Hello community, here is the log from the commit of package cfengine for openSUSE:Factory checked in at 2020-09-30 19:53:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cfengine (Old) and /work/SRC/openSUSE:Factory/.cfengine.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cfengine" Wed Sep 30 19:53:06 2020 rev:76 rq:838736 version:3.16.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cfengine/cfengine.changes 2019-07-24 20:50:22.530453277 +0200 +++ /work/SRC/openSUSE:Factory/.cfengine.new.4249/cfengine.changes 2020-09-30 19:53:11.724720558 +0200 @@ -1,0 +2,267 @@ +Wed Sep 23 08:34:55 UTC 2020 - Klaus Kämpf <kkae...@suse.com> + +- drop cfengine-doc subpackage in favor of cfengine-documentation + +------------------------------------------------------------------- +Tue Sep 22 07:52:50 UTC 2020 - Klaus Kämpf <kkae...@suse.com> + +- update to 3.16.0 + - Added 'cf-secret' binary for host-specific encryption (CFE-2613) + - 'cf-check diagnose --test-write' can now be used to test writing + into LMDB files (ENT-4484) + - 'if' constraint now works in combination with class contexts + (CFE-2615) + - Added $(sys.cf_version_release) variable (ENT-5348) + - Added new macros to parser: else, maximum_version, between_versions, + before_version, at_version and after_version. Version macros now + accept single digits (CFE-3198) + - Added cf-postgres requirement to cf-apache and cf-hub systemd units + (ENT-5125) + - Added files promise content attribute (CFE-3276) + - Added string_trim() policy function (CFE-3074) + - Added warning if CSV parser parses nothing from non-empty file + (CFE-3256) + - All changes made by 'files' promises are now reported. Also, + directory and file creations are now properly reported as 'info' + messages. And failures in edit_xml result in promises marked as + failed not interrupted. Purged dirs and files are reported as + repaired (ENT-5291, CFE-3260) + - Bootstrap to loopback interface is now allowed, with a warning + (CFE-3304) + - Client initiated reporting was fixed on RHEL 8.1 (ENT-5415) + - Fixed rare crashing bug when parsing zombie entries in ps output. + The problem was only ever observed on AIX, but could theoretically happen + on any platform depending on exact libc behavior. (ENT-5329) + - Fixed an issue causing duplicate entries in sys.interfaces, and + sys.hardware. (CFE-3046) + - Fixed ifelse() to return fallback in case of unresolved variables + (ENT-4653) + - Fixed locking of promises using log_repaired / log_string with + timestamps (CFE-3376) + - Fixed memory leak in handling of inline JSON in policy evaluation + - Fixed memory leak in readlist functions (CFE-3263) + - Fixed race condition when multiple agents are acquiring critical + section locks simultaneously (CFE-3361) + - Fixed selection of standard_services when used from non-default + namespace (ENT-5406) + - Fixed service status cfengine3 on systemd managed hosts + (ENT-5528) + - Fixed some memory leaks and crashes in policy evaluation (CFE-3263) + - Improved error message for invalid body attribute names (CFE-3273) + - Improved management of secondary groups to avoid intermediary state + failures (ENT-3710) + - LMDB files are now created with correct permissions (ENT-5986) + - Log messages about broken Mustache templates are now errors + (CFE-3263) + - Made classfiltercsv() fail properly on invalid class expression index + - Measurements promises with no match no longer produce errors + (ENT-5171) + - Moved error reading file in countlinesmatching() from verbose to + error (CFE-3234) + - Added new data validation policy functions validdata() and validjson() + (CFE-2898) + - New version checking convenience policy functions (CFE-3197) + Added the following policy functions to check against local CFEngine version: + - cf_version_maximum() + - cf_version_minimum() + - cf_version_after() + - cf_version_before() + - cf_version_at() + - cf_version_between() + - Removed (USE AT YOUR OWN RISK) from cf-key help menu for -x (ENT-5090) + - Rewrote helloworld.cf to use