From 0fd0f6b6b52f0bbd16bb85af780d68f924816998 Mon Sep 17 00:00:00 2001 From: Salt Project Packaging Date: Sun, 19 Mar 2023 12:44:19 +0000 Subject: [PATCH 01/46] Release v3006.0rc2 --- CHANGELOG.md | 332 +++++++++++ doc/man/salt-api.1 | 2 +- doc/man/salt-call.1 | 2 +- doc/man/salt-cloud.1 | 2 +- doc/man/salt-cp.1 | 2 +- doc/man/salt-key.1 | 2 +- doc/man/salt-master.1 | 2 +- doc/man/salt-minion.1 | 2 +- doc/man/salt-proxy.1 | 2 +- doc/man/salt-run.1 | 2 +- doc/man/salt-ssh.1 | 2 +- doc/man/salt-syndic.1 | 2 +- doc/man/salt.1 | 2 +- doc/man/salt.7 | 1026 ++++++++++++++++++++++++++++++--- doc/man/spm.1 | 2 +- doc/topics/releases/3006.0.md | 330 +++++++++++ pkg/debian/changelog | 330 +++++++++++ pkg/rpm/salt.spec | 329 ++++++++++- 18 files changed, 2274 insertions(+), 99 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0978874e1d47..fc473eef6de5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,338 @@ Versions are `MAJOR.PATCH`. # Changelog +## 3006.0rc2 (2023-03-19) + + +### Removed + +- Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917) +- Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476) +- Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239) +- Removed the PyObjC dependency. + + This addresses problems with building a one dir build for macOS. + It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built). + Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432) +- Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874) + + +### Deprecated + +- renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds. + `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295) +- Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542) +- The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009) +- The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485) +- Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644) +- Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754) +- Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914) +- Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915) +- Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917) +- Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095) +- `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383) + + +### Changed + +- More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609) +- Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430) +- ``umask`` is now a global state argument, instead of only applying to ``cmd`` + states. [#57803](https://github.com/saltstack/salt/issues/57803) +- Update pillar.obfuscate to accept kwargs in addition to args. This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971) +- Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439) +- Add missing MariaDB Grants to mysql module. + MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. + Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409) +- Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089) +- Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168) +- Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218) +- Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346) +- Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895) +- Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012) +- netapi_enable_clients option to allow enabling/disabling of clients in salt-api. + By default all clients will now be disabled. Users of salt-api will need + to update their master config to enable the clients that they use. Not adding + the netapi_enable_clients option with required clients to the master config will + disable salt-api. [#63050](https://github.com/saltstack/salt/issues/63050) +- Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383) +- Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595) +- Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710) + + +### Fixed + +- Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138) +- Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292) +- Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054) +- Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306) +- Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823) +- Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201) +- Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310) +- Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620) +- Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739) +- Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167) +- Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339) +- Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400) +- Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353) +- When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377) +- Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914) +- Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988) +- Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347) +- Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508) +- Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682) +- Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907) +- Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226) +- Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269) +- Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016) +- Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093) +- Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139) +- Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463) +- Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535) +- Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842) +- Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165) +- Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202) +- Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297) +- linux_shadow: Fix cases where malformed shadow entries cause `user.present` + states to fail. [#58423](https://github.com/saltstack/salt/issues/58423) +- Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729) +- Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953) +- Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017) +- Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169) +- Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183) +- Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315) +- Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585) +- Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766) +- Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786) +- add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909) +- Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003) +- Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170) +- Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227) +- Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249) +- Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365) +- Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467) +- Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557) +- Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853) +- Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915) +- Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994) +- Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995) +- Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997) +- Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083) +- state.orchestrate_single only passes a pillar if it is set to the state + function. This allows it to be used with state functions that don't accept a + pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092) +- Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122) +- Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422) +- Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux + Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`, + `osfinger` grains if lsb-release is installed or not. They have been changed to + only derive these OS grains from `/etc/os-release`. [#61618](https://github.com/saltstack/salt/issues/61618) +- Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619) +- Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650) +- Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727) +- Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789) +- Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805) +- Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814) +- Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816) +- When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821) +- Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827) +- win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859) +- win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860) +- Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966) +- Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019) +- Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022) +- Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029) +- Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030) +- Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032) +- Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053) +- Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058) +- Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074) +- Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082) +- Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101) +- Pass executable path from _get_path_exec() is used when calling the program. + The $HOME env is no longer modified globally. + Only trailing newlines are stripped from the fetched secret. + Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120) +- Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131) +- Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139) +- Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152) +- Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185) +- Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197) +- Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198) +- Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204) +- Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211) +- Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220) +- Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235) +- Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248) +- Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273) +- Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281) +- Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283) +- Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323) +- Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334) +- Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336) +- Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372) +- Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377) +- Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390) +- Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398) +- Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400) +- Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405) +- When using preq on a state, then prereq state will first be run with test=True to determine if there are changes. When there are changes, the state with the prereq option will be run prior to the prereq state. If this state fails then the prereq state will not run and the state output uses the test=True run. However, the proposed changes are included for the prereq state are included from the test=True run. We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408) +- Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426) +- Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435) +- When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated. Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439) +- The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451) +- sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461) +- Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474) +- Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483) +- Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499) +- Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502) +- Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519) +- Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521) +- Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523) +- Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527) +- Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546) +- Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547) +- Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556) +- Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558) +- Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565) +- Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576) +- Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580) +- Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587) +- Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595) +- Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618) +- updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624) +- Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633) +- Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651) +- Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654) +- Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657) +- Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670) +- Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672) +- Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676) +- Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728) +- Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772) +- Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793) +- Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795) +- Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817) +- Include UID and GID checks in modules.file.check_perms as well as comparing + ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818) +- Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826) +- Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845) +- Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854) +- Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858) +- LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873) +- Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878) +- Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882) +- Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886) +- Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900) +- Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933) +- removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934) +- Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937) +- Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940) +- Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942) +- Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953) +- Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968) +- Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977) +- Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986) +- Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988) +- Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993) +- The `__opts__` dunder dictionary is now added to the loader's `pack` if not + already present, which makes it accessible via the + `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013) +- Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024) +- Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025) +- Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033) +- Fix mongo authentication for mongo ext_pillar and mongo returner + + This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058) +- Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103) +- TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120) +- Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145) +- Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208) +- Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231) +- Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317) +- Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350) +- When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows. When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590) +- LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596) +- When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699) +- Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729) +- fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835) +- remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879) + + +### Added + +- Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`, + but can be individually customized during installation by specifying + `--salt-lib-state-dir` during installation. Change the default `pki_dir` to + `/pki/master` (for the master) and `/pki/minion` + (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396) +- Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468) +- Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287) +- Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088) +- A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679) +- Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713) +- Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013) +- Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500) +- Added `openvswitch_db` state module and functions `bridge_to_parent`, + `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module. + Also added optional `parent` and `vlan` parameters to the + `openvswitch_bridge.present` state module function and the + `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986) +- State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154) +- Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430) +- Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518) +- Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700) +- Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722) +- Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153) +- Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245) +- Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319) +- Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335) +- Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420) +- Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433) +- Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857) +- Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931) +- 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009) +- Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031) +- Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets. + Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass. + Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass. + Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120) +- Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178) +- Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275) +- Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366) +- Add " python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381) +- Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446) +- Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480) +- Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496) +- Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508) +- Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539) +- Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578) +- Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678) +- Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761) +- Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768) +- Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856) +- Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867) +- Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978) +- Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983) +- Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042) +- salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067) +- Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093) +- Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095) +- Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098) +- Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128) +- Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131) +- Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248) +- Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249) +- Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315) +- Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id. + This allows users to enable state_events on a per use basis rather than having to + enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316) +- Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356) +- Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606) +- Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827) +- Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866) + + ## 3006.0rc1 (2023-03-01) diff --git a/doc/man/salt-api.1 b/doc/man/salt-api.1 index ed4d4d314a3b..b67d5e44a8ac 100644 --- a/doc/man/salt-api.1 +++ b/doc/man/salt-api.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-API" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SALT-API" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME salt-api \- salt-api Command .sp diff --git a/doc/man/salt-call.1 b/doc/man/salt-call.1 index 1f2227dbfa05..db588878a641 100644 --- a/doc/man/salt-call.1 +++ b/doc/man/salt-call.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-CALL" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SALT-CALL" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME salt-call \- salt-call Documentation .SH SYNOPSIS diff --git a/doc/man/salt-cloud.1 b/doc/man/salt-cloud.1 index b8d8d8019c54..a93ac5e40249 100644 --- a/doc/man/salt-cloud.1 +++ b/doc/man/salt-cloud.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-CLOUD" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SALT-CLOUD" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME salt-cloud \- Salt Cloud Command .sp diff --git a/doc/man/salt-cp.1 b/doc/man/salt-cp.1 index 22c0620dcddc..38f004a5f380 100644 --- a/doc/man/salt-cp.1 +++ b/doc/man/salt-cp.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-CP" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SALT-CP" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME salt-cp \- salt-cp Documentation .sp diff --git a/doc/man/salt-key.1 b/doc/man/salt-key.1 index c45d1da04675..e13ff5b69c69 100644 --- a/doc/man/salt-key.1 +++ b/doc/man/salt-key.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-KEY" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SALT-KEY" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME salt-key \- salt-key Documentation .SH SYNOPSIS diff --git a/doc/man/salt-master.1 b/doc/man/salt-master.1 index 90cb52201b5f..a1f755e419b3 100644 --- a/doc/man/salt-master.1 +++ b/doc/man/salt-master.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-MASTER" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SALT-MASTER" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME salt-master \- salt-master Documentation .sp diff --git a/doc/man/salt-minion.1 b/doc/man/salt-minion.1 index b993e9a3883f..eb181db0e0d3 100644 --- a/doc/man/salt-minion.1 +++ b/doc/man/salt-minion.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-MINION" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SALT-MINION" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME salt-minion \- salt-minion Documentation .sp diff --git a/doc/man/salt-proxy.1 b/doc/man/salt-proxy.1 index d6c2437dd525..8bf7a00a4f1d 100644 --- a/doc/man/salt-proxy.1 +++ b/doc/man/salt-proxy.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-PROXY" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SALT-PROXY" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME salt-proxy \- salt-proxy Documentation .sp diff --git a/doc/man/salt-run.1 b/doc/man/salt-run.1 index 13bb1b407fce..4ee7d87ab3e8 100644 --- a/doc/man/salt-run.1 +++ b/doc/man/salt-run.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-RUN" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SALT-RUN" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME salt-run \- salt-run Documentation .sp diff --git a/doc/man/salt-ssh.1 b/doc/man/salt-ssh.1 index d047f827d410..4349436c7ee0 100644 --- a/doc/man/salt-ssh.1 +++ b/doc/man/salt-ssh.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-SSH" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SALT-SSH" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME salt-ssh \- salt-ssh Documentation .SH SYNOPSIS diff --git a/doc/man/salt-syndic.1 b/doc/man/salt-syndic.1 index 028bbcce8b22..d224c22bfc68 100644 --- a/doc/man/salt-syndic.1 +++ b/doc/man/salt-syndic.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-SYNDIC" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SALT-SYNDIC" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME salt-syndic \- salt-syndic Documentation .sp diff --git a/doc/man/salt.1 b/doc/man/salt.1 index 884ba1cdee6d..f1fafa682e5a 100644 --- a/doc/man/salt.1 +++ b/doc/man/salt.