Hello community, here is the log from the commit of package containers-systemd for openSUSE:Factory checked in at 2020-08-28 21:19:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/containers-systemd (Old) and /work/SRC/openSUSE:Factory/.containers-systemd.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "containers-systemd" Fri Aug 28 21:19:09 2020 rev:13 rq:830274 version:0.0+git20200828.7cc6e97 Changes: -------- --- /work/SRC/openSUSE:Factory/containers-systemd/containers-systemd.changes 2020-06-05 20:02:24.520372503 +0200 +++ /work/SRC/openSUSE:Factory/.containers-systemd.new.3399/containers-systemd.changes 2020-08-28 21:21:13.740320352 +0200 @@ -1,0 +2,19 @@ +Fri Aug 28 12:27:44 UTC 2020 - ku...@suse.com + +- Update to version 0.0+git20200828.7cc6e97: + * Add support for postfix container + +------------------------------------------------------------------- +Tue Aug 25 11:50:22 UTC 2020 - ku...@suse.com + +- Update to version 0.0+git20200825.e6c35ce: + * Allow extra args for podman for the ldap container + +------------------------------------------------------------------- +Mon Aug 24 14:16:49 UTC 2020 - ku...@suse.com + +- Update to version 0.0+git20200824.8ed78c3: + * New files to support OpenLDAP + * Adjust documentation + +------------------------------------------------------------------- Old: ---- containers-systemd-0.0+git20200602.25da9c0.tar.xz New: ---- containers-systemd-0.0+git20200828.7cc6e97.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ containers-systemd.spec ++++++ --- /var/tmp/diff_new_pack.sQsm6p/_old 2020-08-28 21:21:15.512321211 +0200 +++ /var/tmp/diff_new_pack.sQsm6p/_new 2020-08-28 21:21:15.512321211 +0200 @@ -16,8 +16,8 @@ # -%define containers bind dhcp-server haproxy mariadb nginx squid -%define container_services container-bind.service container-dhcp-server.service container-dhcp6-server.service container-haproxy.service container-mariadb.service container-nginx.service container-image-prune.timer squid.service +%define containers bind dhcp-server haproxy mariadb nginx openldap postfix squid +%define container_services container-bind.service container-dhcp-server.service container-dhcp6-server.service container-haproxy.service container-mariadb.service container-nginx.service container-openldap.service container-postfix.service container-squid.service container-image-prune.timer %if %{undefined service_del_postun_without_restart} %define service_del_postun_without_restart() \ @@ -26,7 +26,7 @@ %endif Name: containers-systemd -Version: 0.0+git20200602.25da9c0 +Version: 0.0+git20200828.7cc6e97 Release: 0 Summary: Systemd service files and config files for openSUSE container License: MIT @@ -65,6 +65,14 @@ for i in MYSQL_ROOT_PASSWORD MYSQL_ROOT_HOST MYSQL_DATABASE MYSQL_USER MYSQL_PASSWORD; do touch %{buildroot}%{_sysconfdir}/mariadb-secrets/$i done +mkdir -p %{buildroot}%{_sysconfdir}/openldap-secrets +for i in LDAP_ADMIN_PASSWORD LDAP_CONFIG_PASSWORD; do + touch %{buildroot}%{_sysconfdir}/openldap-secrets/$i +done +mkdir -p %{buildroot}%{_sysconfdir}/postfix-secrets +for i in SMTP_PASSWORD LDAP_MAIL_READER_PASSWORD; do + touch %{buildroot}%{_sysconfdir}/postfix-secrets/$i +done %pre %service_add_pre %{container_services} @@ -110,6 +118,20 @@ %{_distconfdir}/default/container-nginx %{_sbindir}/rccontainer-nginx %ghost %dir /srv/nginx +%{_unitdir}/container-openldap.service +%{_distconfdir}/default/container-openldap +%{_sbindir}/rccontainer-openldap +%ghost %dir /srv/openldap +%dir %attr(0700,root,root) %{_sysconfdir}/openldap-secrets +%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/openldap-secrets/LDAP_ADMIN_PASSWORD +%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/openldap-secrets/LDAP_CONFIG_PASSWORD +%{_unitdir}/container-postfix.service +%{_distconfdir}/default/container-postfix +%{_sbindir}/rccontainer-postfix +%ghost %dir /srv/postfix +%dir %attr(0700,root,root) %{_sysconfdir}/postfix-secrets +%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/postfix-secrets/SMTP_PASSWORD +%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/postfix-secrets/LDAP_MAIL_READER_PASSWORD %{_unitdir}/container-squid.service %{_distconfdir}/default/container-squid %{_sbindir}/rccontainer-squid ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.sQsm6p/_old 2020-08-28 21:21:15.556321233 +0200 +++ /var/tmp/diff_new_pack.sQsm6p/_new 2020-08-28 21:21:15.556321233 +0200 @@ -1,5 +1,5 @@ <servicedata> <service name="tar_scm"> <param name="url">git://github.com/kubic-project/containers-systemd.git</param> - <param name="changesrevision">25da9c0a7b741f97a2bac78dfa3891206b26afe0</param></service> + <param name="changesrevision">7cc6e97636ca821a55550cda96ecbb8b5be188c4</param></service> </servicedata> \ No newline at end of file ++++++ containers-systemd-0.0+git20200602.25da9c0.tar.xz -> containers-systemd-0.0+git20200828.7cc6e97.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containers-systemd-0.0+git20200602.25da9c0/README.md new/containers-systemd-0.0+git20200828.7cc6e97/README.md --- old/containers-systemd-0.0+git20200602.25da9c0/README.md 2020-06-02 14:43:14.000000000 +0200 +++ new/containers-systemd-0.0+git20200828.7cc6e97/README.md 2020-08-28 14:26:37.000000000 +0200 @@ -10,6 +10,7 @@ * haproxy * mariadb * nginx + * openldap * squid Additional, there is the `container-image-prune.timer` to cleanup @@ -17,20 +18,24 @@ ## bind - * /etc/sysconfig/container-bind contains generic settings + * /usr/etc/default/container-bind contains generic settings + * /etc/default/container-bind is for the admin to overwrite them ## dhcp-server/dhcp6-server - * /etc/sysconfig/container-dhcp contains generic settings for the dhcpd4 and dhcpd6 daemons. It is required to set DHCPD_INTERFACES. During the first start, example ${CONFIG_DIR}/dhcpd.conf or ${CONFIG_DIR}/dhcpd6.conf are created. + * /usr/etc/default/container-dhcp contains generic settings for the dhcpd4 and dhcpd6 daemons. It is required to set DHCPD_INTERFACES. During the first start, example ${CONFIG_DIR}/dhcpd.conf or ${CONFIG_DIR}/dhcpd6.conf are created. + * /etc/default/container-dhcp is for the admin to overwrite them ## haproxy - * /etc/sysconfig/container-haproxy contains generic settings + * /usr/etc/default/container-haproxy contains generic settings + * /etc/default/container-haproxy is for the admin to overwrite them ## mariadb - * /etc/sysconfig/container-mariadb contains generic settings - * /etc/mariadb-secrets contain files for the first start to setup the mariadb database and can be changed via SECRETS_DIR in the /etc/sysconfig/container-mariadb file. They are only read if mariadb needs to initialize