Hello community,
here is the log from the commit of package cfengine for openSUSE:Factory checked in at 2020-09-30 19:53:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cfengine (Old)
and /work/SRC/openSUSE:Factory/.cfengine.new.4249 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cfengine"
Wed Sep 30 19:53:06 2020 rev:76 rq:838736 version:3.16.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/cfengine/cfengine.changes 2019-07-24 20:50:22.530453277 +0200
+++ /work/SRC/openSUSE:Factory/.cfengine.new.4249/cfengine.changes 2020-09-30 19:53:11.724720558 +0200
@@ -1,0 +2,267 @@
+Wed Sep 23 08:34:55 UTC 2020 - Klaus Kämpf
+
+- drop cfengine-doc subpackage in favor of cfengine-documentation
+
+-------------------------------------------------------------------
+Tue Sep 22 07:52:50 UTC 2020 - Klaus Kämpf
+
+- update to 3.16.0
+ - Added 'cf-secret' binary for host-specific encryption (CFE-2613)
+ - 'cf-check diagnose --test-write' can now be used to test writing
+ into LMDB files (ENT-4484)
+ - 'if' constraint now works in combination with class contexts
+ (CFE-2615)
+ - Added $(sys.cf_version_release) variable (ENT-5348)
+ - Added new macros to parser: else, maximum_version, between_versions,
+ before_version, at_version and after_version. Version macros now
+ accept single digits (CFE-3198)
+ - Added cf-postgres requirement to cf-apache and cf-hub systemd units
+ (ENT-5125)
+ - Added files promise content attribute (CFE-3276)
+ - Added string_trim() policy function (CFE-3074)
+ - Added warning if CSV parser parses nothing from non-empty file
+ (CFE-3256)
+ - All changes made by 'files' promises are now reported. Also,
+ directory and file creations are now properly reported as 'info'
+ messages. And failures in edit_xml result in promises marked as
+ failed not interrupted. Purged dirs and files are reported as
+ repaired (ENT-5291, CFE-3260)
+ - Bootstrap to loopback interface is now allowed, with a warning
+ (CFE-3304)
+ - Client initiated reporting was fixed on RHEL 8.1 (ENT-5415)
+ - Fixed rare crashing bug when parsing zombie entries in ps output.
+ The problem was only ever observed on AIX, but could theoretically happen
+ on any platform depending on exact libc behavior. (ENT-5329)
+ - Fixed an issue causing duplicate entries in sys.interfaces, and
+ sys.hardware. (CFE-3046)
+ - Fixed ifelse() to return fallback in case of unresolved variables
+ (ENT-4653)
+ - Fixed locking of promises using log_repaired / log_string with
+ timestamps (CFE-3376)
+ - Fixed memory leak in handling of inline JSON in policy evaluation
+ - Fixed memory leak in readlist functions (CFE-3263)
+ - Fixed race condition when multiple agents are acquiring critical
+ section locks simultaneously (CFE-3361)
+ - Fixed selection of standard_services when used from non-default
+ namespace (ENT-5406)
+ - Fixed service status cfengine3 on systemd managed hosts
+ (ENT-5528)
+ - Fixed some memory leaks and crashes in policy evaluation (CFE-3263)
+ - Improved error message for invalid body attribute names (CFE-3273)
+ - Improved management of secondary groups to avoid intermediary state
+ failures (ENT-3710)
+ - LMDB files are now created with correct permissions (ENT-5986)
+ - Log messages about broken Mustache templates are now errors
+ (CFE-3263)
+ - Made classfiltercsv() fail properly on invalid class expression index
+ - Measurements promises with no match no longer produce errors
+ (ENT-5171)
+ - Moved error reading file in countlinesmatching() from verbose to
+ error (CFE-3234)
+ - Added new data validation policy functions validdata() and validjson()
+ (CFE-2898)
+ - New version checking convenience policy functions (CFE-3197)
+ Added the following policy functions to check against local CFEngine version:
+ - cf_version_maximum()
+ - cf_version_minimum()
+ - cf_version_after()
+ - cf_version_before()
+ - cf_version_at()
+ - cf_version_between()
+ - Removed (USE AT YOUR OWN RISK) from cf-key help menu for -x (ENT-5090)
+ - Rewrote helloworld.cf to use files promises content attribute (CFE-3276)
+ - The outcome classes are now defined for the top-level directory when
+ 'include_basedir' is 'false' (ENT-5291)
+ - Variable references with nested parentheses no longer cause errors
+ (CFE-3242)
+ - cf-check: Added a more user friendly message when trying to print
+ unknown binary data (ENT-5234)
+ - cf-check: Added data validation for cf_lastseen.lmdb (CFE-2988)
+ - cf-check: Added nice printing for nova_agent_executions.lmdb
+ (ENT-5234)
+ - cf-check: Added validation for timestamps in cf_lock.lmdb (CFE-2988)
+ - cf-check: Added validation for timestamps in lastseen.lmdb (CFE-2988)
+ - cf-check: Fixed issue causing repair to target the wrong database file
+ (ENT-5309)
+ - cf-check: Symlinked LMDB databases are now preserved in repair
+ Performs diagnosis and repair on symlink target instead of symlink.
