14 @@
%endif
%endif
+%postun ipsec
+%if 0%{?suse_version}
+ %service_del_postun -n openvswitch-ipsec.service
+%endif
+
%pre
%if 0%{?suse_version}
-%service_add_pre ovsdb-server.service ovs-vswitchd.service openvswitch.service
+%service_add_pre ovsdb-server.service ovs-vswitchd.service openvswitch.service
ovs-delete-transient-ports.service
%endif
# Save the "enabled" state across the transition of
# ownership of openvswitch.service from openvswitch-switch to
@@ -586,14 +642,19 @@
%if %{with dpdk}
getent group hugetlbfs >/dev/null || \
- groupadd hugetlbfs
+ groupadd -r hugetlbfs
usermod -a -G hugetlbfs openvswitch
%endif
exit 0
+%pre ipsec
+%if 0%{?suse_version}
+ %service_add_pre openvswitch-ipsec.service
+%endif
+
%preun
%if 0%{?suse_version}
- %service_del_preun ovsdb-server.service ovs-vswitchd.service
openvswitch.service
+ %service_del_preun ovsdb-server.service ovs-vswitchd.service
openvswitch.service ovs-delete-transient-ports.service
%else
%if 0%{?systemd_preun:1}
%systemd_preun %{name}.service
@@ -606,6 +667,11 @@
%endif
%endif
+%preun ipsec
+%if 0%{?suse_version}
+ %service_del_preun openvswitch-ipsec.service
+%endif
+
%post -n %{lname} -p /sbin/ldconfig
%postun -n %{lname} -p /sbin/ldconfig
@@ -804,7 +870,6 @@
%{_datadir}/openvswitch/scripts/ovs-ctl
%{_datadir}/openvswitch/scripts/ovs-kmod-ctl
%{_datadir}/openvswitch/scripts/ovs-lib
-%{_datadir}/openvswitch/scripts/ovs-monitor-ipsec
%{_datadir}/openvswitch/scripts/ovs-save
%{_datadir}/openvswitch/vswitch.ovsschema
%{_mandir}/man1/ovsdb-client.1%{?ext_man}
@@ -829,9 +894,11 @@
%{_sbindir}/rcovsdb-server
%{_sbindir}/rcovs-vswitchd
%{_sbindir}/rcopenvswitch
+%{_sbindir}/rcovs-delete-transient-ports
%{_unitdir}/openvswitch.service
%{_unitdir}/ovs-vswitchd.service
%{_unitdir}/ovsdb-server.service
+%{_unitdir}/ovs-delete-transient-ports.service
%if 0%{?suse_version}
%{_fillupdir}/sysconfig.openvswitch
%{_datadir}/bash-completion/completions/ovs-appctl-bashcomp.bash
@@ -878,6 +945,11 @@
%{_datadir}/openvswitch/scripts/ovs-vtep
%{_datadir}/openvswitch/vtep.ovsschema
+%files ipsec
+%{_datadir}/openvswitch/scripts/ovs-monitor-ipsec
+%{_sbindir}/rcopenvswitch-ipsec
+%{_unitdir}/openvswitch-ipsec.service
+
%files -n python2-ovs
%{python2_sitearch}/ovs/
%{python2_sitearch}/ovs-*.egg-info
++++++ 0001-Use-strongswan-for-openvswitch-ipsec-service.patch ++++++
>From 6aca005f17aecf003da9a85f8dd099baef771572 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaam...@suse.com>
Date: Fri, 26 Apr 2019 15:27:05 +0200
Subject: [PATCH 1/6] Use strongswan for openvswitch-ipsec service
Since libreswan is not packaged for Leap/SLES, use strongswan for the
time being.
---
rhel/usr_lib_systemd_system_openvswitch-ipsec.service | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
index 6e309aa57..34e3f4c90 100644
--- a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
+++ b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
@@ -6,7 +6,7 @@ After=openvswitch.service
[Service]
Type=forking
ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
- --ike-daemon=libreswan start-ovs-ipsec
+ --ike-daemon=strongswan start-ovs-ipsec
ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec
[Install]
--
2.16.4
++++++ openvswitch-2.11.0.tar.gz -> openvswitch-2.11.1.tar.gz ++++++
/work/SRC/openSUSE:Factory/openvswitch/openvswitch-2.11.0.tar.gz
/work/SRC/openSUSE:Factory/.openvswitch.new.5148/openvswitch-2.11.1.tar.gz
differ: char 5, line 1
