From ce88a33725e41e01878883a5cfb1751c2cb8d3b8 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 28 Mar 2023 09:40:04 +0000 Subject: [PATCH] import WALinuxAgent-2.7.0.6-9.el9 --- .WALinuxAgent.metadata | 1 + .gitignore | 1 + ...01-Initial-redhat-build-configuation.patch | 75 ++++ ...2-Implement-restart_if-for-RedHat-OS.patch | 40 ++ SOURCES/90-tpm2-import.rules | 1 + SOURCES/module-setup-cvm.sh | 18 + SOURCES/module-setup-udev.sh | 17 + SOURCES/tpm2-luks-import.sh | 74 ++++ ...ctor-default-in-Comments-and-Readme-.patch | 107 ++++++ ...nd-sequence-for-restarting-net-inter.patch | 57 +++ ...rkManager-to-set-DHCP-hostnames-on-r.patch | 49 +++ SPECS/WALinuxAgent.spec | 344 ++++++++++++++++++ 12 files changed, 784 insertions(+) create mode 100644 .WALinuxAgent.metadata create mode 100644 .gitignore create mode 100644 SOURCES/0001-Initial-redhat-build-configuation.patch create mode 100644 SOURCES/0002-Implement-restart_if-for-RedHat-OS.patch create mode 100644 SOURCES/90-tpm2-import.rules create mode 100644 SOURCES/module-setup-cvm.sh create mode 100644 SOURCES/module-setup-udev.sh create mode 100755 SOURCES/tpm2-luks-import.sh create mode 100644 SOURCES/wla-Update-Log-Collector-default-in-Comments-and-Readme-.patch create mode 100644 SOURCES/wla-redhat-Fix-command-sequence-for-restarting-net-inter.patch create mode 100644 SOURCES/wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch create mode 100644 SPECS/WALinuxAgent.spec diff --git a/.WALinuxAgent.metadata b/.WALinuxAgent.metadata new file mode 100644 index 0000000..6fc22e2 --- /dev/null +++ b/.WALinuxAgent.metadata @@ -0,0 +1 @@ +9d9b8fcd872d8782b96d312fb13f47a41658dd04 SOURCES/v2.7.0.6.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d9de403 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/v2.7.0.6.tar.gz diff --git a/SOURCES/0001-Initial-redhat-build-configuation.patch b/SOURCES/0001-Initial-redhat-build-configuation.patch new file mode 100644 index 0000000..938b0bd --- /dev/null +++ b/SOURCES/0001-Initial-redhat-build-configuation.patch @@ -0,0 +1,75 @@ +From 9d071a9b4b40f0f86bb0b739b72c0b9b4870f060 Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Fri, 14 May 2021 09:42:08 +0200 +Subject: Initial redhat build configuation. + +Using .distro repository to hold redhat tools and configuration. + +Package can be built on brew using rh-rhel-koji command. + +Note: Old rh-brew target is supported. + +Signed-off-by: Miroslav Rezanina + +Merged patches (2.7.0.6): +- 896c5c83 Require iptables package +- a702a0d1 (origin/rhel-9.0.0-beta) source-git: Use dynamic SRPM_NAME +--- + .distro/Makefile | 73 ++++++ + .distro/Makefile.common | 18 ++ + .distro/WALinuxAgent.spec.template | 254 +++++++++++++++++++++ + .distro/module-setup.sh | 16 ++ + .distro/rpmbuild/BUILD/.gitignore | 2 + + .distro/rpmbuild/RPMS/.gitignore | 2 + + .distro/rpmbuild/SOURCES/.gitignore | 2 + + .distro/rpmbuild/SPECS/.gitignore | 2 + + .distro/rpmbuild/SRPMS/.gitignore | 2 + + .distro/scripts/extract_build_cmd.py | 83 +++++++ + .distro/scripts/frh.py | 24 ++ + .distro/scripts/git-backport-diff | 327 +++++++++++++++++++++++++++ + .distro/scripts/git-compile-check | 215 ++++++++++++++++++ + .distro/scripts/process-patches.sh | 92 ++++++++ + .distro/scripts/tarball_checksum.sh | 3 + + setup.py | 4 +- + 16 files changed, 1117 insertions(+), 2 deletions(-) + create mode 100644 .distro/Makefile + create mode 100644 .distro/Makefile.common + create mode 100644 .distro/WALinuxAgent.spec.template + create mode 100644 .distro/module-setup.sh + create mode 100644 .distro/rpmbuild/BUILD/.gitignore + create mode 100644 .distro/rpmbuild/RPMS/.gitignore + create mode 100644 .distro/rpmbuild/SOURCES/.gitignore + create mode 100644 .distro/rpmbuild/SPECS/.gitignore + create mode 100644 .distro/rpmbuild/SRPMS/.gitignore + create mode 100755 .distro/scripts/extract_build_cmd.py + create