+ Repaired files / copies are placed alongside symlink target.
+ In some cases, the symlink target is deleted to repair a corrupt
+ database, and the symlink is left as a broken symlink. This is
+ handled gracefully by the agent, it will be recreated.
+ Broken symlinks are now detected as an acceptable condition in diagnose,
+ it won't try to repair them or delete them. (ENT-5162)
+ - storage promises managing nfs mounts should now correctly mount
+ after editing fstab entries
+
+- drop 0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch,
+ 0002-Reduce-string-truncation-warnings.patch,
+ 0003-make-home-dir-for-tests.patch - all upstream
+
+-------------------------------------------------------------------
+Tue Jul 28 14:28:49 UTC 2020 - Thorsten Kukuk
+
+- Fix version format for suse_version (SuSEfirewall2 check)
+
+-------------------------------------------------------------------
+Fri Jun 12 14:34:51 UTC 2020 - Klaus Kämpf
+
+- update to 3.15.0
+ - New policy function basename() added (CFE-3196)
+ - Added read_module_protocol() policy function
+ This function reads module protocol from a file, and can be used
+ for caching the results of commands modules. (CFE-2973)
+ - The @ character is now allowed in the key of classic arrays defined
+ by the module protocol (CFE-3099)
+ - nth() policy function now supports negative indices (CFE-3194)
+ - Fixed .xy floating point numbers parsing in eval() (CFE-2762)
+ - Added inform constraint to commands promises, to allow suppression of
+ INFO log messages (CFE-2973)
+ - Changed unless constraint to be more consistent with if
+ For any situation where if would NOT skip a promise, unless
+ will cause the promise to be skipped. When there are
+ unresolved variables / function calls, if will skip, unless
+ will NOT skip. (CFE-3160)
+ - Default minimum allowed TLS version is now 1.1 (ENT-4616)
+ - Network protocol version 2 is now called "tls"
+ "tls" or "2" can be used in places where you specify network
+ protocol. Log messages were altered, to show "tls" instead of
+ "latest". (ENT-4406)
+ - Introduced protocol version 3 - "cookie"
+ This protocol is identical to version 2 ("tls"),
+ except it allows the enterprise reporting hub to send
+ the COOKIE command to enterprise hosts. This command is used for
+ detecting hosts using duplicate identities. Protocol version "latest"
+ now points to version 3. For community installations, it should not
+ make a difference, policy servers will not send this command. The only
+ visible difference is the new version number (in logs and policy).
+ (ENT-4406)
+ - Package modules now hit network when package cache is first initialized
+ (CFE-3094)
+ - Fixed promise skipping bug in unless (CFE-2689)
+ - Fixed error message for unexpanded variables in function calls in unless
+ (CFE-2689)
+ - Prevented buffer overflow when policy variable names are longer than
+ 1024 bytes
+ - Zero bytes in class guards no longer cause crashes (CFE-3028)
+ - Fixed bug in ps parsing on OpenBSD / NetBSD causing bootstrap to fail
+ - Fixed crash in policy/JSON parsing of numbers with too many decimal
+ points (CFE-3138)
+ - copy_from without preserve now respects destination mode (ENT-4016)
+ - Removed stime_range and ttime_range constraints from promise hash
+ (ENT-4921)
+ - Fixed promise result when using process_stop in processes type promises
+ (ENT-4988)
+ - cf-execd now sends SIGKILL to the agent process in case of
+ agent_expireafter, after attempting SIGINT and SIGTERM (CFE-2664)
+ - cf-serverd now tries to accept connection multiple times (CFE-3066)
+ - Fixed multiple measurements tracking growth of same file (ENT-4814)
+ - Set create permissions of monitord files in state directory to 0600
+ 0600 matches the permissions enforced by policy.
