Hello community, here is the log from the commit of package salt for openSUSE:Factory checked in at 2015-08-31 22:59:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/salt (Old) and /work/SRC/openSUSE:Factory/.salt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "salt" Changes: -------- --- /work/SRC/openSUSE:Factory/salt/salt.changes 2015-08-05 06:50:26.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.salt.new/salt.changes 2015-08-31 22:59:07.000000000 +0200 @@ -1,0 +2,14 @@ +Tue Aug 18 06:58:18 UTC 2015 - abo...@gmail.com + +- Updated to Bugfix release 2015.5 + + for more details: + https://github.com/saltstack/salt/blob/develop/doc/topics/releases/2015.5.5.rst + +- Add prereq, for user creation. +- Add creation of salt user in preparation of running the salt-master daemon + as non-root user salt. + https://bugzilla.opensuse.org/show_bug.cgi?id=939831 +- Add README.SUSE with explanation and how to. + +------------------------------------------------------------------- Old: ---- salt-2015.5.3.tar.gz New: ---- README.SUSE salt-2015.5.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ salt.spec ++++++ --- /var/tmp/diff_new_pack.x6aHKW/_old 2015-08-31 22:59:08.000000000 +0200 +++ /var/tmp/diff_new_pack.x6aHKW/_new 2015-08-31 22:59:08.000000000 +0200 @@ -17,14 +17,14 @@ Name: salt -Version: 2015.5.3 +Version: 2015.5.5 Release: 0 Summary: A parallel remote execution system License: Apache-2.0 Group: System/Monitoring Url: http://saltstack.org/ Source0: http://pypi.python.org/packages/source/s/%{name}/%{name}-%{version}.tar.gz - +Source1: README.SUSE # PATCH-FIX-OPENSUSE use-forking-daemon.patch tser...@suse.com -- We don't have python-systemd, so notify can't work Patch1: use-forking-daemon.patch @@ -77,6 +77,9 @@ Requires: python-yaml Requires: python-zypp Requires(pre): %fillup_prereq +Requires(pre): %{_sbindir}/groupadd +Requires(pre): %{_sbindir}/useradd +Requires(pre): pwdutils %if 0%{?suse_version} < 1210 Requires(pre): %insserv_prereq %endif @@ -239,6 +242,7 @@ %prep %setup -q +cp %{S:1} . %patch1 -p1 %build @@ -355,6 +359,8 @@ %endif %pre master +getent group salt >/dev/null || %{_sbindir}/groupadd -r salt +getent passwd salt >/dev/null || %{_sbindir}/useradd -r -g salt -d /srv/salt -s /bin/false -c "salt-master daemon" salt %if 0%{?_unitdir:1} %service_add_pre salt-master.service %endif @@ -521,7 +527,7 @@ %config(noreplace) %{_sysconfdir}/logrotate.d/salt %attr(755,root,root)%{python_sitelib}/salt/cloud/deploy/*.sh %{python_sitelib}/* -%doc LICENSE AUTHORS README.rst HACKING.rst +%doc LICENSE AUTHORS README.rst HACKING.rst README.SUSE %if %with_bashcomp ++++++ README.SUSE ++++++ Salt-master as non-root user ============================ With the latest version of the salt-master package a new user has been added. The user salt be used in later versions as the default user for the salt-master daemon. For now the default user for the salt-master daemon will be root. Why an extra user ================= While the current setup runs the master as root user, this is considered a security issue and not in line with the other configuration management tools (eg. puppet) which runs as a dedicated user. How can I make the change ========================= If you would like to make the change before you can do the following steps manually: 1. uncomment the user parameter in the master configuration user: salt 2. update the file permissions: as root: chown -R salt /etc/salt /var/cache/salt /var/log/salt /var/run/salt 3. restart the salt-master daemon: as root: rcsalt-master restart or systemctl restart salt-master NOTE ==== Running the salt-master daemon as a non-root user has some consequences, some salt operations cannot be executed correctly when the master is not running as root, specifically the pam external auth system, as this system needs root access to check authentication. For more information: http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html++++++ salt-2015.5.3.tar.gz -> salt-2015.5.5.tar.gz ++++++ ++++ 33744 lines of diff (skipped)