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SALT" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME salt \- salt .SH SYNOPSIS diff --git a/doc/man/salt.7 b/doc/man/salt.7 index d84a96debc45..4463a8a785b7 100644 --- a/doc/man/salt.7 +++ b/doc/man/salt.7 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT" "7" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SALT" "7" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME salt \- Salt Documentation .SH SALT PROJECT @@ -60904,8 +60904,12 @@ Beacons are typically enabled by placing a \fBbeacons:\fP top level block in beacons: inotify: \- files: - /etc/important_file: {} - /opt: {} + /etc/important_file: + mask: + \- modify + /opt: + mask: + \- modify .ft P .fi .UNINDENT @@ -60936,11 +60940,15 @@ Multiple copies of a particular Salt beacon can be configured by including the \ beacons: watch_important_file: \- files: - /etc/important_file: {} + /etc/important_file: + mask: + \- modify \- beacon_module: inotify watch_another_file: \- files: - /etc/another_file: {} + /etc/another_file: + mask: + \- modify \- beacon_module: inotify .ft P .fi @@ -60959,8 +60967,12 @@ and 10\-second intervals: beacons: inotify: \- files: - /etc/important_file: {} - /opt: {} + /etc/important_file: + mask: + \- modify + /opt: + mask: + \- modify \- interval: 5 \- disable_during_state_run: True load: @@ -60999,6 +61011,8 @@ beacons: inotify: \- files: /etc/important_file: {} + mask: + \- modify \- disable_during_state_run: True .ft P .fi @@ -84826,144 +84840,391 @@ on the needs of the deployed vm. .sp Starting in 3006, only onedir packaging will be available. The 3006 onedir packages are built with the \fI\%relenv\fP tool. -.SS How to build rpm packages +.SS Docker Containers .sp -You only need to run rpmbuild in the Salt repo: +The Salt Project uses docker containers to build our packages. If you are building your own packages you can use +the same containers we build with in the Github piplines. These containers are documented \fI\%here\fP\&. +.SS How to build onedir only +.INDENT 0.0 +.IP 1. 3 +Install relenv: +.INDENT 3.0 +.INDENT 3.5 .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C -# rpmbuild \-bb \-\-define=\(dq_salt_src $(pwd)\(dq $(pwd)/pkg/rpm/salt.spec +pip install relenv .ft P .fi .UNINDENT .UNINDENT -.SS How to build deb packages -.sp -You only need to add a symlink and run debuild in the Salt repo: +.UNINDENT +.UNINDENT +.IP 2. 3 +Fetch toolchain (Only required for linux OSs) +.INDENT 3.0 +.INDENT 3.5 .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C -# ln \-s pkg/deb/debian debian -# debuild \-uc \-us +relenv toolchain fetch .ft P .fi .UNINDENT .UNINDENT -.SS How to access python binary -.sp -The python library is available in the install directory of the onedir package. For example -on linux the default location would be \fB/opt/saltstack/salt/bin/python3\fP\&. -.SH COMMAND LINE REFERENCE -.SS salt\-api -.SS \fBsalt\-api\fP -.sp -Start interfaces used to remotely connect to the salt master -.SS Synopsis +.UNINDENT +.UNINDENT +.IP 3. 3 +Fetch Native Python Build: +.INDENT 3.0 +.INDENT 3.5 .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C -salt\-api +relenv fetch \-\-python= .ft P .fi .UNINDENT .UNINDENT -.SS Description +.UNINDENT +.UNINDENT +.IP 4. 3 +Create relenv environment: +.INDENT 3.0 +.INDENT 3.5 +.INDENT 0.0 +.INDENT 3.5 .sp -The Salt API system manages network api connectors for the Salt Master -.SS Options +.nf +.ft C +relenv create \-\-python=3.10.10 +.ft P +.fi +.UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT +.IP 5. 3 +Add Salt into onedir. +.INDENT 3.0 +.INDENT 3.5 .INDENT 0.0 -.TP -.B \-\-version -Print the version of Salt that is running. +.INDENT 3.5 +.sp +.nf +.ft C +path/to//bin/pip install /path/to/salt +.ft P +.fi +.UNINDENT +.UNINDENT .UNINDENT +.UNINDENT +.UNINDENT +.SS How to build rpm packages .INDENT 0.0 -.TP -.B \-\-versions\-report -Show program\(aqs dependencies and version number, and then exit +.IP 1. 3 +Install the dependencies: +.INDENT 3.0 +.INDENT 3.5 +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +yum \-y install python3 python3\-pip openssl git rpmdevtools rpmlint systemd\-units libxcrypt\-compat git +.ft P +.fi +.UNINDENT +.UNINDENT .UNINDENT +.UNINDENT +.IP 2. 3 +(Optional) To build a specific Salt version, you will need to install tools and changelog dependencies: +.INDENT 3.0 +.INDENT 3.5 .INDENT 0.0 -.TP -.B \-h, \-\-help -Show the help message and exit +.INDENT 3.5 +.sp +.nf +.ft C +pip install \-r requirements/static/ci/py{python_version}/tools.txt +.ft P +.fi +.UNINDENT .UNINDENT .INDENT 0.0 -.TP -.B \-c CONFIG_DIR, \-\-config\-dir=CONFIG_dir -The location of the Salt configuration directory. This directory contains -the configuration files for Salt master and minions. The default location -on most systems is \fB/etc/salt\fP\&. +.INDENT 3.5 +.sp +.nf +.ft C +pip install \-r requirements/static/ci/py{python_version}/changelog.txt +.ft P +.fi +.UNINDENT +.UNINDENT .UNINDENT +.UNINDENT +.IP 3. 3 +Ensure you are in the current Salt cloned git repo: +.INDENT 3.0 +.INDENT 3.5 .INDENT 0.0 -.TP -.B \-d, \-\-daemon -Run the salt\-api as a daemon +.INDENT 3.5 +.sp +.nf +.ft C +cd salt +.ft P +.fi .UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT +.IP 4. 3 +(Optional) To build a specific Salt version, run tools and set Salt version: +.INDENT 3.0 +.INDENT 3.5 .INDENT 0.0 -.TP -.B \-\-pid\-file=PIDFILE -Specify the location of the pidfile. Default: /var/run/salt\-api.pid +.INDENT 3.5 +.sp +.nf +.ft C +tools changelog update\-rpm +.ft P +.fi .UNINDENT -.SS Logging Options +.UNINDENT +.UNINDENT +.UNINDENT +.IP 5. 3 +Run rpmbuild in the Salt repo: +.INDENT 3.0 +.INDENT 3.5 +.INDENT 0.0 +.INDENT 3.5 .sp -Logging options which override any settings defined on the configuration files. +.nf +.ft C +rpmbuild \-bb \-\-define=\(dq_salt_src $(pwd)\(dq $(pwd)/pkg/rpm/salt.spec +.ft P +.fi +.UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT +.SS How to build deb packages .INDENT 0.0 -.TP -.B \-l LOG_LEVEL, \-\-log\-level=LOG_LEVEL -Console logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP, -\fBdebug\fP, \fBinfo\fP, \fBwarning\fP, \fBerror\fP, \fBquiet\fP\&. Default: -\fBwarning\fP\&. +.IP 1. 3 +Install the dependencies: +.INDENT 3.0 +.INDENT 3.5 +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +apt install \-y python3 python3\-venv python3\-pip build\-essential devscripts debhelper bash\-completion git +.ft P +.fi +.UNINDENT +.UNINDENT .UNINDENT +.UNINDENT +.IP 2. 3 +(Optional) To build a specific Salt version, you will need to install tools and changelog dependencies: +.INDENT 3.0 +.INDENT 3.5 .INDENT 0.0 -.TP -.B \-\-log\-file=LOG_FILE -Log file path. Default: /var/log/salt/api\&. +.INDENT 3.5 +.sp +.nf +.ft C +pip install \-r requirements/static/ci/py{python_version}/tools.txt +.ft P +.fi +.UNINDENT .UNINDENT .INDENT 0.0 -.TP -.B \-\-log\-file\-level=LOG_LEVEL_LOGFILE -Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP, -\fBdebug\fP, \fBinfo\fP, \fBwarning\fP, \fBerror\fP, \fBquiet\fP\&. Default: -\fBwarning\fP\&. +.INDENT 3.5 +.sp +.nf +.ft C +pip install \-r requirements/static/ci/py{python_version}/changelog.txt +.ft P +.fi .UNINDENT -.SS See also +.UNINDENT +.UNINDENT +.UNINDENT +.IP 3. 3 +Ensure you are in the current Salt cloned git repo.: +.INDENT 3.0 +.INDENT 3.5 +.INDENT 0.0 +.INDENT 3.5 .sp -\fBsalt\-api(7)\fP -\fBsalt(7)\fP -\fBsalt\-master(1)\fP -.SS salt\-call -.SS \fBsalt\-call\fP -.SS Synopsis +.nf +.ft C +cd salt +.ft P +.fi +.UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT +.IP 4. 3 +(Optional) To build a specific Salt version, run tools and set Salt version: +.INDENT 3.0 +.INDENT 3.5 .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C -salt\-call [options] +tools changelog update\-deb .ft P .fi .UNINDENT .UNINDENT -.SS Description +.UNINDENT +.UNINDENT +.IP 5. 3 +Add a symlink and run debuild in the Salt repo: +.INDENT 3.0 +.INDENT 3.5 +.INDENT 0.0 +.INDENT 3.5 .sp -The salt\-call command is used to run module functions locally on a minion -instead of executing them from the master. Salt\-call is used to run a -\fI\%Standalone Minion\fP, and was originally -created for \fI\%troubleshooting\fP\&. +.nf +.ft C +ln \-sf pkg/debian/ . +debuild \-uc \-us +.ft P +.fi +.UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT +.SS How to access python binary .sp -The Salt Master is contacted to retrieve state files and other resources -during execution unless the \fB\-\-local\fP option is specified. +The python library is available in the install directory of the onedir package. For example +on linux the default location would be \fB/opt/saltstack/salt/bin/python3\fP\&. +.SH COMMAND LINE REFERENCE +.SS salt\-api +.SS \fBsalt\-api\fP .sp -\fBNOTE:\fP +Start interfaces used to remotely connect to the salt master +.SS Synopsis .INDENT 0.0 .INDENT 3.5 -\fBsalt\-call\fP commands execute from the current user\(aqs shell -context, while \fBsalt\fP commands execute from the system\(aqs default context. +.sp +.nf +.ft C +salt\-api +.ft P +.fi +.UNINDENT +.UNINDENT +.SS Description +.sp +The Salt API system manages network api connectors for the Salt Master +.SS Options +.INDENT 0.0 +.TP +.B \-\-version +Print the version of Salt that is running. +.UNINDENT +.INDENT 0.0 +.TP +.B \-\-versions\-report +Show program\(aqs dependencies and version number, and then exit +.UNINDENT +.INDENT 0.0 +.TP +.B \-h, \-\-help +Show the help message and exit +.UNINDENT +.INDENT 0.0 +.TP +.B \-c CONFIG_DIR, \-\-config\-dir=CONFIG_dir +The location of the Salt configuration directory. This directory contains +the configuration files for Salt master and minions. The default location +on most systems is \fB/etc/salt\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-d, \-\-daemon +Run the salt\-api as a daemon +.UNINDENT +.INDENT 0.0 +.TP +.B \-\-pid\-file=PIDFILE +Specify the location of the pidfile. Default: /var/run/salt\-api.pid +.UNINDENT +.SS Logging Options +.sp +Logging options which override any settings defined on the configuration files. +.INDENT 0.0 +.TP +.B \-l LOG_LEVEL, \-\-log\-level=LOG_LEVEL +Console logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP, +\fBdebug\fP, \fBinfo\fP, \fBwarning\fP, \fBerror\fP, \fBquiet\fP\&. Default: +\fBwarning\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-\-log\-file=LOG_FILE +Log file path. Default: /var/log/salt/api\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-\-log\-file\-level=LOG_LEVEL_LOGFILE +Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP, +\fBdebug\fP, \fBinfo\fP, \fBwarning\fP, \fBerror\fP, \fBquiet\fP\&. Default: +\fBwarning\fP\&. +.UNINDENT +.SS See also +.sp +\fBsalt\-api(7)\fP +\fBsalt(7)\fP +\fBsalt\-master(1)\fP +.SS salt\-call +.SS \fBsalt\-call\fP +.SS Synopsis +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +salt\-call [options] +.ft P +.fi +.UNINDENT +.UNINDENT +.SS Description +.sp +The salt\-call command is used to run module functions locally on a minion +instead of executing them from the master. Salt\-call is used to run a +\fI\%Standalone Minion\fP, and was originally +created for \fI\%troubleshooting\fP\&. +.sp +The Salt Master is contacted to retrieve state files and other resources +during execution unless the \fB\-\-local\fP option is specified. +.sp +\fBNOTE:\fP +.INDENT 0.0 +.INDENT 3.5 +\fBsalt\-call\fP commands execute from the current user\(aqs shell +context, while \fBsalt\fP commands execute from the system\(aqs default context. .UNINDENT .UNINDENT .SS Options @@ -167549,13 +167810,13 @@ Support for DEB packages New in version 2015.8.0. .sp -Parses RPM metadata and returns a dictionary of information about the +Parses DEB metadata and returns a dictionary of information about the package (name, version, etc.). .INDENT 7.0 .TP .B path Path to the file. Can either be an absolute path to a file on the -minion, or a salt fileserver URL (e.g. \fBsalt://path/to/file.rpm\fP). +minion, or a salt fileserver URL (e.g. \fBsalt://path/to/file.deb\fP). If a salt fileserver URL is passed, the file will be cached to the minion so that it can be examined. .TP @@ -193428,7 +193689,7 @@ Passes through all the parameters described in the \fI\%utils.http.query function\fP: .INDENT 7.0 .TP -.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.0rc1\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs) +.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.0rc2\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs) Query a resource, and decode the return data .UNINDENT .INDENT 7.0 @@ -475825,6 +476086,601 @@ Allow max queue size setting for state runs to prevent performance problems from .IP \(bu 2 Add support of exposing meta_server_grains for Azure VMs \fI\%#63606\fP .UNINDENT +.SS Changelog +.SS Removed +.INDENT 0.0 +.IP \(bu 2 +Remove and deprecate the \fBorchestration\fP key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. \fI\%#59917\fP +.IP \(bu 2 +Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 \fI\%#60476\fP +.IP \(bu 2 +Removed \fBruntests\fP targets from \fBnoxfile.py\fP \fI\%#62239\fP +.IP \(bu 2 +Removed the PyObjC dependency. +.sp +This addresses problems with building a one dir build for macOS. +It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built). +Since it\(aqs currently not being used, it\(aqs removed. \fI\%#62432\fP +.IP \(bu 2 +Removed \fBSixRedirectImporter\fP from Salt. Salt hasn\(aqt shipped \fBsix\fP since Salt 3004. \fI\%#63874\fP +.UNINDENT +.SS Deprecated +.INDENT 0.0 +.IP \(bu 2 +renamed \fBkeep_jobs\fP, specifying job cache TTL in hours, to \fBkeep_jobs_seconds\fP, specifying TTL in seconds. +\fBkeep_jobs\fP will be removed in the Argon release \fI\%#55295\fP +.IP \(bu 2 +Removing all references to napalm\-base which is no longer supported. \fI\%#61542\fP +.IP \(bu 2 +The \(aqip_bracket\(aq function has been moved from salt/utils/zeromq.py in salt/utils/network.py \fI\%#62009\fP +.IP \(bu 2 +The \fBexpand_repo_def\fP function in \fBsalt.modules.aptpkg\fP is now deprecated. It\(aqs only used in \fBsalt.states.pkgrepo\fP and it has no use of being exposed to the CLI. \fI\%#62485\fP +.IP \(bu 2 +Deprecated defunct Django returner \fI\%#62644\fP +.IP \(bu 2 +Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions \fI\%#62754\fP +.IP \(bu 2 +Removing manufacture grain which has been deprecated. \fI\%#62914\fP +.IP \(bu 2 +Removing deprecated utils/boto3_elasticsearch.py \fI\%#62915\fP +.IP \(bu 2 +Removing support for the now deprecated _ext_nodes from salt/master.py. \fI\%#62917\fP +.IP \(bu 2 +Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. \fI\%#63095\fP +.IP \(bu 2 +\fBsalt.utils.version.StrictVersion\fP is now deprecated and it\(aqs use should be replaced with \fBsalt.utils.version.Version\fP\&. \fI\%#63383\fP +.UNINDENT +.SS Changed +.INDENT 0.0 +.IP \(bu 2 +More intelligent diffing in changes of file.serialize state. \fI\%#48609\fP +.IP \(bu 2 +Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. \fI\%#49430\fP +.IP \(bu 2 +\fBumask\fP is now a global state argument, instead of only applying to \fBcmd\fP +states. \fI\%#57803\fP +.IP \(bu 2 +Update pillar.obfuscate to accept kwargs in addition to args. This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. \fI\%#58971\fP +.IP \(bu 2 +Improve support for listing macOS brew casks \fI\%#59439\fP +.IP \(bu 2 +Add missing MariaDB Grants to mysql module. +MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. +Also improved exception handling in \fBgrant_add\fP which did not log the original error message and replaced it with a generic error. \fI\%#61409\fP +.IP \(bu 2 +Use VENV_PIP_TARGET environment variable as a default target for pip if present. \fI\%#62089\fP +.IP \(bu 2 +Disabled FQDNs grains on macOS by default \fI\%#62168\fP +.IP \(bu 2 +Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated \fI\%#62218\fP +.IP \(bu 2 +Enhance capture of error messages for Zypper calls in zypperpkg module. \fI\%#62346\fP +.IP \(bu 2 +Removed GPG_1_3_1 check \fI\%#62895\fP +.IP \(bu 2 +Requisite state chunks now all consistently contain \fB__id__\fP, \fB__sls__\fP and \fBname\fP\&. \fI\%#63012\fP +.IP \(bu 2 +netapi_enable_clients option to allow enabling/disabling of clients in salt\-api. +By default all clients will now be disabled. Users of salt\-api will need +to update their master config to enable the clients that they use. Not adding +the netapi_enable_clients option with required clients to the master config will +disable salt\-api. \fI\%#63050\fP +.IP \(bu 2 +Stop relying on \fBsalt/_version.py\fP to write Salt\(aqs version. Instead use \fBsalt/_version.txt\fP which only contains the version string. \fI\%#63383\fP +.IP \(bu 2 +Set enable_fqdns_grains to be False by default. \fI\%#63595\fP +.IP \(bu 2 +Changelog snippet files must now have a \fB\&.md\fP file extension to be more explicit on what type of rendering is done when they are included in the main \fBCHANGELOG.md\fP file. \fI\%#63710\fP +.UNINDENT +.SS Fixed +.INDENT 0.0 +.IP \(bu 2 +Add kwargs to handle extra parameters for http.query \fI\%#36138\fP +.IP \(bu 2 +Fix mounted bind mounts getting active mount options added \fI\%#39292\fP +.IP \(bu 2 +Fix \fBsysctl.present\fP converts spaces to tabs. \fI\%#40054\fP +.IP \(bu 2 +Fixes state pkg.purged to purge removed packages on Debian family systems \fI\%#42306\fP +.IP \(bu 2 +Fix fun_args missing from syndic returns \fI\%#45823\fP +.IP \(bu 2 +Fix mount.mounted with \(aqmount: False\(aq reports unmounted file system as unchanged when running with test=True \fI\%#47201\fP +.IP \(bu 2 +Issue #49310: Allow users to touch a file with Unix date of birth \fI\%#49310\fP +.IP \(bu 2 +Do not raise an exception in pkg.info_installed on nonzero return code \fI\%#51620\fP +.IP \(bu 2 +Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read\-only attribute are handled. \fI\%#51739\fP +.IP \(bu 2 +Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#52167\fP +.IP \(bu 2 +Don\(aqt check for cached pillar errors on state.apply \fI\%#52354\fP, \fI\%#57180\fP, \fI\%#59339\fP +.IP \(bu 2 +Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. \fI\%#52400\fP +.IP \(bu 2 +Ensure when we\(aqre adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. \fI\%#53353\fP +.IP \(bu 2 +When user_create or user_remove fail, return False instead of returning the error. \fI\%#53377\fP +.IP \(bu 2 +Include sync_roster when sync_all is called. \fI\%#53914\fP +.IP \(bu 2 +Avoid warning noise in lograte.get \fI\%#53988\fP +.IP \(bu 2 +Fixed listing revoked keys with gpg.list_keys \fI\%#54347\fP +.IP \(bu 2 +Fix mount.mounted does not handle blanks properly \fI\%#54508\fP +.IP \(bu 2 +Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. \fI\%#54682\fP +.IP \(bu 2 +Fix spelling error for python_shell argument in dpkg_lower module \fI\%#54907\fP +.IP \(bu 2 +Cleaned up bytes response data before sending to non\-bytes compatible returners (postgres, mysql) \fI\%#55226\fP +.IP \(bu 2 +Fixed malformed state return when testing file.managed with unavailable source file \fI\%#55269\fP +.IP \(bu 2 +Included stdout in error message for Zypper calls in zypperpkg module. \fI\%#56016\fP +.IP \(bu 2 +Fixed pillar.filter_by with salt\-ssh \fI\%#56093\fP +.IP \(bu 2 +Fix boto_route53 issue with (multiple) VPCs. \fI\%#57139\fP +.IP \(bu 2 +Remove log from mine runner which was not used. \fI\%#57463\fP +.IP \(bu 2 +Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#57535\fP +.IP \(bu 2 +Updating Slack engine to use slack_bolt library. \fI\%#57842\fP +.IP \(bu 2 +Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. \fI\%#58165\fP +.IP \(bu 2 +Fix salt.modules.pip:is_installed doesn\(aqt handle locally installed packages \fI\%#58202\fP +.IP \(bu 2 +Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. \fI\%#58297\fP +.IP \(bu 2 +linux_shadow: Fix cases where malformed shadow entries cause \fBuser.present\fP +states to fail. \fI\%#58423\fP +.IP \(bu 2 +Fixed salt.utils.compat.cmp to work with dictionaries \fI\%#58729\fP +.IP \(bu 2 +Fixed formatting for terse output mode \fI\%#58953\fP +.IP \(bu 2 +Fixed RecursiveDictDiffer with added nested dicts \fI\%#59017\fP +.IP \(bu 2 +Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#59169\fP +.IP \(bu 2 +Fixed saltnado websockets disconnecting immediately \fI\%#59183\fP +.IP \(bu 2 +Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#59315\fP +.IP \(bu 2 +Fix postgres_privileges.present not idempotent for functions \fI\%#59585\fP +.IP \(bu 2 +Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. \fI\%#59766\fP +.IP \(bu 2 +Warn when using insecure (http:// based) key_urls for apt\-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. \fI\%#59786\fP +.IP \(bu 2 +add load balancing policy default option and ensure the module can be executed with arguments from CLI \fI\%#59909\fP +.IP \(bu 2 +Fix salt\-ssh when using imports with extra\-filerefs. \fI\%#60003\fP +.IP \(bu 2 +Fixed cache directory corruption startup error \fI\%#60170\fP +.IP \(bu 2 +Update docs remove dry_run in docstring of file.blockreplace state. \fI\%#60227\fP +.IP \(bu 2 +Adds Parrot to OS_Family_Map in grains. \fI\%#60249\fP +.IP \(bu 2 +Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions \fI\%#60365\fP +.IP \(bu 2 +Use return code in iptables \-\-check to verify rule exists. \fI\%#60467\fP +.IP \(bu 2 +Fix regression pip.installed does not pass env_vars when calling pip.list \fI\%#60557\fP +.IP \(bu 2 +Fix xfs module when additional output included in mkfs.xfs command. \fI\%#60853\fP +.IP \(bu 2 +Fixed parsing new format of terraform states in roster.terraform \fI\%#60915\fP +.IP \(bu 2 +Fixed recognizing installed ARMv7 rpm packages in compatible architectures. \fI\%#60994\fP +.IP \(bu 2 +Fixing changes dict in pkg state to be consistent when installing and test=True. \fI\%#60995\fP +.IP \(bu 2 +Fix cron.present duplicating entries when changing timespec to special. \fI\%#60997\fP +.IP \(bu 2 +Made salt\-ssh respect \-\-wipe again \fI\%#61083\fP +.IP \(bu 2 +state.orchestrate_single only passes a pillar if it is set to the state +function. This allows it to be used with state functions that don\(aqt accept a +pillar keyword argument. \fI\%#61092\fP +.IP \(bu 2 +Fix ipset state when the comment kwarg is set. \fI\%#61122\fP +.IP \(bu 2 +Fix issue with archive.unzip where the password was not being encoded for the extract function \fI\%#61422\fP +.IP \(bu 2 +Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux +Mint, Pop!_OS, Rocky Linux) report different \fBoscodename\fP, \fBosfullname\fP, +\fBosfinger\fP grains if lsb\-release is installed or not. They have been changed to +only derive these OS grains from \fB/etc/os\-release\fP\&. \fI\%#61618\fP +.IP \(bu 2 +Pop!_OS uses the full version (\fI\%YY.MM\fP) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. \fI\%#61619\fP +.IP \(bu 2 +Fix ssh config roster to correctly parse the ssh config files that contain spaces. \fI\%#61650\fP +.IP \(bu 2 +Fix SoftLayer configuration not raising an exception when a domain is missing \fI\%#61727\fP +.IP \(bu 2 +Allow the minion to start or salt\-call to run even if the user doesn\(aqt have permissions to read the root_dir value from the registry \fI\%#61789\fP +.IP \(bu 2 +Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. \fI\%#61805\fP +.IP \(bu 2 +Fixed malformed state return when merge\-serializing to an improperly formatted file \fI\%#61814\fP +.IP \(bu 2 +Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) \fI\%#61816\fP +.IP \(bu 2 +When deleting the vault cache, also delete from the session cache \fI\%#61821\fP +.IP \(bu 2 +Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. \fI\%#61827\fP +.IP \(bu 2 +win_lgpo: Display conflicting policy names when more than one policy is found \fI\%#61859\fP +.IP \(bu 2 +win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy \fI\%#61860\fP +.IP \(bu 2 +Fixed listing minions on OpenBSD \fI\%#61966\fP +.IP \(bu 2 +Make Salt to return an error on \(dqpkg\(dq modules and states when targeting duplicated package names \fI\%#62019\fP +.IP \(bu 2 +Fix return of REST\-returned permissions when auth_list is set \fI\%#62022\fP +.IP \(bu 2 +Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. \fI\%#62029\fP +.IP \(bu 2 +Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() \fI\%#62030\fP +.IP \(bu 2 +Fix attr=all handling in pkg.list_pkgs() (yum/zypper). \fI\%#62032\fP +.IP \(bu 2 +Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap \fI\%#62053\fP +.IP \(bu 2 +Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias \fI\%#62058\fP +.IP \(bu 2 +Fix ordering of args to libcloud_storage.download_object module \fI\%#62074\fP +.IP \(bu 2 +Ignore extend declarations in sls files that are excluded. \fI\%#62082\fP +.IP \(bu 2 +Remove leftover usage of impacket \fI\%#62101\fP +.IP \(bu 2 +Pass executable path from _get_path_exec() is used when calling the program. +The $HOME env is no longer modified globally. +Only trailing newlines are stripped from the fetched secret. +Pass process arguments are handled in a secure way. \fI\%#62120\fP +.IP \(bu 2 +Ignore some command return codes in openbsdrcctl_service to prevent spurious errors \fI\%#62131\fP +.IP \(bu 2 +Fixed extra period in filename output in tls module. Instead of \(dqserver.crt.