mode 100755 .distro/scripts/frh.py + create mode 100755 .distro/scripts/git-backport-diff + create mode 100755 .distro/scripts/git-compile-check + create mode 100755 .distro/scripts/process-patches.sh + create mode 100755 .distro/scripts/tarball_checksum.sh + +diff --git a/setup.py b/setup.py +index 12c9e1d6..e4d7cf7e 100755 +--- a/setup.py ++++ b/setup.py +@@ -97,7 +97,7 @@ def get_data_files(name, version, fullname): # pylint: disable=R0912 + agent_bin_path = osutil.get_agent_bin_path() + + if name in ('redhat', 'centos', 'almalinux', 'cloudlinux'): # pylint: disable=R1714 +- if version.startswith("8.2"): ++ if version.startswith("9"): + # redhat8+ default to py3 + set_bin_files(data_files, dest=agent_bin_path, + src=["bin/py3/waagent", "bin/waagent2.0"]) +@@ -106,7 +106,7 @@ def get_data_files(name, version, fullname): # pylint: disable=R0912 + set_conf_files(data_files) + set_logrotate_files(data_files) + set_udev_files(data_files) +- if version.startswith("8.2"): ++ if version.startswith("9"): + # redhat 8+ uses systemd and python3 + set_systemd_files(data_files, dest=systemd_dir_path, + src=["init/redhat/waagent.service", +-- +2.31.1 + diff --git a/SOURCES/0002-Implement-restart_if-for-RedHat-OS.patch b/SOURCES/0002-Implement-restart_if-for-RedHat-OS.patch new file mode 100644 index 0000000..142f6df --- /dev/null +++ b/SOURCES/0002-Implement-restart_if-for-RedHat-OS.patch @@ -0,0 +1,40 @@ +From 8538516744130409f96b3ec956ff5ec1b1c1be11 Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Tue, 24 May 2022 04:10:46 -0400 +Subject: Implement restart_if for RedHat OS + +Signed-off-by: Vitaly Kuznetsov +Signed-off-by: Miroslav Rezanina +--- + azurelinuxagent/common/osutil/redhat.py | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/azurelinuxagent/common/osutil/redhat.py b/azurelinuxagent/common/osutil/redhat.py +index 9759d113..a02647cd 100644 +--- a/azurelinuxagent/common/osutil/redhat.py ++++ b/azurelinuxagent/common/osutil/redhat.py +@@ -142,3 +142,21 @@ class RedhatOSUtil(Redhat6xOSUtil): + endpoint = self.get_endpoint_from_leases_path('/var/lib/NetworkManager/dhclient-*.lease') + + return endpoint ++ ++ def restart_if(self, ifname, retries=3, wait=5): ++ """ ++ Restart an interface by bouncing the link. ++ """ ++ retry_limit=retries+1 ++ for attempt in range(1, retry_limit): ++ try: ++ shellutil.run_command(["ip", "link", "set", ifname, "down"]) ++ shellutil.run_command(["ip", "link", "set", ifname, "up"]) ++ ++ except shellutil.CommandError as cmd_err: ++ logger.warn("failed to restart {0}: return code {1}".format(ifname, cmd_err.returncode)) ++ if attempt < retry_limit: ++ logger.info("retrying in {0} seconds".format(wait)) ++ time.sleep(wait) ++ else: ++ logger.warn("exceeded restart retries") +-- +2.31.1 + diff --git a/SOURCES/90-tpm2-import.rules b/SOURCES/90-tpm2-import.rules new file mode 100644 index 0000000..301dd21 --- /dev/null +++ b/SOURCES/90-tpm2-import.rules @@ -0,0 +1 @@ +SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/usr/sbin/tpm2-luks-import.sh /dev/$name" diff --git a/SOURCES/module-setup-cvm.sh b/SOURCES/module-setup-cvm.sh new file mode 100644 index 0000000..aa3d908 --- /dev/null +++ b/SOURCES/module-setup-cvm.sh @@ -0,0 +1,18 @@ +#!/usr/bin/bash +# SPDX-License-Identifier: GPL-2.0-or-later + +check() { + return 0 +} + +depends() { + echo tpm2-tss + return 0 +} + +install() { + inst_multiple -o \ + cryptsetup cut mktemp base64 uname hexdump \ + tpm2_flushcontext tpm2_import tpm2_load tpm2_unseal tpm2_create tpm2_createprimary \ + /usr/sbin/tpm2-luks-import.sh /lib/udev/rules.d/90-tpm2-import.rules +} diff --git a/SOURCES/module-setup-udev.sh b/SOURCES/module-setup-udev.sh new file mode 100644 index 0000000..ed7300d --- /dev/null +++ b/SOURCES/module-setup-udev.sh @@ -0,0 +1,17 @@ +#!