the data the first time. They should not be readable and deleted after the initialization was successfull, so that nobody can steal them. + * /usr/etc/default/container-mariadb contains generic settings + * /etc/default/container-mariadb is for the admin to overwrite them + * /etc/mariadb-secrets contain files for the first start to setup the mariadb database and can be changed via SECRETS_DIR in the /etc/default/container-mariadb file. They are only read if mariadb needs to initialize the data the first time. They should not be readable and deleted after the initialization was successfull, so that nobody can steal them. * ${SECRETS_DIR}/MYSQL_ROOT_PASSWORD (required) * ${SECRETS_DIR}/MYSQL_ROOT_HOST * ${SECRETS_DIR}/MYSQL_DATABASE @@ -39,9 +44,25 @@ ## nginx - * /etc/sysconfig/container-nginx contains generic settings + * /usr/etc/default/container-nginx contains generic settings + * /etc/default/container-nginx is for the admin to overwrite them + +## openldap + + * /usr/etc/default/container-openldap contains generic settings + * /etc/default/container-openldap is for the admin to overwrite them + * /etc/openldap-secrets contain files for the first start to setup the openldap database and can be changed via SECRETS_DIR in the /etc/default/container-openldap file. They are only read if database needs to be initialized the first time. They should not be readable and deleted after the initialization was successfull, so that nobody can steal them. + * ${SECRETS_DIR}/LDAP_ADMIN_PASSWORD (required) + * ${SECRETS_DIR}/LDAP_CONFIG_PASSWORD (required) + +## postfix + + * /usr/etc/default/container-postfix contains generic settings + * /etc/default/container-postfix is for the admin to overwrite them ## squid - * /etc/sysconfig/container-squid contains generic settings + * /usr/etc/default/container-squid contains generic settings + * /etc/default/container-squid is for the admin to overwrite them + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containers-systemd-0.0+git20200602.25da9c0/container-openldap.default new/containers-systemd-0.0+git20200828.7cc6e97/container-openldap.default --- old/containers-systemd-0.0+git20200602.25da9c0/container-openldap.default 1970-01-01 01:00:00.000000000 +0100 +++ new/containers-systemd-0.0+git20200828.7cc6e97/container-openldap.default 2020-08-28 14:26:37.000000000 +0200 @@ -0,0 +1,25 @@ +# Variables of this file can be overwritten with +# /etc/default/container-openldap + +# Name of the image path to pull the openldap image from +OPENLDAP_IMAGE_PATH=registry.opensuse.org/opensuse/openldap:latest + +# Name of the path where the database will be stored +LDAP_DB_DIR="/srv/openldap/db" + +# Name of the path where slapd will stores it configuration +LDAP_ETC_DIR="/srv/openldap/slapd.d" + +# Directory, where certificates can be found or self signed +# autogenerated certificates will be stored +LDAP_CERTS_DIR="/srv/openldap/certs" + +# Name of the path where the files with the passwords for +# LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD can be found. The file +# names needs to be the ones of the variable names and should not +# be readable for anybody else. +SECRETS_DIR="/etc/openldap-secrets" + +# Extra arguments for podman to start the container +# This can e.g. be the hostname: "--hostname <host.domain>" +PODMAN_EXTRA_ARGS="" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containers-systemd-0.0+git20200602.25da9c0/container-openldap.service new/containers-systemd-0.0+git20200828.7cc6e97/container-openldap.service --- old/containers-systemd-0.0+git20200602.25da9c0/container-openldap.service 1970-01-01 01:00:00.000000000 +0100 +++ new/containers-systemd-0.0+git20200828.7cc6e97/container-openldap.service 2020-08-28 14:26:37.000000000 +0200 @@ -0,0 +1,21 @@ +[Unit] +Description=openSUSE OpenLDAP container +Documentation=https://build.opensuse.org/package/show/openSUSE:Factory/opensuse-openldap-image +After=network-online.target + +[Service] +Restart=on-failure +EnvironmentFile=/usr/etc/default/container-openldap +EnvironmentFile=-/etc/default/container-openldap +ExecStartPre=-/usr/bin/mkdir -p ${LDAP_DB_DIR} ${LDAP_ETC_DIR} ${LDAP_CERTS_DIR} +ExecStartPre=-/usr/bin/podman stop openldap +ExecStartPre=-/usr/bin/podman rm openldap +ExecStartPre=-/usr/bin/podman pull ${OPENLDAP_IMAGE_PATH} +ExecStart=/bin/sh -c "/usr/bin/podman run -d --conmon-pidfile /%t/%n-pid --rm ${PODMAN_EXTRA_ARGS} -v ${LDAP_DB_DIR}:/var/lib/ldap:Z -v ${LDAP_ETC_DIR}:/etc/openldap/slapd.d:Z -v ${SECRETS_DIR}:/etc/openldap-secrets:Z -v ${LDAP_CERTS_DIR}:/etc/openldap/certs:z -p 389:389 -p 636:636 --env LDAP_ADMIN_PASSWORD_FILE=/etc/openldap-secrets/LDAP_ADMIN_PASSWORD --env LDAP_CONFIG_PASSWORD_FILE=/etc/openldap-secrets/LDAP_CONFIG_PASSWORD -e LDAP_DOMAIN=${LDAP_DOMAIN} -e LDAP_BASE_DN=${LDAP_BASE_DN} -e LDAP_ORGANISATION=${LDAP_ORGANISATION} -e LDAP_SEED_LDIF_PATH=${LDAP_SEED_LDIF_PATH} -e LDAP_SEED_SCHEMA_PATH=${LDAP_SEED_SCHEMA_PATH} -e LDAP_TLS=${LDAP_TLS} -e LDAP_TLS_CA_CRT=${LDAP_TLS_CA_CRT} -e LDAP_TLS_CA_KEY=${LDAP_TLS_CA_KEY} -e LDAP_TLS_CRT=${LDAP_TLS_CRT} -e LDAP_TLS_KEY=${LDAP_TLS_KEY} -e LDAP_TLS_ENFORCE=${LDAP_TLS_ENFORCE} -e LDAP_NOFILE=${LDAP_NOFILE} -e LDAP_UID=${LDAP_UID} -e LDAP_GID=${LDAP_GID} -e SLAPD_LOG_LEVEL=${SLAPD_LOG_LEVEL} -e DEBUG=${DEBUG} --name openldap ${OPENLDAP_IMAGE_PATH}" +ExecStop=/usr/bin/podman stop openldap +KillMode=none +Type=forking +PIDFile=/%t/%n-pid + +[Install] +WantedBy=multi-user.target diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containers-systemd-0.0+git20200602.25da9c0/container-postfix.default new/containers-systemd-0.0+git20200828.7cc6e97/container-postfix.default --- old/containers-systemd-0.0+git20200602.25da9c0/container-postfix.default 1970-01-01 01:00:00.000000000 +0100 +++ new/containers-systemd-0.0+git20200828.7cc6e97/container-postfix.default 2020-08-28 14:26:37.000000000 +0200 @@ -0,0 +1,40 @@ +# Variables of this file can be overwritten with +# /etc/default/container-postfix +# This file only contains the variables with default +# values, for a full list of supported environment variables +# please look at the postfix container image documentation and +# container-postfix.service file. + +# Name of the image path to pull the postfix image from +POSTFIX_IMAGE_PATH=registry.opensuse.org/opensuse/postfix:latest + +# Name of the path where the postfix spool directory will be stored +POSTFIX_SPOOL_DIR="/srv/postfix/spool" + +# Name of the path where the virtual user mail will be stored +VMAIL_SPOOL_DIR="/srv/postfix/vmail" + +# Directory, where certificates can be found or self signed +# autogenerated certificates will