\(dq it will now be \(dqserver.crt\(dq. \fI\%#62139\fP +.IP \(bu 2 +Make sure lingering PAexec\-*.exe files in the Windows directory are cleaned up \fI\%#62152\fP +.IP \(bu 2 +Restored Salt\(aqs DeprecationWarnings \fI\%#62185\fP +.IP \(bu 2 +Fixed issue with forward slashes on Windows with file.recurse and clean=True \fI\%#62197\fP +.IP \(bu 2 +Recognize OSMC as Debian\-based \fI\%#62198\fP +.IP \(bu 2 +Fixed Zypper module failing on RPM lock file being temporarily unavailable. \fI\%#62204\fP +.IP \(bu 2 +Improved error handling and diagnostics in the proxmox salt\-cloud driver \fI\%#62211\fP +.IP \(bu 2 +Added EndeavourOS to the Arch os_family. \fI\%#62220\fP +.IP \(bu 2 +Fix salt\-ssh not detecting \fBplatform\-python\fP as a valid interpreter on EL8 \fI\%#62235\fP +.IP \(bu 2 +Fix pkg.version_cmp on openEuler and a few other os flavors. \fI\%#62248\fP +.IP \(bu 2 +Fix localhost detection in glusterfs.peers \fI\%#62273\fP +.IP \(bu 2 +Fix Salt Package Manager (SPM) exception when calling spm create_repo . \fI\%#62281\fP +.IP \(bu 2 +Fix matcher slowness due to loader invocation \fI\%#62283\fP +.IP \(bu 2 +Fixes the Puppet module for non\-aio Puppet packages for example running the Puppet module on FreeBSD. \fI\%#62323\fP +.IP \(bu 2 +Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect \fI\%#62334\fP +.IP \(bu 2 +Fix pyobjects renderer access to opts and sls \fI\%#62336\fP +.IP \(bu 2 +Fix use of random shuffle and sample functions as Jinja filters \fI\%#62372\fP +.IP \(bu 2 +Fix groups with duplicate GIDs are not returned by get_group_list \fI\%#62377\fP +.IP \(bu 2 +Fix the \(dqzpool.present\(dq state when enabling zpool features that are already active. \fI\%#62390\fP +.IP \(bu 2 +Fix ability to execute remote file client methods in saltcheck \fI\%#62398\fP +.IP \(bu 2 +Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x \fI\%#62400\fP +.IP \(bu 2 +Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. \fI\%#62405\fP +.IP \(bu 2 +When using preq on a state, then prereq state will first be run with test=True to determine if there are changes. When there are changes, the state with the prereq option will be run prior to the prereq state. If this state fails then the prereq state will not run and the state output uses the test=True run. However, the proposed changes are included for the prereq state are included from the test=True run. We should pull those out as there weren\(aqt actually changes since the prereq state did not run. \fI\%#62408\fP +.IP \(bu 2 +Added directory mode for file.copy with makedirs \fI\%#62426\fP +.IP \(bu 2 +Provide better error handling in the various napalm proxy minion functions when the device is not accessible. \fI\%#62435\fP +.IP \(bu 2 +When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated. Caching whether aggregate functions are available for particular states so we don\(aqt need to attempt to load them everytime. \fI\%#62439\fP +.IP \(bu 2 +The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module \fI\%#62451\fP +.IP \(bu 2 +sysctl.persist now updates the in\-memory value on FreeBSD even if the on\-disk value was already correct. \fI\%#62461\fP +.IP \(bu 2 +Fixed parsing CDROM apt sources \fI\%#62474\fP +.IP \(bu 2 +Update sanitizing masking for Salt SSH to include additional password like strings. \fI\%#62483\fP +.IP \(bu 2 +Fix user/group checking on file state functions in the test mode. \fI\%#62499\fP +.IP \(bu 2 +Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. \fI\%#62502\fP +.IP \(bu 2 +Fix possible tracebacks if there is a package with \(aq\-\-\-\-\-\-\(aq or \(aq======\(aq in the description is installed on the Debian based minion. \fI\%#62519\fP +.IP \(bu 2 +Fixed the omitted \(dqpool\(dq parameter when cloning a VM with the proxmox salt\-cloud driver \fI\%#62521\fP +.IP \(bu 2 +Fix rendering of pyobjects states in saltcheck \fI\%#62523\fP +.IP \(bu 2 +Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt \fI\%#62527\fP +.IP \(bu 2 +Use str() method instead of repo_line for when python3\-apt is installed or not in \fI\%aptpkg.py\fP\&. \fI\%#62546\fP +.IP \(bu 2 +Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to \fBcontext\fP[\(dqnetmiko_device\(dq][\(dqargs\(dq] which is passed along to the Netmiko library. \fI\%#62547\fP +.IP \(bu 2 +Fix order specific mount.mounted options for persist \fI\%#62556\fP +.IP \(bu 2 +Fixed salt\-cloud cloning a proxmox VM with a specified new vmid. \fI\%#62558\fP +.IP \(bu 2 +Fix runas with cmd module when using the onedir bundled packages \fI\%#62565\fP +.IP \(bu 2 +Update setproctitle version for all platforms \fI\%#62576\fP +.IP \(bu 2 +Fixed missing parameters when cloning a VM with the proxmox salt\-cloud driver \fI\%#62580\fP +.IP \(bu 2 +Handle PermissionError when importing crypt when FIPS is enabled. \fI\%#62587\fP +.IP \(bu 2 +Correctly reraise exceptions in states.http \fI\%#62595\fP +.IP \(bu 2 +Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. \fI\%#62618\fP +.IP \(bu 2 +updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. \fI\%#62624\fP +.IP \(bu 2 +Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline \fI\%#62633\fP +.IP \(bu 2 +Fixed vault ext pillar return data for KV v2 \fI\%#62651\fP +.IP \(bu 2 +Fix saltcheck _get_top_states doesn\(aqt pass saltenv to state.show_top \fI\%#62654\fP +.IP \(bu 2 +Fix groupadd.* functions hard code relative command name \fI\%#62657\fP +.IP \(bu 2 +Fixed pdbedit.create trying to use a bytes\-like hash as string. \fI\%#62670\fP +.IP \(bu 2 +Fix depenency on legacy boto module in boto3 modules \fI\%#62672\fP +.IP \(bu 2 +Modified \(dq_get_flags\(dq function so that it returns regex flags instead of integers \fI\%#62676\fP +.IP \(bu 2 +Change startup ReqServer log messages from error to info level. \fI\%#62728\fP +.IP \(bu 2 +Fix kmod.* functions hard code relative command name \fI\%#62772\fP +.IP \(bu 2 +Fix mac_brew_pkg to work with null taps \fI\%#62793\fP +.IP \(bu 2 +Fixing a bug when listing the running schedule if \(dqschedule.enable\(dq and/or \(dqschedule.disable\(dq has been run, where the \(dqenabled\(dq items is being treated as a schedule item. \fI\%#62795\fP +.IP \(bu 2 +Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode \fI\%#62817\fP +.IP \(bu 2 +Include UID and GID checks in modules.file.check_perms as well as comparing +ownership by username and group name. \fI\%#62818\fP +.IP \(bu 2 +Fix presence events on TCP transport by removing a client\(aqs presence when minion disconnects from publish channel correctly \fI\%#62826\fP +.IP \(bu 2 +Remove Azure deprecation messages from functions that always run w/ salt\-cloud \fI\%#62845\fP +.IP \(bu 2 +Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 \fI\%#62854\fP +.IP \(bu 2 +Fixed master job scheduler using when \fI\%#62858\fP +.IP \(bu 2 +LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding \fI\%#62873\fP +.IP \(bu 2 +Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. \fI\%#62878\fP +.IP \(bu 2 +Fixed dockermod version_info function for docker\-py 6.0.0+ \fI\%#62882\fP +.IP \(bu 2 +Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. \fI\%#62886\fP +.IP \(bu 2 +Updating various MongoDB module functions to work with latest version of pymongo. \fI\%#62900\fP +.IP \(bu 2 +Restored channel for Syndic minions to send job returns to the Salt master. \fI\%#62933\fP +.IP \(bu 2 +removed _resolve_deps as it required a library that is not generally avalible. and switched to apt\-get for everything as that can auto resolve dependencies. \fI\%#62934\fP +.IP \(bu 2 +Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt\-minion/salt\-call to hang \fI\%#62937\fP +.IP \(bu 2 +Allow root user to modify crontab lines for non\-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. \fI\%#62940\fP +.IP \(bu 2 +Fix systemd_service.* functions hard code relative command name \fI\%#62942\fP +.IP \(bu 2 +Fix file.symlink backupname operation can copy remote contents to local disk \fI\%#62953\fP +.IP \(bu 2 +Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts \fI\%#62968\fP +.IP \(bu 2 +Fixed gpg_passphrase issue with gpg decrypt/encrypt functions \fI\%#62977\fP +.IP \(bu 2 +Fix file.tidied FileNotFoundError \fI\%#62986\fP +.IP \(bu 2 +Fixed bug where module.wait states were detected as running legacy module.run syntax \fI\%#62988\fP +.IP \(bu 2 +Fixed issue with win_wua module where it wouldn\(aqt load if the CryptSvc was set to Manual start \fI\%#62993\fP +.IP \(bu 2 +The \fB__opts__\fP dunder dictionary is now added to the loader\(aqs \fBpack\fP if not +already present, which makes it accessible via the +\fBsalt.loader.context.NamedLoaderContext\fP class. \fI\%#63013\fP +.IP \(bu 2 +Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts \fI\%#63024\fP +.IP \(bu 2 +Fix btrfs.subvolume_snapshot command failing \fI\%#63025\fP +.IP \(bu 2 +Fix file.retention_schedule always reports changes \fI\%#63033\fP +.IP \(bu 2 +Fix mongo authentication for mongo ext_pillar and mongo returner +.sp +This fix also include the ability to use the mongo connection string for mongo ext_pillar \fI\%#63058\fP +.IP \(bu 2 +Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. \fI\%#63103\fP +.IP \(bu 2 +TCP transport documentation now contains proper master/minion\-side filtering information \fI\%#63120\fP +.IP \(bu 2 +Fixed gpg.verify does not respect gnupghome \fI\%#63145\fP +.IP \(bu 2 +Made pillar cache pass extra minion data as well \fI\%#63208\fP +.IP \(bu 2 +Fix serious performance issues with the file.tidied module \fI\%#63231\fP +.IP \(bu 2 +Fix rpm_lowpkg version comparison logic when using rpm\-vercmp and only one version has a release number. \fI\%#63317\fP +.IP \(bu 2 +Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available \fI\%#63350\fP +.IP \(bu 2 +When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows. When quoted on Linux hosts, this results in an error when the keyword arguments are appended. \fI\%#63590\fP +.IP \(bu 2 +LGPO: Added support for \(dqRelax minimum password length limits\(dq \fI\%#63596\fP +.IP \(bu 2 +When a job is disabled only increase it\(aqs _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. \fI\%#63699\fP +.IP \(bu 2 +Check file is not empty before attempting to read pillar disk cache file \fI\%#63729\fP +.IP \(bu 2 +fix cherrypy 400 error output to be less generic. \fI\%#63835\fP +.IP \(bu 2 +remove eval and update logging to be more informative on bad config \fI\%#63879\fP +.UNINDENT +.SS Added +.INDENT 0.0 +.IP \(bu 2 +Introduce a \fBLIB_STATE_DIR\fP syspaths variable which defaults to \fBCONFIG_DIR\fP, +but can be individually customized during installation by specifying +\fB\-\-salt\-lib\-state\-dir\fP during installation. Change the default \fBpki_dir\fP to +\fB/pki/master\fP (for the master) and \fB/pki/minion\fP +(for the minion). \fI\%#3396\fP +.IP \(bu 2 +Allow users to enable \(aqqueue=True\(aq for all state runs via config file \fI\%#31468\fP +.IP \(bu 2 +Added pillar templating to vault policies \fI\%#43287\fP +.IP \(bu 2 +Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray \fI\%#51088\fP +.IP \(bu 2 +A new salt\-ssh roster that generates a roster by parses a known_hosts file. \fI\%#54679\fP +.IP \(bu 2 +Added Windows Event Viewer support \fI\%#54713\fP +.IP \(bu 2 +Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file \fI\%#56013\fP +.IP \(bu 2 +Added resource tagging functions to boto_dynamodb execution module \fI\%#57500\fP +.IP \(bu 2 +Added \fBopenvswitch_db\fP state module and functions \fBbridge_to_parent\fP, +\fBbridge_to_vlan\fP, \fBdb_get\fP, and \fBdb_set\fP to the \fBopenvswitch\fP execution module. +Also added optional \fBparent\fP and \fBvlan\fP parameters to the +\fBopenvswitch_bridge.present\fP state module function and the +\fBopenvswitch.bridge_create\fP execution module function. \fI\%#58986\fP +.IP \(bu 2 +State module to manage SysFS attributes \fI\%#60154\fP +.IP \(bu 2 +Added ability for \fBsalt.wait_for_event\fP to handle \fBevent_id\fPs that have a list value. \fI\%#60430\fP +.IP \(bu 2 +Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) \fI\%#60518\fP +.IP \(bu 2 +Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. \fI\%#60700\fP +.IP \(bu 2 +Added .0 back to our versioning scheme for future versions (e.g. 3006.0) \fI\%#60722\fP +.IP \(bu 2 +Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. \fI\%#61153\fP +.IP \(bu 2 +Added node label support for GCE \fI\%#61245\fP +.IP \(bu 2 +Support the \-\-priority flag when adding sources to Chocolatey. \fI\%#61319\fP +.IP \(bu 2 +Add namespace option to ext_pillar.http_json \fI\%#61335\fP +.IP \(bu 2 +Added a filter function to ps module to get a list of processes on a minion according to their state. \fI\%#61420\fP +.IP \(bu 2 +Add postgres.timeout option to postgres module for limiting postgres query times \fI\%#61433\fP +.IP \(bu 2 +Added new optional vault option, \fBconfig_location\fP\&. This can be either \fBmaster\fP or \fBlocal\fP and defines where vault will look for connection details, either requesting them from the master or using the local config. \fI\%#61857\fP +.IP \(bu 2 +Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. \fI\%#61931\fP +.IP \(bu 2 +\(aqtcp\(aq transport is now available in ipv6\-only network \fI\%#62009\fP +.IP \(bu 2 +Add \fBdiff_attr\fP parameter to pkg.upgrade() (zypper/yum). \fI\%#62031\fP +.IP \(bu 2 +Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets. +Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass. +Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass. +Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. \fI\%#62120\fP +.IP \(bu 2 +Add file.pruned state and expanded file.rmdir exec module functionality \fI\%#62178\fP +.IP \(bu 2 +Added \(dqdig.PTR\(dq function to resolve PTR records for IPs, as well as tests and documentation \fI\%#62275\fP +.IP \(bu 2 +Added the ability to remove a KB using the DISM state/execution modules \fI\%#62366\fP +.IP \(bu 2 +Add \(dq python\(dq subcommand to allow execution or arbitrary scripts via bundled Python runtime \fI\%#62381\fP +.IP \(bu 2 +Add ability to provide conditions which convert normal state actions to no\-op when true \fI\%#62446\fP +.IP \(bu 2 +Added debug log messages displaying the command being run when installing packages on Windows \fI\%#62480\fP +.IP \(bu 2 +Add biosvendor grain \fI\%#62496\fP +.IP \(bu 2 +Add ifelse Jinja function as found in CFEngine \fI\%#62508\fP +.IP \(bu 2 +Implementation of Amazon EC2 instance detection and setting \fBvirtual_subtype\fP grain accordingly including the product if possible to identify. \fI\%#62539\fP +.IP \(bu 2 +Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack \fI\%#62578\fP +.IP \(bu 2 +Increase file.tidied flexibility with regard to age and size \fI\%#62678\fP +.IP \(bu 2 +Added \(dqconnected_devices\(dq feature to netbox pillar module. It contains extra information about devices connected to the minion \fI\%#62761\fP +.IP \(bu 2 +Add atomic file operation for symlink changes \fI\%#62768\fP +.IP \(bu 2 +Add password/account locking/unlocking in user.present state on supported operating systems \fI\%#62856\fP +.IP \(bu 2 +Added onchange configuration for script engine \fI\%#62867\fP +.IP \(bu 2 +Added output and bare functionality to export_key gpg module function \fI\%#62978\fP +.IP \(bu 2 +Add keyvalue serializer for environment files \fI\%#62983\fP +.IP \(bu 2 +Add ability to ignore symlinks in file.tidied \fI\%#63042\fP +.IP \(bu 2 +salt\-cloud support IMDSv2 tokens when using \(aquse\-instance\-role\-credentials\(aq \fI\%#63067\fP +.IP \(bu 2 +Add ability for file.symlink to not set ownership on existing links \fI\%#63093\fP +.IP \(bu 2 +Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation \fI\%#63095\fP +.IP \(bu 2 +Add functions that will return the underlying block device, mount point, and filesystem type for a given path \fI\%#63098\fP +.IP \(bu 2 +Add ethtool execution and state module functions for pause \fI\%#63128\fP +.IP \(bu 2 +Add boardname grain \fI\%#63131\fP +.IP \(bu 2 +Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#63248\fP +.IP \(bu 2 +Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#63249\fP +.IP \(bu 2 +Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. \fI\%#63315\fP +.IP \(bu 2 +Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id. +This allows users to enable state_events on a per use basis rather than having to +enable them globally for all state runs. \fI\%#63316\fP +.IP \(bu 2 +Allow max queue size setting for state runs to prevent performance problems from queue growth \fI\%#63356\fP +.IP \(bu 2 +Add support of exposing meta_server_grains for Azure VMs \fI\%#63606\fP +.IP \(bu 2 +Include the version of \fBrelenv\fP in the versions report. \fI\%#63827\fP +.IP \(bu 2 +Added debug log messages displaying the command being run when removing packages on Windows \fI\%#63866\fP +.UNINDENT .sp See \fI\%Install a release candidate\fP for more information about installing an RC when one is available. diff --git a/doc/man/spm.1 b/doc/man/spm.1 index 774e767ef35f..db45b94ae842 100644 --- a/doc/man/spm.1 +++ b/doc/man/spm.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SPM" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt" +.TH "SPM" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt" .SH NAME spm \- Salt Package Manager Command .sp diff --git a/doc/topics/releases/3006.0.md b/doc/topics/releases/3006.0.md index 2dc57e110297..33a0165cf3a9 100644 --- a/doc/topics/releases/3006.0.md +++ b/doc/topics/releases/3006.0.md @@ -377,3 +377,333 @@ lib-bar: enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316) - Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356) - Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606) + +## Changelog + +### Removed + +- Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917) +- Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476) +- Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239) +- Removed the PyObjC dependency. + + This addresses problems with building a one dir build for macOS. + It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built). + Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432) +- Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874) + + +### Deprecated + +- renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds. + `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295) +- Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542) +- The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009) +- The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485) +- Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644) +- Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754) +- Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914) +- Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915) +- Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917) +- Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095) +- `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383) + + +### Changed + +- More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609) +- Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430) +- ``umask`` is now a global state argument, instead of only applying to ``cmd`` + states. [#57803](https://github.com/saltstack/salt/issues/57803) +- Update pillar.obfuscate to accept kwargs in addition to args. This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971) +- Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439) +- Add missing MariaDB Grants to mysql module. + MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. + Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409) +- Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089) +- Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168) +- Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218) +- Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346) +- Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895) +- Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012) +- netapi_enable_clients option to allow enabling/disabling of clients in salt-api. + By default all clients will now be disabled. Users of salt-api will need + to update their master config to enable the clients that they use. Not adding + the netapi_enable_clients option with required clients to the master config will + disable salt-api. [#63050](https://github.com/saltstack/salt/issues/63050) +- Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383) +- Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595) +- Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710) + + +### Fixed + +- Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138) +- Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292) +- Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054) +- Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306) +- Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823) +- Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201) +- Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310) +- Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620) +- Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739) +- Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167) +- Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339) +- Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400) +- Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353) +- When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377) +- Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914) +- Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988) +- Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347) +- Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508) +- Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682) +- Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907) +- Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226) +- Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269) +- Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016) +- Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093) +- Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139) +- Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463) +- Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535) +- Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842) +- Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165) +- Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202) +- Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297) +- linux_shadow: Fix cases where malformed shadow entries cause `user.present` + states to fail. [#58423](https://github.com/saltstack/salt/issues/58423) +- Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729) +- Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953) +- Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017) +- Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169) +- Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183) +- Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315) +- Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585) +- Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766) +- Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786) +- add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909) +- Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003) +- Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170) +- Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227) +- Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249) +- Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365) +- Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467) +- Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557) +- Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853) +- Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915) +- Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994) +- Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995) +- Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997) +- Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083) +- state.orchestrate_single only passes a pillar if it is set to the state + function. This allows it to be used with state functions that don't accept a + pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092) +- Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122) +- Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422) +- Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux + Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`, + `osfinger` grains if lsb-release is installed or not. They have been changed to + only derive these OS grains from `/etc/os-release`. [#61618](https://github.com/saltstack/salt/issues/61618) +- Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619) +- Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650) +- Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727) +- Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789) +- Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805) +- Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814) +- Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816) +- When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821) +- Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827) +- win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859) +- win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860) +- Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966) +- Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019) +- Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022) +- Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029) +- Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030) +- Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032) +- Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053) +- Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058) +- Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074) +- Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082) +- Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101) +- Pass executable path from _get_path_exec() is used when calling the program. + The $HOME env is no longer modified globally. + Only trailing newlines are stripped from the fetched secret. + Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120) +- Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131) +- Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139) +- Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152) +- Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185) +- Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197) +- Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198) +- Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204) +- Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211) +- Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220) +- Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235) +- Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248) +- Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273) +- Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281) +- Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283) +- Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323) +- Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334) +- Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336) +- Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372) +- Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377) +- Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390) +- Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398) +- Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400) +- Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405) +- When using preq on a state, then prereq state will first be run with test=True to determine if there are changes. When there are changes, the state with the prereq option will be run prior to the prereq state. If this state fails then the prereq state will not run and the state output uses the test=True run. However, the proposed changes are included for the prereq state are included from the test=True run. We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408) +- Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426) +- Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435) +- When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated. Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439) +- The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451) +- sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461) +- Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474) +- Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483) +- Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499) +- Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502) +- Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519) +- Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521) +- Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523) +- Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527) +- Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546) +- Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547) +- Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556) +- Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558) +- Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565) +- Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576) +- Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580) +- Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587) +- Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595) +- Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618) +- updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624) +- Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633) +- Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651) +- Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654) +- Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657) +- Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670) +- Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672) +- Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676) +- Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728) +- Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772) +- Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793) +- Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795) +- Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817) +- Include UID and GID checks in modules.file.check_perms as well as comparing + ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818) +- Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826) +- Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845) +- Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854) +- Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858) +- LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873) +- Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878) +- Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882) +- Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886) +- Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900) +- Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933) +- removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934) +- Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937) +- Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940) +- Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942) +- Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953) +- Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968) +- Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977) +- Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986) +- Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988) +- Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993) +- The `__opts__` dunder dictionary is now added to the loader's `pack` if not + already present, which makes it accessible via the + `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013) +- Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024) +- Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025) +- Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033) +- Fix mongo authentication for mongo ext_pillar and mongo returner + + This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058) +- Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103) +- TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120) +- Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145) +- Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208) +- Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231) +- Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317) +- Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350) +- When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows. When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590) +- LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596) +- When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699) +- Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729) +- fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835) +- remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879) + + +### Added + +- Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`, + but can be individually customized during installation by specifying + `--salt-lib-state-dir` during installation. Change the default `pki_dir` to + `/pki/master` (for the master) and `/pki/minion` + (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396) +- Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468) +- Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287) +- Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088) +- A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679) +- Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713) +- Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013) +- Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500) +- Added `openvswitch_db` state module and functions `bridge_to_parent`, + `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module. + Also added optional `parent` and `vlan` parameters to the + `openvswitch_bridge.present` state module function and the + `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986) +- State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154) +- Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430) +- Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518) +- Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700) +- Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722) +- Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153) +- Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245) +- Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319) +- Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335) +- Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420) +- Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433) +- Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857) +- Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931) +- 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009) +- Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031) +- Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets. + Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass. + Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass. + Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120) +- Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178) +- Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275) +- Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366) +- Add " python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381) +- Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446) +- Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480) +- Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496) +- Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508) +- Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539) +- Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578) +- Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678) +- Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761) +- Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768) +- Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856) +- Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867) +- Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978) +- Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983) +- Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042) +- salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067) +- Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093) +- Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095) +- Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098) +- Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128) +- Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131) +- Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248) +- Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249) +- Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315) +- Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id. + This allows users to enable state_events on a per use basis rather than having to + enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316) +- Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356) +- Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606) +- Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827) +- Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866) diff --git a/pkg/debian/changelog b/pkg/debian/changelog index 1cb607032e12..169cffd033a9 100644 --- a/pkg/debian/changelog +++ b/pkg/debian/changelog @@ -1,3 +1,333 @@ +salt (1:3006.0rc2) stable; urgency=medium + + + # Removed + + * Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917) + * Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476) + * Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239) + * Removed the PyObjC dependency. + + This addresses problems with building a one dir build for macOS. + It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built). + Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432) + * Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874) + + # Deprecated + + * renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds. + `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295) + * Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542) + * The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009) + * The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485) + * Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644) + * Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754) + * Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914) + * Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915) + * Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917) + * Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095) + * `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383) + + # Changed + + * More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609) + * Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430) + * ``umask`` is now a global state argument, instead of only applying to ``cmd`` + states. [#57803](https://github.com/saltstack/salt/issues/57803) + * Update pillar.obfuscate to accept kwargs in addition to args. This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971) + * Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439) + * Add missing MariaDB Grants to mysql module. + MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. + Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409) + * Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089) + * Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168) + * Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218) + * Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346) + * Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895) + * Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012) + * netapi_enable_clients option to allow enabling/disabling of clients in salt-api. + By default all clients will now be disabled. Users of salt*api will need + to update their master config to enable the clients that they use. Not adding + the netapi_enable_clients option with required clients to the master config will + disable salt*api. [#63050](https://github.com/saltstack/salt/issues/63050) + * Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383) + * Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595) + * Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710) + + # Fixed + + * Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138) + * Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292) + * Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054) + * Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306) + * Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823) + * Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201) + * Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310) + * Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620) + * Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739) + * Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167) + * Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339) + * Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400) + * Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353) + * When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377) + * Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914) + * Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988) + * Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347) + * Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508) + * Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682) + * Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907) + * Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226) + * Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269) + * Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016) + * Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093) + * Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139) + * Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463) + * Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535) + * Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842) + * Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165) + * Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202) + * Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297) + * linux_shadow: Fix cases where malformed shadow entries cause `user.present` + states to fail. [#58423](https://github.com/saltstack/salt/issues/58423) + * Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729) + * Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953) + * Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017) + * Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169) + * Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183) + * Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315) + * Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585) + * Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766) + * Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786) + * add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909) + * Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003) + * Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170) + * Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227) + * Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249) + * Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365) + * Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467) + * Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557) + * Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853) + * Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915) + * Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994) + * Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995) + * Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997) + * Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083) + * state.orchestrate_single only passes a pillar if it is set to the state + function. This allows it to be used with state functions that don't accept a + pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092) + * Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122) + * Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422) + * Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux + Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`, + `osfinger` grains if lsb*release is installed or not. They have been changed to + only derive these OS grains from `/etc/os*release`. [#61618](https://github.com/saltstack/salt/issues/61618) + * Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619) + * Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650) + * Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727) + * Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789) + * Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805) + * Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814) + * Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816) + * When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821) + * Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827) + * win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859) + * win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860) + * Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966) + * Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019) + * Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022) + * Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029) + * Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030) + * Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032) + * Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053) + * Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058) + * Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074) + * Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082) + * Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101) + * Pass executable path from _get_path_exec() is used when calling the program. + The $HOME env is no longer modified globally. + Only trailing newlines are stripped from the fetched secret. + Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120) + * Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131) + * Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139) + * Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152) + * Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185) + * Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197) + * Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198) + * Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204) + * Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211) + * Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220) + * Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235) + * Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248) + * Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273) + * Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281) + * Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283) + * Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323) + * Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334) + * Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336) + * Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372) + * Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377) + * Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390) + * Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398) + * Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400) + * Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405) + * When using preq on a state, then prereq state will first be run with test=True to determine if there are changes. When there are changes, the state with the prereq option will be run prior to the prereq state. If this state fails then the prereq state will not run and the state output uses the test=True run. However, the proposed changes are included for the prereq state are included from the test=True run. We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408) + * Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426) + * Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435) + * When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated. Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439) + * The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451) + * sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461) + * Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474) + * Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483) + * Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499) + * Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502) + * Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519) + * Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521) + * Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523) + * Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527) + * Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546) + * Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547) + * Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556) + * Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558) + * Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565) + * Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576) + * Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580) + * Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587) + * Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595) + * Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618) + * updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624) + * Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633) + * Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651) + * Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654) + * Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657) + * Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670) + * Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672) + * Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676) + * Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728) + * Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772) + * Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793) + * Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795) + * Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817) + * Include UID and GID checks in modules.file.check_perms as well as comparing + ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818) + * Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826) + * Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845) + * Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854) + * Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858) + * LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873) + * Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878) + * Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882) + * Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886) + * Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900) + * Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933) + * removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934) + * Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937) + * Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940) + * Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942) + * Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953) + * Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968) + * Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977) + * Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986) + * Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988) + * Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993) + * The `__opts__` dunder dictionary is now added to the loader's `pack` if not + already present, which makes it accessible via the + `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013) + * Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024) + * Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025) + * Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033) + * Fix mongo authentication for mongo ext_pillar and mongo returner + + This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058) + * Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103) + * TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120) + * Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145) + * Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208) + * Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231) + * Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317) + * Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350) + * When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows. When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590) + * LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596) + * When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699) + * Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729) + * fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835) + * remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879) + + # Added + + * Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`, + but can be individually customized during installation by specifying + `*-salt-lib-state-dir` during installation. Change the default `pki_dir` to + `/pki/master` (for the master) and `/pki/minion` + (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396) + * Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468) + * Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287) + * Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088) + * A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679) + * Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713) + * Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013) + * Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500) + * Added `openvswitch_db` state module and functions `bridge_to_parent`, + `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module. + Also added optional `parent` and `vlan` parameters to the + `openvswitch_bridge.present` state module function and the + `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986) + * State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154) + * Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430) + * Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518) + * Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700) + * Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722) + * Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153) + * Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245) + * Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319) + * Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335) + * Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420) + * Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433) + * Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857) + * Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931) + * 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009) + * Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031) + * Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets. + Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass. + Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass. + Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120) + * Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178) + * Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275) + * Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366) + * Add " python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381) + * Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446) + * Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480) + * Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496) + * Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508) + * Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539) + * Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578) + * Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678) + * Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761) + * Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768) + * Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856) + * Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867) + * Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978) + * Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983) + * Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042) + * salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067) + * Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093) + * Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095) + * Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098) + * Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128) + * Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131) + * Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248) + * Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249) + * Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315) + * Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id. + This allows users to enable state_events on a per use basis rather than having to + enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316) + * Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356) + * Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606) + * Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827) + * Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866) + + + -- Salt Project Packaging Sun, 19 Mar 2023 12:34:47 +0000 + salt (1:3006.0rc1) stable; urgency=medium diff --git a/pkg/rpm/salt.spec b/pkg/rpm/salt.spec index 23ca707fbdb0..cf0086e26617 100644 --- a/pkg/rpm/salt.spec +++ b/pkg/rpm/salt.spec @@ -21,7 +21,7 @@ %define fish_dir %{_datadir}/fish/vendor_functions.d Name: salt -Version: 3006.0~rc1 +Version: 3006.0~rc2 Release: 0 Summary: A parallel remote execution system Group: System Environment/Daemons @@ -428,6 +428,333 @@ fi %changelog +* Sun Mar 19 2023 Salt Project Packaging - 3006.0~rc2 + +# Removed + +- Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917) +- Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476) +- Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239) +- Removed the PyObjC dependency. + + This addresses problems with building a one dir build for macOS. + It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built). + Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432) +- Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874) + +# Deprecated + +- renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds. + `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295) +- Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542) +- The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009) +- The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485) +- Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644) +- Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754) +- Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914) +- Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915) +- Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917) +- Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095) +- `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383) + +# Changed + +- More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609) +- Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430) +- ``umask`` is now a global state argument, instead of only applying to ``cmd`` + states. [#57803](https://github.com/saltstack/salt/issues/57803) +- Update pillar.obfuscate to accept kwargs in addition to args. This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971) +- Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439) +- Add missing MariaDB Grants to mysql module. + MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. + Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409) +- Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089) +- Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168) +- Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218) +- Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346) +- Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895) +- Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012) +- netapi_enable_clients option to allow enabling/disabling of clients in salt-api. + By default all clients will now be disabled. Users of salt-api will need + to update their master config to enable the clients that they use. Not adding + the netapi_enable_clients option with required clients to the master config will + disable salt-api. [#63050](https://github.com/saltstack/salt/issues/63050) +- Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383) +- Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595) +- Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710) + +# Fixed + +- Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138) +- Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292) +- Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054) +- Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306) +- Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823) +- Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201) +- Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310) +- Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620) +- Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739) +- Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167) +- Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339) +- Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400) +- Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353) +- When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377) +- Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914) +- Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988) +- Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347) +- Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508) +- Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682) +- Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907) +- Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226) +- Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269) +- Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016) +- Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093) +- Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139) +- Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463) +- Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535) +- Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842) +- Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165) +- Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202) +- Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297) +- linux_shadow: Fix cases where malformed shadow entries cause `user.present` + states to fail. [#58423](https://github.com/saltstack/salt/issues/58423) +- Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729) +- Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953) +- Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017) +- Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169) +- Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183) +- Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315) +- Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585) +- Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766) +- Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786) +- add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909) +- Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003) +- Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170) +- Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227) +- Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249) +- Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365) +- Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467) +- Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557) +- Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853) +- Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915) +- Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994) +- Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995) +- Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997) +- Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083) +- state.orchestrate_single only passes a pillar if it is set to the state + function. This allows it to be used with state functions that don't accept a + pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092) +- Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122) +- Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422) +- Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux + Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`, + `osfinger` grains if lsb-release is installed or not. They have been changed to + only derive these OS grains from `/etc/os-release`. [#61618](https://github.com/saltstack/salt/issues/61618) +- Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619) +- Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650) +- Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727) +- Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789) +- Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805) +- Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814) +- Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816) +- When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821) +- Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827) +- win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859) +- win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860) +- Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966) +- Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019) +- Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022) +- Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029) +- Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030) +- Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032) +- Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053) +- Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058) +- Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074) +- Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082) +- Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101) +- Pass executable path from _get_path_exec() is used when calling the program. + The $HOME env is no longer modified globally. + Only trailing newlines are stripped from the fetched secret. + Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120) +- Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131) +- Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139) +- Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152) +- Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185) +- Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197) +- Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198) +- Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204) +- Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211) +- Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220) +- Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235) +- Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248) +- Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273) +- Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281) +- Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283) +- Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323) +- Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334) +- Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336) +- Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372) +- Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377) +- Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390) +- Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398) +- Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400) +- Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405) +- When using preq on a state, then prereq state will first be run with test=True to determine if there are changes. When there are changes, the state with the prereq option will be run prior to the prereq state. If this state fails then the prereq state will not run and the state output uses the test=True run. However, the proposed changes are included for the prereq state are included from the test=True run. We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408) +- Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426) +- Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435) +- When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated. Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439) +- The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451) +- sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461) +- Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474) +- Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483) +- Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499) +- Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502) +- Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519) +- Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521) +- Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523) +- Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527) +- Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546) +- Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547) +- Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556) +- Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558) +- Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565) +- Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576) +- Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580) +- Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587) +- Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595) +- Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618) +- updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624) +- Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633) +- Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651) +- Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654) +- Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657) +- Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670) +- Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672) +- Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676) +- Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728) +- Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772) +- Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793) +- Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795) +- Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817) +- Include UID and GID checks in modules.file.check_perms as well as comparing + ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818) +- Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826) +- Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845) +- Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854) +- Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858) +- LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873) +- Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878) +- Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882) +- Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886) +- Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900) +- Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933) +- removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934) +- Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937) +- Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940) +- Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942) +- Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953) +- Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968) +- Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977) +- Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986) +- Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988) +- Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993) +- The `__opts__` dunder dictionary is now added to the loader's `pack` if not + already present, which makes it accessible via the + `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013) +- Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024) +- Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025) +- Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033) +- Fix mongo authentication for mongo ext_pillar and mongo returner + + This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058) +- Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103) +- TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120) +- Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145) +- Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208) +- Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231) +- Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317) +- Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350) +- When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows. When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590) +- LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596) +- When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699) +- Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729) +- fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835) +- remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879) + +# Added + +- Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`, + but can be individually customized during installation by specifying + `--salt-lib-state-dir` during installation. Change the default `pki_dir` to + `/pki/master` (for the master) and `/pki/minion` + (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396) +- Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468) +- Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287) +- Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088) +- A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679) +- Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713) +- Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013) +- Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500) +- Added `openvswitch_db` state module and functions `bridge_to_parent`, + `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module. + Also added optional `parent` and `vlan` parameters to the + `openvswitch_bridge.present` state module function and the + `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986) +- State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154) +- Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430) +- Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518) +- Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700) +- Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722) +- Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153) +- Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245) +- Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319) +- Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335) +- Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420) +- Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433) +- Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857) +- Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931) +- 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009) +- Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031) +- Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets. + Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass. + Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass. + Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120) +- Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178) +- Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275) +- Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366) +- Add " python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381) +- Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446) +- Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480) +- Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496) +- Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508) +- Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539) +- Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578) +- Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678) +- Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761) +- Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768) +- Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856) +- Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867) +- Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978) +- Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983) +- Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042) +- salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067) +- Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093) +- Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095) +- Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098) +- Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128) +- Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131) +- Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248) +- Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249) +- Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315) +- Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id. + This allows users to enable state_events on a per use basis rather than having to + enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316) +- Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356) +- Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606) +- Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827) +- Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866) + + * Wed Mar 01 2023 Salt Project Packaging - 3006.0~rc1 # Removed From 9ebb3855f71da249234c12088c9f2ee464621815 Mon Sep 17 00:00:00 2001 From: "Gareth J. Greenaway" Date: Sun, 19 Mar 2023 17:09:37 -0700 Subject: [PATCH 02/46] Allow basic auth user and password to be used regardless of repo type, eg. use with RC, Prod, and