/usr/bin/bash + +# called by dracut +check() { + return 0 +} + +# called by dracut +depends() { + return 0 +} + +# called by dracut +install() { + inst_multiple cut readlink chmod + inst_rules 66-azure-storage.rules 99-azure-product-uuid.rules +} diff --git a/SOURCES/tpm2-luks-import.sh b/SOURCES/tpm2-luks-import.sh new file mode 100755 index 0000000..dc1ff0f --- /dev/null +++ b/SOURCES/tpm2-luks-import.sh @@ -0,0 +1,74 @@ +#! /bin/bash -e +# +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This script goes through all 'tpm2-import' tokens and converts them +# to 'systemd-tpm2' ones. +# + +getval () { + grep ^\"$2\" $1 | cut -f 2 -d ':' | sed 's/\"//g' +} + +if [[ ! -b "$1" ]]; then + echo "Device $1 does not exist!" 1>&2 + exit 1 +fi + +/usr/sbin/cryptsetup luksDump "$1" | sed -n '/^Tokens:/,/^Digests:/p' | grep ' tpm2-import' | cut -d ':' -f 1 | while read tokenid; do + echo "Importing token $tokenid from $1" + token=`mktemp` + /usr/sbin/cryptsetup token export --token-id "$tokenid" "$1" | sed -e 's/[{}]/''/g' -e 's/\[//g' -e 's/\]//g' -e 's/,\"/\n"/g' > "$token" + tempdir=`mktemp -d` + pushd "$tempdir" > /dev/null + # Save token data to inidividual files to process them with tpm2-tools + getval "$token" "parent_pub" | base64 -d > parent.pub + getval "$token" "parent_prv" | base64 -d > parent.prv + getval "$token" "parent_seed" | base64 -d > parent.seed + getval "$token" "seal_pub" | base64 -d > seal.pub + getval "$token" "seal_prv" | base64 -d > seal.prv + getval "$token" "pcrpolicy_dat" | base64 -d > pcrpolicy.dat + if [ ! -z `getval "$token" "unique_dat"` ]; then + getval "$token" "unique_dat" | base64 -d > unique.dat + fi + echo "Unsealing volume key" + # Import sealed object + tpm2_flushcontext -t + if [ ! -f "unique.dat" ]; then + tpm2_createprimary -Q -C o -a 'restricted|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda' -g sha256 -G rsa -c primary.ctx + else + tpm2_createprimary -Q -C o -a 'restricted|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda' -g sha256 -G rsa -u unique.dat -c primary.ctx + fi + tpm2_flushcontext -t + tpm2_import -Q -C primary.ctx -u parent.pub -i parent.prv -r parent_imported.prv -s parent.seed + tpm2_flushcontext -t + tpm2_load -Q -C primary.ctx -u parent.pub -r parent_imported.prv -c parent.ctx + tpm2_flushcontext -t + tpm2_load -Q -C parent.ctx -u seal.pub -r seal.prv -c seal.ctx + tpm2_flushcontext -t + tpm2_unseal -Q -c seal.ctx -p pcr:`getval "$token" tpm2-pcr-bank`:`getval "$token" tpm2-pcrs` > volume_key + tpm2_flushcontext -t + echo "Sealing new volume key" + # Create a new sealed object under primary ECC key + tpm2_createprimary -Q -C o -g sha256 -G ecc:null:aes128cfb -c primary_ecc.ctx + tpm2_flushcontext -t + tpm2_create -Q -u seal_local.pub -r seal_local.prv -C primary_ecc.ctx -L pcrpolicy.dat -i volume_key + # Create a new systemd-tpm2 compatible token + echo "Adding new LUKS token to $1" + echo '{"type":"systemd-tpm2","keyslots":["'`getval "$token" keyslots`'"], + "tpm2-blob":"'`cat seal_local.prv seal_local.pub | base64 -w0`'", + "tpm2-pcrs":['`getval "$token" tpm2-pcrs`'], + "tpm2-pcr-bank":"'`getval "$token" tpm2-pcr-bank`'", + "tpm2-primary-alg":"ecc", + "tpm2-policy-hash":"'`hexdump -ve '1/1 "%.2x"' pcrpolicy.dat`'", + "tpm2-pin": false, + "kversion": "'`uname -r`'"}' | /usr/sbin/cryptsetup token import "$1" + # Remove tpm2-import token now + echo "Removing now-unneeded token $tokenid from $1" + /usr/sbin/cryptsetup token remove --token-id "$tokenid" "$1" + echo "Importing token $tokenid from $1 finished successfully" + popd > /dev/null + # Cleanup + rm -rf "$tempdir" + rm -f "$token" +done diff --git a/SOURCES/wla-Update-Log-Collector-default-in-Comments-and-Readme-.patch b/SOURCES/wla-Update-Log-Collector-default-in-Comments-and-Readme-.patch new file mode 100644 index 0000000..50d70bc --- /dev/null +++ b/SOURCES/wla-Update-Log-Collector-default-in-Comments-and-Readme-.patch @@ -0,0 +1,107 @@ +From 