+ Affected files:
+ * state/cf_incoming.*
+ * state/cf_outgoing.*
+ * state/cf_users
+ * state/env_data
+ (ENT-4863)
+ - Clarified descriptions of io_writtendata and io_readdata (ENT-5127)
+ - Clarified log message about process_count and restart_class being used
+ concurrently (CFE-208)
+ - Agent runs that hit abortclasses now record results (ENT-2471)
+ - An ID of rhel in os-release file will now define both rhel and redhat
+ classes (CFE-3140)
+ - Version specific distro classes are now collected by default in
+ Enterprise (ENT-4752)
+ - redhat_8 and redhat_8_0 are now defined on RHEL 8 (CFE-3140)
+ - Added derived-from-file tag to hard classes based on /etc/redhat-release
+ (CFE-3140)
+ - Added sys.bootstrap_id policy variable containing the ID from
+ /var/cfengine/bootstrap_id.dat, if present (CFE-2977)
+ - sys.interfaces now contains interfaces even when they only have
+ IPv6 addresses (ENT-4858)
+ - IPv6-only interfaces added to sys.hardware_(addresses,mac) (CFE-3164)
+ - IPv6 addresses are now added to policy variable sys.ip_addresses
+ (CFE-682)
+ - IPv6 addresses now respect ignored_interfaces.rx (CFE-3156)
+ - hostname now allowed in bindtoaddress (CFE-3190)
+ - Fixed issue when removing comments from files in various policy functions
+ This also fixes many erroneous occurences of the error message
+ mentioning:
+
+ [...] because it legally matches nothing
+
+ (A warning can still appear if a comment regex actually matches nothing).
+ Also made this comment removing logic faster.
+ Affected functions include:
+ * readstringlist()
+ * readintlist()
++++ 70 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/cfengine/cfengine.changes
++++ and /work/SRC/openSUSE:Factory/.cfengine.new.4249/cfengine.changes
Old:
----
0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch
0002-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch
0003-Reduce-string-truncation-warnings.patch
0004-make-home-dir-for-tests.patch
cf3-Reference.pdf
cf3-conceptguide.pdf
cf3-glossary.pdf
cf3-quickstart.pdf
cf3-solutions.pdf
cf3-tutorial.pdf
cfengine-3.12.1.tar.gz
primer.pdf
remove-am_subst_notmake.patch
New:
----
cfengine-3.16.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cfengine.spec ++++++
--- /var/tmp/diff_new_pack.Qbxqyu/_old 2020-09-30 19:53:13.604722240 +0200
+++ /var/tmp/diff_new_pack.Qbxqyu/_new 2020-09-30 19:53:13.604722240 +0200
@@ -1,7 +1,7 @@
#
# spec file for package cfengine
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -22,30 +22,29 @@
# reported upstream as https://cfengine.com/dev/issues/1896
%define basedir %{_localstatedir}/%{name}
%define workdir %{basedir}
-%if 0%{?suse_version} >= 1210
-%define have_systemd 1
-%else
-%define have_systemd 0
-%endif
-%if 0%{?suse_version} <= 150100
+# This is the place where workdir should be
+#define basedir /var/lib/%%{name}
+#define workdir %%{basedir}/work
+
+%if 0%{?suse_version} < 1500
+# assume SuSEfirewall2
%define with_sfw2 1
%else
+# assume firewalld
%define with_sfw2 0
%endif
# pass --with-bla to enable the build
%bcond_with mysql
%bcond_with postgresql
%bcond_with libvirt
+
Name: cfengine
-Version: 3.12.1
+Version: 3.16.0
Release: 0
-# This is the place where workdir should be
-#define basedir /var/lib/%%{name}
-#define workdir %%{basedir}/work
Summary: Configuration management framework
License: GPL-3.0-only
Group: Productivity/Networking/System
-Url: http://www.cfengine.org/
+URL: http://www.cfengine.org/
Source: https://cfengine-package-repos.s3.amazonaws.com/tarballs/cfengine-%{version}.tar.gz
Source1: %{name}.SuSEfirewall2
Source2: cf-execd.service
@@ -56,33 +55,11 @@
Source7: cf-serverd
Source10: %{name}.cron
Source11: %{name}-rpmlintrc
-# docs
-Source101: http://www.cfengine.org/manuals/cf3-Reference.pdf
-Source102: http://www.cfengine.org/manuals/cf3-conceptguide.pdf