Staging. --- pkg/tests/download/test_pkg_download.py | 33 +++++++++++-------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/pkg/tests/download/test_pkg_download.py b/pkg/tests/download/test_pkg_download.py index 222ce89dda93..26e15a6b6255 100644 --- a/pkg/tests/download/test_pkg_download.py +++ b/pkg/tests/download/test_pkg_download.py @@ -201,25 +201,20 @@ def root_url(salt_release): salt_path = "salt_rc/salt" else: salt_path = "salt" - if repo_type == "staging": - salt_repo_user = os.environ.get("SALT_REPO_USER") - if salt_repo_user: - log.warning( - "SALT_REPO_USER: %s", - salt_repo_user[0] - + "*" * (len(salt_repo_user) - 2) - + salt_repo_user[-1], - ) - salt_repo_pass = os.environ.get("SALT_REPO_PASS") - if salt_repo_pass: - log.warning( - "SALT_REPO_PASS: %s", - salt_repo_pass[0] - + "*" * (len(salt_repo_pass) - 2) - + salt_repo_pass[-1], - ) - if salt_repo_user and salt_repo_pass: - repo_domain = f"{salt_repo_user}:{salt_repo_pass}@{repo_domain}" + salt_repo_user = os.environ.get("SALT_REPO_USER") + if salt_repo_user: + log.warning( + "SALT_REPO_USER: %s", + salt_repo_user[0] + "*" * (len(salt_repo_user) - 2) + salt_repo_user[-1], + ) + salt_repo_pass = os.environ.get("SALT_REPO_PASS") + if salt_repo_pass: + log.warning( + "SALT_REPO_PASS: %s", + salt_repo_pass[0] + "*" * (len(salt_repo_pass) - 2) + salt_repo_pass[-1], + ) + if salt_repo_user and salt_repo_pass: + repo_domain = f"{salt_repo_user}:{salt_repo_pass}@{repo_domain}" _root_url = f"https://{repo_domain}/{salt_path}/py3" log.info("Repository Root URL: %s", _root_url) return _root_url From 77ba11a7dacd9aea9cc01de7612d991925f5ffd8 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 15 Mar 2023 12:27:33 +0000 Subject: [PATCH 03/46] Upgrade to `relenv==0.9.0` Signed-off-by: Pedro Algarvio --- .github/actions/setup-relenv/action.yml | 2 +- .github/workflows/build-deps-onedir.yml | 2 +- .github/workflows/build-salt-onedir.yml | 2 +- .github/workflows/ci.yml | 4 ++-- .github/workflows/nightly.yml | 4 ++-- .github/workflows/scheduled.yml | 4 ++-- .github/workflows/staging.yml | 4 ++-- .github/workflows/templates/layout.yml.jinja | 2 +- changelog/63883.changed.md | 1 + 9 files changed, 13 insertions(+), 12 deletions(-) create mode 100644 changelog/63883.changed.md diff --git a/.github/actions/setup-relenv/action.yml b/.github/actions/setup-relenv/action.yml index 99e96686b1d5..548f8235827a 100644 --- a/.github/actions/setup-relenv/action.yml +++ b/.github/actions/setup-relenv/action.yml @@ -22,7 +22,7 @@ inputs: required: false type: string description: The version of relenv to use - default: 0.6.0 + default: 0.9.0 outputs: version: diff --git a/.github/workflows/build-deps-onedir.yml b/.github/workflows/build-deps-onedir.yml index eaf5f0c5aac3..e09c0601ae4e 100644 --- a/.github/workflows/build-deps-onedir.yml +++ b/.github/workflows/build-deps-onedir.yml @@ -21,7 +21,7 @@ on: relenv-version: required: false type: string - default: 0.6.0 + default: 0.9.0 description: The version of relenv to use python-version-linux: required: false diff --git a/.github/workflows/build-salt-onedir.yml b/.github/workflows/build-salt-onedir.yml index eacccb04c283..34970f985bd5 100644 --- a/.github/workflows/build-salt-onedir.yml +++ b/.github/workflows/build-salt-onedir.yml @@ -21,7 +21,7 @@ on: relenv-version: required: false type: string - default: 0.6.0 + default: 0.9.0 description: The version of relenv to use python-version-linux: required: false diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 58785426377a..5e0102eacc9d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -393,7 +393,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.7.0" + relenv-version: "0.9.0" python-version-linux: "3.10.10" python-version-macos: "3.10.10" python-version-windows: "3.10.10" @@ -411,7 +411,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.7.0" + relenv-version: "0.9.0" python-version-linux: "3.10.10" python-version-macos: "3.10.10" python-version-windows: "3.10.10" diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 56d8bffa97a4..5dfcd885ecff 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -437,7 +437,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.7.0" + relenv-version: "0.9.0" python-version-linux: "3.10.10" python-version-macos: "3.10.10" python-version-windows: "3.10.10" @@ -455,7 +455,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.7.0" + relenv-version: "0.9.0" python-version-linux: "3.10.10" python-version-macos: "3.10.10" python-version-windows: "3.10.10" diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml index ebccba573392..1ebcf20b72b0 100644 --- a/.github/workflows/scheduled.yml +++ b/.github/workflows/scheduled.yml @@ -436,7 +436,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.7.0" + relenv-version: "0.9.0" python-version-linux: "3.10.10" python-version-macos: "3.10.10" python-version-windows: "3.10.10" @@ -454,7 +454,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.7.0" + relenv-version: "0.9.0" python-version-linux: "3.10.10" python-version-macos: "3.10.10" python-version-windows: "3.10.10" diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index 50f3a9a670fe..991400a4a2ce 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -438,7 +438,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.7.0" + relenv-version: "0.9.0" python-version-linux: "3.10.10" python-version-macos: "3.10.10" python-version-windows: "3.10.10" @@ -456,7 +456,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.7.0" + relenv-version: "0.9.0" python-version-linux: "3.10.10" python-version-macos: "3.10.10" python-version-windows: "3.10.10" diff --git a/.github/workflows/templates/layout.yml.jinja b/.github/workflows/templates/layout.yml.jinja index c9984404bbc4..e5cd9ceb4c20 100644 --- a/.github/workflows/templates/layout.yml.jinja +++ b/.github/workflows/templates/layout.yml.jinja @@ -9,7 +9,7 @@ <%- set python_version_linux = "3.10.10" %> <%- set python_version_macos = "3.10.10" %> <%- set python_version_windows = "3.10.10" %> -<%- set relenv_version = "0.7.0" %> +<%- set relenv_version = "0.9.0" %> <%- set gpg_key_id = "64CBBC8173D76B3F" %> <%- set prepare_actual_release = prepare_actual_release | default(False) %> <%- set release_branches = ["master", "3006.x"] %> diff --git a/changelog/63883.changed.md b/changelog/63883.changed.md new file mode 100644 index 000000000000..4e98d1d946fb --- /dev/null +++ b/changelog/63883.changed.md @@ -0,0 +1 @@ +Upgraded to `relenv==0.9.0` From 26acc39662a15c420f37ba86cde0e3890212c8ec Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 15 Mar 2023 17:50:16 +0000 Subject: [PATCH 04/46] Migrate `tests/unit/modules/test_linux_shadow.py` to pytest Signed-off-by: Pedro Algarvio --- .../pytests/unit/modules/test_linux_shadow.py | 324 ++++++++++++++++++ tests/unit/modules/test_linux_shadow.py | 312 ----------------- 2 files changed, 324 insertions(+), 312 deletions(-) create mode 100644 tests/pytests/unit/modules/test_linux_shadow.py delete mode 100644 tests/unit/modules/test_linux_shadow.py diff --git a/tests/pytests/unit/modules/test_linux_shadow.py b/tests/pytests/unit/modules/test_linux_shadow.py new file mode 100644 index 000000000000..5d977fc52121 --- /dev/null +++ b/tests/pytests/unit/modules/test_linux_shadow.py @@ -0,0 +1,324 @@ +""" + :codeauthor: Erik Johnson +""" +import types + +import pytest + +from tests.support.mock import DEFAULT, MagicMock, mock_open, patch + +pytestmark = [ + pytest.mark.skip_unless_on_linux, +] + +shadow = pytest.importorskip( + "salt.modules.linux_shadow", reason="shadow module is not available" +) +spwd = pytest.importorskip( + "spwd", reason="Standard library spwd module is not available" +) + + +def _pw_hash_ids(value): + return value.algorithm + + +@pytest.fixture( + params=[ + types.SimpleNamespace( + algorithm="md5", + clear="lamepassword", + pw_salt="TgIp9OTu", + pw_hash="$1$TgIp9OTu$.d0FFP6jVi5ANoQmk6GpM1", + pw_hash_passlib="$1$TgIp9OTu$.d0FFP6jVi5ANoQmk6GpM1", + ), + types.SimpleNamespace( + algorithm="sha256", + clear="lamepassword", + pw_salt="3vINbSrC", + pw_hash="$5$3vINbSrC$hH8A04jAY3bG123yU4FQ0wvP678QDTvWBhHHFbz6j0D", + pw_hash_passlib="$5$rounds=535000$3vINbSrC$YUDOmjJNDLWhL2Z7aAdLJnGIAsbUgkHNEcdUUujHHy8", + ), + types.SimpleNamespace( + algorithm="sha512", + clear="lamepassword", + pw_salt="PiGA3V2o", + pw_hash="$6$PiGA3V2o$/PrntRYufz49bRV/V5Eb1V6DdHaS65LB0fu73Tp/xxmDFr6HWJKptY2TvHRDViXZugWpnAcOnrbORpOgZUGTn.", + pw_hash_passlib="$6$rounds=656000$PiGA3V2o$eaAfTU0e1iUFcQycB94otS66/hTgVj94VIAaDp9IJHagSQ.gZascQYOE5.RO87kSY52lJ1LoYX8LNVa2OG8/U/", + ), + ], + ids=_pw_hash_ids, +) +def password(request): + # Not testing blowfish as it is not available on most Linux distros + return request.param + + +@pytest.fixture(params=["crypto", "passlib"]) +def library(request): + with patch("salt.utils.pycrypto.HAS_CRYPT", request.param == "crypto"): + yield request.param + + +@pytest.fixture +def configure_loader_modules(): + return {shadow: {}} + + +def test_gen_password(password, library): + """ + Test shadow.gen_password + """ + if library == "passlib": + pw_hash = password.pw_hash_passlib + else: + pw_hash = password.pw_hash + assert ( + shadow.gen_password( + password.clear, + crypt_salt=password.pw_salt, + algorithm=password.algorithm, + ) + == pw_hash + ) + + +def test_set_password(): + """ + Test the corner case in which shadow.set_password is called for a user + that has an entry in /etc/passwd but not /etc/shadow. + """ + original_lines = [ + "foo:orighash:17955::::::\n", + "bar:somehash:17955::::::\n", + ] + + data = { + "/etc/shadow": "".join(original_lines), + "*": Exception("Attempted to open something other than /etc/shadow"), + } + isfile_mock = MagicMock( + side_effect=lambda x: True if x == "/etc/shadow" else DEFAULT + ) + password = "newhash" + shadow_info_mock = MagicMock(return_value={"passwd": password}) + + # + # CASE 1: Normal password change + # + user = "bar" + user_exists_mock = MagicMock( + side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT + ) + with patch( + "salt.utils.files.fopen", mock_open(read_data=data) + ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object( + shadow, "info", shadow_info_mock + ), patch.dict( + shadow.__salt__, {"cmd.retcode": user_exists_mock} + ), patch.dict( + shadow.__grains__, {"os": "CentOS"} + ): + assert shadow.set_password(user, password, use_usermod=False) + + filehandles = shadow_mock.filehandles["/etc/shadow"] + # We should only have opened twice, once to read the contents and once + # to write. + assert len(filehandles) == 2 + # We're rewriting the entire file + assert filehandles[1].mode == "w+" + # We should be calling writelines instead of write, to rewrite the + # entire file. + assert len(filehandles[1].writelines_calls) == 1 + # Make sure we wrote the correct info + lines = filehandles[1].writelines_calls[0] + # Should only have the same two users in the file + assert len(lines) == 2 + # The first line should be unchanged + assert lines[0] == original_lines[0] + # The second line should have the new password hash + assert lines[1].split(":")[:2] == [user, password] + + # + # CASE 2: Corner case: no /etc/shadow entry for user + # + user = "baz" + user_exists_mock = MagicMock( + side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT + ) + with patch( + "salt.utils.files.fopen", mock_open(read_data=data) + ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object( + shadow, "info", shadow_info_mock + ), patch.dict( + shadow.__salt__, {"cmd.retcode": user_exists_mock} + ), patch.dict( + shadow.__grains__, {"os": "CentOS"} + ): + assert shadow.set_password(user, password, use_usermod=False) + + filehandles = shadow_mock.filehandles["/etc/shadow"] + # We should only have opened twice, once to read the contents and once + # to write. + assert len(filehandles) == 2 + # We're just appending to the file, not rewriting + assert filehandles[1].mode == "a+" + # We should only have written to the file once + assert len(filehandles[1].write_calls) == 1 + # Make sure we wrote the correct info + assert filehandles[1].write_calls[0].split(":")[:2] == [user, password] + + +def test_info(password): + """ + Test if info shows the correct user information + """ + + # First test is with a succesful call + expected_result = [ + ("expire", -1), + ("inact", -1), + ("lstchg", 31337), + ("max", 99999), + ("min", 0), + ("name", "foo"), + ("passwd", password.pw_hash), + ("warn", 7), + ] + getspnam_return = spwd.struct_spwd( + ["foo", password.pw_hash, 31337, 0, 99999, 7, -1, -1, -1] + ) + with patch("spwd.getspnam", return_value=getspnam_return): + result = shadow.info("foo") + assert expected_result == sorted(result.items(), key=lambda x: x[0]) + + # The next two is for a non-existent user + expected_result = [ + ("expire", ""), + ("inact", ""), + ("lstchg", ""), + ("max", ""), + ("min", ""), + ("name", ""), + ("passwd", ""), + ("warn", ""), + ] + # We get KeyError exception for non-existent users in glibc based systems + getspnam_return = KeyError + with patch("spwd.getspnam", side_effect=getspnam_return): + result = shadow.info("foo") + assert expected_result == sorted(result.items(), key=lambda x: x[0]) + # And FileNotFoundError in musl based systems + getspnam_return = FileNotFoundError + with patch("spwd.getspnam", side_effect=getspnam_return): + result = shadow.info("foo") + assert expected_result == sorted(result.items(), key=lambda x: x[0]) + + +def test_set_password_malformed_shadow_entry(): + """ + Test that Salt will repair a malformed shadow entry (that is, one that + doesn't have the correct number of fields). + """ + original_lines = [ + "valid:s00persekr1thash:17955::::::\n", + "tooshort:orighash:17955:::::\n", + "toolong:orighash:17955:::::::\n", + ] + data = { + "/etc/shadow": "".join(original_lines), + "*": Exception("Attempted to open something other than /etc/shadow"), + } + isfile_mock = MagicMock( + side_effect=lambda x: True if x == "/etc/shadow" else DEFAULT + ) + password = "newhash" + shadow_info_mock = MagicMock(return_value={"passwd": password}) + + # + # CASE 1: Fix an entry with too few fields + # + user = "tooshort" + user_exists_mock = MagicMock( + side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT + ) + with patch( + "salt.utils.files.fopen", mock_open(read_data=data) + ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object( + shadow, "info", shadow_info_mock + ), patch.dict( + shadow.__salt__, {"cmd.retcode": user_exists_mock} + ), patch.dict( + shadow.__grains__, {"os": "CentOS"} + ): + assert shadow.set_password(user, password, use_usermod=False) + + filehandles = shadow_mock.filehandles["/etc/shadow"] + # We should only have opened twice, once to read the contents and once + # to write. + assert len(filehandles) == 2 + # We're rewriting the entire file + assert filehandles[1].mode == "w+" + # We should be calling writelines instead of write, to rewrite the + # entire file. + assert len(filehandles[1].writelines_calls) == 1 + # Make sure we wrote the correct info + lines = filehandles[1].writelines_calls[0] + # Should only have the same three users in the file + assert len(lines) == 3 + # The first and third line should be unchanged + assert lines[0] == original_lines[0] + assert lines[2] == original_lines[2] + # The second line should have the new password hash, and it should have + # gotten "fixed" by adding another colon. + fixed = lines[1].split(":") + assert fixed[:2] == [user, password] + assert len(fixed) == 9 + + # + # CASE 2: Fix an entry with too many fields + # + user = "toolong" + user_exists_mock = MagicMock( + side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT + ) + with patch( + "salt.utils.files.fopen", mock_open(read_data=data) + ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object( + shadow, "info", shadow_info_mock + ), patch.dict( + shadow.__salt__, {"cmd.retcode": user_exists_mock} + ), patch.dict( + shadow.__grains__, {"os": "CentOS"} + ): + assert shadow.set_password(user, password, use_usermod=False) + + filehandles = shadow_mock.filehandles["/etc/shadow"] + # We should only have opened twice, once to read the contents and once + # to write. + assert len(filehandles) == 2 + # We're rewriting the entire file + assert filehandles[1].mode == "w+" + # We should be calling writelines instead of write, to rewrite the + # entire file. + assert len(filehandles[1].writelines_calls) == 1 + # Make sure we wrote the correct info + lines = filehandles[1].writelines_calls[0] + # Should only have the same three users in the file + assert len(lines) == 3 + # The first and second line should be unchanged + assert lines[0] == original_lines[0] + assert lines[1] == original_lines[1] + # The third line should have the new password hash, and it should have + # gotten "fixed" by reducing it to 9 fields instead of 10. + fixed = lines[2].split(":") + assert fixed[:2] == [user, password] + assert len(fixed) == 9 + + +@pytest.mark.skip_if_not_root +def test_list_users(): + """ + Test if it returns a list of all users + """ + assert shadow.list_users() diff --git a/tests/unit/modules/test_linux_shadow.py b/tests/unit/modules/test_linux_shadow.py deleted file mode 100644 index ed5b962178ac..000000000000 --- a/tests/unit/modules/test_linux_shadow.py +++ /dev/null @@ -1,312 +0,0 @@ -""" - :codeauthor: Erik Johnson -""" -import textwrap - -import pytest - -from tests.support.mixins import LoaderModuleMockMixin -from tests.support.mock import DEFAULT, MagicMock, mock_open, patch -from tests.support.unit import TestCase - -try: - import spwd -except ImportError: - pass - -try: - import salt.modules.linux_shadow as shadow - - HAS_SHADOW = True -except ImportError: - HAS_SHADOW = False - -_PASSWORD = "lamepassword" - -# Not testing blowfish as it is not available on most Linux distros -_HASHES = dict( - md5=dict(pw_salt="TgIp9OTu", pw_hash="$1$TgIp9OTu$.d0FFP6jVi5ANoQmk6GpM1"), - sha256=dict( - pw_salt="3vINbSrC", - pw_hash="$5$3vINbSrC$hH8A04jAY3bG123yU4FQ0wvP678QDTvWBhHHFbz6j0D", - ), - sha512=dict( - pw_salt="PiGA3V2o", - pw_hash="$6$PiGA3V2o$/PrntRYufz49bRV/V5Eb1V6DdHaS65LB0fu73Tp/xxmDFr6HWJKptY2TvHRDViXZugWpnAcOnrbORpOgZUGTn.", - ), -) - - -@pytest.mark.skip_unless_on_linux -@pytest.mark.skipif(HAS_SHADOW is False, reason="shadow module is not available") -class LinuxShadowTest(TestCase, LoaderModuleMockMixin): - def setup_loader_modules(self): - return {shadow: {}} - - def test_gen_password(self): - """ - Test shadow.gen_password - """ - self.assertTrue(HAS_SHADOW) - for algorithm, hash_info in _HASHES.items(): - self.assertEqual( - shadow.gen_password( - _PASSWORD, crypt_salt=hash_info["pw_salt"], algorithm=algorithm - ), - hash_info["pw_hash"], - ) - - def test_set_password(self): - """ - Test the corner case in which shadow.set_password is called for a user - that has an entry in /etc/passwd but not /etc/shadow. - """ - original_file = textwrap.dedent( - """\ - foo:orighash:17955:::::: - bar:somehash:17955:::::: - """ - ) - original_lines = original_file.splitlines(True) - - data = { - "/etc/shadow": original_file, - "*": Exception("Attempted to open something other than /etc/shadow"), - } - isfile_mock = MagicMock( - side_effect=lambda x: True if x == "/etc/shadow" else DEFAULT - ) - password = "newhash" - shadow_info_mock = MagicMock(return_value={"passwd": password}) - - # - # CASE 1: Normal password change - # - user = "bar" - user_exists_mock = MagicMock( - side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT - ) - with patch( - "salt.utils.files.fopen", mock_open(read_data=data) - ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object( - shadow, "info", shadow_info_mock - ), patch.dict( - shadow.__salt__, {"cmd.retcode": user_exists_mock} - ), patch.dict( - shadow.__grains__, {"os": "CentOS"} - ): - result = shadow.set_password(user, password, use_usermod=False) - - assert result - filehandles = shadow_mock.filehandles["/etc/shadow"] - # We should only have opened twice, once to read the contents and once - # to write. - assert len(filehandles) == 2 - # We're rewriting the entire file - assert filehandles[1].mode == "w+" - # We should be calling writelines instead of write, to rewrite the - # entire file. - assert len(filehandles[1].writelines_calls) == 1 - # Make sure we wrote the correct info - lines = filehandles[1].writelines_calls[0] - # Should only have the same two users in the file - assert len(lines) == 2 - # The first line should be unchanged - assert lines[0] == original_lines[0] - # The second line should have the new password hash - assert lines[1].split(":")[:2] == [user, password] - - # - # CASE 2: Corner case: no /etc/shadow entry for user - # - user = "baz" - user_exists_mock = MagicMock( - side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT - ) - with patch( - "salt.utils.files.fopen", mock_open(read_data=data) - ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object( - shadow, "info", shadow_info_mock - ), patch.dict( - shadow.__salt__, {"cmd.retcode": user_exists_mock} - ), patch.dict( - shadow.__grains__, {"os": "CentOS"} - ): - result = shadow.set_password(user, password, use_usermod=False) - - assert result - filehandles = shadow_mock.filehandles["/etc/shadow"] - # We should only have opened twice, once to read the contents and once - # to write. - assert len(filehandles) == 2 - # We're just appending to the file, not rewriting - assert filehandles[1].mode == "a+" - # We should only have written to the file once - assert len(filehandles[1].write_calls) == 1 - # Make sure we wrote the correct info - assert filehandles[1].write_calls[0].split(":")[:2] == [user, password] - - def test_info(self): - """ - Test if info shows the correct user information - """ - - # First test is with a succesful call - expected_result = [ - ("expire", -1), - ("inact", -1), - ("lstchg", 31337), - ("max", 99999), - ("min", 0), - ("name", "foo"), - ("passwd", _HASHES["sha512"]["pw_hash"]), - ("warn", 7), - ] - getspnam_return = spwd.struct_spwd( - ["foo", _HASHES["sha512"]["pw_hash"], 31337, 0, 99999, 7, -1, -1, -1] - ) - with patch("spwd.getspnam", return_value=getspnam_return): - result = shadow.info("foo") - self.assertEqual( - expected_result, sorted(result.items(), key=lambda x: x[0]) - ) - - # The next two is for a non-existent user - expected_result = [ - ("expire", ""), - ("inact", ""), - ("lstchg", ""), - ("max", ""), - ("min", ""), - ("name", ""), - ("passwd", ""), - ("warn", ""), - ] - # We get KeyError exception for non-existent users in glibc based systems - getspnam_return = KeyError - with patch("spwd.getspnam", side_effect=getspnam_return): - result = shadow.info("foo") - self.assertEqual( - expected_result, sorted(result.items(), key=lambda x: x[0]) - ) - # And FileNotFoundError in musl based systems - getspnam_return = FileNotFoundError - with patch("spwd.getspnam", side_effect=getspnam_return): - result = shadow.info("foo") - self.assertEqual( - expected_result, sorted(result.items(), key=lambda x: x[0]) - ) - - @pytest.mark.skip_if_not_root - def test_set_password_malformed_shadow_entry(self): - """ - Test that Salt will repair a malformed shadow entry (that is, one that - doesn't have the correct number of fields). - """ - original_file = textwrap.dedent( - """\ - valid:s00persekr1thash:17955:::::: - tooshort:orighash:17955::::: - toolong:orighash:17955::::::: - """ - ) - original_lines = original_file.splitlines(True) - - data = { - "/etc/shadow": original_file, - "*": Exception("Attempted to open something other than /etc/shadow"), - } - isfile_mock = MagicMock( - side_effect=lambda x: True if x == "/etc/shadow" else DEFAULT - ) - password = "newhash" - shadow_info_mock = MagicMock(return_value={"passwd": password}) - - # - # CASE 1: Fix an entry with too few fields - # - user = "tooshort" - user_exists_mock = MagicMock( - side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT - ) - with patch( - "salt.utils.files.fopen", mock_open(read_data=data) - ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object( - shadow, "info", shadow_info_mock - ), patch.dict( - shadow.__salt__, {"cmd.retcode": user_exists_mock} - ), patch.dict( - shadow.__grains__, {"os": "CentOS"} - ): - result = shadow.set_password(user, password, use_usermod=False) - - assert result - filehandles = shadow_mock.filehandles["/etc/shadow"] - # We should only have opened twice, once to read the contents and once - # to write. - assert len(filehandles) == 2 - # We're rewriting the entire file - assert filehandles[1].mode == "w+" - # We should be calling writelines instead of write, to rewrite the - # entire file. - assert len(filehandles[1].writelines_calls) == 1 - # Make sure we wrote the correct info - lines = filehandles[1].writelines_calls[0] - # Should only have the same three users in the file - assert len(lines) == 3 - # The first and third line should be unchanged - assert lines[0] == original_lines[0] - assert lines[2] == original_lines[2] - # The second line should have the new password hash, and it should have - # gotten "fixed" by adding another colon. - fixed = lines[1].split(":") - assert fixed[:2] == [user, password] - assert len(fixed) == 9 - - # - # CASE 2: Fix an entry with too many fields - # - user = "toolong" - user_exists_mock = MagicMock( - side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT - ) - with patch( - "salt.utils.files.fopen", mock_open(read_data=data) - ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object( - shadow, "info", shadow_info_mock - ), patch.dict( - shadow.__salt__, {"cmd.retcode": user_exists_mock} - ), patch.dict( - shadow.