be stored +LDAP_CERTS_DIR="/srv/postfix/certs" + +# Name of the path where the files with the passwords for +# LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD can be found. The file +# names needs to be the ones of the variable names and should not +# be readable for anybody else. +SECRETS_DIR="/etc/postfix-secrets" + +# Extra arguments for podman to start the container +PODMAN_EXTRA_ARGS="" + +# Disable mailboxes for virtual users by default +VIRTUAL_MBOX=0 + +# User/group ID of the user owning the virtual mailboxes +VMAIL_UID=5000 + +# If the virtual users are provided by LDAP +USE_LDAP=0 + +# If we use LDAP, use a TLS secured connection +LDAP_USE_TLS=1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containers-systemd-0.0+git20200602.25da9c0/container-postfix.service new/containers-systemd-0.0+git20200828.7cc6e97/container-postfix.service --- old/containers-systemd-0.0+git20200602.25da9c0/container-postfix.service 1970-01-01 01:00:00.000000000 +0100 +++ new/containers-systemd-0.0+git20200828.7cc6e97/container-postfix.service 2020-08-28 14:26:37.000000000 +0200 @@ -0,0 +1,22 @@ +[Unit] +Description=openSUSE postfix container +Documentation=https://build.opensuse.org/package/show/openSUSE:Factory/opensuse-postfix-image +After=network-online.target +After=container-openldap.service + +[Service] +Restart=on-failure +EnvironmentFile=/usr/etc/default/container-postfix +EnvironmentFile=-/etc/default/container-postfix +ExecStartPre=-/usr/bin/mkdir -p ${POSTFIX_SPOOL_DIR} ${POSTFIX_VMAIL_DIR} +ExecStartPre=-/usr/bin/podman stop postfix +ExecStartPre=-/usr/bin/podman rm postfix +ExecStartPre=-/usr/bin/podman pull ${POSTFIX_IMAGE_PATH} +ExecStart=/bin/sh -c "/usr/bin/podman run -d --conmon-pidfile /%t/%n-pid --rm ${PODMAN_EXTRA_ARGS} -v ${POSTFIX_SPOOL_DIR}:/var/spool/postfix:Z -v ${VMAIL_SPOOL_DIR}:/var/spool/vmail:z -v ${SECRETS_DIR}:/etc/postfix-secrets:Z -p 25:25 -p 587:587 -e SERVER_HOSTNAME=${SERVER_HOSTNAME} -e SERVER_DOMAIN=${SERVER_DOMAIN} -e SMTP_RELAYHOST=${SMTP_RELAYHOST} -e SMTP_USERNAME=${SMTP_USERNAME} -e SMTP_PASSWORD_FILE=/etc/postfix-secrets/SMTP_PASSWORD -e SMTP_NETWORKS=${SMTP_NETWORKS} -e MASQUERADE_DOMAINS=${MASQUERADE_DOMAINS} -e MYDESTINATION=${MYDESTINATION} -e VIRTUAL_MBOX=${VIRTUAL_MBOX} -e VMAIL_UID=${VMAIL_UID} -e VIRTUAL_DOMAINS=${VIRTUAL_DOMAINS} -e VIRTUAL_USERS=${VIRTUAL_USERS} -e USE_LDAP=${USE_LDAP} -e LDAP_BASE_DN=${LDAP_BASE_DN} -e LDAP_SERVER_URL=${LDAP_SERVER_URL} -e LDAP_MAIL_READER_PASSWORD_FILE=/etc/postfix-secrets/LDAP_MAIL_READER_PASSWORD -e LDAP_USE_TLS=${LDAP_USE_TLS} -e LDAP_TLS_CA_CRT=${LDAP_TLS_CA_CRT} -e TZ=${TZ} -e DEBUG=${DEBUG} --name postfix ${POSTFIX_IMAGE_PATH}" +ExecStop=/usr/bin/podman stop postfix +KillMode=none +Type=forking +PIDFile=/%t/%n-pid + +[Install] +WantedBy=multi-user.target ++++++ containers-systemd.rpmlintrc ++++++ --- /var/tmp/diff_new_pack.sQsm6p/_old 2020-08-28 21:21:15.628321268 +0200 +++ /var/tmp/diff_new_pack.sQsm6p/_new 2020-08-28 21:21:15.628321268 +0200 @@ -1,5 +1,7 @@ # This files needs to be empty be default addFilter("zero-length /etc/mariadb-secrets/MYSQL_.*") +addFilter("zero-length /etc/openldap-secrets/LDAP_.*") +addFilter("zero-length /etc/postfix-secrets/.*") # We don't install /sbin/service to build the package addFilter("dangling-symlink /usr/sbin/rccontainer-.*")