files promises content attribute (CFE-3276) + - The outcome classes are now defined for the top-level directory when + 'include_basedir' is 'false' (ENT-5291) + - Variable references with nested parentheses no longer cause errors + (CFE-3242) + - cf-check: Added a more user friendly message when trying to print + unknown binary data (ENT-5234) + - cf-check: Added data validation for cf_lastseen.lmdb (CFE-2988) + - cf-check: Added nice printing for nova_agent_executions.lmdb + (ENT-5234) + - cf-check: Added validation for timestamps in cf_lock.lmdb (CFE-2988) + - cf-check: Added validation for timestamps in lastseen.lmdb (CFE-2988) + - cf-check: Fixed issue causing repair to target the wrong database file + (ENT-5309) + - cf-check: Symlinked LMDB databases are now preserved in repair + Performs diagnosis and repair on symlink target instead of symlink. + Repaired files / copies are placed alongside symlink target. + In some cases, the symlink target is deleted to repair a corrupt + database, and the symlink is left as a broken symlink. This is + handled gracefully by the agent, it will be recreated. + Broken symlinks are now detected as an acceptable condition in diagnose, + it won't try to repair them or delete them. (ENT-5162) + - storage promises managing nfs mounts should now correctly mount + after editing fstab entries + +- drop 0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch, + 0002-Reduce-string-truncation-warnings.patch, + 0003-make-home-dir-for-tests.patch - all upstream + +------------------------------------------------------------------- +Tue Jul 28 14:28:49 UTC 2020 - Thorsten Kukuk <ku...@suse.com> + +- Fix version format for suse_version (SuSEfirewall2 check) + +------------------------------------------------------------------- +Fri Jun 12 14:34:51 UTC 2020 - Klaus Kämpf <kkae...@suse.com> + +- update to 3.15.0 + - New policy function basename() added (CFE-3196) + - Added read_module_protocol() policy function + This function reads module protocol from a file, and can be used + for caching the results of commands modules. (CFE-2973) + - The @ character is now allowed in the key of classic arrays defined + by the module protocol (CFE-3099) + - nth() policy function now supports negative indices (CFE-3194) + - Fixed .xy floating point numbers parsing in eval() (CFE-2762) + - Added inform constraint to commands promises, to allow suppression of + INFO log messages (CFE-2973) + - Changed unless constraint to be more consistent with if + For any situation where if would NOT skip a promise, unless + will cause the promise to be skipped. When there are + unresolved variables / function calls, if will skip, unless + will NOT skip. (CFE-3160) + - Default minimum allowed TLS version is now 1.1 (ENT-4616) + - Network protocol version 2 is now called "tls" + "tls" or "2" can be used in places where you specify network + protocol. Log messages were altered, to show "tls" instead of + "latest". (ENT-4406) + - Introduced protocol version 3 - "cookie" + This protocol is identical to version 2 ("tls"), + except it allows the enterprise reporting hub to send + the COOKIE command to enterprise hosts. This command is used for + detecting hosts using duplicate identities. Protocol version "latest" + now points to version 3. For community installations, it should not + make a difference, policy servers will not send this command. The only + visible difference is the new version number (in logs and policy). + (ENT-4406) + - Package modules now hit network when package cache is first initialized + (CFE-3094) + - Fixed promise skipping bug in unless (CFE-2689) + - Fixed error message for unexpanded variables in function calls in unless + (CFE-2689) + - Prevented buffer overflow when policy variable names are longer than + 1024 bytes + - Zero bytes in class guards no longer cause crashes (CFE-3028) + - Fixed bug in ps parsing on OpenBSD / NetBSD causing bootstrap to fail + - Fixed crash in policy/JSON parsing of numbers with too many decimal + points (CFE-3138) + - copy_from