Thanks for the fix 1/ Main changes to openvswitch-fedora.spec.in look ok to me, but we should probably also see if there is any specific use case concerns from others.
2/ Couple comments inline 3/ Regarding playbook-fedora-builder.yml in general, there is issue with playbook-fedora-builder.yml, assuming I use "as is". dball@ubuntu:~/ovs/poc/builders$ sudo vagrant up DEPRECATION: The 'sudo' option for the Ansible provisioner is deprecated. Please use the 'become' option instead. The 'sudo' option will be removed in a future release of Vagrant. Bringing machine 'fedorabuilder' up with 'virtualbox' provider... ==> fedorabuilder: Box 'fedora/27-cloud-base' could not be found. Attempting to find and install... fedorabuilder: Box Provider: virtualbox fedorabuilder: Box Version: >= 0 ==> fedorabuilder: Loading metadata for box 'fedora/27-cloud-base' fedorabuilder: URL: https://vagrantcloud.com/fedora/27-cloud-base ==> fedorabuilder: Adding box 'fedora/27-cloud-base' (v20171105) for provider: virtualbox fedorabuilder: Downloading: https://vagrantcloud.com/fedora/boxes/27-cloud-base/versions/20171105/providers/virtualbox.box fedorabuilder: Download redirected to host: download.fedoraproject.org An error occurred while downloading the remote file. The error message, if any, is reproduced below. Please fix this error and try again. The requested URL returned error: 404 Not Found On Mon, Apr 15, 2019 at 6:26 PM Ansis Atteka <aatt...@ovn.org> wrote: > Otherwise, Open vSwitch will fail to start with the following > error "libcap-ng is not configured at compile time" when it > attempts to downgrade to Open vSwitch user. > > Also, if packages were built in a way where processes are > supposed to be running only as root, then there is no point > in creating "openvswitch" user in the first place. > > Signed-off-by: Ansis Atteka <aatt...@ovn.org> > --- > poc/playbook-fedora-builder.yml | 6 +++--- > rhel/openvswitch-fedora.spec.in | 8 ++++++++ > 2 files changed, 11 insertions(+), 3 deletions(-) > > diff --git a/poc/playbook-fedora-builder.yml > b/poc/playbook-fedora-builder.yml > index 70f0b6ff2..b955714fc 100644 > --- a/poc/playbook-fedora-builder.yml > +++ b/poc/playbook-fedora-builder.yml > @@ -99,17 +99,17 @@ > - openvswitch-dkms.spec > > - name: Build Open vSwitch user space rpms > - command: rpmbuild -bb --without check rhel/openvswitch-fedora.spec > + command: rpmbuild -bb --without check --without libcapng > rhel/openvswitch-fedora.spec > args: > chdir: "{{SOURCE}}/openvswitch-{{version.stdout}}" > > - name: Build Open vSwitch kmod rpm > - command: rpmbuild -bb --without check rhel/openvswitch-fedora.spec > + command: rpmbuild -bb --without check --without libcapng > rhel/openvswitch-fedora.spec > Is the correct spec file openvswitch-kmod-fedora.spec ? Hence, do we need a change here ? > args: > chdir: "{{SOURCE}}/openvswitch-{{version.stdout}}" > > - name: Build Open vSwitch dkms rpm > - command: rpmbuild -bb --without check rhel/openvswitch-dkms.spec > + command: rpmbuild -bb --without check --without libcapng > rhel/openvswitch-dkms.spec > Do you need this line changed ? > args: > chdir: "{{SOURCE}}/openvswitch-{{version.stdout}}" > > diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/ > openvswitch-fedora.spec.in > index c1cd3f4c6..ce728b4f0 100644 > --- a/rhel/openvswitch-fedora.spec.in > +++ b/rhel/openvswitch-fedora.spec.in > @@ -350,6 +350,7 @@ rm -rf $RPM_BUILD_ROOT > %endif > > %pre > +%if %{with libcapng} > getent group openvswitch >/dev/null || groupadd -r openvswitch > getent passwd openvswitch >/dev/null || \ > useradd -r -g openvswitch -d / -s /sbin/nologin \ > @@ -359,9 +360,11 @@ getent passwd openvswitch >/dev/null || \ > getent group hugetlbfs >/dev/null || groupadd -r hugetlbfs > usermod -a -G hugetlbfs openvswitch > %endif > +%endif > exit 0 > > %post > +%if %{with libcapng} > if [ $1 -eq 1 ]; then > sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' /etc/sysconfig/openvswitch > sed -i 's:\(.*su\).*:\1 openvswitch openvswitch:' > %{_sysconfdir}/logrotate.d/openvswitch > @@ -376,6 +379,7 @@ if [ $1 -eq 1 ]; then > chown -R openvswitch:openvswitch /etc/openvswitch > chown -R openvswitch:openvswitch /var/log/openvswitch > fi > +%endif > > %if 0%{?systemd_post:1} > %systemd_post %{name}.service > @@ -445,7 +449,11 @@ fi > %endif > > %files > +%if %{with libcapng} > %defattr(-,openvswitch,openvswitch) > +%else > +%defattr(-,root,root) > +%endif > %dir %{_sysconfdir}/openvswitch > %{_sysconfdir}/openvswitch/default.conf > %config %ghost %{_sysconfdir}/openvswitch/conf.db > -- > 2.14.1 > > _______________________________________________ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev