February 2013 - openSUSE Commits - openSUSE Mailing Lists

commit polkit-default-privs for openSUSE:12.3
by root＠hilbert.suse.de 22 Feb '13

22 Feb '13

Hello community, here is the log from the commit of package polkit-default-privs for openSUSE:12.3 checked in at 2013-02-22 16:57:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3/polkit-default-privs (Old) and /work/SRC/openSUSE:12.3/.polkit-default-privs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "polkit-default-privs", Maintainer is "meissner(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:12.3/polkit-default-privs/polkit-default-privs.changes 2013-02-21 10:44:12.000000000 +0100 +++ /work/SRC/openSUSE:12.3/.polkit-default-privs.new/polkit-default-privs.changes 2013-02-22 16:57:35.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Feb 21 15:52:52 UTC 2013 - lnussel(a)suse.de + +- fix restrictive privileges +- generate javascript files for new polkit (bnc#804376) +- implement check for overrides + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ polkit-default-privs.spec ++++++ --- /var/tmp/diff_new_pack.Qg2Rw4/_old 2013-02-22 16:57:36.000000000 +0100 +++ /var/tmp/diff_new_pack.Qg2Rw4/_new 2013-02-22 16:57:36.000000000 +0100 @@ -47,7 +47,7 @@ %install make install DESTDIR=$RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT/var/lib/polkit-1/localauthority/10-vendor.d +mkdir -p $RPM_BUILD_ROOT/etc/polkit-1/rules.d/ %post %{fillup_only -ns security polkit_default_privs} @@ -65,8 +65,7 @@ /sbin/set_polkit_default_privs %_mandir/man*/* /var/adm/fillup-templates/sysconfig.security-polkit_default_privs -%attr(0700,root,root) %dir /var/lib/polkit-1 -%dir /var/lib/polkit-1/localauthority -%dir /var/lib/polkit-1/localauthority/10-vendor.d +%attr(0755,root,root)%dir /etc/polkit-1/ +%attr(0755,root,root)%dir /etc/polkit-1/rules.d/ %changelog ++++++ polkit-default-privs-12.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-12.3/chkstat-polkit new/polkit-default-privs-12.3/chkstat-polkit --- old/polkit-default-privs-12.3/chkstat-polkit 2013-02-19 17:13:52.000000000 +0100 +++ new/polkit-default-privs-12.3/chkstat-polkit 2013-02-22 09:39:59.000000000 +0100 @@ -1,6 +1,6 @@ #!/usr/bin/perl -w # This module sets policykit permssions -# Copyright (C) 2008, 2009 SUSE Linux Products GmbH, Nuernberg, Germany. +# Copyright (C) 2008, 2009, 2013 SUSE Linux Products GmbH, Nuernberg, Germany. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -21,13 +21,8 @@ use strict; use File::Path; -use Digest::MD5 qw/md5_hex/; -my $polkit_public_dir = '/var/lib/PolicyKit-public'; -my $polkit1_localauthority_dir = '/var/lib/polkit-1/localauthority/10-vendor.d'; -my $suseconfig_dir = '/var/adm/SuSEconfig'; -my $md5_dir = $suseconfig_dir.'/md5'; -my $reload_file = '/var/lib/misc/PolicyKit.reload'; +my $file = '/etc/polkit-1/rules.d/50-default-privs.rules'; my $do_set; # privilege => value @@ -48,139 +43,6 @@ exit 1; } -my $policykit_ops = { - name => 'PolicyKit', - overridefile => sub { - my $priv = shift; - return $polkit_public_dir.'/'.$priv.'.defaults-override'; - }, - parse => sub { - my $priv = shift; - return shift; - }, - create => sub { - my $priv = shift; - return shift; - }, - pretty => sub { - my $perms = shift; - my @p = map { s/^auth/a/; s/_admin/a/; s/_self/s/; s/_keep/k/; s/_session/s/; s/_always/a/; $_ } split(/:/, $perms); - return join(':', @p); - }, -}; - -my $polkit1_ops = { - name => 'polkit1', - overridefile => sub { - my $priv = shift; - return $polkit1_localauthority_dir.'/'.$priv.'.pkla'; - }, - parse => sub { - my $priv = shift; - my @p; - for(@_) { - if(/^ResultAny=(.+)\n/) { - $p[0] = $1; - } elsif(/^ResultInactive=(.+)\n/) { - $p[1] = $1; - } elsif(/^ResultActive=(.+)\n/) { - $p[2] = $1; - } - } - return join(':', @p) if ($p[0] && $p[1] && $p[2]); - return undef; - }, - convert => sub { - my $perms = shift; - my @p = map { s/^(auth_(?:admin|self)_keep).+$/$1/; s/_one_shot//; $_ } split(/:/, $perms); - return join(':', @p); - }, - create => sub { - my $priv = shift; - my $perms = shift; - - my @p = split(/:/, $perms); - - my $txt = "[$priv]\nIdentity=unix-group:*\nAction=$priv\n" - . "ResultAny=$p[0]\nResultInactive=$p[1]\nResultActive=$p[2]\n"; - return $txt; - }, - pretty => sub { - my $perms = shift; - my @p = map { s/^auth/a/; s/_admin/a/; s/_self/s/; s/_keep/k/; s/_session//; s/_always//; $_ } split(/:/, $perms); - return join(':', @p); - }, -}; - - -sub override($$$) -{ - my ($privilege, $perms, $ops) = @_; - my $overridefile = $ops->{overridefile}($privilege); - my $old_perms; - my @old_content; - if(-e $overridefile) { - if(!open(F, '<', $overridefile)) { - print STDERR "can't open $overridefile: $!, skip.\n"; - return; - } - @old_content = <F>; - $old_perms = $ops->{parse}($privilege, @old_content); - close F; - } - - $perms = $ops->{convert}($perms) if $ops->{convert}; - - if(defined $old_perms && $perms eq $old_perms) { - return; - } - - if($do_set) { - print $ops->{name}.": setting $privilege to ".$ops->{pretty}($perms).($old_perms?" (wrong setting ".$ops->{pretty}($old_perms).")\n":"\n"); - if(-e $overridefile) { - if(!open(F, '<', $md5_dir.'/'.$overridefile)) { - print STDERR "$overridefile was created externally, skip.\n"; - return; - } - my $should_digest = <F>; - $should_digest = substr($should_digest, 0, 32); - close F; - my $digest = md5_hex(join('', @old_content)); - if($digest ne $should_digest) { - print "$should_digest $digest\n"; - print STDERR "$overridefile was modifed externally, skip.\n"; - return; - } - } - if(!open(F, '>', $overridefile.'.new')) { - print STDERR "can't create $overridefile.new: $!, skip.\n"; - return; - } - my $content = $ops->{create}($privilege, $perms); - print F $content; - close F; - my $digest = md5_hex($content); - if(!open(F, '>', $md5_dir.'/'.$overridefile)) { - print STDERR "can't save md5 check for $privilege: $!\n"; - unlink($overridefile.".new"); - return; - } - print F $digest." $overridefile\n"; - close F; - rename($overridefile.'.new', $overridefile); - } else { - print $ops->{name}.": $privilege should be ".$ops->{pretty}($perms).($old_perms?" (wrong setting ".$ops->{pretty}($old_perms).")\n":"\n"); - } -} - -if (-d $polkit_public_dir) { - mkpath($md5_dir.'/'.$polkit_public_dir) if $do_set; -} else { - $policykit_ops = undef; -} -mkpath($polkit1_localauthority_dir) if $do_set; -mkpath($md5_dir.'/'.$polkit1_localauthority_dir) if $do_set; - while(<>) { chomp; next unless $_; @@ -189,15 +51,55 @@ if($perms !~ /:/) { $perms = $perms.':'.$perms.':'.$perms; } - # backward compat with PolicyKit - my @p = map { s/^auth_(admin\|self)_keep$/auth_$1_keep_always/; $_ } split(/:/, $perms); - $perms = join(':', @p); - $to_set{$privilege} = $perms; + # convert PolicyKit syntax + my @p = map { s/^(auth_(?:admin|self)_keep).+$/$1/; s/_one_shot//; $_ } split(/:/, $perms); + for (@p) { + unless (/^(?:auth_(?:admin|self)(?:_keep)?|yes|no)$/) { + warn "invalid value $_ in line $.\n"; + next; + } + } + $to_set{$privilege} = [ @p ]; } + +my $rules = ''; while (my ($privilege, $perms) = each %to_set) { - override($privilege, $perms, $policykit_ops) if defined $policykit_ops; - override($privilege, $perms, $polkit1_ops); + my @p = @$perms; + $rules .= sprintf("\t\t'%s':\n\t\t\t[ '%s', '%s', '%s' ],\n", $privilege, $p[0], $p[1], $p[2]); } -utime undef, undef, $reload_file if $do_set; +exit(0) unless $do_set; + +open(F, '>', $file.'.new') or die "can't open $file.new: $!\n"; +while(<DATA>) { + if (/INSERT_RULES_HERE/) { + $_ = $rules; + } + print F; +} +close F; + +rename($file.'.new', $file) or die "can't rename $file.new: $!\n"; + +__END__ +/************************************\ +* AUTOMATICALY GENERATED DO NOT EDIT * +* see man set_polkit_default_privs * +\************************************/ +polkit.addRule(function(action, subject) { + rules = { + "INSERT_RULES_HERE" : [ "auth_admin", "auth_admin", "auth_admin" ], + }; + var i = 0; + if (subject.local) { + if (subject.active) { + i = 2; + } else { + i = 1; + } + } + if (rules[action.id]) { + return rules[action.id][i]; + } +}); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-12.3/listpolicies.pl new/polkit-default-privs-12.3/listpolicies.pl --- old/polkit-default-privs-12.3/listpolicies.pl 2013-02-19 17:13:52.000000000 +0100 +++ new/polkit-default-privs-12.3/listpolicies.pl 2013-02-22 09:39:59.000000000 +0100 @@ -9,76 +9,104 @@ use strict; use XML::Bare; -use Data::Dumper; +use Data::Dump; +use Getopt::Long; +Getopt::Long::Configure("no_ignore_case"); + +my %options; + +sub usage($) { + my $r = shift; + eval "use Pod::Usage; pod2usage($r);"; + if ($@) { + die "cannot display help, install perl(Pod::Usage)\n"; + } +} + +GetOptions( + \%options, + "verbose|v", + "policy=s@", + "check-override", + "help|h", +) or usage(1); + +usage(0) if ($options{'help'}); -my $permissions; my %known; my @policies; if ($#ARGV == -1) { my $buildroot = $ENV{'BUILD_ROOT'} || ''; my $rpm_buildroot = $ENV{'RPM_BUILD_ROOT'} || ''; - @ARGV = glob "$rpm_buildroot/usr/share/PolicyKit/policy/*.policy"; push @ARGV, glob "$rpm_buildroot/usr/share/polkit-1/actions/*.policy"; - push @ARGV, '--'; - push @ARGV, "$buildroot/etc/polkit-default-privs.standard"; + unless ($options{'policy'}) { + $options{'policy'} = [ "$buildroot/etc/polkit-default-privs.standard" ]; + } } for my $f (@ARGV) { - if ("$f" eq '--') { - $permissions = 1; - next; - } open (F, '<', $f) or die "$f: $!"; - if(!$permissions) { - #print STDERR "+++ ", $f,"\n"; - my $xml = XML::Bare->new(text => join('', <F>))->parse(); - - die "file is not a policykit config file" unless exists $xml->{'policyconfig'}->{'action'}; - - my $a; - if (ref $xml->{'policyconfig'}->{'action'} eq 'ARRAY') { - $a = $xml->{'policyconfig'}->{'action'} - } else { - $a = [$xml->{'policyconfig'}->{'action'}]; - } - for (@{$a}) { - next unless exists $_->{'id'}->{"value"}; - my $p = { name => $_->{'id'}->{'value'} }; - my @v; - for my $n (qw/any inactive active/) { - my $ref = $_->{'defaults'}->{'allow_'.$n}; - if (ref $ref eq 'ARRAY') { - warn $p->{'name'}.": duplicate allow_$n\n"; - $ref = $ref->[-1]; - } - push @v, $ref->{'value'} || 'no'; + #print STDERR "+++ ", $f,"\n"; + my $xml = XML::Bare->new(text => join('', <F>))->parse(); + + die "file is not a policykit config file" unless exists $xml->{'policyconfig'}->{'action'}; + + my $a; + if (ref $xml->{'policyconfig'}->{'action'} eq 'ARRAY') { + $a = $xml->{'policyconfig'}->{'action'} + } else { + $a = [$xml->{'policyconfig'}->{'action'}]; + } + for (@{$a}) { + next unless exists $_->{'id'}->{"value"}; + my $p = { name => $_->{'id'}->{'value'} }; + my $v = (); + for my $n (qw/any inactive active/) { + my $ref = $_->{'defaults'}->{'allow_'.$n}; + if (ref $ref eq 'ARRAY') { + warn $p->{'name'}.": duplicate allow_$n\n"; + $ref = $ref->[-1]; } - $p->{'value'} = join(':', @v); - push @policies, $p; + push @$v, $ref->{'value'} || 'no'; } - } else { - while(<F>) { - chomp; - next unless $_; - next if(/^#/); - my ($privilege, $perms) = split(/\s+/); - $known{$privilege} = 1; + $p->{'value'} = $v; + push @policies, $p; + } +} + +for my $f (@{$options{'policy'}}) { + open (F, '<', $f) or die "$f: $!"; + while(<F>) { + chomp; + next unless $_; + next if(/^#/); + my ($privilege, $perms) = split(/\s+/); + my @p = map { s/^(auth_(?:admin|self)_keep).+$/$1/; s/_one_shot//; $_ } split(/:/, $perms); + if (@p != 3) { + @p = ($p[0], $p[0], $p[0]); } + $known{$privilege} = [ @p ]; } close F; } -if(!$permissions) { +if (!$options{'policy'}) { map { print $_->{'name'}, "\n" } @policies; +} elsif ($options{'check-override'}) { + for my $p (@policies) { + next unless exists $known{$p->{'name'}}; + next if $known{$p->{'name'}}->[2] eq $p->{'value'}->[2]; + print sprintf('%-63s %s -> %s'."\n", $p->{'name'}, $p->{'value'}->[2], $known{$p->{'name'}}->[2]); + } } else { my $have_unknown; for (@policies) { next if exists $known{$_->{'name'}}; - print sprintf('%-63s %s'."\n", $_->{'name'}, $_->{'value'}); + print sprintf('%-63s %s'."\n", $_->{'name'}, join(':', @{$_->{'value'}})); $have_unknown = 1; } - if ($ENV{'VERBOSE'}) { + if ($options{'verbose'}) { my %seen = map { $_->{'name'} => 1} @policies; my @obs; for (keys %known) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-12.3/polkit-default-privs.restrictive new/polkit-default-privs-12.3/polkit-default-privs.restrictive --- old/polkit-default-privs-12.3/polkit-default-privs.restrictive 2013-02-19 17:13:52.000000000 +0100 +++ new/polkit-default-privs-12.3/polkit-default-privs.restrictive 2013-02-22 09:39:59.000000000 +0100 @@ -187,13 +187,13 @@ org.freedesktop.udisks2.modify-device auth_admin org.freedesktop.udisks2.ata-smart-update auth_admin # (bnc#761872) -org.freedesktop.udisks2.eject-media auth_admin:auth_admin:yes -org.freedesktop.udisks2.filesystem-mount-other-seat auth_admin:auth_admin:auth_admin_keep -org.freedesktop.udisks2.encrypted-unlock-other-seat auth_admin:auth_admin:auth_admin_keep -org.freedesktop.udisks2.loop-modify-others auth_admin:auth_admin:auth_admin_keep -org.freedesktop.udisks2.eject-media-system auth_admin:auth_admin:auth_admin_keep -org.freedesktop.udisks2.eject-media-other-seat auth_admin:auth_admin:auth_admin_keep -org.freedesktop.udisks2.modify-device-other-seat auth_admin:auth_admin:auth_admin_keep +org.freedesktop.udisks2.eject-media auth_admin +org.freedesktop.udisks2.filesystem-mount-other-seat auth_admin +org.freedesktop.udisks2.encrypted-unlock-other-seat auth_admin +org.freedesktop.udisks2.loop-modify-others auth_admin +org.freedesktop.udisks2.eject-media-system auth_admin +org.freedesktop.udisks2.eject-media-other-seat auth_admin +org.freedesktop.udisks2.modify-device-other-seat auth_admin # # upower @@ -364,14 +364,14 @@ # # GNOME control-center (bnc#779938) # -org.gnome.controlcenter.user-accounts.administration no:no:auth_admin_keep -org.gnome.controlcenter.datetime.configure no:no:auth_admin_keep +org.gnome.controlcenter.user-accounts.administration auth_admin_keep +org.gnome.controlcenter.datetime.configure auth_admin_keep # # PackageKit / systemd offline updates (bnc#798885) # -org.freedesktop.packagekit.trigger-offline-update no:no:auth_admin_keep -org.freedesktop.packagekit.clear-offline-update no:no:auth_admin_keep +org.freedesktop.packagekit.trigger-offline-update auth_admin_keep +org.freedesktop.packagekit.clear-offline-update auth_admin_keep ### -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit polkit-default-privs for openSUSE:Factory
by root＠hilbert.suse.de 22 Feb '13

22 Feb '13

Hello community, here is the log from the commit of package polkit-default-privs for openSUSE:Factory checked in at 2013-02-22 16:57:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/polkit-default-privs (Old) and /work/SRC/openSUSE:Factory/.polkit-default-privs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "polkit-default-privs", Maintainer is "meissner(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/polkit-default-privs/polkit-default-privs.changes 2013-02-21 10:44:07.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.polkit-default-privs.new/polkit-default-privs.changes 2013-02-22 16:57:27.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Feb 21 15:52:52 UTC 2013 - lnussel(a)suse.de + +- fix restrictive privileges +- generate javascript files for new polkit (bnc#804376) +- implement check for overrides + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ polkit-default-privs.spec ++++++ --- /var/tmp/diff_new_pack.TtvPkk/_old 2013-02-22 16:57:28.000000000 +0100 +++ /var/tmp/diff_new_pack.TtvPkk/_new 2013-02-22 16:57:28.000000000 +0100 @@ -47,7 +47,7 @@ %install make install DESTDIR=$RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT/var/lib/polkit-1/localauthority/10-vendor.d +mkdir -p $RPM_BUILD_ROOT/etc/polkit-1/rules.d/ %post %{fillup_only -ns security polkit_default_privs} @@ -65,8 +65,7 @@ /sbin/set_polkit_default_privs %_mandir/man*/* /var/adm/fillup-templates/sysconfig.security-polkit_default_privs -%attr(0700,root,root) %dir /var/lib/polkit-1 -%dir /var/lib/polkit-1/localauthority -%dir /var/lib/polkit-1/localauthority/10-vendor.d +%attr(0755,root,root)%dir /etc/polkit-1/ +%attr(0755,root,root)%dir /etc/polkit-1/rules.d/ %changelog ++++++ polkit-default-privs-12.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-12.3/chkstat-polkit new/polkit-default-privs-12.3/chkstat-polkit --- old/polkit-default-privs-12.3/chkstat-polkit 2013-02-19 17:13:52.000000000 +0100 +++ new/polkit-default-privs-12.3/chkstat-polkit 2013-02-22 09:39:59.000000000 +0100 @@ -1,6 +1,6 @@ #!/usr/bin/perl -w # This module sets policykit permssions -# Copyright (C) 2008, 2009 SUSE Linux Products GmbH, Nuernberg, Germany. +# Copyright (C) 2008, 2009, 2013 SUSE Linux Products GmbH, Nuernberg, Germany. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -21,13 +21,8 @@ use strict; use File::Path; -use Digest::MD5 qw/md5_hex/; -my $polkit_public_dir = '/var/lib/PolicyKit-public'; -my $polkit1_localauthority_dir = '/var/lib/polkit-1/localauthority/10-vendor.d'; -my $suseconfig_dir = '/var/adm/SuSEconfig'; -my $md5_dir = $suseconfig_dir.'/md5'; -my $reload_file = '/var/lib/misc/PolicyKit.reload'; +my $file = '/etc/polkit-1/rules.d/50-default-privs.rules'; my $do_set; # privilege => value @@ -48,139 +43,6 @@ exit 1; } -my $policykit_ops = { - name => 'PolicyKit', - overridefile => sub { - my $priv = shift; - return $polkit_public_dir.'/'.$priv.'.defaults-override'; - }, - parse => sub { - my $priv = shift; - return shift; - }, - create => sub { - my $priv = shift; - return shift; - }, - pretty => sub { - my $perms = shift; - my @p = map { s/^auth/a/; s/_admin/a/; s/_self/s/; s/_keep/k/; s/_session/s/; s/_always/a/; $_ } split(/:/, $perms); - return join(':', @p); - }, -}; - -my $polkit1_ops = { - name => 'polkit1', - overridefile => sub { - my $priv = shift; - return $polkit1_localauthority_dir.'/'.$priv.'.pkla'; - }, - parse => sub { - my $priv = shift; - my @p; - for(@_) { - if(/^ResultAny=(.+)\n/) { - $p[0] = $1; - } elsif(/^ResultInactive=(.+)\n/) { - $p[1] = $1; - } elsif(/^ResultActive=(.+)\n/) { - $p[2] = $1; - } - } - return join(':', @p) if ($p[0] && $p[1] && $p[2]); - return undef; - }, - convert => sub { - my $perms = shift; - my @p = map { s/^(auth_(?:admin|self)_keep).+$/$1/; s/_one_shot//; $_ } split(/:/, $perms); - return join(':', @p); - }, - create => sub { - my $priv = shift; - my $perms = shift; - - my @p = split(/:/, $perms); - - my $txt = "[$priv]\nIdentity=unix-group:*\nAction=$priv\n" - . "ResultAny=$p[0]\nResultInactive=$p[1]\nResultActive=$p[2]\n"; - return $txt; - }, - pretty => sub { - my $perms = shift; - my @p = map { s/^auth/a/; s/_admin/a/; s/_self/s/; s/_keep/k/; s/_session//; s/_always//; $_ } split(/:/, $perms); - return join(':', @p); - }, -}; - - -sub override($$$) -{ - my ($privilege, $perms, $ops) = @_; - my $overridefile = $ops->{overridefile}($privilege); - my $old_perms; - my @old_content; - if(-e $overridefile) { - if(!open(F, '<', $overridefile)) { - print STDERR "can't open $overridefile: $!, skip.\n"; - return; - } - @old_content = <F>; - $old_perms = $ops->{parse}($privilege, @old_content); - close F; - } - - $perms = $ops->{convert}($perms) if $ops->{convert}; - - if(defined $old_perms && $perms eq $old_perms) { - return; - } - - if($do_set) { - print $ops->{name}.": setting $privilege to ".$ops->{pretty}($perms).($old_perms?" (wrong setting ".$ops->{pretty}($old_perms).")\n":"\n"); - if(-e $overridefile) { - if(!open(F, '<', $md5_dir.'/'.$overridefile)) { - print STDERR "$overridefile was created externally, skip.\n"; - return; - } - my $should_digest = <F>; - $should_digest = substr($should_digest, 0, 32); - close F; - my $digest = md5_hex(join('', @old_content)); - if($digest ne $should_digest) { - print "$should_digest $digest\n"; - print STDERR "$overridefile was modifed externally, skip.\n"; - return; - } - } - if(!open(F, '>', $overridefile.'.new')) { - print STDERR "can't create $overridefile.new: $!, skip.\n"; - return; - } - my $content = $ops->{create}($privilege, $perms); - print F $content; - close F; - my $digest = md5_hex($content); - if(!open(F, '>', $md5_dir.'/'.$overridefile)) { - print STDERR "can't save md5 check for $privilege: $!\n"; - unlink($overridefile.".new"); - return; - } - print F $digest." $overridefile\n"; - close F; - rename($overridefile.'.new', $overridefile); - } else { - print $ops->{name}.": $privilege should be ".$ops->{pretty}($perms).($old_perms?" (wrong setting ".$ops->{pretty}($old_perms).")\n":"\n"); - } -} - -if (-d $polkit_public_dir) { - mkpath($md5_dir.'/'.$polkit_public_dir) if $do_set; -} else { - $policykit_ops = undef; -} -mkpath($polkit1_localauthority_dir) if $do_set; -mkpath($md5_dir.'/'.$polkit1_localauthority_dir) if $do_set; - while(<>) { chomp; next unless $_; @@ -189,15 +51,55 @@ if($perms !~ /:/) { $perms = $perms.':'.$perms.':'.$perms; } - # backward compat with PolicyKit - my @p = map { s/^auth_(admin\|self)_keep$/auth_$1_keep_always/; $_ } split(/:/, $perms); - $perms = join(':', @p); - $to_set{$privilege} = $perms; + # convert PolicyKit syntax + my @p = map { s/^(auth_(?:admin|self)_keep).+$/$1/; s/_one_shot//; $_ } split(/:/, $perms); + for (@p) { + unless (/^(?:auth_(?:admin|self)(?:_keep)?|yes|no)$/) { + warn "invalid value $_ in line $.\n"; + next; + } + } + $to_set{$privilege} = [ @p ]; } + +my $rules = ''; while (my ($privilege, $perms) = each %to_set) { - override($privilege, $perms, $policykit_ops) if defined $policykit_ops; - override($privilege, $perms, $polkit1_ops); + my @p = @$perms; + $rules .= sprintf("\t\t'%s':\n\t\t\t[ '%s', '%s', '%s' ],\n", $privilege, $p[0], $p[1], $p[2]); } -utime undef, undef, $reload_file if $do_set; +exit(0) unless $do_set; + +open(F, '>', $file.'.new') or die "can't open $file.new: $!\n"; +while(<DATA>) { + if (/INSERT_RULES_HERE/) { + $_ = $rules; + } + print F; +} +close F; + +rename($file.'.new', $file) or die "can't rename $file.new: $!\n"; + +__END__ +/************************************\ +* AUTOMATICALY GENERATED DO NOT EDIT * +* see man set_polkit_default_privs * +\************************************/ +polkit.addRule(function(action, subject) { + rules = { + "INSERT_RULES_HERE" : [ "auth_admin", "auth_admin", "auth_admin" ], + }; + var i = 0; + if (subject.local) { + if (subject.active) { + i = 2; + } else { + i = 1; + } + } + if (rules[action.id]) { + return rules[action.id][i]; + } +}); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-12.3/listpolicies.pl new/polkit-default-privs-12.3/listpolicies.pl --- old/polkit-default-privs-12.3/listpolicies.pl 2013-02-19 17:13:52.000000000 +0100 +++ new/polkit-default-privs-12.3/listpolicies.pl 2013-02-22 09:39:59.000000000 +0100 @@ -9,76 +9,104 @@ use strict; use XML::Bare; -use Data::Dumper; +use Data::Dump; +use Getopt::Long; +Getopt::Long::Configure("no_ignore_case"); + +my %options; + +sub usage($) { + my $r = shift; + eval "use Pod::Usage; pod2usage($r);"; + if ($@) { + die "cannot display help, install perl(Pod::Usage)\n"; + } +} + +GetOptions( + \%options, + "verbose|v", + "policy=s@", + "check-override", + "help|h", +) or usage(1); + +usage(0) if ($options{'help'}); -my $permissions; my %known; my @policies; if ($#ARGV == -1) { my $buildroot = $ENV{'BUILD_ROOT'} || ''; my $rpm_buildroot = $ENV{'RPM_BUILD_ROOT'} || ''; - @ARGV = glob "$rpm_buildroot/usr/share/PolicyKit/policy/*.policy"; push @ARGV, glob "$rpm_buildroot/usr/share/polkit-1/actions/*.policy"; - push @ARGV, '--'; - push @ARGV, "$buildroot/etc/polkit-default-privs.standard"; + unless ($options{'policy'}) { + $options{'policy'} = [ "$buildroot/etc/polkit-default-privs.standard" ]; + } } for my $f (@ARGV) { - if ("$f" eq '--') { - $permissions = 1; - next; - } open (F, '<', $f) or die "$f: $!"; - if(!$permissions) { - #print STDERR "+++ ", $f,"\n"; - my $xml = XML::Bare->new(text => join('', <F>))->parse(); - - die "file is not a policykit config file" unless exists $xml->{'policyconfig'}->{'action'}; - - my $a; - if (ref $xml->{'policyconfig'}->{'action'} eq 'ARRAY') { - $a = $xml->{'policyconfig'}->{'action'} - } else { - $a = [$xml->{'policyconfig'}->{'action'}]; - } - for (@{$a}) { - next unless exists $_->{'id'}->{"value"}; - my $p = { name => $_->{'id'}->{'value'} }; - my @v; - for my $n (qw/any inactive active/) { - my $ref = $_->{'defaults'}->{'allow_'.$n}; - if (ref $ref eq 'ARRAY') { - warn $p->{'name'}.": duplicate allow_$n\n"; - $ref = $ref->[-1]; - } - push @v, $ref->{'value'} || 'no'; + #print STDERR "+++ ", $f,"\n"; + my $xml = XML::Bare->new(text => join('', <F>))->parse(); + + die "file is not a policykit config file" unless exists $xml->{'policyconfig'}->{'action'}; + + my $a; + if (ref $xml->{'policyconfig'}->{'action'} eq 'ARRAY') { + $a = $xml->{'policyconfig'}->{'action'} + } else { + $a = [$xml->{'policyconfig'}->{'action'}]; + } + for (@{$a}) { + next unless exists $_->{'id'}->{"value"}; + my $p = { name => $_->{'id'}->{'value'} }; + my $v = (); + for my $n (qw/any inactive active/) { + my $ref = $_->{'defaults'}->{'allow_'.$n}; + if (ref $ref eq 'ARRAY') { + warn $p->{'name'}.": duplicate allow_$n\n"; + $ref = $ref->[-1]; } - $p->{'value'} = join(':', @v); - push @policies, $p; + push @$v, $ref->{'value'} || 'no'; } - } else { - while(<F>) { - chomp; - next unless $_; - next if(/^#/); - my ($privilege, $perms) = split(/\s+/); - $known{$privilege} = 1; + $p->{'value'} = $v; + push @policies, $p; + } +} + +for my $f (@{$options{'policy'}}) { + open (F, '<', $f) or die "$f: $!"; + while(<F>) { + chomp; + next unless $_; + next if(/^#/); + my ($privilege, $perms) = split(/\s+/); + my @p = map { s/^(auth_(?:admin|self)_keep).+$/$1/; s/_one_shot//; $_ } split(/:/, $perms); + if (@p != 3) { + @p = ($p[0], $p[0], $p[0]); } + $known{$privilege} = [ @p ]; } close F; } -if(!$permissions) { +if (!$options{'policy'}) { map { print $_->{'name'}, "\n" } @policies; +} elsif ($options{'check-override'}) { + for my $p (@policies) { + next unless exists $known{$p->{'name'}}; + next if $known{$p->{'name'}}->[2] eq $p->{'value'}->[2]; + print sprintf('%-63s %s -> %s'."\n", $p->{'name'}, $p->{'value'}->[2], $known{$p->{'name'}}->[2]); + } } else { my $have_unknown; for (@policies) { next if exists $known{$_->{'name'}}; - print sprintf('%-63s %s'."\n", $_->{'name'}, $_->{'value'}); + print sprintf('%-63s %s'."\n", $_->{'name'}, join(':', @{$_->{'value'}})); $have_unknown = 1; } - if ($ENV{'VERBOSE'}) { + if ($options{'verbose'}) { my %seen = map { $_->{'name'} => 1} @policies; my @obs; for (keys %known) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-12.3/polkit-default-privs.restrictive new/polkit-default-privs-12.3/polkit-default-privs.restrictive --- old/polkit-default-privs-12.3/polkit-default-privs.restrictive 2013-02-19 17:13:52.000000000 +0100 +++ new/polkit-default-privs-12.3/polkit-default-privs.restrictive 2013-02-22 09:39:59.000000000 +0100 @@ -187,13 +187,13 @@ org.freedesktop.udisks2.modify-device auth_admin org.freedesktop.udisks2.ata-smart-update auth_admin # (bnc#761872) -org.freedesktop.udisks2.eject-media auth_admin:auth_admin:yes -org.freedesktop.udisks2.filesystem-mount-other-seat auth_admin:auth_admin:auth_admin_keep -org.freedesktop.udisks2.encrypted-unlock-other-seat auth_admin:auth_admin:auth_admin_keep -org.freedesktop.udisks2.loop-modify-others auth_admin:auth_admin:auth_admin_keep -org.freedesktop.udisks2.eject-media-system auth_admin:auth_admin:auth_admin_keep -org.freedesktop.udisks2.eject-media-other-seat auth_admin:auth_admin:auth_admin_keep -org.freedesktop.udisks2.modify-device-other-seat auth_admin:auth_admin:auth_admin_keep +org.freedesktop.udisks2.eject-media auth_admin +org.freedesktop.udisks2.filesystem-mount-other-seat auth_admin +org.freedesktop.udisks2.encrypted-unlock-other-seat auth_admin +org.freedesktop.udisks2.loop-modify-others auth_admin +org.freedesktop.udisks2.eject-media-system auth_admin +org.freedesktop.udisks2.eject-media-other-seat auth_admin +org.freedesktop.udisks2.modify-device-other-seat auth_admin # # upower @@ -364,14 +364,14 @@ # # GNOME control-center (bnc#779938) # -org.gnome.controlcenter.user-accounts.administration no:no:auth_admin_keep -org.gnome.controlcenter.datetime.configure no:no:auth_admin_keep +org.gnome.controlcenter.user-accounts.administration auth_admin_keep +org.gnome.controlcenter.datetime.configure auth_admin_keep # # PackageKit / systemd offline updates (bnc#798885) # -org.freedesktop.packagekit.trigger-offline-update no:no:auth_admin_keep -org.freedesktop.packagekit.clear-offline-update no:no:auth_admin_keep +org.freedesktop.packagekit.trigger-offline-update auth_admin_keep +org.freedesktop.packagekit.clear-offline-update auth_admin_keep ### -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit pesign for openSUSE:12.3
by root＠hilbert.suse.de 22 Feb '13

22 Feb '13

Hello community, here is the log from the commit of package pesign for openSUSE:12.3 checked in at 2013-02-22 16:57:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3/pesign (Old) and /work/SRC/openSUSE:12.3/.pesign.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "pesign", Maintainer is "GLin(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:12.3/pesign/pesign.changes 2013-02-13 12:09:56.000000000 +0100 +++ /work/SRC/openSUSE:12.3/.pesign.new/pesign.changes 2013-02-22 16:57:15.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Feb 22 08:44:43 UTC 2013 - glin(a)suse.com + +- Add pesign-bnc805166-fix-signature-list.patch to fix the broken + signature list when inserting signature into a signed EFI binary + (bnc#805166) + +------------------------------------------------------------------- New: ---- pesign-bnc805166-fix-signature-list.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pesign.spec ++++++ --- /var/tmp/diff_new_pack.tsRKBH/_old 2013-02-22 16:57:15.000000000 +0100 +++ /var/tmp/diff_new_pack.tsRKBH/_new 2013-02-22 16:57:15.000000000 +0100 @@ -43,6 +43,8 @@ # PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin(a)suse.com -- Don't check the private key when importing the raw signature Patch10: pesign-privkey_unneeded.diff Patch11: pesign-no-set-image-size.patch +# PATCH-FIX-UPSTREAM pesign-bnc805166-fix-signature-list.patch bnc#805166 glin(a)suse.com -- Fix the broken signature list when inserting a new signature into a signed EFI binary. +Patch12: pesign-bnc805166-fix-signature-list.patch BuildRequires: mozilla-nss-devel BuildRequires: pkg-config BuildRequires: popt-devel @@ -78,6 +80,7 @@ %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 %build make OPTFLAGS="$RPM_OPT_FLAGS" ++++++ pesign-bnc805166-fix-signature-list.patch ++++++ ++++ 781 lines (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit pesign for openSUSE:Factory
by root＠hilbert.suse.de 22 Feb '13

22 Feb '13

Hello community, here is the log from the commit of package pesign for openSUSE:Factory checked in at 2013-02-22 16:57:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pesign (Old) and /work/SRC/openSUSE:Factory/.pesign.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "pesign", Maintainer is "GLin(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/pesign/pesign.changes 2013-02-13 12:09:52.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-02-22 16:57:11.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Feb 22 08:44:43 UTC 2013 - glin(a)suse.com + +- Add pesign-bnc805166-fix-signature-list.patch to fix the broken + signature list when inserting signature into a signed EFI binary + (bnc#805166) + +------------------------------------------------------------------- New: ---- pesign-bnc805166-fix-signature-list.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pesign.spec ++++++ --- /var/tmp/diff_new_pack.1ncOKm/_old 2013-02-22 16:57:13.000000000 +0100 +++ /var/tmp/diff_new_pack.1ncOKm/_new 2013-02-22 16:57:13.000000000 +0100 @@ -43,6 +43,8 @@ # PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin(a)suse.com -- Don't check the private key when importing the raw signature Patch10: pesign-privkey_unneeded.diff Patch11: pesign-no-set-image-size.patch +# PATCH-FIX-UPSTREAM pesign-bnc805166-fix-signature-list.patch bnc#805166 glin(a)suse.com -- Fix the broken signature list when inserting a new signature into a signed EFI binary. +Patch12: pesign-bnc805166-fix-signature-list.patch BuildRequires: mozilla-nss-devel BuildRequires: pkg-config BuildRequires: popt-devel @@ -78,6 +80,7 @@ %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 %build make OPTFLAGS="$RPM_OPT_FLAGS" ++++++ pesign-bnc805166-fix-signature-list.patch ++++++ ++++ 781 lines (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit openstack-quickstart for openSUSE:Factory
by root＠hilbert.suse.de 22 Feb '13

22 Feb '13

Hello community, here is the log from the commit of package openstack-quickstart for openSUSE:Factory checked in at 2013-02-22 16:56:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openstack-quickstart (Old) and /work/SRC/openSUSE:Factory/.openstack-quickstart.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openstack-quickstart", Maintainer is "radmanic(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/openstack-quickstart/openstack-quickstart.changes 2013-01-30 11:18:05.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openstack-quickstart.new/openstack-quickstart.changes 2013-02-22 16:56:59.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Feb 7 18:38:37 UTC 2013 - cloud-devel(a)suse.de + +- Update to latest git (cb0fbe8): + + Enalbe Cinder and Swift Service endpoints + + Setup Cinder properly + +------------------------------------------------------------------- Old: ---- openstack-quickstart-2012.2+git.1358781673.95d7088.tar.gz New: ---- openstack-quickstart-2012.2+git.1360262230.cb0fbe8.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openstack-quickstart.spec ++++++ --- /var/tmp/diff_new_pack.ymofJY/_old 2013-02-22 16:57:00.000000000 +0100 +++ /var/tmp/diff_new_pack.ymofJY/_new 2013-02-22 16:57:00.000000000 +0100 @@ -18,8 +18,8 @@ Name: openstack-quickstart -Version: 2012.2+git.1358781673.95d7088 -Release: 1 +Version: 2012.2+git.1360262230.cb0fbe8 +Release: 0 License: MIT Summary: OpenStack Quickstart Url: http://en.opensuse.org/SDB:Cloud_OpenStack_Quickstart ++++++ openstack-quickstart-2012.2+git.1358781673.95d7088.tar.gz -> openstack-quickstart-2012.2+git.1360262230.cb0fbe8.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openstack-quickstart-2012.2+git.1358781673.95d7088/scripts/openstack-quickstart-demosetup new/openstack-quickstart-2012.2+git.1360262230.cb0fbe8/scripts/openstack-quickstart-demosetup --- old/openstack-quickstart-2012.2+git.1358781673.95d7088/scripts/openstack-quickstart-demosetup 2013-01-25 12:14:32.000000000 +0100 +++ new/openstack-quickstart-2012.2+git.1360262230.cb0fbe8/scripts/openstack-quickstart-demosetup 2013-02-07 19:38:06.000000000 +0100 @@ -161,6 +161,9 @@ echo "osapi_extensions_path=" >> /etc/nova/nova.conf fi +# configure cinder +sed -i -e "s,#*[ ]*sql_connection=.*,sql_connection=$DB://cinder:${mpw}@${IP}/cinder," /etc/cinder/cinder.conf + grep -q nova-rootwrap /etc/sudoers || echo "openstack-nova ALL=(ALL) NOPASSWD:/usr/bin/nova-rootwrap" >> /etc/sudoers grep -q cinder-rootwrap /etc/sudoers || echo "openstack-cinder ALL=(ALL) NOPASSWD:/usr/bin/cinder-rootwrap" >> /etc/sudoers @@ -192,7 +195,7 @@ fi fi sudo -u postgres dropdb keystone # needed for keystone_data.sh - for DBNAME in nova keystone glance horizon ; do + for DBNAME in nova cinder keystone glance horizon ; do # use ALTER if CREATE fails: the role probably already exists # in that case sudo -u postgres psql -c "CREATE ROLE $DBNAME PASSWORD '$mpw' LOGIN;" || \ @@ -204,7 +207,7 @@ insserv postgresql else echo | mysql -u root || pwquery=-p - for DBNAME in nova keystone glance horizon ; do + for DBNAME in nova cinder keystone glance horizon ; do echo " set global character_set_server=latin1; set session character_set_server=latin1; @@ -307,7 +310,7 @@ # 2012-02-28 keystone light setup /etc/init.d/openstack-keystone restart -ENABLED_SERVICES=${ENABLED_SERVICES:-g-api,g-reg,key,n-api,n-cpu,n-net,n-vol,n-sch,n-novnc,n-xvnc,horizon,mysql,rabbit} +ENABLED_SERVICES=${ENABLED_SERVICES:-g-api,g-reg,key,n-api,n-cpu,n-net,n-vol,c-api,n-sch,n-novnc,n-xvnc,horizon,swift,mysql,rabbit} KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST} KEYSTONE_AUTH_PORT=${KEYSTONE_AUTH_PORT:-35357} KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-http} -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit openstack-quantum for openSUSE:Factory
by root＠hilbert.suse.de 22 Feb '13

22 Feb '13

Hello community, here is the log from the commit of package openstack-quantum for openSUSE:Factory checked in at 2013-02-22 16:56:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openstack-quantum (Old) and /work/SRC/openSUSE:Factory/.openstack-quantum.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openstack-quantum", Maintainer is "radmanic(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/openstack-quantum/openstack-quantum.changes 2013-02-08 07:14:42.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openstack-quantum.new/openstack-quantum.changes 2013-02-22 16:56:46.000000000 +0100 @@ -1,0 +2,9 @@ +Fri Feb 22 10:12:49 UTC 2013 - cloud-devel(a)suse.de + +- Update to version 2012.2.4+git.1361527969.4de49b4: + + only destroy single namespace if router_id is set + + Enable OVS and NETNS utilities to perform logging + + Disable dhcp_domain distribution when dhcp_domain is empty + + Shorten the DHCP default resync_interval + +-------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openstack-quantum.spec ++++++ --- /var/tmp/diff_new_pack.R84CRf/_old 2013-02-22 16:56:47.000000000 +0100 +++ /var/tmp/diff_new_pack.R84CRf/_new 2013-02-22 16:56:47.000000000 +0100 @@ -21,7 +21,7 @@ %define username openstack-%{component} Name: openstack-%{component} -Version: 2012.2.4+git.1360134016.d2a85e6 +Version: 2012.2.4+git.1361527969.4de49b4 Release: 1 License: Apache-2.0 Summary: OpenStack Virtual Network Service (Quantum) ++++++ quantum-stable-folsom.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/quantum-2012.2.4/AUTHORS new/quantum-2012.2.4/AUTHORS --- old/quantum-2012.2.4/AUTHORS 2013-02-01 02:13:14.000000000 +0100 +++ new/quantum-2012.2.4/AUTHORS 2013-02-19 14:33:54.000000000 +0100 @@ -10,6 +10,7 @@ Brad Hall <brad(a)nicira.com> Brian Waldon <bcwaldon(a)gmail.com> chnm-kulkarni <chnm.kulkarni(a)gmail.com> +Christoph Thiel <c.thiel(a)telekom.de> Clark Boylan <clark.boylan(a)gmail.com> Dan Prince <dprince(a)redhat.com> Dan Wendlandt <dan(a)nicira.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/quantum-2012.2.4/ChangeLog new/quantum-2012.2.4/ChangeLog --- old/quantum-2012.2.4/ChangeLog 2013-02-01 02:13:14.000000000 +0100 +++ new/quantum-2012.2.4/ChangeLog 2013-02-19 14:33:54.000000000 +0100 @@ -1,3 +1,73 @@ +commit 4de49b4d81297fad33b4aff87c03f7508ea1a194 +Merge: 004a924 5d26f41 +Author: Jenkins <jenkins(a)review.openstack.org> +Date: Tue Feb 19 13:15:33 2013 +0000 + + Merge "Shorten the DHCP default resync_interval" into stable/folsom + +commit 004a924eca5e77dc4f73ce2eb29a82ece6a97099 +Merge: 7be990a 2f32795 +Author: Jenkins <jenkins(a)review.openstack.org> +Date: Tue Feb 19 13:15:28 2013 +0000 + + Merge "Disable dhcp_domain distribution when dhcp_domain is empty" into stable/folsom + +commit 5d26f41d5949d8d9712286f67d9e83dbb547bb71 +Author: Gary Kotton <gkotton(a)redhat.com> +Date: Sun Feb 17 15:46:14 2013 +0000 + + Shorten the DHCP default resync_interval + + Fixes bug 1128180 + + Change-Id: Ie63ef674b5e05fab659e675774a1b25cd57d4c41 + + etc/dhcp_agent.ini | 2 +- + quantum/agent/dhcp_agent.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +commit 7be990a16ccbd147eae422f71f6730065ee5ceaf +Merge: 45baf03 8755cb3 +Author: Jenkins <jenkins(a)review.openstack.org> +Date: Mon Feb 18 07:55:12 2013 +0000 + + Merge "Enable OVS and NETNS utilities to perform logging" into stable/folsom + +commit 45baf034466275fbc32ababada1513c7b5e76c01 +Author: Christoph Thiel <c.thiel(a)telekom.de> +Date: Tue Feb 12 11:44:23 2013 +0100 + + only destroy single namespace if router_id is set + + Fixes bug 1122206 + + If multiple instances of l3_agent are running on the same host, all qrouter- + namespaces will be destroyed as new l3_agents are started. This fix allows + for multiple l3_agents to be running on the same host when router_id is set + for each agent. + + Change-Id: I879cdc6faba94900f831232232d67e471c70d778 + + quantum/agent/l3_agent.py | 15 +++++++++++---- + quantum/tests/unit/test_l3_agent.py | 29 +++++++++++++++++++++++++++-- + 2 files changed, 38 insertions(+), 6 deletions(-) + +commit 8755cb3dc6d215f0dde178668c6e13cfa7d6b20d +Author: Gary Kotton <gkotton(a)redhat.com> +Date: Sat Feb 9 15:12:56 2013 +0000 + + Enable OVS and NETNS utilities to perform logging + + Fixes bug 1118517 + + Change-Id: I041e61505475da2383b34eaeb16dd3b0e9750898 + + quantum/agent/netns_cleanup_util.py | 2 +- + quantum/agent/ovs_cleanup_util.py | 2 +- + quantum/tests/unit/test_agent_netns_cleanup.py | 38 +++++++++++++----------- + quantum/tests/unit/test_agent_ovs_cleanup.py | 11 ++++--- + 4 files changed, 27 insertions(+), 26 deletions(-) + commit d2a85e655e1b721b5620d9e4a4a9d7201caed257 Author: Mark McLoughlin <markmc(a)redhat.com> Date: Thu Jan 31 21:34:03 2013 +0000 @@ -22,6 +92,20 @@ quantum/version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) +commit 2f3279502356008b69e3e43e210c86c1c9e659fe +Author: Nachi Ueno <nachi(a)nttmcl.com> +Date: Tue Jan 15 09:54:59 2013 -0800 + + Disable dhcp_domain distribution when dhcp_domain is empty + + fixes bug 1099625 + + Change-Id: Ib86770345c46a0dd8bb38a4c3e435420170828af + + quantum/agent/linux/dhcp.py | 8 +++++--- + quantum/tests/unit/test_linux_dhcp.py | 16 ++++++++++------ + 2 files changed, 15 insertions(+), 9 deletions(-) + commit a84ba7e171e809dbb62e8065f63729ba34d395d8 Author: Gary Kotton <gkotton(a)redhat.com> Date: Tue Jan 29 15:46:01 2013 +0000 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/quantum-2012.2.4/etc/dhcp_agent.ini new/quantum-2012.2.4/etc/dhcp_agent.ini --- old/quantum-2012.2.4/etc/dhcp_agent.ini 2013-02-01 02:09:37.000000000 +0100 +++ new/quantum-2012.2.4/etc/dhcp_agent.ini 2013-02-19 14:27:49.000000000 +0100 @@ -10,7 +10,7 @@ # The DHCP agent will resync its state with Quantum to recover from any # transient notification or rpc errors. The interval is number of # seconds between attempts. -# resync_interval = 30 +# resync_interval = 5 # The DHCP requires that an inteface driver be set. Choose the one that best # matches you plugin. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/quantum-2012.2.4/quantum/agent/dhcp_agent.py new/quantum-2012.2.4/quantum/agent/dhcp_agent.py --- old/quantum-2012.2.4/quantum/agent/dhcp_agent.py 2013-02-01 02:09:37.000000000 +0100 +++ new/quantum-2012.2.4/quantum/agent/dhcp_agent.py 2013-02-19 14:27:49.000000000 +0100 @@ -46,7 +46,7 @@ class DhcpAgent(object): OPTS = [ cfg.StrOpt('root_helper', default='sudo'), - cfg.IntOpt('resync_interval', default=30), + cfg.IntOpt('resync_interval', default=5), cfg.StrOpt('dhcp_driver', default='quantum.agent.linux.dhcp.Dnsmasq', help="The driver used to manage the DHCP server."), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/quantum-2012.2.4/quantum/agent/l3_agent.py new/quantum-2012.2.4/quantum/agent/l3_agent.py --- old/quantum-2012.2.4/quantum/agent/l3_agent.py 2013-02-01 02:09:37.000000000 +0100 +++ new/quantum-2012.2.4/quantum/agent/l3_agent.py 2013-02-19 14:27:49.000000000 +0100 @@ -127,15 +127,22 @@ ) if self.conf.use_namespaces: - self._destroy_all_router_namespaces() + self._destroy_router_namespaces(self.conf.router_id) - def _destroy_all_router_namespaces(self): - """Destroy all router namespaces on the host to eliminate - all stale linux devices, iptables rules, and namespaces. + def _destroy_router_namespaces(self, only_router_id=None): + """Destroy router namespaces on the host to eliminate all stale + linux devices, iptables rules, and namespaces. + + If only_router_id is passed, only destroy single namespace, to allow + for multiple l3 agents on the same host, without stepping on each + other's toes on init. This only makes sense if router_id is set. """ root_ip = ip_lib.IPWrapper(self.conf.root_helper) for ns in root_ip.get_namespaces(self.conf.root_helper): if ns.startswith(NS_PREFIX): + if only_router_id and not ns.endswith(only_router_id): + continue + try: self._destroy_router_namespace(ns) except: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/quantum-2012.2.4/quantum/agent/linux/dhcp.py new/quantum-2012.2.4/quantum/agent/linux/dhcp.py --- old/quantum-2012.2.4/quantum/agent/linux/dhcp.py 2013-02-01 02:09:37.000000000 +0100 +++ new/quantum-2012.2.4/quantum/agent/linux/dhcp.py 2013-02-19 14:27:49.000000000 +0100 @@ -221,9 +221,8 @@ '--bind-interfaces', '--interface=%s' % self.interface_name, '--except-interface=lo', - '--domain=%s' % self.conf.dhcp_domain, - '--pid-file=%s' % self.get_conf_file_name('pid', - ensure_conf_dir=True), + '--pid-file=%s' % self.get_conf_file_name( + 'pid', ensure_conf_dir=True), #TODO (mark): calculate value from cidr (defaults to 150) #'--dhcp-lease-max=%s' % ?, '--dhcp-hostsfile=%s' % self._output_hosts_file(), @@ -252,6 +251,9 @@ if self.conf.dnsmasq_dns_server: cmd.append('--server=%s' % self.conf.dnsmasq_dns_server) + if self.conf.dhcp_domain: + cmd.append('--domain=%s' % self.conf.dhcp_domain) + if self.namespace: ip_wrapper = ip_lib.IPWrapper(self.root_helper, self.namespace) ip_wrapper.netns.execute(cmd, addl_env=env) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/quantum-2012.2.4/quantum/agent/netns_cleanup_util.py new/quantum-2012.2.4/quantum/agent/netns_cleanup_util.py --- old/quantum-2012.2.4/quantum/agent/netns_cleanup_util.py 2013-02-01 02:09:37.000000000 +0100 +++ new/quantum-2012.2.4/quantum/agent/netns_cleanup_util.py 2013-02-19 14:27:49.000000000 +0100 @@ -53,7 +53,6 @@ conf = cfg.CommonConfigOpts() conf.register_opts(opts) conf.register_opts(dhcp.OPTS) - config.setup_logging(conf) return conf @@ -147,6 +146,7 @@ conf = setup_conf() conf(sys.argv) + config.setup_logging(conf) # Identify namespaces that are candidates for deletion. candidates = [ns for ns in diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/quantum-2012.2.4/quantum/agent/ovs_cleanup_util.py new/quantum-2012.2.4/quantum/agent/ovs_cleanup_util.py --- old/quantum-2012.2.4/quantum/agent/ovs_cleanup_util.py 2013-02-01 02:09:37.000000000 +0100 +++ new/quantum-2012.2.4/quantum/agent/ovs_cleanup_util.py 2013-02-19 14:27:49.000000000 +0100 @@ -51,7 +51,6 @@ conf.register_opts(l3_agent.L3NATAgent.OPTS) conf.register_opts(interface.OPTS) conf.register_opts(agent_opts, 'AGENT') - config.setup_logging(conf) return conf @@ -63,6 +62,7 @@ conf = setup_conf() conf(sys.argv) + config.setup_logging(conf) configuration_bridges = set([conf.ovs_integration_bridge, conf.external_network_bridge]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/quantum-2012.2.4/quantum/tests/unit/test_agent_netns_cleanup.py new/quantum-2012.2.4/quantum/tests/unit/test_agent_netns_cleanup.py --- old/quantum-2012.2.4/quantum/tests/unit/test_agent_netns_cleanup.py 2013-02-01 02:09:37.000000000 +0100 +++ new/quantum-2012.2.4/quantum/tests/unit/test_agent_netns_cleanup.py 2013-02-19 14:27:49.000000000 +0100 @@ -184,20 +184,21 @@ with mock.patch.multiple(util, **methods_to_mock) as mocks: mocks['eligible_for_deletion'].return_value = True mocks['setup_conf'].return_value = conf - util.main() + with mock.patch('quantum.common.config.setup_logging'): + util.main() - mocks['eligible_for_deletion'].assert_has_calls( - [mock.call(conf, 'ns1', False), - mock.call(conf, 'ns2', False)]) + mocks['eligible_for_deletion'].assert_has_calls( + [mock.call(conf, 'ns1', False), + mock.call(conf, 'ns2', False)]) - mocks['destroy_namespace'].assert_has_calls( - [mock.call(conf, 'ns1', False), - mock.call(conf, 'ns2', False)]) + mocks['destroy_namespace'].assert_has_calls( + [mock.call(conf, 'ns1', False), + mock.call(conf, 'ns2', False)]) - ip_wrap.assert_has_calls( - [mock.call.get_namespaces('sudo')]) + ip_wrap.assert_has_calls( + [mock.call.get_namespaces('sudo')]) - eventlet_sleep.assert_called_once_with(2) + eventlet_sleep.assert_called_once_with(2) def test_main_no_candidates(self): namespaces = ['ns1', 'ns2'] @@ -216,15 +217,16 @@ with mock.patch.multiple(util, **methods_to_mock) as mocks: mocks['eligible_for_deletion'].return_value = False mocks['setup_conf'].return_value = conf - util.main() + with mock.patch('quantum.common.config.setup_logging'): + util.main() - ip_wrap.assert_has_calls( - [mock.call.get_namespaces('sudo')]) + ip_wrap.assert_has_calls( + [mock.call.get_namespaces('sudo')]) - mocks['eligible_for_deletion'].assert_has_calls( - [mock.call(conf, 'ns1', False), - mock.call(conf, 'ns2', False)]) + mocks['eligible_for_deletion'].assert_has_calls( + [mock.call(conf, 'ns1', False), + mock.call(conf, 'ns2', False)]) - self.assertFalse(mocks['destroy_namespace'].called) + self.assertFalse(mocks['destroy_namespace'].called) - self.assertFalse(eventlet_sleep.called) + self.assertFalse(eventlet_sleep.called) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/quantum-2012.2.4/quantum/tests/unit/test_agent_ovs_cleanup.py new/quantum-2012.2.4/quantum/tests/unit/test_agent_ovs_cleanup.py --- old/quantum-2012.2.4/quantum/tests/unit/test_agent_ovs_cleanup.py 2013-02-01 02:09:37.000000000 +0100 +++ new/quantum-2012.2.4/quantum/tests/unit/test_agent_ovs_cleanup.py 2013-02-19 14:27:49.000000000 +0100 @@ -24,12 +24,11 @@ class TestOVSCleanup(unittest.TestCase): def test_setup_conf(self): - with mock.patch('quantum.common.config.setup_logging'): - conf = util.setup_conf() - self.assertEqual(conf.external_network_bridge, 'br-ex') - self.assertEqual(conf.ovs_integration_bridge, 'br-int') - self.assertFalse(conf.ovs_all_ports) - self.assertEqual(conf.AGENT.root_helper, 'sudo') + conf = util.setup_conf() + self.assertEqual(conf.external_network_bridge, 'br-ex') + self.assertEqual(conf.ovs_integration_bridge, 'br-int') + self.assertFalse(conf.ovs_all_ports) + self.assertEqual(conf.AGENT.root_helper, 'sudo') def test_main(self): with mock.patch('quantum.common.config.setup_logging'): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/quantum-2012.2.4/quantum/tests/unit/test_l3_agent.py new/quantum-2012.2.4/quantum/tests/unit/test_l3_agent.py --- old/quantum-2012.2.4/quantum/tests/unit/test_l3_agent.py 2013-02-01 02:09:37.000000000 +0100 +++ new/quantum-2012.2.4/quantum/tests/unit/test_l3_agent.py 2013-02-19 14:27:49.000000000 +0100 @@ -273,12 +273,37 @@ def __init__(self, name): self.name = name - self.mock_ip.get_namespaces.return_value = ['qrouter-foo'] + self.mock_ip.get_namespaces.return_value = ['qrouter-foo', + 'qrouter-bar'] self.mock_ip.get_devices.return_value = [FakeDev('qr-aaaa'), FakeDev('qgw-aaaa')] agent = l3_agent.L3NATAgent(self.conf) - agent._destroy_all_router_namespaces() + agent._destroy_router_namespace = mock.MagicMock() + agent._destroy_router_namespaces() + + self.assertEqual(agent._destroy_router_namespace.call_count, 2) + + def testDestroyNamespaceWithRouterId(self): + + class FakeDev(object): + def __init__(self, name): + self.name = name + + self.conf.router_id = _uuid() + + namespaces = ['qrouter-foo', 'qrouter-' + self.conf.router_id] + + self.mock_ip.get_namespaces.return_value = namespaces + self.mock_ip.get_devices.return_value = [FakeDev('qr-aaaa'), + FakeDev('qgw-aaaa')] + + agent = l3_agent.L3NATAgent(self.conf) + + agent._destroy_router_namespace = mock.MagicMock() + agent._destroy_router_namespaces(self.conf.router_id) + + self.assertEqual(agent._destroy_router_namespace.call_count, 1) def testMain(self): agent_mock_p = mock.patch('quantum.agent.l3_agent.L3NATAgent') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/quantum-2012.2.4/quantum/tests/unit/test_linux_dhcp.py new/quantum-2012.2.4/quantum/tests/unit/test_linux_dhcp.py --- old/quantum-2012.2.4/quantum/tests/unit/test_linux_dhcp.py 2013-02-01 02:09:37.000000000 +0100 +++ new/quantum-2012.2.4/quantum/tests/unit/test_linux_dhcp.py 2013-02-19 14:27:49.000000000 +0100 @@ -426,7 +426,6 @@ '--bind-interfaces', '--interface=tap0', '--except-interface=lo', - '--domain=openstacklocal', '--pid-file=/dhcp/cccccccc-cccc-cccc-cccc-cccccccccccc/pid', '--dhcp-hostsfile=/dhcp/cccccccc-cccc-cccc-cccc-cccccccccccc/host', '--dhcp-optsfile=/dhcp/cccccccc-cccc-cccc-cccc-cccccccccccc/opts', @@ -434,8 +433,7 @@ 'dnsmasq-lease-update'), '--leasefile-ro', '--dhcp-range=set:tag0,192.168.0.0,static,120s', - '--dhcp-range=set:tag1,fdca:3ba5:a17a:4ba3::,static,120s', - ] + '--dhcp-range=set:tag1,fdca:3ba5:a17a:4ba3::,static,120s'] expected.extend(extra_options) self.execute.return_value = ('', '') @@ -466,15 +464,21 @@ check_exit_code=True) def test_spawn(self): - self._test_spawn(['--conf-file=']) + self._test_spawn(['--conf-file=', '--domain=openstacklocal']) def test_spawn_cfg_config_file(self): self.conf.set_override('dnsmasq_config_file', '/foo') - self._test_spawn(['--conf-file=/foo']) + self._test_spawn(['--conf-file=/foo', '--domain=openstacklocal']) + + def test_spawn_no_dhcp_domain(self): + self.conf.set_override('dhcp_domain', '') + self._test_spawn(['--conf-file=']) def test_spawn_cfg_dns_server(self): self.conf.set_override('dnsmasq_dns_server', '8.8.8.8') - self._test_spawn(['--conf-file=', '--server=8.8.8.8']) + self._test_spawn(['--conf-file=', + '--server=8.8.8.8', + '--domain=openstacklocal']) def test_output_opts_file(self): fake_v6 = 'gdca:3ba5:a17a:4ba3::1' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/quantum-2012.2.4/quantum/vcsversion.py new/quantum-2012.2.4/quantum/vcsversion.py --- old/quantum-2012.2.4/quantum/vcsversion.py 2013-02-01 02:13:13.000000000 +0100 +++ new/quantum-2012.2.4/quantum/vcsversion.py 2013-02-19 14:33:53.000000000 +0100 @@ -2,6 +2,6 @@ # This file is automatically generated by setup.py, So don't edit it. :) version_info = { 'branch_nick': '(no', - 'revision_id': 'd2a85e655e1b721b5620d9e4a4a9d7201caed257', - 'revno': 1376 + 'revision_id': '4de49b4d81297fad33b4aff87c03f7508ea1a194', + 'revno': 1383 } -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit openstack-nova for openSUSE:Factory
by root＠hilbert.suse.de 22 Feb '13

22 Feb '13

Hello community, here is the log from the commit of package openstack-nova for openSUSE:Factory checked in at 2013-02-22 16:56:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openstack-nova (Old) and /work/SRC/openSUSE:Factory/.openstack-nova.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openstack-nova", Maintainer is "radmanic(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/openstack-nova/openstack-nova.changes 2013-02-08 07:13:08.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openstack-nova.new/openstack-nova.changes 2013-02-22 16:56:06.000000000 +0100 @@ -1,0 +2,10 @@ +Fri Feb 22 10:11:47 UTC 2013 - cloud-devel(a)suse.de + +- Update to version 2012.2.4+git.1361527907.d5e7f55: + + Avoid stuck task_state on snapshot image failure + + Add a safe_minidom_parse_string function. (CVE-2013-1664) + + Enable libvirt to work with NoopFirewallDriver + + Fix state sync logic related to the PAUSED VM state + + libvirt: Fix nova-compute start when missing ip. + +-------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openstack-nova-doc.spec ++++++ --- /var/tmp/diff_new_pack.56wMIe/_old 2013-02-22 16:56:08.000000000 +0100 +++ /var/tmp/diff_new_pack.56wMIe/_new 2013-02-22 16:56:08.000000000 +0100 @@ -20,7 +20,7 @@ %define majorversion 2012.2.3 Name: openstack-%{component}-doc -Version: 2012.2.4+git.1360133953.e5d0f4b +Version: 2012.2.4+git.1361527907.d5e7f55 Release: 1 License: Apache-2.0 Summary: OpenStack Compute (Nova) - Documentation ++++++ openstack-nova.spec ++++++ --- /var/tmp/diff_new_pack.56wMIe/_old 2013-02-22 16:56:08.000000000 +0100 +++ /var/tmp/diff_new_pack.56wMIe/_new 2013-02-22 16:56:08.000000000 +0100 @@ -22,7 +22,7 @@ %define username openstack-%{component} Name: openstack-%{component} -Version: 2012.2.4+git.1360133953.e5d0f4b +Version: 2012.2.4+git.1361527907.d5e7f55 Release: 1 License: Apache-2.0 Summary: OpenStack Compute (Nova) ++++++ nova-stable-folsom.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/ChangeLog new/nova-2012.2.4/ChangeLog --- old/nova-2012.2.4/ChangeLog 2013-02-01 02:09:20.000000000 +0100 +++ new/nova-2012.2.4/ChangeLog 2013-02-21 20:52:29.000000000 +0100 @@ -1,3 +1,93 @@ +commit d5e7f5512435fe0ca264be28ef23fe2ebb449d1c +Author: Vishvananda Ishaya <vishvananda(a)gmail.com> +Date: Thu Feb 21 10:40:45 2013 -0800 + + libvirt: Fix nova-compute start when missing ip. + + If nova-compute is restarted when an instance has no ip address + the libvirt/vif:_get_configuration method will throw an index + error. Check for existance of an ip before attempting to retrieve + one. Includes failing test. + + Fixes bug 1131330 + + Change-Id: Id383544b44e64205fc3b4f850d0d11ad2ebd5da7 + + nova/tests/test_libvirt_vif.py | 28 ++++++++++++++++++++++++++-- + nova/virt/libvirt/vif.py | 3 ++- + 2 files changed, 28 insertions(+), 3 deletions(-) + +commit 7ac3fe143ca35493b7a0247dafe0693cf1d6a376 +Merge: 15b2734 7ace55f +Author: Jenkins <jenkins(a)review.openstack.org> +Date: Thu Feb 21 15:55:53 2013 +0000 + + Merge "Fix state sync logic related to the PAUSED VM state" into stable/folsom + +commit 15b2734d80168bd098c0113258b41917585df776 +Merge: 8836869 ecd98d2 +Author: Jenkins <jenkins(a)review.openstack.org> +Date: Thu Feb 21 11:53:11 2013 +0000 + + Merge "Enable libvirt to work with NoopFirewallDriver" into stable/folsom + +commit 883686946c4e7847032345723bc485114b46c79a +Merge: 7de7108 2ae74f8 +Author: Jenkins <jenkins(a)review.openstack.org> +Date: Wed Feb 20 00:39:01 2013 +0000 + + Merge "Add a safe_minidom_parse_string function." into stable/folsom + +commit ecd98d2555e2bf606e9078fcf4bd38f95abaaa69 +Author: Gary Kotton <gkotton(a)redhat.com> +Date: Sun Feb 17 14:30:01 2013 +0000 + + Enable libvirt to work with NoopFirewallDriver + + Fixes bug 1050433 + + Change-Id: I49613c7d1e6b14411dcdc342366e163a21673f78 + + nova/virt/libvirt/vif.py | 36 +++++++++++++++++++----------------- + 1 file changed, 19 insertions(+), 17 deletions(-) + +commit 7de7108a0fbe69236036d08857f8e4f90637ad21 +Merge: e5d0f4b 21d5e90 +Author: Jenkins <jenkins(a)review.openstack.org> +Date: Mon Feb 11 09:26:39 2013 +0000 + + Merge "Avoid stuck task_state on snapshot image failure" into stable/folsom + +commit 2ae74f8222058e475350458ca0c820adb910582c +Author: Dan Prince <dprince(a)redhat.com> +Date: Sat Feb 2 11:34:25 2013 -0500 + + Add a safe_minidom_parse_string function. + + Adds a new utils.safe_minidom_parse_string function and + updates external API facing Nova modules to use it. + This ensures we have safe defaults on our incoming API XML parsing. + + Internally safe_minidom_parse_string uses a ProtectedExpatParser + class to disable DTDs and entities from being parsed when using + minidom. + + Fixes LP Bug #1100282 for Folsom. + + Change-Id: I6a4051b5e66f3ce5a330b2589c42e6e9e5b9268e + + nova/api/openstack/common.py | 10 ++--- + nova/api/openstack/compute/contrib/hosts.py | 4 +- + .../openstack/compute/contrib/security_groups.py | 7 ++-- + nova/api/openstack/compute/contrib/volumes.py | 3 +- + nova/api/openstack/compute/servers.py | 5 +-- + .../api/openstack/volume/contrib/volume_actions.py | 4 +- + nova/api/openstack/volume/volumes.py | 3 +- + nova/api/openstack/wsgi.py | 13 +++--- + nova/tests/test_utils.py | 33 +++++++++++++++ + nova/utils.py | 44 ++++++++++++++++++++ + 10 files changed, 100 insertions(+), 26 deletions(-) + commit e5d0f4b95cae7b83233a517c083cfc0855b8f722 Author: Mark McLoughlin <markmc(a)redhat.com> Date: Thu Jan 31 21:32:07 2013 +0000 @@ -48,6 +138,31 @@ Merge "Fix to include error message in instance faults" into stable/folsom +commit 21d5e907575a2042f1d0daaa9658a8758f619a1c +Author: Eoghan Glynn <eglynn(a)redhat.com> +Date: Fri Jan 25 15:47:33 2013 +0000 + + Avoid stuck task_state on snapshot image failure + + Fixes bug LP 1101136 + + Previously if the glance interaction failed prior to an + instance being snapshot'd or backed up, the task state + remained stuck at image_snapshot/backup. + + The normal task state reversion logic did not kick in, + as this is limited to the compute layer, whereas the + intial glance interaction occurs within the API layer. + + Now, we avoid this problem by delaying setting the task + state until the initial image creation has completed. + + Change-Id: Id498ae6b3674306743013e4fe99837da8e2031b5 + + nova/compute/api.py | 23 +++++++++++---------- + nova/tests/compute/test_compute.py | 40 ++++++++++++++++++++++++++++++++++++ + 2 files changed, 52 insertions(+), 11 deletions(-) + commit f6081d01878f0021a499f304c511b6e1e9c8f138 Merge: 1709c8e 5a66812 Author: Jenkins <jenkins(a)review.openstack.org> @@ -62,6 +177,26 @@ Merge "remove session parameter from fixed_ip_get" into stable/folsom +commit 7ace55fcf9e1b7fea074f6c0331b6feafbbc4178 +Author: Yun Mao <yunmao(a)gmail.com> +Date: Fri Jan 11 11:59:23 2013 -0500 + + Fix state sync logic related to the PAUSED VM state + + A VM may get into the paused state not only because the user request + via API calls, but also due to (temporary) external instrumentations. + Before the virt layer can reliably report the reason, we simply ignore + the state discrepancy. In many cases, the VM state will go back to + running after the external instrumentation is done. + + Fix bug 1097806. + + Change-Id: I8edef45d60fa79d6ddebf7d0438042a7b3986b55 + (cherry picked from commit f7fbdeb5672bae7d3bffd6fa76de1ce81fc132bf) + + nova/compute/manager.py | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + commit 03c3e9b0674623c2617cb4dc98f9dd9fbddfa0ca Merge: cf67f3b 03200fe Author: Jenkins <jenkins(a)review.openstack.org> @@ -91640,7 +91775,7 @@ merged with 1383 commit 10ab2e76b1ea8bbbb6bff4ccaf506bfdd5b57388 -Merge: f1f86d2 dcac4bc +Merge: f1f86d22 dcac4bc Author: Ed Leafe <ed(a)leafe.com> Date: Mon Aug 8 14:07:03 2011 +0000 @@ -127754,7 +127889,7 @@ - add testing for the openstack api versions resource and create a view builder commit 52da63c50cf248abb0753c675d5b96c0cbe0e842 -Merge: 596e0b3 dab4c0f +Merge: 596e0b37 dab4c0f Author: Brian Waldon <brian.waldon(a)rackspace.com> Date: Fri Mar 25 11:01:51 2011 -0400 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/common.py new/nova-2012.2.4/nova/api/openstack/common.py --- old/nova-2012.2.4/nova/api/openstack/common.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/common.py 2013-02-21 20:47:14.000000000 +0100 @@ -21,7 +21,6 @@ import urlparse import webob -from xml.dom import minidom from nova.api.openstack import wsgi from nova.api.openstack import xmlutil @@ -32,6 +31,7 @@ from nova import flags from nova.openstack.common import log as logging from nova import quota +from nova import utils LOG = logging.getLogger(__name__) @@ -341,7 +341,7 @@ class MetadataDeserializer(wsgi.MetadataXMLDeserializer): def deserialize(self, text): - dom = minidom.parseString(text) + dom = utils.safe_minidom_parse_string(text) metadata_node = self.find_first_child_named(dom, "metadata") metadata = self.extract_metadata(metadata_node) return {'body': {'metadata': metadata}} @@ -349,7 +349,7 @@ class MetaItemDeserializer(wsgi.MetadataXMLDeserializer): def deserialize(self, text): - dom = minidom.parseString(text) + dom = utils.safe_minidom_parse_string(text) metadata_item = self.extract_metadata(dom) return {'body': {'meta': metadata_item}} @@ -367,7 +367,7 @@ return metadata def _extract_metadata_container(self, datastring): - dom = minidom.parseString(datastring) + dom = utils.safe_minidom_parse_string(datastring) metadata_node = self.find_first_child_named(dom, "metadata") metadata = self.extract_metadata(metadata_node) return {'body': {'metadata': metadata}} @@ -379,7 +379,7 @@ return self._extract_metadata_container(datastring) def update(self, datastring): - dom = minidom.parseString(datastring) + dom = utils.safe_minidom_parse_string(datastring) metadata_item = self.extract_metadata(dom) return {'body': {'meta': metadata_item}} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/compute/contrib/hosts.py new/nova-2012.2.4/nova/api/openstack/compute/contrib/hosts.py --- old/nova-2012.2.4/nova/api/openstack/compute/contrib/hosts.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/compute/contrib/hosts.py 2013-02-21 20:47:14.000000000 +0100 @@ -16,7 +16,6 @@ """The hosts admin extension.""" import webob.exc -from xml.dom import minidom from xml.parsers import expat from nova.api.openstack import extensions @@ -27,6 +26,7 @@ from nova import exception from nova import flags from nova.openstack.common import log as logging +from nova import utils LOG = logging.getLogger(__name__) @@ -80,7 +80,7 @@ class HostDeserializer(wsgi.XMLDeserializer): def default(self, string): try: - node = minidom.parseString(string) + node = utils.safe_minidom_parse_string(string) except expat.ExpatError: msg = _("cannot understand XML") raise exception.MalformedRequestBody(reason=msg) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/compute/contrib/security_groups.py new/nova-2012.2.4/nova/api/openstack/compute/contrib/security_groups.py --- old/nova-2012.2.4/nova/api/openstack/compute/contrib/security_groups.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/compute/contrib/security_groups.py 2013-02-21 20:47:14.000000000 +0100 @@ -16,8 +16,6 @@ """The security groups extension.""" -from xml.dom import minidom - import webob from webob import exc @@ -30,6 +28,7 @@ from nova import exception from nova import flags from nova.openstack.common import log as logging +from nova import utils LOG = logging.getLogger(__name__) @@ -110,7 +109,7 @@ """ def default(self, string): """Deserialize an xml-formatted security group create request""" - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) security_group = {} sg_node = self.find_first_child_named(dom, 'security_group') @@ -131,7 +130,7 @@ def default(self, string): """Deserialize an xml-formatted security group create request""" - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) security_group_rule = self._extract_security_group_rule(dom) return {'body': {'security_group_rule': security_group_rule}} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/compute/contrib/volumes.py new/nova-2012.2.4/nova/api/openstack/compute/contrib/volumes.py --- old/nova-2012.2.4/nova/api/openstack/compute/contrib/volumes.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/compute/contrib/volumes.py 2013-02-21 20:47:14.000000000 +0100 @@ -17,7 +17,6 @@ import webob from webob import exc -from xml.dom import minidom from nova.api.openstack import common from nova.api.openstack import extensions @@ -155,7 +154,7 @@ def default(self, string): """Deserialize an xml-formatted volume create request.""" - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) volume = self._extract_volume(dom) return {'body': {'volume': volume}} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/compute/servers.py new/nova-2012.2.4/nova/api/openstack/compute/servers.py --- old/nova-2012.2.4/nova/api/openstack/compute/servers.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/compute/servers.py 2013-02-21 20:47:14.000000000 +0100 @@ -21,7 +21,6 @@ import webob from webob import exc -from xml.dom import minidom from nova.api.openstack import common from nova.api.openstack.compute import ips @@ -297,7 +296,7 @@ """ def default(self, string): - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) action_node = dom.childNodes[0] action_name = action_node.tagName @@ -404,7 +403,7 @@ def default(self, string): """Deserialize an xml-formatted server create request.""" - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) server = self._extract_server(dom) return {'body': {'server': server}} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/volume/contrib/volume_actions.py new/nova-2012.2.4/nova/api/openstack/volume/contrib/volume_actions.py --- old/nova-2012.2.4/nova/api/openstack/volume/contrib/volume_actions.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/volume/contrib/volume_actions.py 2013-02-21 20:47:14.000000000 +0100 @@ -13,7 +13,6 @@ # under the License. import webob -from xml.dom import minidom from nova.api.openstack import extensions from nova.api.openstack import wsgi @@ -22,6 +21,7 @@ from nova import flags from nova.openstack.common import log as logging from nova.openstack.common.rpc import common as rpc_common +from nova import utils from nova import volume @@ -54,7 +54,7 @@ class VolumeToImageDeserializer(wsgi.XMLDeserializer): """Deserializer to handle xml-formatted requests""" def default(self, string): - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) action_node = dom.childNodes[0] action_name = action_node.tagName diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/volume/volumes.py new/nova-2012.2.4/nova/api/openstack/volume/volumes.py --- old/nova-2012.2.4/nova/api/openstack/volume/volumes.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/volume/volumes.py 2013-02-21 20:47:14.000000000 +0100 @@ -17,7 +17,6 @@ import webob from webob import exc -from xml.dom import minidom from nova.api.openstack import common from nova.api.openstack import wsgi @@ -191,7 +190,7 @@ def default(self, string): """Deserialize an xml-formatted volume create request.""" - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) volume = self._extract_volume(dom) return {'body': {'volume': volume}} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/wsgi.py new/nova-2012.2.4/nova/api/openstack/wsgi.py --- old/nova-2012.2.4/nova/api/openstack/wsgi.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/wsgi.py 2013-02-21 20:47:14.000000000 +0100 @@ -27,6 +27,7 @@ from nova import exception from nova.openstack.common import jsonutils from nova.openstack.common import log as logging +from nova import utils from nova import wsgi @@ -217,7 +218,7 @@ plurals = set(self.metadata.get('plurals', {})) try: - node = minidom.parseString(datastring).childNodes[0] + node = utils.safe_minidom_parse_string(datastring).childNodes[0] return {node.nodeName: self._from_xml_node(node, plurals)} except expat.ExpatError: msg = _("cannot understand XML") @@ -268,11 +269,11 @@ def extract_text(self, node): """Get the text field contained by the given node""" - if len(node.childNodes) == 1: - child = node.childNodes[0] + ret_val = "" + for child in node.childNodes: if child.nodeType == child.TEXT_NODE: - return child.nodeValue - return "" + ret_val += child.nodeValue + return ret_val def extract_elements(self, node): """Get only Element type childs from node""" @@ -631,7 +632,7 @@ def action_peek_xml(body): """Determine action to invoke.""" - dom = minidom.parseString(body) + dom = utils.safe_minidom_parse_string(body) action_node = dom.childNodes[0] return action_node.tagName diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/compute/api.py new/nova-2012.2.4/nova/compute/api.py --- old/nova-2012.2.4/nova/compute/api.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/compute/api.py 2013-02-21 20:47:14.000000000 +0100 @@ -1260,17 +1260,6 @@ else: raise Exception(_('Image type not recognized %s') % image_type) - # change instance state and notify - old_vm_state = instance["vm_state"] - old_task_state = instance["task_state"] - - self.db.instance_test_and_set( - context, instance_uuid, 'task_state', [None], task_state) - - notifications.send_update_with_states(context, instance, old_vm_state, - instance["vm_state"], old_task_state, instance["task_state"], - service="api", verify_states=True) - properties = { 'instance_uuid': instance_uuid, 'user_id': str(context.user_id), @@ -1301,6 +1290,18 @@ sent_meta['properties'] = properties recv_meta = self.image_service.create(context, sent_meta) + + # change instance state and notify + old_vm_state = instance["vm_state"] + old_task_state = instance["task_state"] + + self.db.instance_test_and_set( + context, instance_uuid, 'task_state', [None], task_state) + + notifications.send_update_with_states(context, instance, old_vm_state, + instance["vm_state"], old_task_state, instance["task_state"], + service="api", verify_states=True) + self.compute_rpcapi.snapshot_instance(context, instance=instance, image_id=recv_meta['id'], image_type=image_type, backup_type=backup_type, rotation=rotation) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/compute/manager.py new/nova-2012.2.4/nova/compute/manager.py --- old/nova-2012.2.4/nova/compute/manager.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/compute/manager.py 2013-02-21 20:47:22.000000000 +0100 @@ -2755,10 +2755,8 @@ LOG.exception(_("error during stop() in " "sync_power_state."), instance=db_instance) - elif vm_power_state in (power_state.PAUSED, - power_state.SUSPENDED): - LOG.warn(_("Instance is paused or suspended " - "unexpectedly. Calling " + elif vm_power_state == power_state.SUSPENDED: + LOG.warn(_("Instance is suspended unexpectedly. Calling " "the stop API."), instance=db_instance) try: self.compute_api.stop(context, db_instance) @@ -2766,6 +2764,16 @@ LOG.exception(_("error during stop() in " "sync_power_state."), instance=db_instance) + elif vm_power_state == power_state.PAUSED: + # Note(maoy): a VM may get into the paused state not only + # because the user request via API calls, but also + # due to (temporary) external instrumentations. + # Before the virt layer can reliably report the reason, + # we simply ignore the state discrepancy. In many cases, + # the VM state will go back to running after the external + # instrumentation is done. See bug 1097806 for details. + LOG.warn(_("Instance is paused unexpectedly. Ignore."), + instance=db_instance) elif vm_state == vm_states.STOPPED: if vm_power_state not in (power_state.NOSTATE, power_state.SHUTDOWN, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/tests/compute/test_compute.py new/nova-2012.2.4/nova/tests/compute/test_compute.py --- old/nova-2012.2.4/nova/tests/compute/test_compute.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/tests/compute/test_compute.py 2013-02-21 20:47:15.000000000 +0100 @@ -3639,6 +3639,46 @@ db.instance_destroy(self.context, instance['uuid']) + def test_snapshot_image_service_fails(self): + # Ensure task_state remains at None if image service fails. + def fake_create(*args, **kwargs): + raise test.TestingException() + + restore = getattr(fake_image._FakeImageService, 'create') + self.stubs.Set(fake_image._FakeImageService, 'create', fake_create) + + instance = self._create_fake_instance() + self.assertRaises(test.TestingException, + self.compute_api.snapshot, + self.context, + instance, + 'no_image_snapshot') + + self.stubs.Set(fake_image._FakeImageService, 'create', restore) + db_instance = db.instance_get_all(context.get_admin_context())[0] + self.assertTrue(db_instance['task_state'] is None) + + def test_backup_image_service_fails(self): + # Ensure task_state remains at None if image service fails. + def fake_create(*args, **kwargs): + raise test.TestingException() + + restore = getattr(fake_image._FakeImageService, 'create') + self.stubs.Set(fake_image._FakeImageService, 'create', fake_create) + + instance = self._create_fake_instance() + self.assertRaises(test.TestingException, + self.compute_api.backup, + self.context, + instance, + 'no_image_backup', + 'DAILY', + 0) + + self.stubs.Set(fake_image._FakeImageService, 'create', restore) + db_instance = db.instance_get_all(context.get_admin_context())[0] + self.assertTrue(db_instance['task_state'] is None) + def test_backup(self): """Can't backup an instance which is already being backed up.""" instance = self._create_fake_instance() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/tests/test_libvirt_vif.py new/nova-2012.2.4/nova/tests/test_libvirt_vif.py --- old/nova-2012.2.4/nova/tests/test_libvirt_vif.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/tests/test_libvirt_vif.py 2013-02-21 20:47:22.000000000 +0100 @@ -65,7 +65,7 @@ self.stubs.Set(utils, 'execute', fake_execute) - def _get_instance_xml(self, driver): + def _get_instance_xml(self, driver, mapping=None): conf = config.LibvirtConfigGuest() conf.virt_type = "qemu" conf.name = "fake-name" @@ -73,7 +73,9 @@ conf.memory = 100 * 1024 conf.vcpus = 4 - nic = driver.plug(self.instance, (self.net, self.mapping)) + if mapping is None: + mapping = self.mapping + nic = driver.plug(self.instance, (self.net, mapping)) conf.add_device(nic) return conf.to_xml() @@ -90,6 +92,28 @@ self.assertEqual(br_name, self.net['bridge']) mac = node.find("mac").get("address") self.assertEqual(mac, self.mapping['mac']) + first_filter = node.find("filterref")[0] + self.assertEqual(first_filter.get('name'), 'IP') + + d.unplug(None, (self.net, self.mapping)) + + def test_bridge_driver_no_ips(self): + d = vif.LibvirtBridgeDriver() + mapping = dict(self.mapping) + mapping['ips'] = [] + xml = self._get_instance_xml(d, mapping) + + doc = etree.fromstring(xml) + ret = doc.findall('./devices/interface') + self.assertEqual(len(ret), 1) + node = ret[0] + self.assertEqual(node.get("type"), "bridge") + br_name = node.find("source").get("bridge") + self.assertEqual(br_name, self.net['bridge']) + mac = node.find("mac").get("address") + self.assertEqual(mac, self.mapping['mac']) + first_filter = node.find("filterref")[0] + self.assertNotEqual(first_filter.get('name'), 'IP') d.unplug(None, (self.net, self.mapping)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/tests/test_utils.py new/nova-2012.2.4/nova/tests/test_utils.py --- old/nova-2012.2.4/nova/tests/test_utils.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/tests/test_utils.py 2013-02-21 20:47:15.000000000 +0100 @@ -457,6 +457,39 @@ result = utils.service_is_up(service) self.assertFalse(result) + def test_safe_parse_xml(self): + + normal_body = (""" + <?xml version="1.0" ?><foo> + <bar> + <v1>hey</v1> + <v2>there</v2> + </bar> + </foo>""").strip() + + def killer_body(): + return (("""<!DOCTYPE x [ + <!ENTITY a "%(a)s"> + <!ENTITY b "%(b)s"> + <!ENTITY c "%(c)s">]> + <foo> + <bar> + <v1>%(d)s</v1> + </bar> + </foo>""") % { + 'a': 'A' * 10, + 'b': '&a;' * 10, + 'c': '&b;' * 10, + 'd': '&c;' * 9999, + }).strip() + + dom = utils.safe_minidom_parse_string(normal_body) + self.assertEqual(normal_body, str(dom.toxml())) + + self.assertRaises(ValueError, + utils.safe_minidom_parse_string, + killer_body()) + def test_xhtml_escape(self): self.assertEqual('"foo"', utils.xhtml_escape('"foo"')) self.assertEqual(''foo'', utils.xhtml_escape("'foo'")) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/utils.py new/nova-2012.2.4/nova/utils.py --- old/nova-2012.2.4/nova/utils.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/utils.py 2013-02-21 20:47:15.000000000 +0100 @@ -39,6 +39,10 @@ import time import uuid import weakref +from xml.dom import minidom +from xml.parsers import expat +from xml import sax +from xml.sax import expatreader from xml.sax import saxutils from eventlet import event @@ -567,6 +571,46 @@ return self.done.wait() +class ProtectedExpatParser(expatreader.ExpatParser): + """An expat parser which disables DTD's and entities by default.""" + + def __init__(self, forbid_dtd=True, forbid_entities=True, + *args, **kwargs): + # Python 2.x old style class + expatreader.ExpatParser.__init__(self, *args, **kwargs) + self.forbid_dtd = forbid_dtd + self.forbid_entities = forbid_entities + + def start_doctype_decl(self, name, sysid, pubid, has_internal_subset): + raise ValueError("Inline DTD forbidden") + + def entity_decl(self, entityName, is_parameter_entity, value, base, + systemId, publicId, notationName): + raise ValueError("<!ENTITY> forbidden") + + def unparsed_entity_decl(self, name, base, sysid, pubid, notation_name): + # expat 1.2 + raise ValueError("<!ENTITY> forbidden") + + def reset(self): + expatreader.ExpatParser.reset(self) + if self.forbid_dtd: + self._parser.StartDoctypeDeclHandler = self.start_doctype_decl + if self.forbid_entities: + self._parser.EntityDeclHandler = self.entity_decl + self._parser.UnparsedEntityDeclHandler = self.unparsed_entity_decl + + +def safe_minidom_parse_string(xml_string): + """Parse an XML string using minidom safely. + + """ + try: + return minidom.parseString(xml_string, parser=ProtectedExpatParser()) + except sax.SAXParseException as se: + raise expat.ExpatError() + + def xhtml_escape(value): """Escapes a string so it is valid within XML or XHTML. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/virt/libvirt/vif.py new/nova-2012.2.4/nova/virt/libvirt/vif.py --- old/nova-2012.2.4/nova/virt/libvirt/vif.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/virt/libvirt/vif.py 2013-02-21 20:47:22.000000000 +0100 @@ -64,24 +64,27 @@ if FLAGS.libvirt_use_virtio_for_bridges: conf.model = "virtio" - conf.filtername = "nova-instance-" + instance['name'] + "-" + mac_id - conf.add_filter_param("IP", mapping['ips'][0]['ip']) - if mapping['dhcp_server']: - conf.add_filter_param("DHCPSERVER", mapping['dhcp_server']) + if FLAGS.firewall_driver != "nova.virt.firewall.NoopFirewallDriver": + conf.filtername = "nova-instance-" + instance['name'] + "-" + \ + mac_id + if mapping['ips']: + conf.add_filter_param("IP", mapping['ips'][0]['ip']) + if mapping['dhcp_server']: + conf.add_filter_param("DHCPSERVER", mapping['dhcp_server']) - if FLAGS.use_ipv6: - conf.add_filter_param("RASERVER", - mapping.get('gateway_v6') + "/128") - - if FLAGS.allow_same_net_traffic: - net, mask = netutils.get_net_and_mask(network['cidr']) - conf.add_filter_param("PROJNET", net) - conf.add_filter_param("PROJMASK", mask) if FLAGS.use_ipv6: - net_v6, prefixlen_v6 = netutils.get_net_and_prefixlen( - network['cidr_v6']) - conf.add_filter_param("PROJNET6", net_v6) - conf.add_filter_param("PROJMASK6", prefixlen_v6) + conf.add_filter_param("RASERVER", + mapping.get('gateway_v6') + "/128") + + if FLAGS.allow_same_net_traffic: + net, mask = netutils.get_net_and_mask(network['cidr']) + conf.add_filter_param("PROJNET", net) + conf.add_filter_param("PROJMASK", mask) + if FLAGS.use_ipv6: + net_v6, prefixlen_v6 = netutils.get_net_and_prefixlen( + network['cidr_v6']) + conf.add_filter_param("PROJNET6", net_v6) + conf.add_filter_param("PROJMASK6", prefixlen_v6) return conf -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit openstack-keystone for openSUSE:Factory
by root＠hilbert.suse.de 22 Feb '13

22 Feb '13

Hello community, here is the log from the commit of package openstack-keystone for openSUSE:Factory checked in at 2013-02-22 16:55:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openstack-keystone (Old) and /work/SRC/openSUSE:Factory/.openstack-keystone.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openstack-keystone", Maintainer is "radmanic(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/openstack-keystone/openstack-keystone.changes 2013-02-08 07:13:00.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openstack-keystone.new/openstack-keystone.changes 2013-02-22 16:55:56.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Feb 22 10:11:13 UTC 2013 - cloud-devel(a)suse.de + +- Update to version 2012.2.4+git.1361527873.37b3532: + + Disable XML entity parsing (CVE-2013-1664, CVE-2013-1665) + + Ensure user and tenant enabled in EC2 (CVE-2013-0282) + +-------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openstack-keystone-doc.spec ++++++ --- /var/tmp/diff_new_pack.O6QhFl/_old 2013-02-22 16:55:58.000000000 +0100 +++ /var/tmp/diff_new_pack.O6QhFl/_new 2013-02-22 16:55:58.000000000 +0100 @@ -19,7 +19,7 @@ %define component keystone Name: openstack-%{component}-doc -Version: 2012.2.4+git.1360133921.82c87e5 +Version: 2012.2.4+git.1361527873.37b3532 Release: 0 License: Apache-2.0 Summary: OpenStack Identity Service (Keystone) - Documentation ++++++ openstack-keystone.spec ++++++ --- /var/tmp/diff_new_pack.O6QhFl/_old 2013-02-22 16:55:58.000000000 +0100 +++ /var/tmp/diff_new_pack.O6QhFl/_new 2013-02-22 16:55:58.000000000 +0100 @@ -23,7 +23,7 @@ %define hybrid keystone-hybrid-backend-folsom Name: openstack-%{component} -Version: 2012.2.4+git.1360133921.82c87e5 +Version: 2012.2.4+git.1361527873.37b3532 Release: 0 License: Apache-2.0 Summary: OpenStack Identity Service (Keystone) ++++++ keystone-hybrid-backend-folsom.tar.gz ++++++ ++++++ keystone-stable-folsom.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.4/AUTHORS new/keystone-2012.2.4/AUTHORS --- old/keystone-2012.2.4/AUTHORS 2013-02-05 17:24:46.000000000 +0100 +++ new/keystone-2012.2.4/AUTHORS 2013-02-20 02:12:23.000000000 +0100 @@ -84,6 +84,7 @@ Mohammed Naser <mnaser(a)vexxhost.com> monsterxx03 <xyj.asmy(a)gmail.com> Monty Taylor <mordred(a)inaugust.com> +Nathanael Burton <nathanael.i.burton.work(a)gmail.com> Pádraig Brady <pbrady(a)redhat.com> Pádraig Brady <P(a)draigBrady.com> Paul McMillan <paul.mcmillan(a)nebula.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.4/ChangeLog new/keystone-2012.2.4/ChangeLog --- old/keystone-2012.2.4/ChangeLog 2013-02-05 17:24:46.000000000 +0100 +++ new/keystone-2012.2.4/ChangeLog 2013-02-20 02:12:22.000000000 +0100 @@ -1,3 +1,36 @@ +commit 37b3532884f30fc979f633abe9be2b694d16887a +Merge: 8a22745 f0b4d30 +Author: Jenkins <jenkins(a)review.openstack.org> +Date: Wed Feb 20 00:49:06 2013 +0000 + + Merge "Ensure user and tenant enabled in EC2" into stable/folsom + +commit f0b4d300db5cc61d4f079f8bce9da8e8bea1081a +Author: Nathanael Burton <nathanael.i.burton.work(a)gmail.com> +Date: Tue Feb 19 09:27:04 2013 -0600 + + Ensure user and tenant enabled in EC2 + + Fixes bug 1121494. + + Change-Id: Icc90d581691b5aa63754e076ce983dfa2885a1dc + + keystone/contrib/ec2/core.py | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +commit 8a2274595ac628b2373eab0cb14690f866b7a024 +Author: Dolph Mathews <dolph.mathews(a)rackspace.com> +Date: Tue Feb 19 09:04:11 2013 -0600 + + Disable XML entity parsing + + Fixes bug 1100282 and bug 1100279. + + Change-Id: Ibf2d73bca17b689cfa2dfd29eb15ea6e7458a123 + + keystone/common/serializer.py | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + commit 82c87e5638ebaf9f166a9b07a0155291276d6fdc Merge: b3bd5fd bb2226f Author: Jenkins <jenkins(a)review.openstack.org> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.4/keystone/common/serializer.py new/keystone-2012.2.4/keystone/common/serializer.py --- old/keystone-2012.2.4/keystone/common/serializer.py 2013-02-05 17:22:07.000000000 +0100 +++ new/keystone-2012.2.4/keystone/common/serializer.py 2013-02-20 02:08:12.000000000 +0100 @@ -29,6 +29,16 @@ DOCTYPE = '<?xml version="1.0" encoding="UTF-8"?>' XMLNS = 'http://docs.openstack.org/identity/api/v2.0' +PARSER = etree.XMLParser( + resolve_entities=False, + remove_comments=True, + remove_pis=True) + +# NOTE(dolph): lxml.etree.Entity() is just a callable that currently returns an +# lxml.etree._Entity instance, which doesn't appear to be part of the +# public API, so we discover the type dynamically to be safe +ENTITY_TYPE = type(etree.Entity('x')) + def from_xml(xml): """Deserialize XML to a dictionary.""" @@ -51,7 +61,7 @@ class XmlDeserializer(object): def __call__(self, xml_str): """Returns a dictionary populated by decoding the given xml string.""" - dom = etree.fromstring(xml_str.strip()) + dom = etree.fromstring(xml_str.strip(), PARSER) return self.walk_element(dom) @staticmethod @@ -87,7 +97,8 @@ # current spec does not have attributes on an element with text values = values or text or {} - for child in [self.walk_element(x) for x in element]: + for child in [self.walk_element(x) for x in element + if not isinstance(x, ENTITY_TYPE)]: values = dict(values.items() + child.items()) return {XmlDeserializer._tag_name(element.tag): values} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystone-2012.2.4/keystone/contrib/ec2/core.py new/keystone-2012.2.4/keystone/contrib/ec2/core.py --- old/keystone-2012.2.4/keystone/contrib/ec2/core.py 2013-02-05 17:22:07.000000000 +0100 +++ new/keystone-2012.2.4/keystone/contrib/ec2/core.py 2013-02-20 02:08:12.000000000 +0100 @@ -37,6 +37,7 @@ import uuid from keystone import catalog +from keystone.common import logging from keystone.common import manager from keystone.common import utils from keystone.common import wsgi @@ -49,6 +50,7 @@ CONF = config.CONF +LOG = logging.getLogger(__name__) class Manager(manager.Manager): @@ -117,9 +119,9 @@ credentials['host'] = hostname signature = signer.generate(credentials) if not utils.auth_str_equal(credentials.signature, signature): - raise exception.Unauthorized(message='Invalid EC2 signature.') + raise exception.Unauthorized() else: - raise exception.Unauthorized(message='EC2 signature not supplied.') + raise exception.Unauthorized() def authenticate(self, context, credentials=None, ec2Credentials=None): """Validate a signed EC2 request and provide a token. @@ -149,7 +151,7 @@ credentials = ec2Credentials if not 'access' in credentials: - raise exception.Unauthorized(message='EC2 signature not supplied.') + raise exception.Unauthorized() creds_ref = self._get_credentials(context, credentials['access']) @@ -161,9 +163,19 @@ tenant_ref = self.identity_api.get_tenant( context=context, tenant_id=creds_ref['tenant_id']) + # If the tenant is disabled don't allow them to authenticate + if tenant_ref and not tenant_ref.get('enabled', True): + msg = 'Tenant %s is disabled' % tenant_ref['id'] + LOG.warning(msg) + raise exception.Unauthorized() user_ref = self.identity_api.get_user( context=context, user_id=creds_ref['user_id']) + # If the user is disabled don't allow them to authenticate + if not user_ref.get('enabled', True): + msg = 'User %s is disabled' % user_ref['id'] + LOG.warning(msg) + raise exception.Unauthorized() metadata_ref = self.identity_api.get_metadata( context=context, user_id=user_ref['id'], @@ -174,7 +186,7 @@ # fill out the roles in the metadata roles = metadata_ref.get('roles', []) if not roles: - raise exception.Unauthorized(message='User not valid for tenant.') + raise exception.Unauthorized() roles_ref = [self.identity_api.get_role(context, role_id) for role_id in roles] @@ -279,7 +291,7 @@ creds = self.ec2_api.get_credential(context, credential_id) if not creds: - raise exception.Unauthorized(message='EC2 access key not found.') + raise exception.Unauthorized() return creds def _assert_identity(self, context, user_id): -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit ninja for openSUSE:Factory
by root＠hilbert.suse.de 22 Feb '13

22 Feb '13

Hello community, here is the log from the commit of package ninja for openSUSE:Factory checked in at 2013-02-22 16:55:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ninja (Old) and /work/SRC/openSUSE:Factory/.ninja.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ninja", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/ninja/ninja.changes 2013-01-11 09:37:24.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.ninja.new/ninja.changes 2013-02-22 16:55:46.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Feb 22 13:22:33 UTC 2013 - idonmez(a)suse.com + +- Update to git hash b26d217 + * Documentation updates + * Fix wrong usage of std::string::find + +------------------------------------------------------------------- Old: ---- ninja-8a4c9e05f7.tar.bz2 New: ---- ninja-b26d217.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ninja.spec ++++++ --- /var/tmp/diff_new_pack.gIW4CY/_old 2013-02-22 16:55:47.000000000 +0100 +++ /var/tmp/diff_new_pack.gIW4CY/_new 2013-02-22 16:55:47.000000000 +0100 @@ -16,18 +16,19 @@ # -%define _githash 8a4c9e05f7 +%define _githash b26d217 Name: ninja Summary: A small build system closest in spirit to Make License: Apache-2.0 Group: Development/Tools/Building -Version: 0.0_20121229 +Version: 0.0_20130222 Release: 0 Url: https://github.com/martine/ninja BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: asciidoc BuildRequires: gcc-c++ +BuildRequires: libxslt-tools BuildRequires: python Source0: ninja-%{_githash}.tar.bz2 ++++++ ninja-8a4c9e05f7.tar.bz2 -> ninja-b26d217.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/RELEASING new/ninja/RELEASING --- old/ninja/RELEASING 1970-01-01 01:00:00.000000000 +0100 +++ new/ninja/RELEASING 2013-02-22 14:20:51.000000000 +0100 @@ -0,0 +1,10 @@ +Notes to myself on all the steps to make for a Ninja release. + +1. git checkout release; git merge master +2. fix version number in source (it will likely conflict in the above) +3. fix version in doc/manual.asciidoc +4. grep doc/manual.asciidoc for XXX, fix version references +5. rebuild manual, put in place on website +6. commit, tag, push +7. construct release notes from prior notes + credits: git shortlog -s --no-merges REV.. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/bootstrap.py new/ninja/bootstrap.py --- old/ninja/bootstrap.py 2013-01-10 20:39:40.000000000 +0100 +++ new/ninja/bootstrap.py 2013-02-22 14:20:51.000000000 +0100 @@ -96,6 +96,7 @@ '-DNINJA_BOOTSTRAP']) if options.windows: cflags.append('-D_WIN32_WINNT=0x0501') + conf_args.append("--platform=mingw") if options.x64: cflags.append('-m64') args.extend(cflags) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/configure.py new/ninja/configure.py --- old/ninja/configure.py 2013-01-10 20:39:40.000000000 +0100 +++ new/ninja/configure.py 2013-02-22 14:20:51.000000000 +0100 @@ -279,7 +279,8 @@ 'manifest_parser', 'metrics', 'state', - 'util']: + 'util', + 'version']: objs += cxx(name) if platform in ('mingw', 'windows'): for name in ['subprocess-win32', @@ -396,9 +397,14 @@ n.comment('Generate the manual using asciidoc.') n.rule('asciidoc', - command='asciidoc -a toc -a max-width=45em -o $out $in', - description='ASCIIDOC $in') -manual = n.build(doc('manual.html'), 'asciidoc', doc('manual.asciidoc')) + command='asciidoc -b docbook -d book -o $out $in', + description='ASCIIDOC $out') +n.rule('xsltproc', + command='xsltproc --nonet doc/docbook.xsl $in > $out', + description='XSLTPROC $out') +xml = n.build(built('manual.xml'), 'asciidoc', doc('manual.asciidoc')) +manual = n.build(doc('manual.html'), 'xsltproc', xml, + implicit=doc('style.css')) n.build('manual', 'phony', order_only=manual) n.newline() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/doc/docbook.xsl new/ninja/doc/docbook.xsl --- old/ninja/doc/docbook.xsl 1970-01-01 01:00:00.000000000 +0100 +++ new/ninja/doc/docbook.xsl 2013-02-22 14:20:51.000000000 +0100 @@ -0,0 +1,17 @@ + +<!DOCTYPE xsl:stylesheet [ +<!ENTITY css SYSTEM "style.css"> +]> +<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + version='1.0'> + <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl"/> + <xsl:template name="user.head.content"><style>&css;</style></xsl:template> + <xsl:template name="body.attributes"></xsl:template> + <xsl:param name="generate.toc" select="'book toc'"/> + <xsl:param name="chapter.autolabel" select="0" /> + <xsl:param name="toc.list.type">ul</xsl:param> + + <xsl:output method="html" encoding="utf-8" indent="no" + doctype-public=""/> +</xsl:stylesheet> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/doc/manual.asciidoc new/ninja/doc/manual.asciidoc --- old/ninja/doc/manual.asciidoc 2013-01-10 20:39:40.000000000 +0100 +++ new/ninja/doc/manual.asciidoc 2013-02-22 14:20:51.000000000 +0100 @@ -209,20 +209,22 @@ Environment variables ~~~~~~~~~~~~~~~~~~~~~ -Ninja supports one environment variable to control its behavior. +Ninja supports one environment variable to control its behavior: +`NINJA_STATUS`, the progress status printed before the rule being run. -`NINJA_STATUS`:: The progress status printed before the rule being run. Several placeholders are available: -* `%s`: The number of started edges. -* `%t`: The total number of edges that must be run to complete the build. -* `%p`: The percentage of started edges. -* `%r`: The number of currently running edges. -* `%u`: The number of remaining edges to start. -* `%f`: The number of finished edges. -* `%o`: Overall rate of finished edges per second -* `%c`: Current rate of finished edges per second (average over builds specified by -j or its default) -* `%%`: A plain `%` character. -* The default progress status is `"[%s/%t] "` (note the trailing space + +`%s`:: The number of started edges. +`%t`:: The total number of edges that must be run to complete the build. +`%p`:: The percentage of started edges. +`%r`:: The number of currently running edges. +`%u`:: The number of remaining edges to start. +`%f`:: The number of finished edges. +`%o`:: Overall rate of finished edges per second +`%c`:: Current rate of finished edges per second (average over builds specified by -j or its default) +`%%`:: A plain `%` character. + +The default progress status is `"[%s/%t] "` (note the trailing space to separate from the build rule). Another example of possible progress status could be `"[%u/%r/%f] "`. @@ -354,17 +356,11 @@ follows an indented set of `variable = value` lines. The basic example above declares a new rule named `cc`, along with the -command to run. (In the context of a rule, the `command` variable is -special and defines the command to run. A full list of special -variables is provided in <<ref_rule,the reference>>.) - -Within the context of a rule, three additional special variables are -available: `$in` expands to the list of input files (`foo.c`) and -`$out` to the output file (`foo.o`) for the command. For use with -`$rspfile_content`, there is also `$in_newline`, which is the same as -`$in`, except that multiple inputs are separated by `\n`, rather than -spaces. - +command to run. In the context of a rule, the `command` variable +defines the command to run, `$in` expands to the list of +input files (`foo.c`), and `$out` to the output files (`foo.o`) for the +command. A full list of special variables is provided in +<<ref_rule,the reference>>. Build statements ~~~~~~~~~~~~~~~~ @@ -420,6 +416,8 @@ Pools ~~~~~ +_Available since Ninja 1.1._ + Pools allow you to allocate one or more rules or edges a finite number of concurrent jobs which is more tightly restricted than the default parallelism. @@ -532,6 +530,7 @@ default. +[[ref_log]] The Ninja log ~~~~~~~~~~~~~ @@ -545,6 +544,36 @@ `.ninja_log` will be kept in that directory instead. +[[ref_versioning]] +Version compatibility +~~~~~~~~~~~~~~~~~~~~~ + +_Available since Ninja 1.XXX._ + +Ninja version labels follow the standard major.minor.patch format, +where the major version is increased on backwards-incompatible +syntax/behavioral changes and the minor version is increased on new +behaviors. Your `build.ninja` may declare a variable named +`ninja_required_version` that asserts the minimum Ninja version +required to use the generated file. For example, + +----- +ninja_required_version = 1.1 +----- + +declares that the build file relies on some feature that was +introduced in Ninja 1.1 (perhaps the `pool` syntax), and that +Ninja 1.1 or greater must be used to build. Unlike other Ninja +variables, this version requirement is checked immediately when +the variable is encountered in parsing, so it's best to put it +at the top of the build file. + +Ninja always warns if the major versions of Ninja and the +`ninja_required_version` don't match; a major version change hasn't +come up yet so it's difficult to predict what behavior might be +required. + + Ninja file reference -------------------- @@ -630,9 +659,22 @@ considered part of its parent's scope; if it is indented less than the previous one, it closes the previous scope. +Top-level variables +~~~~~~~~~~~~~~~~~~~ + +Two variables are significant when declared in the outermost file scope. + +`builddir`:: a directory for some Ninja output files. See <<ref_log,the + discussion of the build log>>. (You can also store other build output + in this directory.) + +`ninja_required_version`:: the minimum verison of Ninja required to process + the build correctly. See <<ref_versioning,the discussion of versioning>>. + + +[[ref_rule]] Rule variables ~~~~~~~~~~~~~~ -[[ref_rule]] A `rule` block contains a list of `key = value` declarations that affect the processing of the rule. Here is a full list of special @@ -674,6 +716,20 @@ rebuilt if the command line changes; and secondly, they are not cleaned by default. +`in`:: the shell-quoted space-separated list of files provided as + inputs to the build line referencing this `rule`. (`$in` is provided + solely for convenience; if you need some subset or variant of this + list of files, just construct a new variable with that list and use + that instead.) + +`in_newline`:: the same as `$in` except that multiple inputs are + separated by newlines rather than spaces. (For use with + `$rspfile_content`; this works around a bug in the MSVC linker where + it uses a fixed-size buffer for processing input.) + +`out`:: the shell-quoted space-separated list of files provided as + outputs to the build line referencing this `rule`. + `restat`:: if present, causes Ninja to re-stat the command's outputs after execution of the command. Each output whose modification time the command did not change will be treated as though it had never @@ -700,13 +756,9 @@ build myapp.exe: link a.obj b.obj [possibly many other .obj files] ---- -Finally, the special `$in` and `$out` variables expand to the -shell-quoted space-separated list of files provided to the `build` -line referencing this `rule`. - +[[ref_dependencies]] Build dependencies ~~~~~~~~~~~~~~~~~~ -[[ref_dependencies]] There are three types of build dependencies which are subtly different. @@ -768,9 +820,9 @@ foo = bar ---- +[[ref_scope]] Evaluation and scoping ~~~~~~~~~~~~~~~~~~~~~~ -[[ref_scope]] Top-level variable declarations are scoped to the file they occur in. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/doc/style.css new/ninja/doc/style.css --- old/ninja/doc/style.css 1970-01-01 01:00:00.000000000 +0100 +++ new/ninja/doc/style.css 2013-02-22 14:20:51.000000000 +0100 @@ -0,0 +1,29 @@ +body { + margin: 5ex 10ex; + max-width: 40em; + line-height: 1.4; + font-family: sans-serif; + font-size: 0.8em; +} +h1, h2, h3 { + font-weight: normal; +} +pre, code { + font-family: x, monospace; +} +pre { + padding: 1ex; + background: #eee; + border: solid 1px #ddd; + min-width: 0; + font-size: 90%; +} +code { + color: #007; +} +.chapter { + margin-top: 4em; +} +p { + margin-top: 0; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/misc/packaging/ninja.spec new/ninja/misc/packaging/ninja.spec --- old/ninja/misc/packaging/ninja.spec 2013-01-10 20:39:40.000000000 +0100 +++ new/ninja/misc/packaging/ninja.spec 2013-02-22 14:20:51.000000000 +0100 @@ -5,8 +5,10 @@ Group: Development/Tools License: Apache 2.0 URL: https://github.com/martine/ninja -Source0: %{name}-%{version}-%{release}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release} +Source0: %{name}-%{version}-%{rel}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{rel} + +BuildRequires: asciidoc %description Ninja is yet another build system. It takes as input the interdependencies of files (typically source code and output executables) and @@ -17,7 +19,7 @@ seconds to start building after changing one file. Ninja is under a second. %prep -%setup -q -n %{name}-%{version}-%{release} +%setup -q -n %{name}-%{version}-%{rel} %build echo Building.. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/src/graph.cc new/ninja/src/graph.cc --- old/ninja/src/graph.cc 2013-01-10 20:39:40.000000000 +0100 +++ new/ninja/src/graph.cc 2013-02-22 14:20:51.000000000 +0100 @@ -284,8 +284,10 @@ bool DependencyScan::LoadDepFile(Edge* edge, const string& path, string* err) { METRIC_RECORD("depfile load"); string content = disk_interface_->ReadFile(path, err); - if (!err->empty()) + if (!err->empty()) { + *err = "loading '" + path + "': " + *err; return false; + } // On a missing depfile: return false and empty *err. if (content.empty()) return false; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/src/manifest_parser.cc new/ninja/src/manifest_parser.cc --- old/ninja/src/manifest_parser.cc 2013-01-10 20:39:40.000000000 +0100 +++ new/ninja/src/manifest_parser.cc 2013-02-22 14:20:51.000000000 +0100 @@ -23,6 +23,7 @@ #include "metrics.h" #include "state.h" #include "util.h" +#include "version.h" ManifestParser::ManifestParser(State* state, FileReader* file_reader) : state_(state), file_reader_(file_reader) { @@ -66,10 +67,15 @@ case Lexer::IDENT: { lexer_.UnreadToken(); string name; - EvalString value; - if (!ParseLet(&name, &value, err)) + EvalString let_value; + if (!ParseLet(&name, &let_value, err)) return false; - env_->AddBinding(name, value.Evaluate(env_)); + string value = let_value.Evaluate(env_); + // Check ninja_required_version immediately so we can exit + // before encountering any syntactic surprises. + if (name == "ninja_required_version") + CheckNinjaVersion(value); + env_->AddBinding(name, value); break; } case Lexer::INCLUDE: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/src/msvc_helper_main-win32.cc new/ninja/src/msvc_helper_main-win32.cc --- old/ninja/src/msvc_helper_main-win32.cc 2013-01-10 20:39:40.000000000 +0100 +++ new/ninja/src/msvc_helper_main-win32.cc 2013-02-22 14:20:51.000000000 +0100 @@ -44,6 +44,31 @@ } } +void WriteDepFileOrDie(const char* object_path, CLWrapper* cl) { + string depfile_path = string(object_path) + ".d"; + FILE* depfile = fopen(depfile_path.c_str(), "w"); + if (!depfile) { + unlink(object_path); + Fatal("opening %s: %s", depfile_path.c_str(), GetLastErrorString().c_str()); + } + if (fprintf(depfile, "%s: ", object_path) < 0) { + unlink(object_path); + fclose(depfile); + unlink(depfile_path.c_str()); + Fatal("writing %s", depfile_path.c_str()); + } + vector<string> headers = cl->GetEscapedResult(); + for (vector<string>::iterator i = headers.begin(); i != headers.end(); ++i) { + if (fprintf(depfile, "%s\n", i->c_str()) < 0) { + unlink(object_path); + fclose(depfile); + unlink(depfile_path.c_str()); + Fatal("writing %s", depfile_path.c_str()); + } + } + fclose(depfile); +} + } // anonymous namespace int MSVCHelperMain(int argc, char** argv) { @@ -95,17 +120,7 @@ cl.SetEnvBlock((void*)env.data()); int exit_code = cl.Run(command); - string depfile = string(output_filename) + ".d"; - FILE* output = fopen(depfile.c_str(), "w"); - if (!output) { - Fatal("opening %s: %s", depfile.c_str(), GetLastErrorString().c_str()); - } - fprintf(output, "%s: ", output_filename); - vector<string> headers = cl.GetEscapedResult(); - for (vector<string>::iterator i = headers.begin(); i != headers.end(); ++i) { - fprintf(output, "%s\n", i->c_str()); - } - fclose(output); + WriteDepFileOrDie(output_filename, &cl); return exit_code; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/src/ninja.cc new/ninja/src/ninja.cc --- old/ninja/src/ninja.cc 2013-01-10 20:39:40.000000000 +0100 +++ new/ninja/src/ninja.cc 2013-02-22 14:20:51.000000000 +0100 @@ -41,16 +41,13 @@ #include "metrics.h" #include "state.h" #include "util.h" +#include "version.h" // Defined in msvc_helper_main-win32.cc. int MSVCHelperMain(int argc, char** argv); namespace { -/// The version number of the current Ninja release. This will always -/// be "git" on trunk. -const char* kVersion = "git"; - /// Global information passed into subtools. struct Globals { Globals() : state(new State()) {} @@ -109,7 +106,7 @@ " -C DIR change to DIR before doing anything else\n" " -f FILE specify input build file [default=build.ninja]\n" "\n" -" -j N run N jobs in parallel [default=%d]\n" +" -j N run N jobs in parallel [default=%d, derived from CPUs available]\n" " -l N do not start new jobs if the load average is greater than N\n" #ifdef _WIN32 " (not yet implemented on Windows)\n" @@ -121,7 +118,7 @@ " -d MODE enable debugging (use -d list to list modes)\n" " -t TOOL run a subtool (use -t list to list subtools)\n" " terminates toplevel options; further flags are passed to the tool\n", - kVersion, config.parallelism); + kNinjaVersion, config.parallelism); } /// Choose a default value for the -j (parallelism) flag. @@ -772,7 +769,7 @@ working_dir = optarg; break; case OPT_VERSION: - printf("%s\n", kVersion); + printf("%s\n", kNinjaVersion); return 0; case 'h': default: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/src/util.cc new/ninja/src/util.cc --- old/ninja/src/util.cc 2013-01-10 20:39:40.000000000 +0100 +++ new/ninja/src/util.cc 2013-02-22 14:20:51.000000000 +0100 @@ -325,7 +325,7 @@ } #endif -#ifdef _WIN32 +#if defined(_WIN32) || defined(__CYGWIN__) double GetLoadAverage() { // TODO(nicolas.despres(a)gmail.com): Find a way to implement it on Windows. // Remember to also update Usage() when this is fixed. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/src/version.cc new/ninja/src/version.cc --- old/ninja/src/version.cc 1970-01-01 01:00:00.000000000 +0100 +++ new/ninja/src/version.cc 2013-02-22 14:20:51.000000000 +0100 @@ -0,0 +1,57 @@ +// Copyright 2013 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "version.h" + +#include <stdlib.h> + +#include "util.h" + +const char* kNinjaVersion = "1.1.0.git"; + +void ParseVersion(const string& version, int* major, int* minor) { + size_t end = version.find('.'); + *major = atoi(version.substr(0, end).c_str()); + *minor = 0; + if (end != string::npos) { + size_t start = end + 1; + end = version.find('.', start); + *minor = atoi(version.substr(start, end).c_str()); + } +} + +void CheckNinjaVersion(const string& version) { + int bin_major, bin_minor; + ParseVersion(kNinjaVersion, &bin_major, &bin_minor); + int file_major, file_minor; + ParseVersion(version, &file_major, &file_minor); + + if (bin_major > file_major) { + Warning("ninja executable version (%s) greater than build file " + "ninja_required_version (%s); versions may be incompatible.", + kNinjaVersion, version.c_str()); + return; + } + + if ((bin_major == file_major && bin_minor < file_minor) || + bin_major < file_major) { + Fatal("ninja version (%s) incompatible with build file " + "ninja_required_version version (%s).", + kNinjaVersion, version.c_str()); + } +} + + + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ninja/src/version.h new/ninja/src/version.h --- old/ninja/src/version.h 1970-01-01 01:00:00.000000000 +0100 +++ new/ninja/src/version.h 2013-02-22 14:20:51.000000000 +0100 @@ -0,0 +1,32 @@ +// Copyright 2013 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef NINJA_VERSION_H_ +#define NINJA_VERSION_H_ + +#include <string> +using namespace std; + +/// The version number of the current Ninja release. This will always +/// be "git" on trunk. +extern const char* kNinjaVersion; + +/// Parse the major/minor components of a version string. +void ParseVersion(const string& version, int* major, int* minor); + +/// Check whether \a version is compatible with the current Ninja version, +/// aborting if not. +void CheckNinjaVersion(const string& required_version); + +#endif // NINJA_VERSION_H_ -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit Mesa for openSUSE:Factory
by root＠hilbert.suse.de 22 Feb '13

22 Feb '13

Hello community, here is the log from the commit of package Mesa for openSUSE:Factory checked in at 2013-02-22 16:55:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/Mesa (Old) and /work/SRC/openSUSE:Factory/.Mesa.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "Mesa", Maintainer is "sndirsch(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/Mesa/Mesa.changes 2013-02-05 12:13:13.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.Mesa.new/Mesa.changes 2013-02-22 16:55:28.000000000 +0100 @@ -1,0 +2,34 @@ +Thu Feb 21 23:23:22 UTC 2013 - hrvoje.senjan(a)gmail.com + +- update to Mesa 9.0.3: a bugfix release + * Pink artifacts on objects in the distance in ETQW/Quake 4 + (fdo#25201) + * configure: Doesn't check for python libxml2 (fdo#31598) + * [softpipe] piglit glsl-max-varyings regression (fdo#40404) + * [bisected] Oglc pxconv-gettex(basic.allCases) regressed (fdo#47220) + * [bisected i965]Oglc shad-compiler(advanced.TestLessThani) + regressed(fdo#48629) + * [swrast] piglit fbo-generatemipmap-filtering regression + (fdo#54240) + * [sandybridge][uxa] graphics very glitchy and always flickering + (fdo#56920) + * [GM45] Chrome experiment "Stars" crash: brw_fs_emit.cpp:708: + brw_reg brw_reg_from_fs_reg(fs_reg*): Assertion „!"not reached"“ + failed. (fdo#57166) + * build test failure: nouveau_fbo.c:198:3: error: too few arguments to + function 'nouveau_renderbuffer_del' (fdo#57746) + * [swrast] Mesa 9.1-devel implementation error: Unable to + delete renderbuffer, no context (fdo#57754) + * [IVB] Graphical glitches in 0 A.D (fdo#58680) + * [softpipe] util/u_tile.c:795:pipe_put_tile_z: Assertion `0' failed. + (fdo#58972) + * [bisected] Mesa build fails: clientattrib.c:33:22: fatal error: indirect.h: + No such file or directory (fdo#59364) + * [ILK/SNB/IVB Bisected]Oglc vertexshader(advanced.TestLightsTwoSided) + causes GPU hung (fdo#59700) + * [swrast] piglit ext_framebuffer_multisample-interpolation 0 + centroid-edges regression (fdo#59873) + * [Bisected]Piglit glx_extension_string_sanity fail (fdo#60052) + * Planeshift: triangles where grass would be (fdo#60172) + +------------------------------------------------------------------- Old: ---- MesaLib-9.0.2.tar.bz2 New: ---- MesaLib-9.0.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ Mesa.spec ++++++ --- /var/tmp/diff_new_pack.lC51Vd/_old 2013-02-22 16:55:30.000000000 +0100 +++ /var/tmp/diff_new_pack.lC51Vd/_new 2013-02-22 16:55:30.000000000 +0100 @@ -17,11 +17,11 @@ %define glamor 1 -%define _version 9.0.2 +%define _version 9.0.3 %define _name_archive MesaLib Name: Mesa -Version: 9.0.2 +Version: 9.0.3 Release: 0 BuildRequires: autoconf >= 2.60 BuildRequires: automake ++++++ MesaLib-9.0.2.tar.bz2 -> MesaLib-9.0.3.tar.bz2 ++++++ ++++ 4068 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0