without preserve now respects destination mode (ENT-4016) + - Removed stime_range and ttime_range constraints from promise hash + (ENT-4921) + - Fixed promise result when using process_stop in processes type promises + (ENT-4988) + - cf-execd now sends SIGKILL to the agent process in case of + agent_expireafter, after attempting SIGINT and SIGTERM (CFE-2664) + - cf-serverd now tries to accept connection multiple times (CFE-3066) + - Fixed multiple measurements tracking growth of same file (ENT-4814) + - Set create permissions of monitord files in state directory to 0600 + 0600 matches the permissions enforced by policy. + Affected files: + * state/cf_incoming.* + * state/cf_outgoing.* + * state/cf_users + * state/env_data + (ENT-4863) + - Clarified descriptions of io_writtendata and io_readdata (ENT-5127) + - Clarified log message about process_count and restart_class being used + concurrently (CFE-208) + - Agent runs that hit abortclasses now record results (ENT-2471) + - An ID of rhel in os-release file will now define both rhel and redhat + classes (CFE-3140) + - Version specific distro classes are now collected by default in + Enterprise (ENT-4752) + - redhat_8 and redhat_8_0 are now defined on RHEL 8 (CFE-3140) + - Added derived-from-file tag to hard classes based on /etc/redhat-release + (CFE-3140) + - Added sys.bootstrap_id policy variable containing the ID from + /var/cfengine/bootstrap_id.dat, if present (CFE-2977) + - sys.interfaces now contains interfaces even when they only have + IPv6 addresses (ENT-4858) + - IPv6-only interfaces added to sys.hardware_(addresses,mac) (CFE-3164) + - IPv6 addresses are now added to policy variable sys.ip_addresses + (CFE-682) + - IPv6 addresses now respect ignored_interfaces.rx (CFE-3156) + - hostname now allowed in bindtoaddress (CFE-3190) + - Fixed issue when removing comments from files in various policy functions + This also fixes many erroneous occurences of the error message + mentioning: + + [...] because it legally matches nothing + + (A warning can still appear if a comment regex actually matches nothing). + Also made this comment removing logic faster. + Affected functions include: + * readstringlist() + * readintlist() ++++ 70 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/cfengine/cfengine.changes ++++ and /work/SRC/openSUSE:Factory/.cfengine.new.4249/cfengine.changes Old: ---- 0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch 0002-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch 0003-Reduce-string-truncation-warnings.patch 0004-make-home-dir-for-tests.patch cf3-Reference.pdf cf3-conceptguide.pdf cf3-glossary.pdf cf3-quickstart.pdf cf3-solutions.pdf cf3-tutorial.pdf cfengine-3.12.1.tar.gz primer.pdf remove-am_subst_notmake.patch New: ---- cfengine-3.16.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cfengine.spec ++++++ --- /var/tmp/diff_new_pack.Qbxqyu/_old 2020-09-30 19:53:13.604722240 +0200 +++ /var/tmp/diff_new_pack.Qbxqyu/_new 2020-09-30 19:53:13.604722240 +0200 @@ -1,7 +1,7 @@ # # spec file for package cfengine # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -22,30 +22,29 @@ # reported upstream as https://cfengine.com/dev/issues/1896 %define basedir %{_localstatedir}/%{name} %define workdir %{basedir} -%if 0%{?suse_version} >= 1210 -%define have_systemd 1 -%else -%define have_systemd 0 -%endif -%if 0%{?suse_version} <= 150100 +# This is the place where workdir should be +#define basedir /var/lib/%%{name} +#define workdir %%{basedir}/work + +%if 0%{?suse_version} < 1500 +# assume SuSEfirewall2 %define with_sfw2 1 %else +# assume firewalld %define with_sfw2 0 %endif # pass --with-bla to enable the build %bcond_with mysql %bcond_with postgresql %bcond_with libvirt + Name: cfengine -Version: 3.12.1 +Version: 3.16.0 Release: 0 -# This is the place where workdir should be -#define basedir /var/lib/%%{name} -#define workdir %%{basedir}/work Summary: Configuration management framework License: GPL-3.0-only Group: Productivity/Networking/System -Url: http://www.cfengine.org/ +URL: http://www.cfengine.org/ Source: https://cfengine-package-repos.s3.amazonaws.com/tarballs/cfengine-%{version}.tar.gz Source1: %{name}.SuSEfirewall2 Source2: cf-execd.service @@ -56,33 +55,11 @@ Source7: cf-serverd Source10: %{name}.cron Source11: %{name}-rpmlintrc -# docs -Source101: http://www.cfengine.org/manuals/cf3-Reference.pdf -Source102: http://www.cfengine.org/manuals/cf3-conceptguide.pdf -Source103: http://www.cfengine.org/manuals/cf3-glossary.pdf -Source104: http://www.cfengine.org/manuals/cf3-quickstart.pdf -Source105: http://www.cfengine.org/manuals/cf3-solutions.pdf -Source106: http://www.cfengine.org/manuals/cf3-tutorial.pdf -Source107: http://www.verticalsysadmin.com/cfengine/primer.pdf - -# PATCH-FIX-SUSE -# set cfengine's notion of bindir to /usr/bin instead of /var/cfengine/bin -# kkae...@suse.de -Patch1: 0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch -# PATCH-FIX-UPSTREAM add 'suse' class for consistency with other vendor classes -# PATCH-FEATURE-UPSTREAM better /etc/SuSE-release parsing, upstream #5423 -# kkae...@suse.de -Patch2: 0002-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch -# PATCH-FIX-SUSE reduce "string truncated" (in strncpy) warnings -Patch3: 0003-Reduce-string-truncation-warnings.patch -# PATCH-FIX-SUSE BNC#1016848, adam.majer -Patch10: 0004-make-home-dir-for-tests.patch -# SLE 11 or RHEL5 autoconf does not support AM_SUBST_NOTMAKE, kkae...@suse.de -Patch99: remove-am_subst_notmake.patch + +Recommends: %{name}-documentation BuildRequires: bison BuildRequires: db-devel -BuildRequires: fakeroot BuildRequires: flex BuildRequires: libacl-devel BuildRequires: libtool @@ -91,13 +68,14 @@ BuildRequires: openssl-devel >= 1.0.2e BuildRequires: pam-devel BuildRequires: pcre-devel >= 8.38 -BuildRequires: python # for flock BuildRequires: util-linux # for llzma BuildRequires: xz-devel Requires: %{libsoname} = %{version} -BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if !%{with_sfw2} +BuildRequires: firewall-macros +%endif %if %{with mysql} BuildRequires: mysql-devel %endif @@ -107,23 +85,9 @@ %if %{with postgresql} BuildRequires: postgresql-devel %endif -%if %{have_systemd} -BuildRequires: systemd +BuildRequires: pkgconfig(systemd) %{?systemd_requires} -%else -# Without systemd we require cron -Requires: cron -%if 0%{?suse_version} -Requires(post): %insserv_prereq %fillup_prereq -%endif -%endif -# FHS was a hit with sle11 so it dies out otherwise -%if 0%{?suse_version} <= 1110 -BuildRequires: -post-build-checks -%endif -%if 0%{?suse_version} > 1020 BuildRequires: fdupes -%endif %if 0%{?fedora_version} == 20 BuildRequires: perl-Exporter %endif @@ -157,29 +121,16 @@ This package contains the files needed to compile programs that use the libpromises library. -%package doc -Summary: Documentation for CFEngine, a config management framework -Group: Documentation/Other - -%description doc -Documentation for cfengine. - %package examples Summary: CFEngine example promises Group: Documentation/Other +BuildArch: noarch %description examples Lots of example promises for CFEngine. %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%if 0%{?suse_version} <= 1110 -%patch99 -p1 -%endif -%patch10 -p1 ##### rpmlint #### wrong-file-end-of-line-encoding @@ -187,12 +138,7 @@ ### http://www.fsf.org/about/contact/ find ./examples -type f -name "*.cf" -exec perl -p -i -e 's|\r\n|\n|,s|^# Foundation.*|# Foundation, 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA|' {} \; -### install extra docs -install -d docs -cp -a $RPM_SOURCE_DIR/*pdf docs/ - %build -echo %{version} > CFVERSION EXPLICIT_VERSION=%{version} autoreconf -fvi -I m4 CC=cc CFLAGS="%{optflags} -fno-strict-aliasing" \ %configure \ @@ -243,35 +189,15 @@ # create dirs needed for better organizing dirs and files install -d %{buildroot}/%{basedir}/{backup,failsafe,config,plugins} -%if %{have_systemd} # systemd: install sample cron file in docdir cp %{SOURCE10} %{buildroot}/%{_docdir}/%{name} -%else -# no systemd -> use cron -# install cron file -install -D -m0644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/cron.d/%{name} -%endif -%if %{have_systemd} # install systemd scripts install -d %{buildroot}%{_unitdir} install -m 0644 %{SOURCE2} %{SOURCE3} %{SOURCE4} %{buildroot}/%{_unitdir} ln -s -f service %{buildroot}/%{_sbindir}/rccf-monitord ln -s -f service %{buildroot}/%{_sbindir}/rccf-execd ln -s -f service %{buildroot}/%{_sbindir}/rccf-serverd -%else -# install init scripts -install -d %{buildroot}%{_initddir} -install -m 0755 %{SOURCE5} %{SOURCE6} %{SOURCE7} %{buildroot}%{_initddir}/ -ln -s -f ../..%{_initddir}/cf-monitord %{buildroot}/%{_sbindir}/rccf-monitord -ln -s -f ../..%{_initddir}/cf-execd %{buildroot}/%{_sbindir}/rccf-execd -ln -s -f ../..%{_initddir}/cf-serverd %{buildroot}/%{_sbindir}/rccf-serverd -# sed @workdir@ in initscripts/cron.d -sed -i\ - -e "s,@workdir@,%{workdir},g"\ - -e "s,@basedir@,%{basedir},g" \ - %{buildroot}%{_initddir}/cf-* %{buildroot}%{_sysconfdir}/cron.d/%{name} -%endif # create symlinks for bin_PROGRAMS # because: cf-promises needs to be installed in /var/cfengine/work/bin for pre-validation of full configuration @@ -299,50 +225,33 @@ %endif # Ckeabyo dyoes -%if 0%{?suse_version} > 1020 %fdupes %{buildroot}%{_datadir}/cfengine -%endif %pre -%if %{have_systemd} -%service_add_pre cf-execd.service cf-monitord.service cf-serverd.service -%endif +%service_add_pre cf-execd.service cf-monitord.service cf-serverd.service cf-apache.service cf-hub.service cf-postgres.service cf-runalerts.service cfengine3.service %post -%if %{have_systemd} -%service_add_post cf-execd.service cf-monitord.service cf-serverd.service -%else -for i in execd monitord serverd; do - %fillup_and_insserv cf-${i} -done -%endif +%service_add_post cf-execd.service cf-monitord.service cf-serverd.service cf-apache.service cf-hub.service cf-postgres.service cf-runalerts.service cfengine3.service if [ $1 -lt 2 ]; then # first install, generate key pair cf-key fi +%if !%{with_sfw2} +%firewalld_reload +%endif %preun -%if %{have_systemd} -%service_del_preun cf-execd.service cf-monitord.service cf-serverd.service -%else -for i in execd monitord serverd; do - %stop_on_removal cf-${i} -done -%endif +%service_del_preun cf-execd.service cf-monitord.service cf-serverd.service cf-apache.service cf-hub.service cf-postgres.service cf-runalerts.service cfengine3.service %postun -%if %{have_systemd} -%service_del_postun cf-execd.service cf-monitord.service cf-serverd.service -%else -%insserv_cleanup -for i in execd monitord serverd; do - %restart_on_update cf-${i} -done -%endif +%service_del_postun cf-execd.service cf-monitord.service cf-serverd.service cf-apache.service cf-hub.service cf-postgres.service cf-runalerts.service cfengine3.service if [ $1 -eq 0 ]; then # clean up inputs cache dir on removal rm -rf %{basedir}/inputs/* fi +%if !%{with_sfw2} +%firewalld_reload +%endif %post -n %{libsoname} -p /sbin/ldconfig @@ -359,32 +268,28 @@ %{_bindir}/cf-net %{_bindir}/cf-monitord %{_bindir}/cf-promises +%{_bindir}/cf-secret %{_bindir}/cf-serverd %{_bindir}/cf-upgrade %{_bindir}/cf-runagent %{_bindir}/rpmvercmp -%if %{have_systemd} %{_unitdir}/cf-execd.service %{_unitdir}/cf-monitord.service %{_unitdir}/cf-serverd.service -%else -%config %attr(0755,root,root) %{_initddir}/* -%endif %{_sbindir}/rccf-execd %{_sbindir}/rccf-monitord %{_sbindir}/rccf-serverd +%{_unitdir}/*.service %if %{with_sfw2} +%config %dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d +%config %dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/cfengine %endif %{_mandir}/man8/* %dir %{basedir} %dir %{workdir} %{workdir}/* -%if %{have_systemd} %{_docdir}/%{name}/cfengine.cron -%else -%config(noreplace) %{_sysconfdir}/cron.d/%{name} -%endif %files -n %{libsoname} %defattr(-,root,root) @@ -395,10 +300,6 @@ %defattr(-,root,root) %{_libdir}/%{name}/%{libname}.so -%files doc -%defattr(-,root,root) -%doc docs/*.pdf - %files examples %defattr(-,root,root) %doc examples/*cf ++++++ cfengine-3.12.1.tar.gz -> cfengine-3.16.0.tar.gz ++++++ ++++ 278305 lines of diff (skipped)