-Source103: http://www.cfengine.org/manuals/cf3-glossary.pdf
-Source104: http://www.cfengine.org/manuals/cf3-quickstart.pdf
-Source105: http://www.cfengine.org/manuals/cf3-solutions.pdf
-Source106: http://www.cfengine.org/manuals/cf3-tutorial.pdf
-Source107: http://www.verticalsysadmin.com/cfengine/primer.pdf
-
-# PATCH-FIX-SUSE
-# set cfengine's notion of bindir to /usr/bin instead of /var/cfengine/bin
-# kkaempf@suse.de
-Patch1: 0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch
-# PATCH-FIX-UPSTREAM add 'suse' class for consistency with other vendor classes
-# PATCH-FEATURE-UPSTREAM better /etc/SuSE-release parsing, upstream #5423
-# kkaempf@suse.de
-Patch2: 0002-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch
-# PATCH-FIX-SUSE reduce "string truncated" (in strncpy) warnings
-Patch3: 0003-Reduce-string-truncation-warnings.patch
-# PATCH-FIX-SUSE BNC#1016848, adam.majer
-Patch10: 0004-make-home-dir-for-tests.patch
-# SLE 11 or RHEL5 autoconf does not support AM_SUBST_NOTMAKE, kkaempf@suse.de
-Patch99: remove-am_subst_notmake.patch
+
+Recommends: %{name}-documentation
BuildRequires: bison
BuildRequires: db-devel
-BuildRequires: fakeroot
BuildRequires: flex
BuildRequires: libacl-devel
BuildRequires: libtool
@@ -91,13 +68,14 @@
BuildRequires: openssl-devel >= 1.0.2e
BuildRequires: pam-devel
BuildRequires: pcre-devel >= 8.38
-BuildRequires: python
# for flock
BuildRequires: util-linux
# for llzma
BuildRequires: xz-devel
Requires: %{libsoname} = %{version}
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
+%if !%{with_sfw2}
+BuildRequires: firewall-macros
+%endif
%if %{with mysql}
BuildRequires: mysql-devel
%endif
@@ -107,23 +85,9 @@
%if %{with postgresql}
BuildRequires: postgresql-devel
%endif
-%if %{have_systemd}
-BuildRequires: systemd
+BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
-%else
-# Without systemd we require cron
-Requires: cron
-%if 0%{?suse_version}
-Requires(post): %insserv_prereq %fillup_prereq
-%endif
-%endif
-# FHS was a hit with sle11 so it dies out otherwise
-%if 0%{?suse_version} <= 1110
-BuildRequires: -post-build-checks
-%endif
-%if 0%{?suse_version} > 1020
BuildRequires: fdupes
-%endif
%if 0%{?fedora_version} == 20
BuildRequires: perl-Exporter
%endif
@@ -157,29 +121,16 @@
This package contains the files needed to compile programs that use the
libpromises library.
-%package doc
-Summary: Documentation for CFEngine, a config management framework
-Group: Documentation/Other
-
-%description doc
-Documentation for cfengine.
-
%package examples
Summary: CFEngine example promises
Group: Documentation/Other
+BuildArch: noarch
%description examples
Lots of example promises for CFEngine.
%prep
%setup -q
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%if 0%{?suse_version} <= 1110
-%patch99 -p1
-%endif
-%patch10 -p1
##### rpmlint
#### wrong-file-end-of-line-encoding
@@ -187,12 +138,7 @@
### http://www.fsf.org/about/contact/
find ./examples -type f -name "*.cf" -exec perl -p -i -e 's|\r\n|\n|,s|^# Foundation.*|# Foundation, 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA|' {} \;
-### install extra docs
-install -d docs
-cp -a $RPM_SOURCE_DIR/*pdf docs/
-
%build
-echo %{version} > CFVERSION
EXPLICIT_VERSION=%{version} autoreconf -fvi -I m4
CC=cc CFLAGS="%{optflags} -fno-strict-aliasing" \
%configure \
@@ -243,35 +189,15 @@
# create dirs needed for better organizing dirs and files
install -d %{buildroot}/%{basedir}/{backup,failsafe,config,plugins}
-%if %{have_systemd}
# systemd: install sample cron file in docdir
cp %{SOURCE10} %{buildroot}/%{_docdir}/%{name}
-%else
-# no systemd -> use cron
-# install cron file
-install -D -m0644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/cron.d/%{name}
-%endif
-%if %{have_systemd}
# install systemd scripts
install -d %{buildroot}%{_unitdir}
install -m 0644 %{SOURCE2} %{SOURCE3} %{SOURCE4} %{buildroot}/%{_unitdir}