1671c696f3b0f51e3e317b50aabc5dc84be4ca01 Mon Sep 17 00:00:00 2001 +From: Mohammed Gamal +Date: Wed, 3 Aug 2022 13:23:19 +0200 +Subject: [PATCH 2/2] Update Log Collector default in Comments and Readme + (#2608) + +RH-Author: Mohamed Gamal Morsy +RH-MergeRequest: 4: Update Log Collector default in Comments and Readme +RH-Commit: [1/1] 2f249d80b7136a0e3dbacb34a75c56454b95b8c2 +RH-Bugzilla: 2093965 +RH-Acked-by: Miroslav Rezanina + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2093965 + +(cherry picked from commit a560872bec103523e73ddcb5fb5705896545ffce) + +Signed-off-by: Mohammed Gamal +--- + README.md | 2 +- + config/debian/waagent.conf | 2 +- + config/suse/waagent.conf | 2 +- + config/ubuntu/waagent.conf | 2 +- + config/waagent.conf | 2 +- + tests/data/test_waagent.conf | 2 +- + 6 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/README.md b/README.md +index c69f43e6..f2f3db46 100644 +--- a/README.md ++++ b/README.md +@@ -465,7 +465,7 @@ _Default: y_ + + If set, agent logs will be periodically collected and uploaded to a secure location for improved supportability. + +-NOTE: This feature is only supported ubuntu 16.04+; this flag will not take effect on any other distro. ++NOTE: This feature relies on the agent's resource usage features (cgroups); this flag will not take effect on any distro not supported. + + #### __Logs.CollectPeriod__ + +diff --git a/config/debian/waagent.conf b/config/debian/waagent.conf +index 6bc36604..dfd7afcd 100644 +--- a/config/debian/waagent.conf ++++ b/config/debian/waagent.conf +@@ -63,7 +63,7 @@ Logs.Verbose=n + # Enable Console logging, default is y + # Logs.Console=y + +-# Enable periodic log collection, default is n ++# Enable periodic log collection, default is y + Logs.Collect=y + + # How frequently to collect logs, default is each hour +diff --git a/config/suse/waagent.conf b/config/suse/waagent.conf +index ac9f11a2..c617f9af 100644 +--- a/config/suse/waagent.conf ++++ b/config/suse/waagent.conf +@@ -66,7 +66,7 @@ Logs.Verbose=n + # Enable Console logging, default is y + # Logs.Console=y + +-# Enable periodic log collection, default is n ++# Enable periodic log collection, default is y + Logs.Collect=y + + # How frequently to collect logs, default is each hour +diff --git a/config/ubuntu/waagent.conf b/config/ubuntu/waagent.conf +index 63635a81..19b56bae 100644 +--- a/config/ubuntu/waagent.conf ++++ b/config/ubuntu/waagent.conf +@@ -66,7 +66,7 @@ Logs.Verbose=n + # Enable Console logging, default is y + # Logs.Console=y + +-# Enable periodic log collection, default is n ++# Enable periodic log collection, default is y + Logs.Collect=y + + # How frequently to collect logs, default is each hour +diff --git a/config/waagent.conf b/config/waagent.conf +index c7d10e2f..14cd01c8 100644 +--- a/config/waagent.conf ++++ b/config/waagent.conf +@@ -72,7 +72,7 @@ Logs.Verbose=n + # Enable Console logging, default is y + # Logs.Console=y + +-# Enable periodic log collection, default is n ++# Enable periodic log collection, default is y + Logs.Collect=y + + # How frequently to collect logs, default is each hour +diff --git a/tests/data/test_waagent.conf b/tests/data/test_waagent.conf +index a386228a..cc60886e 100644 +--- a/tests/data/test_waagent.conf ++++ b/tests/data/test_waagent.conf +@@ -67,7 +67,7 @@ ResourceDisk.MountOptions=None + # Enable verbose logging (y|n) + Logs.Verbose=n + +-# Enable periodic log collection, default is n ++# Enable periodic log collection, default is y + Logs.Collect=y + + # How frequently to collect logs, default is each hour +-- +2.31.1 + diff --git a/SOURCES/wla-redhat-Fix-command-sequence-for-restarting-net-inter.patch b/SOURCES/wla-redhat-Fix-command-sequence-for-restarting-net-inter.patch new file mode 100644 index 0000000..2fafa98 --- /dev/null +++ b/SOURCES/wla-redhat-Fix-command-sequence-for-restarting-net-inter.patch @@ -0,0 +1,57 @@ +From 6d452b28383c59a8193595daaca13fa8db9338a1 Mon Sep 17 00:00:00 2001 +From: Mohammed Gamal +Date: Wed, 22 Jun 2022 13:36:07 +0200 +Subject: [PATCH] redhat: Fix command sequence for restarting net interface + +RH-Author: Mohamed Gamal Morsy +RH-MergeRequest: 2: redhat: Fix command sequence for restarting net interface +RH-Commit: [1/1] e838ff196b8823f64e08247b3a4dac9d60e5ed72 +RH-Bugzilla: 2098233 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Miroslav Rezanina + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2098233 + +Apparently the down and up commands need to be run in the same command, so +connect them together with "&&" operator. Also re-implement restart_if ot handle +warnings same wat as other distros + +Signed-off-by: Mohammed Gamal +--- + azurelinuxagent/common/osutil/redhat.py | 22 ++++++++++------------ + 1 file changed, 10 insertions(+), 12 deletions(-) + +diff --git a/azurelinuxagent/common/osutil/redhat.py b/azurelinuxagent/common/osutil/redhat.py +index a02647cd..5c397ae8 100644 +--- a/azurelinuxagent/common/osutil/redhat.py ++++ b/azurelinuxagent/common/osutil/redhat.py +@@ -147,16 +147,14 @@ class RedhatOSUtil(Redhat6xOSUtil): + """ + Restart an interface by bouncing the link. + """ +- retry_limit=retries+1 ++ retry_limit = retries + 1 + for attempt in range(1, retry_limit): +- try: +- shellutil.run_command(["ip", "link", "set", ifname, "down"]) +- shellutil.run_command(["ip", "link", "set", ifname, "up"]) +- +- except shellutil.CommandError as cmd_err: +- logger.warn("failed to restart {0}: return code {1}".format(ifname, cmd_err.returncode)) +- if attempt < retry_limit: +- logger.info("retrying in {0} seconds".format(wait)) +- time.sleep(wait) +- else: +- logger.warn("exceeded restart retries") ++ return_code = shellutil.run("ip link set {0} down && ip link set {0} up".format(ifname), expected_errors=[1] if attempt < retries else []) ++ if return_code == 0: ++ return ++ logger.warn("failed to restart {0}: return code {1}".format(ifname, return_code)) ++ if attempt < retry_limit: ++ logger.info("retrying in {0} seconds".format(wait)) ++ time.sleep(wait) ++ else: ++ logger.warn("exceeded restart retries") +-- +2.31.1 + diff --git a/SOURCES/wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch b/SOURCES/wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch new file mode 100644 index 0000000..51f6e9c --- /dev/null +++ b/SOURCES/wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch @@ -0,0 +1,49 @@ +From b85814d5683c7f8a1e1b5f3570bcce0a8f76137b Mon Sep 17 00:00:00 2001 +From: Mohammed Gamal +Date: Fri, 29 Jul 2022 13:07:13 +0200 +Subject: [PATCH 1/2] redhat: Use NetworkManager to set DHCP hostnames on + recent RHEL distros + +RH-Author: Mohamed Gamal Morsy +RH-MergeRequest: 3: redhat: Use NetworkManager to set DHCP hostnames on recent RHEL distros +RH-Commit: [1/1] 2bf51293796ba0e8567e436836adc0547f062b04 +RH-Bugzilla: 2114830 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Miroslav Rezanina + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114830 + +Recent versions of RHEL 8 and RHEL 9 started using NetworkManager to configure +network intefaces instead of sysconfig files. Configurations are no longer +stored in /etc/sysconfig/ifcfg-{interface}. + +Fix this for setting DHCP hostnames in those RHEL versions. + +Signed-off-by: Mohammed Gamal +--- + azurelinuxagent/common/osutil/redhat.py | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/azurelinuxagent/common/osutil/redhat.py b/azurelinuxagent/common/osutil/redhat.py +index 5c397ae8..7dd36add 100644 +--- a/azurelinuxagent/common/osutil/redhat.py ++++ b/azurelinuxagent/common/osutil/redhat.py +@@ -158,3 +158,15 @@ class RedhatOSUtil(Redhat6xOSUtil): + time.sleep(wait) + else: + logger.warn("exceeded restart retries") ++ ++ def set_dhcp_hostname(self, hostname): ++ """ ++ Recent RHEL distributions use network manager instead of sysconfig files ++ to configure network interfaces ++ """ ++ ifname = self.get_if_name() ++ ++ return_code = shellutil.run("nmcli device modify {0} ipv4.dhcp-hostname {1} ipv6.dhcp-hostname {1}".format(ifname, hostname)) ++ ++ if return_code != 0: ++ logger.error("failed to set DHCP hostname for interface {0}: return code {1}".format(ifname, return_code)) +-- +2.31.1 + diff --git a/SPECS/WALinuxAgent.spec b/SPECS/WALinuxAgent.spec new file mode 100644 index 0000000..57b86f2 --- /dev/null +++ b/SPECS/WALinuxAgent.spec @@ -0,0 +1,344 @@ +%global with_legacy 0 +%global dracut_modname_udev 97walinuxagent +%global dracut_modname_cvm 97walinuxagentcvm + +Name: WALinuxAgent +Version: 2.7.0.6 +Release: 9%{?dist} +Summary: The Microsoft Azure Linux Agent + +License: ASL 2.0 +URL: https://github.com/Azure/%{name} +Source0: https://github.com/Azure/%{name}/archive/v%{version}.tar.gz +Source1: module-setup-udev.sh +Source2: module-setup-cvm.sh +Source3: 90-tpm2-import.rules +Source4: tpm2-luks-import.sh + +# Python3.9 fixes +Patch0001: 0001-Initial-redhat-build-configuation.patch +Patch0002: 0002-Implement-restart_if-for-RedHat-OS.patch +# For bz#2098233 - [Azure][WALA][RHEL-9] [9.1] walinuxagent kills network during boot +Patch3: wla-redhat-Fix-command-sequence-for-restarting-net-inter.patch +# For bz#2114830 - [Azure][WALA][RHEL-9.1] Provisioning failed if no ifcfg-eth0 +Patch4: wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch +# For bz#2093965 - [Azure][WALA][RHEL-9] The description of "Logs.Collect" is incorrect +Patch5: wla-Update-Log-Collector-default-in-Comments-and-Readme-.patch + +# Source-git patches + +BuildArch: noarch + +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-distro +Requires: %name-udev = %version-%release +%if 0%{?fedora} +Requires: ntfsprogs +%endif +Requires: openssh +Requires: openssh-server +Requires: openssl +Requires: parted +Requires: python3-pyasn1 +Requires: iptables + +BuildRequires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description +The Microsoft Azure Linux Agent supports the provisioning and running of Linux +VMs in the Microsoft Azure cloud. This package should be installed on Linux disk +images that are built to run in the Microsoft Azure environment. + +%if 0%{?with_legacy} +%package legacy +Summary: The Microsoft Azure Linux Agent (legacy) +Requires: %name = %version-%release +Requires: python2 +Requires: net-tools + +%description legacy +The Microsoft Azure Linux Agent supporting old version of extensions. +%endif + +%package udev +Summary: Udev rules for Microsoft Azure + +%description udev +Udev rules specific to Microsoft Azure Virtual Machines. + +%package cvm +Summary: Microsoft Azure CVM specific tools +Requires: tpm2-tools +Requires: cryptsetup + +%description cvm +Scripts and udev rules specific to Microsoft Azure Confidential Virtual Machines. + +%prep +%setup -q +%autopatch -p1 + +%build +%py3_build + +%install +%{__python3} setup.py install -O1 --skip-build --root %{buildroot} --lnx-distro redhat + +mkdir -p -m 0700 %{buildroot}%{_sharedstatedir}/waagent +mkdir -p %{buildroot}%{_localstatedir}/log +touch %{buildroot}%{_localstatedir}/log/waagent.log + +mkdir -p %{buildroot}%{_udevrulesdir} +mv %{buildroot}%{_sysconfdir}/udev/rules.d/*.rules %{buildroot}%{_udevrulesdir}/ + +rm -rf %{buildroot}/%{python3_sitelib}/tests +rm -rf %{buildroot}/%{python3_sitelib}/__main__.py +rm -rf %{buildroot}/%{python3_sitelib}/__pycache__/__main__*.py* + +%if 0%{?with_legacy} +sed -i 's,#!/usr/bin/env python,#!/usr/bin/python2,' %{buildroot}%{_sbindir}/waagent2.0 +%else +rm -f %{buildroot}%{_sbindir}/waagent2.0 +%endif + +mv %{buildroot}%{_sysconfdir}/logrotate.d/waagent.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name} + +mkdir -p %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev} +cp %{SOURCE1} %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}/module-setup.sh +chmod 0755 %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}/module-setup.sh + +mkdir -p %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm} +cp %{SOURCE2} %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm}/module-setup.sh +chmod 0755 %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm}/module-setup.sh +install -m0644 -D -t %{buildroot}%{_udevrulesdir}/ %{SOURCE3} +install -m0755 -D -t %{buildroot}%{_sbindir} %{SOURCE4} + +%post +%systemd_post waagent.service + +%preun +%systemd_preun waagent.service + +%postun +%systemd_postun_with_restart waagent.service +rm -rf %{_unitdir}/waagent.service.d/ + +%files +%doc LICENSE.txt NOTICE README.md +%ghost %{_localstatedir}/log/waagent.log +%ghost %{_unitdir}/waagent-network-setup.service +%dir %attr(0700, root, root) %{_sharedstatedir}/waagent +%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%{_sbindir}/waagent +%config(noreplace) %{_sysconfdir}/waagent.conf +%{_unitdir}/waagent.service +%{_unitdir}/azure.slice +%{_unitdir}/azure-vmextensions.slice +%{python3_sitelib}/azurelinuxagent +%{python3_sitelib}/*.egg-info + +%files udev +%{_udevrulesdir}/66-azure-storage.rules +%{_udevrulesdir}/99-azure-product-uuid.rules +%dir %{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev} +%{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}/*.sh + +%files cvm +%{_sbindir}/tpm2-luks-import.sh +%{_udevrulesdir}/90-tpm2-import.rules +%dir %{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm} +%{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm}/*.sh + +%if 0%{?with_legacy} +%files legacy +%{_sbindir}/waagent2.0 +%endif + +%changelog +* Wed Feb 08 2023 Miroslav Rezanina - 2.7.0.6-9 +- wla-redhat-Adjust-tpm2_createprimary-key-attributes-to-m.patch [bz#2167322] +- Resolves: bz#2167322 + (Adjust TPM primary key creation parameters to match Azure) + +* Mon Feb 06 2023 Miroslav Rezanina - 2.7.0.6-8 +- wla-redhat-Explicitly-list-udev-rule-requirements-in-the.patch [bz#2165042] +- Resolves: bz#2165042 + ([9.0.z] /dev/disk/azure/ is created as symlink to sr0 or sda and not as a directory[Azure]) + +* Mon Jan 23 2023 Miroslav Rezanina - 2.7.0.6-7 +- wla-redhat-Azure-CVM-specific-udev-rules.patch [bz#2162668] +- Resolves: bz#2162668 + (Add support for importing remotely sealed TPM2 objects) + +* Mon Aug 29 2022 Miroslav Rezanina - 2.7.0.6-6 +- wla-redhat-Remove-files-inside-WALA-services-directory.patch [bz#2114768] +- Resolves: bz#2114768 + ([Azure][WALA][RHEL-9] When remove package some files left) + +* Tue Aug 23 2022 Miroslav Rezanina - 2.7.0.6-5 +- wla-redhat-Mark-directories-properly-in-the-files-list.patch [bz#2114768] +- Resolves: bz#2114768 + ([Azure][WALA][RHEL-9] When remove package some files left) + +* Wed Aug 17 2022 Miroslav Rezanina - 2.7.0.6-4 +- wla-redhat-Remove-all-waagent-unit-files-when-uninstalli.patch [bz#2114768] +- Resolves: bz#2114768 + ([Azure][WALA][RHEL-9] When remove package some files left) + +* Mon Aug 08 2022 Miroslav Rezanina - 2.7.0.6-3 +- wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch [bz#2114830] +- wla-Update-Log-Collector-default-in-Comments-and-Readme-.patch [bz#2093965] +- Resolves: bz#2114830 + ([Azure][WALA][RHEL-9.1] Provisioning failed if no ifcfg-eth0) +- Resolves: bz#2093965 + ([Azure][WALA][RHEL-9] The description of "Logs.Collect" is incorrect) + +* Fri Jul 15 2022 Miroslav Rezanina - 2.7.0.6-2 +- wla-redhat-Fix-command-sequence-for-restarting-net-inter.patch [bz#2098233] +- Resolves: bz#2098233 + ([Azure][WALA][RHEL-9] [9.1] walinuxagent kills network during boot) + +* Wed May 25 2022 Miroslav Rezanina - 2.7.0.6-1 +- Rebase to 2.7.0.6-1 [bz#2083464] +- Adding restart_if implementation for RHEL [bz#2081944] +- Resolves: bz#2083464 + ([Azure][RHEL-9]Rebase WALinuxAgent to v2.7.0.6) +- Resolves: bz#2081944 + ([Azure][WALA][9.0] WALA provisions VM failed because of no "ifdown") + +* Tue Aug 10 2021 Mohan Boddu - 2.3.0.2-3 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Sun Jul 25 2021 Miroslav Rezanina - 2.3.0.2-2 +- wala-Require-iptables-package.patch [bz#1978572] +- Resolves: bz#1978572 + ([Azure][WALA][RHEL-9] WALA needs iptables package) + +* Thu Jun 24 2021 Miroslav Rezanina - 2.3.0.2-1 +- Rebase to 2.3.0.2 [bz#1972101] +- Resolves: bz#1972101 + ([Azure][RHEL-9]Rebase WALinuxAgent to 2.3.0.2) + +* Thu Apr 15 2021 Mohan Boddu - 2.2.52-6 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Fri Feb 19 2021 Vitaly Kuznetsov - 2.2.52-5 +- Require ntfsprogs on Fedora only + +* Tue Jan 26 2021 Vitaly Kuznetsov - 2.2.52-4 +- Fix distro resolution for RedHat + +* Mon Jan 25 2021 Fedora Release Engineering - 2.2.52-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Jan 15 2021 Vitaly Kuznetsov - 2.2.52-2 +- Add udev rules to initramfs (#1909287) + +* Wed Dec 09 2020 Vitaly Kuznetsov - 2.2.52-1 +- Update to 2.2.52 (#1849923) +- Add not yet upstream patches supporting Python3.9 changes + +* Mon Jul 27 2020 Fedora Release Engineering - 2.2.48.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jun 09 2020 Vitaly Kuznetsov - 2.2.48.1-1 +- Update to 2.2.48.1 (#1641605) +- Split udev rules to a separate subpackage (#1748432) + +* Tue May 26 2020 Miro Hrončok - 2.2.46-2 +- Rebuilt for Python 3.9 + +* Wed Apr 15 2020 Vitaly Kuznetsov - 2.2.46-1 +- Update to 2.2.46 + +* Tue Jan 28 2020 Fedora Release Engineering - 2.2.40-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Oct 03 2019 Miro Hrončok - 2.2.40-6 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Wed Aug 21 2019 Miro Hrončok - 2.2.40-5 +- Rebuilt for Python 3.8 + +* Wed Aug 21 2019 Vitaly Kuznetsov - 2.2.40-4 +- Disable Python2 dependent 'legacy' subpackage (#1741029) + +* Mon Aug 19 2019 Miro Hrončok - 2.2.40-3 +- Rebuilt for Python 3.8 + +* Wed Jul 24 2019 Fedora Release Engineering - 2.2.40-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jun 03 2019 Vitaly Kuznetsov - 2.2.40-1 +- Update to 2.2.40 +- Fix FTBFS in the preparation for Python3.8 (#1705219) + +* Thu Mar 14 2019 Vitaly Kuznetsov - 2.2.38-1 +- Update to 2.2.38 (CVE-2019-0804) + +* Thu Mar 14 2019 Vitaly Kuznetsov - 2.2.37-1 +- Update to 2.2.37 + +* Thu Jan 31 2019 Fedora Release Engineering - 2.2.32-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Sep 20 2018 Vitaly Kuznetsov - 2.2.32-1 +- Update to 2.2.32.2 + +* Thu Jul 12 2018 Fedora Release Engineering - 2.2.25-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 19 2018 Miro Hrončok - 2.2.25-3 +- Rebuilt for Python 3.7 + +* Wed Apr 25 2018 Vitaly Kuznetsov - 2.2.25-2 +- Move net-tools dependency to WALinuxAgent-legacy (#1106781) + +* Mon Apr 16 2018 Vitaly Kuznetsov - 2.2.25-1 +- Update to 2.2.25 +- Switch to Python3 +- Legacy subpackage with waagent2.0 supporting old extensions + +* Wed Feb 28 2018 Iryna Shcherbina - 2.0.18-5 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Wed Feb 07 2018 Fedora Release Engineering - 2.0.18-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.0.18-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 2.0.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sat Apr 02 2016 Scott K Logan - 2.0.18-1 +- Update to 2.0.18 + +* Wed Feb 03 2016 Fedora Release Engineering - 2.0.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jul 02 2015 Scott K Logan - 2.0.14-1 +- Update to 2.0.14 + +* Tue Jun 16 2015 Fedora Release Engineering - 2.0.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Jun 01 2015 Scott K Logan - 2.0.13-1 +- Update to 2.0.13 + +* Thu Apr 02 2015 Scott K Logan - 2.0.12-1 +- Update to 2.0.12-Oracle + +* Sat Jan 10 2015 Scott K Logan - 2.0.11-2 +- Use systemd for rhel7 +- Own logrotate.d +- Fix python2-devel dep + +* Sat Dec 20 2014 Scott K Logan - 2.0.11-1 +- Initial package