__grains__, {"os": "CentOS"} - ): - result = shadow.set_password(user, password, use_usermod=False) - - assert result - filehandles = shadow_mock.filehandles["/etc/shadow"] - # We should only have opened twice, once to read the contents and once - # to write. - assert len(filehandles) == 2 - # We're rewriting the entire file - assert filehandles[1].mode == "w+" - # We should be calling writelines instead of write, to rewrite the - # entire file. - assert len(filehandles[1].writelines_calls) == 1 - # Make sure we wrote the correct info - lines = filehandles[1].writelines_calls[0] - # Should only have the same three users in the file - assert len(lines) == 3 - # The first and second line should be unchanged - assert lines[0] == original_lines[0] - assert lines[1] == original_lines[1] - # The third line should have the new password hash, and it should have - # gotten "fixed" by reducing it to 9 fields instead of 10. - fixed = lines[2].split(":") - assert fixed[:2] == [user, password] - assert len(fixed) == 9 - - @pytest.mark.skip_if_not_root - def test_list_users(self): - """ - Test if it returns a list of all users - """ - self.assertTrue(shadow.list_users()) From ff45cc0da7f707933609e32d8102a718f7280610 Mon Sep 17 00:00:00 2001 From: Frode Gundersen Date: Fri, 24 Feb 2023 21:47:07 +0000 Subject: [PATCH 05/46] migrate unit_states_test_network to pytest --- tests/pytests/unit/states/test_network.py | 269 ++++++++++++++++++++ tests/unit/states/test_network.py | 284 ---------------------- 2 files changed, 269 insertions(+), 284 deletions(-) create mode 100644 tests/pytests/unit/states/test_network.py delete mode 100644 tests/unit/states/test_network.py diff --git a/tests/pytests/unit/states/test_network.py b/tests/pytests/unit/states/test_network.py new file mode 100644 index 000000000000..5141ffbba3fe --- /dev/null +++ b/tests/pytests/unit/states/test_network.py @@ -0,0 +1,269 @@ +""" + :codeauthor: Rahul Handay + + Test cases for salt.states.network +""" + +import logging + +import pytest + +import salt.states.network as network +from tests.support.mock import MagicMock, patch + +log = logging.getLogger(__name__) + + +@pytest.fixture +def configure_loader_modules(): + return {network: {}} + + +class MockNetwork: + """ + Mock network class + """ + + def __init__(self): + pass + + @staticmethod + def interfaces(): + """ + Mock interface method + """ + ifaces = { + "salt": {"up": 1}, + "lo": {"up": 1, "inet": [{"label": "lo"}, {"label": "lo:alias1"}]}, + } + return ifaces + + +class MockGrains: + """ + Mock Grains class + """ + + def __init__(self): + pass + + @staticmethod + def grains(lis, bol): + """ + Mock grains method + """ + return {"A": "B"} + + +def test_managed(): + """ + Test to ensure that the named interface is configured properly + """ + with patch("salt.states.network.salt.utils.network", MockNetwork()), patch( + "salt.states.network.salt.loader", MockGrains() + ): + ret = {"name": "salt", "changes": {}, "result": False, "comment": ""} + + change = { + "interface": "--- \n+++ \n@@ -1 +1 @@\n-A\n+B", + "status": "Interface salt restart to validate", + } + + dunder_salt = { + "ip.get_interface": MagicMock( + side_effect=[AttributeError, "A", "A", "A", "A", "A"] + ), + "ip.build_interface": MagicMock(return_value="B"), + "saltutil.refresh_grains": MagicMock(return_value=True), + } + + with patch.dict(network.__salt__, dunder_salt): + with patch.dict( + network.__salt__, + {"ip.get_bond": MagicMock(side_effect=AttributeError)}, + ): + assert network.managed("salt", type="bond", test=True) == ret + + ret.update( + { + "comment": ( + "Interface salt is set to be" + " updated:\n--- \n+++ \n@@ -1 +1 @@\n-A\n+B" + ), + "result": None, + } + ) + assert network.managed("salt", type="stack", test=True) == ret + + ipupdown = MagicMock(return_value=True) + with patch.dict(network.__salt__, {"ip.down": ipupdown, "ip.up": ipupdown}): + ret.update( + { + "comment": "Interface salt updated.", + "result": True, + "changes": change, + } + ) + assert network.managed("salt", type="stack") == ret + + with patch.dict(network.__grains__, {"A": True}): + ret.update( + { + "result": True, + "changes": { + "interface": "--- \n+++ \n@@ -1 +1 @@\n-A\n+B", + "status": "Interface salt down", + }, + } + ) + assert network.managed("salt", type="stack", enabled=False) == ret + + mock = MagicMock(return_value=True) + with patch.dict(network.__salt__, {"ip.down": mock}): + with patch.dict( + network.__salt__, {"saltutil.refresh_modules": mock} + ): + change = { + "interface": "--- \n+++ \n@@ -1 +1 @@\n-A\n+B", + "status": "Interface lo:alias1 down", + } + ret.update( + { + "name": "lo:alias1", + "comment": "Interface lo:alias1 updated.", + "result": True, + "changes": change, + } + ) + assert ( + network.managed("lo:alias1", type="eth", enabled=False) + == ret + ) + + +def test_routes(): + """ + Test to manage network interface static routes. + """ + ret = {"name": "salt", "changes": {}, "result": False, "comment": ""} + + mock = MagicMock(side_effect=[AttributeError, False, False, "True", False, False]) + with patch.dict(network.__salt__, {"ip.get_routes": mock}): + assert network.routes("salt") == ret + + mock = MagicMock(side_effect=[False, True, "", True, True]) + with patch.dict(network.__salt__, {"ip.build_routes": mock}): + ret.update( + {"result": True, "comment": "Interface salt routes are up to date."} + ) + assert network.routes("salt", test="a") == ret + + ret.update( + { + "comment": "Interface salt routes are set to be added.", + "result": None, + } + ) + assert network.routes("salt", test="a") == ret + + ret.update( + { + "comment": ( + "Interface salt routes are set to be" + " updated:\n--- \n+++ \n@@ -1,4 +0,0 @@\n-T\n-r" + "\n-u\n-e" + ) + } + ) + assert network.routes("salt", test="a") == ret + + mock = MagicMock(side_effect=[AttributeError, True]) + with patch.dict(network.__salt__, {"ip.apply_network_settings": mock}): + ret.update( + { + "changes": {"network_routes": "Added interface salt routes."}, + "comment": "", + "result": False, + } + ) + assert network.routes("salt") == ret + + ret.update( + { + "changes": {"network_routes": "Added interface salt routes."}, + "comment": "Interface salt routes added.", + "result": True, + } + ) + assert network.routes("salt") == ret + + +def test_system(): + """ + Test to ensure that global network settings + are configured properly + """ + ret = {"name": "salt", "changes": {}, "result": False, "comment": ""} + + with patch.dict(network.__opts__, {"test": True}): + mock = MagicMock(side_effect=[AttributeError, False, False, "As"]) + with patch.dict(network.__salt__, {"ip.get_network_settings": mock}): + assert network.system("salt") == ret + + mock = MagicMock(side_effect=[False, True, ""]) + with patch.dict(network.__salt__, {"ip.build_network_settings": mock}): + ret.update( + { + "comment": "Global network settings are up to date.", + "result": True, + } + ) + assert network.system("salt") == ret + + ret.update( + { + "comment": "Global network settings are set to be added.", + "result": None, + } + ) + assert network.system("salt") == ret + + ret.update( + { + "comment": ( + "Global network settings are set to" + " be updated:\n--- \n+++ \n@@ -1,2 +0,0" + " @@\n-A\n-s" + ) + } + ) + assert network.system("salt") == ret + + with patch.dict(network.__opts__, {"test": False}): + mock = MagicMock(side_effect=[False, False]) + with patch.dict(network.__salt__, {"ip.get_network_settings": mock}): + mock = MagicMock(side_effect=[True, True]) + with patch.dict(network.__salt__, {"ip.build_network_settings": mock}): + mock = MagicMock(side_effect=[AttributeError, True]) + with patch.dict(network.__salt__, {"ip.apply_network_settings": mock}): + ret.update( + { + "changes": { + "network_settings": "Added global network settings." + }, + "comment": "", + "result": False, + } + ) + assert network.system("salt") == ret + + ret.update( + { + "changes": { + "network_settings": "Added global network settings." + }, + "comment": "Global network settings are up to date.", + "result": True, + } + ) + assert network.system("salt") == ret diff --git a/tests/unit/states/test_network.py b/tests/unit/states/test_network.py deleted file mode 100644 index 9d5ac33ce4e1..000000000000 --- a/tests/unit/states/test_network.py +++ /dev/null @@ -1,284 +0,0 @@ -""" - :codeauthor: Rahul Handay -""" - -import logging - -import salt.states.network as network -from tests.support.mixins import LoaderModuleMockMixin -from tests.support.mock import MagicMock, patch -from tests.support.unit import TestCase - -log = logging.getLogger(__name__) - - -class MockNetwork: - """ - Mock network class - """ - - def __init__(self): - pass - - @staticmethod - def interfaces(): - """ - Mock interface method - """ - ifaces = { - "salt": {"up": 1}, - "lo": {"up": 1, "inet": [{"label": "lo"}, {"label": "lo:alias1"}]}, - } - return ifaces - - -class MockGrains: - """ - Mock Grains class - """ - - def __init__(self): - pass - - @staticmethod - def grains(lis, bol): - """ - Mock grains method - """ - return {"A": "B"} - - -class NetworkTestCase(TestCase, LoaderModuleMockMixin): - """ - Validate the network state - """ - - def setup_loader_modules(self): - return {network: {}} - - def test_managed(self): - """ - Test to ensure that the named interface is configured properly - """ - with patch("salt.states.network.salt.utils.network", MockNetwork()), patch( - "salt.states.network.salt.loader", MockGrains() - ): - ret = {"name": "salt", "changes": {}, "result": False, "comment": ""} - - change = { - "interface": "--- \n+++ \n@@ -1 +1 @@\n-A\n+B", - "status": "Interface salt restart to validate", - } - - dunder_salt = { - "ip.get_interface": MagicMock( - side_effect=[AttributeError, "A", "A", "A", "A", "A"] - ), - "ip.build_interface": MagicMock(return_value="B"), - "saltutil.refresh_grains": MagicMock(return_value=True), - } - - with patch.dict(network.__salt__, dunder_salt): - with patch.dict( - network.__salt__, - {"ip.get_bond": MagicMock(side_effect=AttributeError)}, - ): - self.assertDictEqual( - network.managed("salt", type="bond", test=True), ret - ) - - ret.update( - { - "comment": ( - "Interface salt is set to be" - " updated:\n--- \n+++ \n@@ -1 +1 @@\n-A\n+B" - ), - "result": None, - } - ) - self.assertDictEqual( - network.managed("salt", type="stack", test=True), ret - ) - - ipupdown = MagicMock(return_value=True) - with patch.dict( - network.__salt__, {"ip.down": ipupdown, "ip.up": ipupdown} - ): - ret.update( - { - "comment": "Interface salt updated.", - "result": True, - "changes": change, - } - ) - self.assertDictEqual(network.managed("salt", type="stack"), ret) - - with patch.dict(network.__grains__, {"A": True}): - ret.update( - { - "result": True, - "changes": { - "interface": "--- \n+++ \n@@ -1 +1 @@\n-A\n+B", - "status": "Interface salt down", - }, - } - ) - self.assertDictEqual( - network.managed("salt", type="stack", enabled=False), ret - ) - - mock = MagicMock(return_value=True) - with patch.dict(network.__salt__, {"ip.down": mock}): - with patch.dict( - network.__salt__, {"saltutil.refresh_modules": mock} - ): - change = { - "interface": "--- \n+++ \n@@ -1 +1 @@\n-A\n+B", - "status": "Interface lo:alias1 down", - } - ret.update( - { - "name": "lo:alias1", - "comment": "Interface lo:alias1 updated.", - "result": True, - "changes": change, - } - ) - self.assertDictEqual( - network.managed("lo:alias1", type="eth", enabled=False), - ret, - ) - - def test_routes(self): - """ - Test to manage network interface static routes. - """ - ret = {"name": "salt", "changes": {}, "result": False, "comment": ""} - - mock = MagicMock( - side_effect=[AttributeError, False, False, "True", False, False] - ) - with patch.dict(network.__salt__, {"ip.get_routes": mock}): - self.assertDictEqual(network.routes("salt"), ret) - - mock = MagicMock(side_effect=[False, True, "", True, True]) - with patch.dict(network.__salt__, {"ip.build_routes": mock}): - ret.update( - {"result": True, "comment": "Interface salt routes are up to date."} - ) - self.assertDictEqual(network.routes("salt", test="a"), ret) - - ret.update( - { - "comment": "Interface salt routes are set to be added.", - "result": None, - } - ) - self.assertDictEqual(network.routes("salt", test="a"), ret) - - ret.update( - { - "comment": ( - "Interface salt routes are set to be" - " updated:\n--- \n+++ \n@@ -1,4 +0,0 @@\n-T\n-r" - "\n-u\n-e" - ) - } - ) - self.assertDictEqual(network.routes("salt", test="a"), ret) - - mock = MagicMock(side_effect=[AttributeError, True]) - with patch.dict(network.__salt__, {"ip.apply_network_settings": mock}): - ret.update( - { - "changes": { - "network_routes": "Added interface salt routes." - }, - "comment": "", - "result": False, - } - ) - self.assertDictEqual(network.routes("salt"), ret) - - ret.update( - { - "changes": { - "network_routes": "Added interface salt routes." - }, - "comment": "Interface salt routes added.", - "result": True, - } - ) - self.assertDictEqual(network.routes("salt"), ret) - - def test_system(self): - """ - Test to ensure that global network settings - are configured properly - """ - ret = {"name": "salt", "changes": {}, "result": False, "comment": ""} - - with patch.dict(network.__opts__, {"test": True}): - mock = MagicMock(side_effect=[AttributeError, False, False, "As"]) - with patch.dict(network.__salt__, {"ip.get_network_settings": mock}): - self.assertDictEqual(network.system("salt"), ret) - - mock = MagicMock(side_effect=[False, True, ""]) - with patch.dict(network.__salt__, {"ip.build_network_settings": mock}): - ret.update( - { - "comment": "Global network settings are up to date.", - "result": True, - } - ) - self.assertDictEqual(network.system("salt"), ret) - - ret.update( - { - "comment": "Global network settings are set to be added.", - "result": None, - } - ) - self.assertDictEqual(network.system("salt"), ret) - - ret.update( - { - "comment": ( - "Global network settings are set to" - " be updated:\n--- \n+++ \n@@ -1,2 +0,0" - " @@\n-A\n-s" - ) - } - ) - self.assertDictEqual(network.system("salt"), ret) - - with patch.dict(network.__opts__, {"test": False}): - mock = MagicMock(side_effect=[False, False]) - with patch.dict(network.__salt__, {"ip.get_network_settings": mock}): - mock = MagicMock(side_effect=[True, True]) - with patch.dict(network.__salt__, {"ip.build_network_settings": mock}): - mock = MagicMock(side_effect=[AttributeError, True]) - with patch.dict( - network.__salt__, {"ip.apply_network_settings": mock} - ): - ret.update( - { - "changes": { - "network_settings": "Added global network settings." - }, - "comment": "", - "result": False, - } - ) - self.assertDictEqual(network.system("salt"), ret) - - ret.update( - { - "changes": { - "network_settings": "Added global network settings." - }, - "comment": "Global network settings are up to date.", - "result": True, - } - ) - self.assertDictEqual(network.system("salt"), ret) From bfab76ee2a8ff99d7c527562dba453d0ad32d4ea Mon Sep 17 00:00:00 2001 From: Frode Gundersen Date: Fri, 24 Feb 2023 18:33:00 +0000 Subject: [PATCH 06/46] migrate unit_states_test_netconfig to pytest --- tests/pytests/unit/states/test_netconfig.py | 110 ++++++++++++++++++++ tests/unit/states/test_netconfig.py | 110 -------------------- 2 files changed, 110 insertions(+), 110 deletions(-) create mode 100644 tests/pytests/unit/states/test_netconfig.py delete mode 100644 tests/unit/states/test_netconfig.py diff --git a/tests/pytests/unit/states/test_netconfig.py b/tests/pytests/unit/states/test_netconfig.py new file mode 100644 index 000000000000..ac39f4736cdc --- /dev/null +++ b/tests/pytests/unit/states/test_netconfig.py @@ -0,0 +1,110 @@ +""" + :codeauthor: Gareth J. Greenaway + + Test cases for salt.states.netconfig +""" + +import pytest + +import salt.modules.napalm_network as net_mod +import salt.states.netconfig as netconfig +import salt.utils.files +from tests.support.mock import MagicMock, patch + + +@pytest.fixture +def configure_loader_modules(): + state_loader_globals = { + "__env__": "base", + "__salt__": {"net.replace_pattern": net_mod.replace_pattern}, + } + module_loader_globals = { + "__env__": "base", + "__salt__": { + "net.replace_pattern": net_mod.replace_pattern, + "net.load_config": net_mod.load_config, + }, + } + return {netconfig: state_loader_globals, net_mod: module_loader_globals} + + +def test_replace_pattern_test_is_true(): + """ + Test to replace_pattern to ensure that test=True + is being passed correctly. + """ + name = "name" + pattern = "OLD-POLICY-NAME" + repl = "new-policy-name" + + mock = MagicMock() + mock_net_replace_pattern = MagicMock() + mock_loaded_ret = MagicMock() + + with patch.dict(netconfig.__salt__, {"config.merge": mock}): + with patch.dict( + netconfig.__salt__, {"net.replace_pattern": mock_net_replace_pattern} + ): + with patch.object(salt.utils.napalm, "loaded_ret", mock_loaded_ret): + # Test if test=True is passed as argument to state.apply + with patch.dict(netconfig.__opts__, {"test": True}): + netconfig.replace_pattern(name, pattern, repl) + + # Get the args and kwargs from the mocked call net.replace_pattern + args, kwargs = mock_net_replace_pattern.call_args_list[0] + + # Verify that the keyword argument is True + assert kwargs["test"] + + # Get the args and kwargs from the mocked call to salt.utils.napalm.loaded_ret + args, kwargs = mock_loaded_ret.call_args_list[0] + + # Verify that the third positional argument is True + assert args[2] + + # Test if test=True is passed as argument to state directly + netconfig.replace_pattern(name, pattern, repl, test=True) + + # Get the args and kwargs from the mocked call net.replace_pattern + args, kwargs = mock_net_replace_pattern.call_args_list[0] + + # Verify that the keyword argument is True + assert kwargs["test"] + + # Get the args and kwargs from the mocked call to salt.utils.napalm.loaded_ret + args, kwargs = mock_loaded_ret.call_args_list[0] + + # Verify that the third positional argument is True + assert args[2] + + +def test_managed_test_is_true(): + """ + Test to managed to ensure that test=True + is being passed correctly. + """ + name = "name" + + mock = MagicMock() + mock_update_config = MagicMock() + + with patch.dict(netconfig.__salt__, {"config.merge": mock}): + with patch.object(netconfig, "_update_config", mock_update_config): + # Test if test=True is passed as argument to state.apply + with patch.dict(netconfig.__opts__, {"test": True}): + netconfig.managed(name) + + # Get the args and kwargs from the mocked call net.replace_pattern + args, kwargs = mock_update_config.call_args_list[0] + + # Verify that the keyword argument is True + assert kwargs["test"] + + # Test if test=True is passed as argument to state directly + netconfig.managed(name, test=True) + + # Get the args and kwargs from the mocked call net.replace_pattern + args, kwargs = mock_update_config.call_args_list[0] + + # Verify that the keyword argument is True + assert kwargs["test"] diff --git a/tests/unit/states/test_netconfig.py b/tests/unit/states/test_netconfig.py deleted file mode 100644 index 3d2cf83df9ef..000000000000 --- a/tests/unit/states/test_netconfig.py +++ /dev/null @@ -1,110 +0,0 @@ -""" - :codeauthor: Gareth J. Greenaway -""" - -import salt.modules.napalm_network as net_mod -import salt.states.netconfig as netconfig -import salt.utils.files -from tests.support.mixins import LoaderModuleMockMixin -from tests.support.mock import MagicMock, patch -from tests.support.unit import TestCase - - -class NetconfigTestCase(TestCase, LoaderModuleMockMixin): - """ - Test cases for salt.states.netconfig - """ - - def setup_loader_modules(self): - state_loader_globals = { - "__env__": "base", - "__salt__": {"net.replace_pattern": net_mod.replace_pattern}, - } - module_loader_globals = { - "__env__": "base", - "__salt__": { - "net.replace_pattern": net_mod.replace_pattern, - "net.load_config": net_mod.load_config, - }, - } - return {netconfig: state_loader_globals, net_mod: module_loader_globals} - - def test_replace_pattern_test_is_true(self): - """ - Test to replace_pattern to ensure that test=True - is being passed correctly. - """ - name = "name" - pattern = "OLD-POLICY-NAME" - repl = "new-policy-name" - - mock = MagicMock() - mock_net_replace_pattern = MagicMock() - mock_loaded_ret = MagicMock() - - with patch.dict(netconfig.__salt__, {"config.merge": mock}): - with patch.dict( - netconfig.__salt__, {"net.replace_pattern": mock_net_replace_pattern} - ): - with patch.object(salt.utils.napalm, "loaded_ret", mock_loaded_ret): - # Test if test=True is passed as argument to state.apply - with patch.dict(netconfig.__opts__, {"test": True}): - netconfig.replace_pattern(name, pattern, repl) - - # Get the args and kwargs from the mocked call net.replace_pattern - args, kwargs = mock_net_replace_pattern.call_args_list[0] - - # Verify that the keyword argument is True - self.assertTrue(kwargs["test"]) - - # Get the args and kwargs from the mocked call to salt.utils.napalm.loaded_ret - args, kwargs = mock_loaded_ret.call_args_list[0] - - # Verify that the third positional argument is True - self.assertTrue(args[2]) - - # Test if test=True is passed as argument to state directly - netconfig.replace_pattern(name, pattern, repl, test=True) - - # Get the args and kwargs from the mocked call net.replace_pattern - args, kwargs = mock_net_replace_pattern.call_args_list[0] - - # Verify that the keyword argument is True - self.assertTrue(kwargs["test"]) - - # Get the args and kwargs from the mocked call to salt.utils.napalm.loaded_ret - args, kwargs = mock_loaded_ret.call_args_list[0] - - # Verify that the third positional argument is True - self.assertTrue(args[2]) - - def test_managed_test_is_true(self): - """ - Test to managed to ensure that test=True - is being passed correctly. - """ - name = "name" - - mock = MagicMock() - mock_update_config = MagicMock() - - with patch.dict(netconfig.__salt__, {"config.merge": mock}): - with patch.object(netconfig, "_update_config", mock_update_config): - # Test if test=True is passed as argument to state.apply - with patch.dict(netconfig.