ln -s -f service %{buildroot}/%{_sbindir}/rccf-monitord
ln -s -f service %{buildroot}/%{_sbindir}/rccf-execd
ln -s -f service %{buildroot}/%{_sbindir}/rccf-serverd
-%else
-# install init scripts
-install -d %{buildroot}%{_initddir}
-install -m 0755 %{SOURCE5} %{SOURCE6} %{SOURCE7} %{buildroot}%{_initddir}/
-ln -s -f ../..%{_initddir}/cf-monitord %{buildroot}/%{_sbindir}/rccf-monitord
-ln -s -f ../..%{_initddir}/cf-execd %{buildroot}/%{_sbindir}/rccf-execd
-ln -s -f ../..%{_initddir}/cf-serverd %{buildroot}/%{_sbindir}/rccf-serverd
-# sed @workdir@ in initscripts/cron.d
-sed -i\
- -e "s,@workdir@,%{workdir},g"\
- -e "s,@basedir@,%{basedir},g" \
- %{buildroot}%{_initddir}/cf-* %{buildroot}%{_sysconfdir}/cron.d/%{name}
-%endif
# create symlinks for bin_PROGRAMS
# because: cf-promises needs to be installed in /var/cfengine/work/bin for pre-validation of full configuration
@@ -299,50 +225,33 @@
%endif
# Ckeabyo dyoes
-%if 0%{?suse_version} > 1020
%fdupes %{buildroot}%{_datadir}/cfengine
-%endif
%pre
-%if %{have_systemd}
-%service_add_pre cf-execd.service cf-monitord.service cf-serverd.service
-%endif
+%service_add_pre cf-execd.service cf-monitord.service cf-serverd.service cf-apache.service cf-hub.service cf-postgres.service cf-runalerts.service cfengine3.service
%post
-%if %{have_systemd}
-%service_add_post cf-execd.service cf-monitord.service cf-serverd.service
-%else
-for i in execd monitord serverd; do
- %fillup_and_insserv cf-${i}
-done
-%endif
+%service_add_post cf-execd.service cf-monitord.service cf-serverd.service cf-apache.service cf-hub.service cf-postgres.service cf-runalerts.service cfengine3.service
if [ $1 -lt 2 ]; then
# first install, generate key pair
cf-key
fi
+%if !%{with_sfw2}
+%firewalld_reload
+%endif
%preun
-%if %{have_systemd}
-%service_del_preun cf-execd.service cf-monitord.service cf-serverd.service
-%else
-for i in execd monitord serverd; do
- %stop_on_removal cf-${i}
-done
-%endif
+%service_del_preun cf-execd.service cf-monitord.service cf-serverd.service cf-apache.service cf-hub.service cf-postgres.service cf-runalerts.service cfengine3.service
%postun
-%if %{have_systemd}
-%service_del_postun cf-execd.service cf-monitord.service cf-serverd.service
-%else
-%insserv_cleanup
-for i in execd monitord serverd; do
- %restart_on_update cf-${i}
-done
-%endif
+%service_del_postun cf-execd.service cf-monitord.service cf-serverd.service cf-apache.service cf-hub.service cf-postgres.service cf-runalerts.service cfengine3.service
if [ $1 -eq 0 ]; then
# clean up inputs cache dir on removal
rm -rf %{basedir}/inputs/*
fi
+%if !%{with_sfw2}
+%firewalld_reload
+%endif
%post -n %{libsoname} -p /sbin/ldconfig
@@ -359,32 +268,28 @@
%{_bindir}/cf-net
%{_bindir}/cf-monitord
%{_bindir}/cf-promises
+%{_bindir}/cf-secret
%{_bindir}/cf-serverd
%{_bindir}/cf-upgrade
%{_bindir}/cf-runagent
%{_bindir}/rpmvercmp
-%if %{have_systemd}
%{_unitdir}/cf-execd.service
%{_unitdir}/cf-monitord.service
%{_unitdir}/cf-serverd.service
-%else
-%config %attr(0755,root,root) %{_initddir}/*
-%endif
%{_sbindir}/rccf-execd
%{_sbindir}/rccf-monitord
%{_sbindir}/rccf-serverd
+%{_unitdir}/*.service
%if %{with_sfw2}
+%config %dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d
+%config %dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/cfengine
%endif
%{_mandir}/man8/*
%dir %{basedir}
%dir %{workdir}
%{workdir}/*
-%if %{have_systemd}
%{_docdir}/%{name}/cfengine.cron
-%else
-%config(noreplace) %{_sysconfdir}/cron.d/%{name}
-%endif
%files -n %{libsoname}
%defattr(-,root,root)
@@ -395,10 +300,6 @@
%defattr(-,root,root)
%{_libdir}/%{name}/%{libname}.so
-%files doc
-%defattr(-,root,root)
-%doc docs/*.pdf
-
%files examples
%defattr(-,root,root)
%doc examples/*cf
++++++ cfengine-3.12.1.tar.gz -> cfengine-3.16.0.tar.gz ++++++
++++ 278305 lines of diff (skipped)