__opts__, {"test": True}): - netconfig.managed(name) - - # Get the args and kwargs from the mocked call net.replace_pattern - args, kwargs = mock_update_config.call_args_list[0] - - # Verify that the keyword argument is True - self.assertTrue(kwargs["test"]) - - # Test if test=True is passed as argument to state directly - netconfig.managed(name, test=True) - - # Get the args and kwargs from the mocked call net.replace_pattern - args, kwargs = mock_update_config.call_args_list[0] - - # Verify that the keyword argument is True - self.assertTrue(kwargs["test"]) From 4d45693bfe1523cf4bbb79da6000f859344a881b Mon Sep 17 00:00:00 2001 From: MKLeb Date: Thu, 2 Mar 2023 12:09:04 -0500 Subject: [PATCH 07/46] Move the initial system package build logic to tools --- .github/actions/build-onedir-deps/action.yml | 2 +- .github/workflows/build-deb-packages.yml | 33 +- .github/workflows/build-macos-packages.yml | 16 +- .github/workflows/build-rpm-packages.yml | 28 +- .github/workflows/build-windows-packages.yml | 10 +- tools/__init__.py | 1 + tools/pkgbuild.py | 307 +++++++++++++++++++ 7 files changed, 330 insertions(+), 67 deletions(-) create mode 100644 tools/pkgbuild.py diff --git a/.github/actions/build-onedir-deps/action.yml b/.github/actions/build-onedir-deps/action.yml index 42b93a024e27..2aff9df12088 100644 --- a/.github/actions/build-onedir-deps/action.yml +++ b/.github/actions/build-onedir-deps/action.yml @@ -50,7 +50,7 @@ runs: python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" python3 -m relenv create --arch=${{ inputs.arch }} --python=${{ inputs.python-version }} artifacts/${{ inputs.package-name }} - - name: Get Ondir Python Version + - name: Get Onedir Python Version id: get-python-version if: steps.onedir-pkg-cache.outputs.cache-hit != 'true' uses: ./.github/actions/get-python-version diff --git a/.github/workflows/build-deb-packages.yml b/.github/workflows/build-deb-packages.yml index b5d5885b98c8..a2cbe74160da 100644 --- a/.github/workflows/build-deb-packages.yml +++ b/.github/workflows/build-deb-packages.yml @@ -28,9 +28,6 @@ jobs: steps: - uses: actions/checkout@v3 - with: - path: - pkgs/checkout/ - name: Download Onedir Tarball as an Artifact uses: actions/download-artifact@v3 @@ -38,38 +35,24 @@ jobs: name: salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz path: pkgs/checkout/artifacts/ - - name: Download System Dependencies - run: | - apt update - apt install -y python3 python3-venv python3-pip build-essential devscripts debhelper bash-completion git - - name: Download Release Patch uses: actions/download-artifact@v3 with: name: salt-${{ inputs.salt-version }}.patch path: pkgs/checkout/ - - name: Configure Git - shell: bash - run: | - git config --global user.name "Salt Project Packaging" - git config --global user.email saltproject-packaging@vmware.com + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts - - name: Apply Release Patch - shell: bash - run: | - cd pkgs/checkout/ - git am --committer-date-is-author-date salt-${{ inputs.salt-version }}.patch - rm salt-${{ inputs.salt-version }}.patch + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ inputs.salt-version }}" - name: Build Deb - env: - SALT_ONEDIR_ARCHIVE: "${{ github.workspace }}/pkgs/checkout/artifacts/salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz" run: | - cd pkgs/checkout/ - echo "${{ inputs.salt-version }}" > salt/_version.txt - ln -sf pkg/debian/ . - debuild -e SALT_ONEDIR_ARCHIVE -uc -us + tools pkg build deb --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ github.workspace }}/pkgs/checkout - name: Cleanup run: | diff --git a/.github/workflows/build-macos-packages.yml b/.github/workflows/build-macos-packages.yml index f7278ffe8f8a..4bf5d315e959 100644 --- a/.github/workflows/build-macos-packages.yml +++ b/.github/workflows/build-macos-packages.yml @@ -39,21 +39,11 @@ jobs: uses: actions/download-artifact@v3 with: name: salt-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz + path: artifacts/ - - name: Decompress Onedir Tarball + - name: Build MacOS Package run: | - mkdir -p artifacts - cd artifacts - tar xvf ${{ github.workspace }}/salt-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz - cd ${{ github.workspace }} - mkdir -p pkg/macos/build/opt - cp -Rp artifacts/salt pkg/macos/build/opt/ - - - name: Build Package - run: | - cd pkg/macos - ./prep_salt.sh - sudo ./package.sh -n ${{ inputs.salt-version }} + tools pkg build macos --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ github.workspace }} - name: Upload ${{ matrix.arch }} Package uses: actions/upload-artifact@v3 diff --git a/.github/workflows/build-rpm-packages.yml b/.github/workflows/build-rpm-packages.yml index 941d55495c6d..79c401a310c4 100644 --- a/.github/workflows/build-rpm-packages.yml +++ b/.github/workflows/build-rpm-packages.yml @@ -32,11 +32,6 @@ jobs: steps: - uses: actions/checkout@v3 - - name: Download System Dependencies - run: | - yum -y update - yum -y install python3 python3-pip openssl git rpmdevtools rpmlint systemd-units libxcrypt-compat git - - name: Download Onedir Tarball as an Artifact uses: actions/download-artifact@v3 with: @@ -48,25 +43,18 @@ jobs: with: name: salt-${{ inputs.salt-version }}.patch - - name: Configure Git - shell: bash - run: | - git config --global user.name "Salt Project Packaging" - git config --global user.email saltproject-packaging@vmware.com - git config --global --add safe.directory "$(pwd)" + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts - - name: Apply Release Patch - shell: bash - run: | - git am --committer-date-is-author-date salt-${{ inputs.salt-version }}.patch - rm salt-${{ inputs.salt-version }}.patch + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ inputs.salt-version }}" - name: Build RPM - env: - SALT_ONEDIR_ARCHIVE: "${{ github.workspace }}/artifacts/salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz" run: | - echo "${{ inputs.salt-version }}" > salt/_version.txt - rpmbuild -bb --define="_salt_src $(pwd)" "$(pwd)/pkg/rpm/salt.spec" + tools pkg build rpm --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ github.workspace }} - name: Upload RPMs uses: actions/upload-artifact@v3 diff --git a/.github/workflows/build-windows-packages.yml b/.github/workflows/build-windows-packages.yml index 9a480dc86e23..fb4330b2d411 100644 --- a/.github/workflows/build-windows-packages.yml +++ b/.github/workflows/build-windows-packages.yml @@ -42,15 +42,9 @@ jobs: with: name: salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip - - name: Decompress Onedir Zipfile + - name: Build Windows Packages run: | - py -3 -m zipfile -e salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip pkg/windows/ - mv pkg/windows/salt pkg/windows/buildenv - - - name: Build Package - shell: powershell - run: | - & pkg/windows/build.cmd -Architecture ${{ matrix.arch }} -Version ${{ inputs.salt-version }} -CICD -SkipInstall + tools pkg build windows --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ github.workspace }} - name: Upload ${{ matrix.arch }} Packages uses: actions/upload-artifact@v3 diff --git a/tools/__init__.py b/tools/__init__.py index 429e1d5afb0d..3ef4b15bae2b 100644 --- a/tools/__init__.py +++ b/tools/__init__.py @@ -7,6 +7,7 @@ ptscripts.register_tools_module("tools.docs") ptscripts.register_tools_module("tools.pkg") ptscripts.register_tools_module("tools.pkgrepo") +ptscripts.register_tools_module("tools.pkgbuild") ptscripts.register_tools_module("tools.pre_commit") ptscripts.register_tools_module("tools.release") ptscripts.register_tools_module("tools.vm") diff --git a/tools/pkgbuild.py b/tools/pkgbuild.py new file mode 100644 index 000000000000..94ab4b728462 --- /dev/null +++ b/tools/pkgbuild.py @@ -0,0 +1,307 @@ +""" +These commands are used to build the salt onedir and system packages. +""" +# pylint: disable=resource-leakage,broad-except +from __future__ import annotations + +import logging +import os +import pathlib +import shutil +import tarfile +import zipfile +from typing import TYPE_CHECKING + +from ptscripts import Context, command_group + +import tools.pkg +import tools.utils + +log = logging.getLogger(__name__) + +# Define the command group +build = command_group( + name="build", + help="Packaging Repository Related Commands", + description=__doc__, + parent=tools.pkg.pkg, +) + + +@build.command( + name="deb", + arguments={ + "salt_version": { + "help": ( + "The salt version for which to build the repository configuration files. " + "If not passed, it will be discovered by running 'python3 salt/version.py'." + ), + "required": True, + }, + "arch": { + "help": "The architecture to build the package for", + "choices": ("x86_64", "aarch64"), + "required": True, + }, + "checkout_root": { + "help": "The root of the salt checkout", + "required": True, + }, + "use_existing_onedir": { + "help": "Overwrite 'salt/_version.txt' if it already exists", + }, + }, +) +def debian( + ctx: Context, + salt_version: str = None, + arch: str = None, + checkout_root: str = None, + use_existing_onedir: bool = True, +): + """ + Build the deb package. + """ + if TYPE_CHECKING: + assert salt_version is not None + assert arch is not None + assert checkout_root is not None + + checkout = pathlib.Path(checkout_root) + onedir_artifact = ( + checkout / "artifacts" / f"salt-{salt_version}-onedir-linux-{arch}.tar.xz" + ) + patch = checkout / f"salt-{salt_version }.patch" + kwargs = {} if not use_existing_onedir else {"onedir_artifact": onedir_artifact} + _check_pkg_build_files_exist(ctx, checkout=checkout, patch=patch, **kwargs) + + _configure_git(ctx, checkout) + with ctx.chdir(checkout): + _apply_release_patch(ctx, patch) + _set_onedir_location_in_environment(ctx, onedir_artifact, use_existing_onedir) + + ctx.run("ln", "-sf", "pkg/debian/", ".") + ctx.run("debuild", "-e", "SALT_ONEDIR_ARCHIVE", "-uc", "-us") + + ctx.info("Done") + + +@build.command( + name="rpm", + arguments={ + "salt_version": { + "help": ( + "The salt version for which to build the repository configuration files. " + "If not passed, it will be discovered by running 'python3 salt/version.py'." + ), + "required": True, + }, + "arch": { + "help": "The architecture to build the package for", + "choices": ("x86_64", "aarch64"), + "required": True, + }, + "checkout_root": { + "help": "The root of the salt checkout", + "required": True, + }, + "use_existing_onedir": { + "help": "Overwrite 'salt/_version.txt' if it already exists", + }, + }, +) +def rpm( + ctx: Context, + salt_version: str = None, + arch: str = None, + checkout_root: str = None, + use_existing_onedir: bool = True, +): + """ + Build the RPM package. + """ + if TYPE_CHECKING: + assert salt_version is not None + assert arch is not None + assert checkout_root is not None + + checkout = pathlib.Path(checkout_root) + onedir_artifact = ( + checkout / "artifacts" / f"salt-{salt_version}-onedir-linux-{arch}.tar.xz" + ) + patch = checkout / f"salt-{salt_version }.patch" + kwargs = {} if not use_existing_onedir else {"onedir_artifact": onedir_artifact} + _check_pkg_build_files_exist(ctx, checkout=checkout, patch=patch, **kwargs) + + _configure_git(ctx, checkout) + with ctx.chdir(checkout): + _apply_release_patch(ctx, patch) + _set_onedir_location_in_environment(ctx, onedir_artifact, use_existing_onedir) + + spec_file = checkout / "pkg" / "rpm" / "salt.spec" + ctx.run("rpmbuild", "-bb", f"--define=_salt_src {checkout}", str(spec_file)) + + ctx.info("Done") + + +@build.command( + name="macos", + arguments={ + "salt_version": { + "help": ( + "The salt version for which to build the repository configuration files. " + "If not passed, it will be discovered by running 'python3 salt/version.py'." + ), + "required": True, + }, + "arch": { + "help": "The architecture to build the package for", + "choices": ("x86_64", "aarch64"), + "required": True, + }, + "checkout_root": { + "help": "The root of the salt checkout", + "required": True, + }, + }, +) +def macos( + ctx: Context, + salt_version: str = None, + arch: str = None, + checkout_root: str = None, +): + """ + Build the macOS package. + """ + if TYPE_CHECKING: + assert salt_version is not None + assert arch is not None + assert checkout_root is not None + + checkout = pathlib.Path(checkout_root) + onedir_artifact = ( + checkout / "artifacts" / f"salt-{salt_version}-onedir-darwin-{arch}.tar.xz" + ) + _check_pkg_build_files_exist( + ctx, checkout=checkout, onedir_artifact=onedir_artifact + ) + + build_root = checkout / "pkg" / "macos" / "build" / "opt" + build_root.mkdir(parents=True, exist_ok=True) + ctx.info(f"Extracting the onedir artifact to {build_root}") + with tarfile.open(str(onedir_artifact)) as tarball: + with ctx.chdir(onedir_artifact.parent): + tarball.extractall(path=build_root) + + ctx.info("Building the macos package") + with ctx.chdir(checkout / "pkg" / "macos"): + ctx.run("./prep_salt.sh") + ctx.run("sudo", "./package.sh", "-n", salt_version) + + ctx.info("Done") + + +@build.command( + name="windows", + arguments={ + "salt_version": { + "help": ( + "The salt version for which to build the repository configuration files. " + "If not passed, it will be discovered by running 'python3 salt/version.py'." + ), + "required": True, + }, + "arch": { + "help": "The architecture to build the package for", + "choices": ("x86_64", "aarch64"), + "required": True, + }, + "checkout_root": { + "help": "The root of the salt checkout", + "required": True, + }, + }, +) +def windows( + ctx: Context, + salt_version: str = None, + arch: str = None, + checkout_root: str = None, +): + """ + Build the Windows package. + """ + if TYPE_CHECKING: + assert salt_version is not None + assert arch is not None + assert checkout_root is not None + + checkout = pathlib.Path(checkout_root) + onedir_artifact = ( + checkout / "artifacts" / f"salt-{salt_version}-onedir-windows-{arch}.zip" + ) + _check_pkg_build_files_exist( + ctx, checkout=checkout, onedir_artifact=onedir_artifact + ) + + unzip_dir = checkout / "pkg" / "windows" + ctx.info(f"Unzipping the onedir artifact to {unzip_dir}") + with zipfile.ZipFile(onedir_artifact, mode="r") as archive: + archive.extractall(unzip_dir) + + move_dir = unzip_dir / "salt" + build_env = unzip_dir / "buildenv" + _check_pkg_build_files_exist(ctx, move_dir=move_dir) + + ctx.info(f"Moving {move_dir} directory to the build environment in {build_env}") + shutil.move(move_dir, build_env) + + ctx.info("Building the windows package") + ctx.run( + "powershell.exe", + "&", + "pkg/windows/build.cmd", + "-Architecture", + arch, + "-Version", + salt_version, + "-CICD", + "-SkipInstall", + ) + + ctx.info("Done") + + +def _check_pkg_build_files_exist(ctx: Context, **kwargs): + for name, path in kwargs.items(): + if not path.exists(): + ctx.error(f"The path {path} does not exist, {name} is not valid... exiting") + ctx.exit(1) + + +def _set_onedir_location_in_environment( + ctx: Context, onedir_artifact: pathlib.Path, use_existing_onedir: bool +): + if use_existing_onedir: + ctx.info( + f"Building the package using the onedir artifact {str(onedir_artifact)}" + ) + os.environ["SALT_ONEDIR_ARCHIVE"] = str(onedir_artifact) + else: + ctx.info(f"Building the package from the source files") + + +def _apply_release_patch(ctx: Context, patch: pathlib.Path): + ctx.info("Applying the release patch") + ctx.run("git", "am", "--committer-date-is-author-date", patch.name) + patch.unlink() + + +def _configure_git(ctx: Context, checkout: pathlib.Path): + ctx.info("Setting name and email in git global config") + ctx.run("git", "config", "--global", "user.name", "'Salt Project Packaging'") + ctx.run( + "git", "config", "--global", "user.email", "saltproject-packaging@vmware.com" + ) + ctx.run("git", "config", "--global", "--add", "safe.directory", str(checkout)) From 719fa0d9017b4ab8226b006cc374b7d4af15e285 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Thu, 2 Mar 2023 12:20:33 -0500 Subject: [PATCH 08/46] Checkout to the correct directory for the debian packages --- .github/workflows/build-deb-packages.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build-deb-packages.yml b/.github/workflows/build-deb-packages.yml index a2cbe74160da..cfd027c58742 100644 --- a/.github/workflows/build-deb-packages.yml +++ b/.github/workflows/build-deb-packages.yml @@ -28,6 +28,9 @@ jobs: steps: - uses: actions/checkout@v3 + with: + path: + pkgs/checkout/ - name: Download Onedir Tarball as an Artifact uses: actions/download-artifact@v3 From a0e355349f109c185a0407d25cbaadd51b6b3767 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Thu, 2 Mar 2023 14:48:50 -0500 Subject: [PATCH 09/46] Give the correct choices for windows arch values --- tools/pkgbuild.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/pkgbuild.py b/tools/pkgbuild.py index 94ab4b728462..52902b95de0f 100644 --- a/tools/pkgbuild.py +++ b/tools/pkgbuild.py @@ -214,7 +214,7 @@ def macos( }, "arch": { "help": "The architecture to build the package for", - "choices": ("x86_64", "aarch64"), + "choices": ("x86", "amd64"), "required": True, }, "checkout_root": { From 599c8e54557aada8d15831425112cbf5fa022623 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Thu, 2 Mar 2023 14:52:34 -0500 Subject: [PATCH 10/46] The workspace is different when running in containers, it's actually `GITHUB_WORKSPACE` --- .github/workflows/build-deb-packages.yml | 2 +- .github/workflows/build-rpm-packages.yml | 2 +- .github/workflows/build-windows-packages.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-deb-packages.yml b/.github/workflows/build-deb-packages.yml index cfd027c58742..ff590dc5e10a 100644 --- a/.github/workflows/build-deb-packages.yml +++ b/.github/workflows/build-deb-packages.yml @@ -55,7 +55,7 @@ jobs: - name: Build Deb run: | - tools pkg build deb --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ github.workspace }}/pkgs/checkout + tools pkg build deb --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ env.GITHUB_WORKSPACE }}/pkgs/checkout - name: Cleanup run: | diff --git a/.github/workflows/build-rpm-packages.yml b/.github/workflows/build-rpm-packages.yml index 79c401a310c4..8932e0a32aa2 100644 --- a/.github/workflows/build-rpm-packages.yml +++ b/.github/workflows/build-rpm-packages.yml @@ -54,7 +54,7 @@ jobs: - name: Build RPM run: | - tools pkg build rpm --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ github.workspace }} + tools pkg build rpm --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ env.GITHUB_WORKSPACE }} - name: Upload RPMs uses: actions/upload-artifact@v3 diff --git a/.github/workflows/build-windows-packages.yml b/.github/workflows/build-windows-packages.yml index fb4330b2d411..6834e6894f35 100644 --- a/.github/workflows/build-windows-packages.yml +++ b/.github/workflows/build-windows-packages.yml @@ -44,7 +44,7 @@ jobs: - name: Build Windows Packages run: | - tools pkg build windows --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ github.workspace }} + tools pkg build windows --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ env.GITHUB_WORKSPACE }} - name: Upload ${{ matrix.arch }} Packages uses: actions/upload-artifact@v3 From 254bcfeb99d844cfb8d7f45875be0ebee31fcc15 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Thu, 2 Mar 2023 15:07:55 -0500 Subject: [PATCH 11/46] Allow running the `setup-python-tools-scripts` action in the checkout path if it is not the cwd --- .github/actions/setup-python-tools-scripts/action.yml | 9 +++++++++ .github/workflows/build-deb-packages.yml | 2 ++ 2 files changed, 11 insertions(+) diff --git a/.github/actions/setup-python-tools-scripts/action.yml b/.github/actions/setup-python-tools-scripts/action.yml index 7091c104bdb8..9415ba3bea02 100644 --- a/.github/actions/setup-python-tools-scripts/action.yml +++ b/.github/actions/setup-python-tools-scripts/action.yml @@ -2,6 +2,13 @@ name: setup-python-tools-scripts description: Setup 'python-tools-scripts' +inputs: + checkout-dir: + required: false + type: string + description: The directory the salt checkout is located in + default: "." + outputs: version: value: ${{ steps.get-version.outputs.version }} @@ -25,12 +32,14 @@ runs: - name: Install 'python-tools-scripts' shell: bash + working-directory: ${{ inputs.checkout-dir }} run: | python3 -m pip install -r requirements/static/ci/py${{ steps.get-python-version.outputs.version }}/tools.txt - name: Get 'python-tools-scripts' Version id: get-version shell: bash + working-directory: ${{ inputs.checkout-dir }} run: | VERSION=$(tools --version) echo "version=$VERSION" >> "${GITHUB_OUTPUT}" diff --git a/.github/workflows/build-deb-packages.yml b/.github/workflows/build-deb-packages.yml index ff590dc5e10a..2eefdbdbdbc6 100644 --- a/.github/workflows/build-deb-packages.yml +++ b/.github/workflows/build-deb-packages.yml @@ -46,6 +46,8 @@ jobs: - name: Setup Python Tools Scripts uses: ./.github/actions/setup-python-tools-scripts + with: + checkout-dir: pkgs/checkout/ - name: Setup Salt Version id: setup-salt-version From c6e27f64b0506f3894802437bf7dbb703badc2c1 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Mon, 6 Mar 2023 15:49:02 -0500 Subject: [PATCH 12/46] Refactor tools logic for package building to just take in the artifact names --- .../setup-python-tools-scripts/action.yml | 7 +- .github/workflows/build-deb-packages.yml | 15 +- .github/workflows/build-macos-packages.yml | 8 +- .github/workflows/build-rpm-packages.yml | 7 +- .github/workflows/build-windows-packages.yml | 9 +- tools/pkgbuild.py | 172 ++++++------------ 6 files changed, 90 insertions(+), 128 deletions(-) diff --git a/.github/actions/setup-python-tools-scripts/action.yml b/.github/actions/setup-python-tools-scripts/action.yml index 9415ba3bea02..dcd46feb2b0f 100644 --- a/.github/actions/setup-python-tools-scripts/action.yml +++ b/.github/actions/setup-python-tools-scripts/action.yml @@ -3,8 +3,7 @@ name: setup-python-tools-scripts description: Setup 'python-tools-scripts' inputs: - checkout-dir: - required: false + cwd: type: string description: The directory the salt checkout is located in default: "." @@ -32,14 +31,14 @@ runs: - name: Install 'python-tools-scripts' shell: bash - working-directory: ${{ inputs.checkout-dir }} + working-directory: ${{ inputs.cwd }} run: | python3 -m pip install -r requirements/static/ci/py${{ steps.get-python-version.outputs.version }}/tools.txt - name: Get 'python-tools-scripts' Version id: get-version shell: bash - working-directory: ${{ inputs.checkout-dir }} + working-directory: ${{ inputs.cwd }} run: | VERSION=$(tools --version) echo "version=$VERSION" >> "${GITHUB_OUTPUT}" diff --git a/.github/workflows/build-deb-packages.yml b/.github/workflows/build-deb-packages.yml index 2eefdbdbdbc6..3f36b83e3fa7 100644 --- a/.github/workflows/build-deb-packages.yml +++ b/.github/workflows/build-deb-packages.yml @@ -32,6 +32,11 @@ jobs: path: pkgs/checkout/ + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + - name: Download Onedir Tarball as an Artifact uses: actions/download-artifact@v3 with: @@ -45,19 +50,21 @@ jobs: path: pkgs/checkout/ - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts + uses: ./pkgs/checkout/.github/actions/setup-python-tools-scripts with: - checkout-dir: pkgs/checkout/ + cwd: pkgs/checkout/ - name: Setup Salt Version id: setup-salt-version - uses: ./.github/actions/setup-salt-version + uses: ./pkgs/checkout/.github/actions/setup-salt-version with: salt-version: "${{ inputs.salt-version }}" + cwd: pkgs/checkout/ - name: Build Deb + working-directory: pkgs/checkout/ run: | - tools pkg build deb --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ env.GITHUB_WORKSPACE }}/pkgs/checkout + tools pkg build deb --onedir salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz --patch salt-${{ inputs.salt-version }}.patch - name: Cleanup run: | diff --git a/.github/workflows/build-macos-packages.yml b/.github/workflows/build-macos-packages.yml index 4bf5d315e959..47b93189cc00 100644 --- a/.github/workflows/build-macos-packages.yml +++ b/.github/workflows/build-macos-packages.yml @@ -22,9 +22,11 @@ jobs: - macos-12 steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 with: - python-version: 3.9 + python-version: "3.10" - name: Setup Python Tools Scripts uses: ./.github/actions/setup-python-tools-scripts @@ -43,7 +45,7 @@ jobs: - name: Build MacOS Package run: | - tools pkg build macos --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ github.workspace }} + tools pkg build macos --onedir salt-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz --salt-version ${{ inputs.salt-version }} - name: Upload ${{ matrix.arch }} Package uses: actions/upload-artifact@v3 diff --git a/.github/workflows/build-rpm-packages.yml b/.github/workflows/build-rpm-packages.yml index 8932e0a32aa2..f40b9cd308c0 100644 --- a/.github/workflows/build-rpm-packages.yml +++ b/.github/workflows/build-rpm-packages.yml @@ -32,6 +32,11 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + - name: Download Onedir Tarball as an Artifact uses: actions/download-artifact@v3 with: @@ -54,7 +59,7 @@ jobs: - name: Build RPM run: | - tools pkg build rpm --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ env.GITHUB_WORKSPACE }} + tools pkg build rpm --onedir salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz --patch salt-${{ inputs.salt-version }}.patch - name: Upload RPMs uses: actions/upload-artifact@v3 diff --git a/.github/workflows/build-windows-packages.yml b/.github/workflows/build-windows-packages.yml index 6834e6894f35..82b06c112232 100644 --- a/.github/workflows/build-windows-packages.yml +++ b/.github/workflows/build-windows-packages.yml @@ -24,9 +24,11 @@ jobs: - windows-latest steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 with: - python-version: 3.9 + python-version: "3.10" - name: Setup Python Tools Scripts uses: ./.github/actions/setup-python-tools-scripts @@ -41,10 +43,11 @@ jobs: uses: actions/download-artifact@v3 with: name: salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip + path: artifacts/ - name: Build Windows Packages run: | - tools pkg build windows --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} --checkout-root ${{ env.GITHUB_WORKSPACE }} + tools pkg build windows --onedir salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} - name: Upload ${{ matrix.arch }} Packages uses: actions/upload-artifact@v3 diff --git a/tools/pkgbuild.py b/tools/pkgbuild.py index 52902b95de0f..06b8fb53c9e9 100644 --- a/tools/pkgbuild.py +++ b/tools/pkgbuild.py @@ -22,7 +22,7 @@ # Define the command group build = command_group( name="build", - help="Packaging Repository Related Commands", + help="Package build related commands.", description=__doc__, parent=tools.pkg.pkg, ) @@ -31,57 +31,42 @@ @build.command( name="deb", arguments={ - "salt_version": { - "help": ( - "The salt version for which to build the repository configuration files. " - "If not passed, it will be discovered by running 'python3 salt/version.py'." - ), - "required": True, + "onedir": { + "help": "The name of the onedir artifact, if given it should be under artifacts/", }, - "arch": { - "help": "The architecture to build the package for", - "choices": ("x86_64", "aarch64"), - "required": True, - }, - "checkout_root": { - "help": "The root of the salt checkout", - "required": True, + "patch": { + "help": "The name of the patch artifact, if given it should be under the root of the checkout", }, "use_existing_onedir": { - "help": "Overwrite 'salt/_version.txt' if it already exists", + "help": "Whether to build using the existing onedir or not", }, }, ) def debian( ctx: Context, - salt_version: str = None, - arch: str = None, - checkout_root: str = None, + onedir: str | None = None, # pylint: disable=bad-whitespace + patch: str | None = None, # pylint: disable=bad-whitespace use_existing_onedir: bool = True, ): """ Build the deb package. """ - if TYPE_CHECKING: - assert salt_version is not None - assert arch is not None - assert checkout_root is not None - - checkout = pathlib.Path(checkout_root) - onedir_artifact = ( - checkout / "artifacts" / f"salt-{salt_version}-onedir-linux-{arch}.tar.xz" - ) - patch = checkout / f"salt-{salt_version }.patch" - kwargs = {} if not use_existing_onedir else {"onedir_artifact": onedir_artifact} - _check_pkg_build_files_exist(ctx, checkout=checkout, patch=patch, **kwargs) + checkout = pathlib.Path.cwd() + if use_existing_onedir: + assert onedir is not None + assert patch is not None + onedir_artifact = checkout / "artifacts" / onedir + patch_artifact = checkout / patch + _check_pkg_build_files_exist( + ctx, patch_artifact=patch_artifact, onedir_artifact=onedir_artifact + ) _configure_git(ctx, checkout) - with ctx.chdir(checkout): - _apply_release_patch(ctx, patch) - _set_onedir_location_in_environment(ctx, onedir_artifact, use_existing_onedir) + _apply_release_patch(ctx, patch_artifact) + _set_onedir_location_in_environment(ctx, onedir_artifact, use_existing_onedir) - ctx.run("ln", "-sf", "pkg/debian/", ".") - ctx.run("debuild", "-e", "SALT_ONEDIR_ARCHIVE", "-uc", "-us") + ctx.run("ln", "-sf", "pkg/debian/", ".") + ctx.run("debuild", "-e", "SALT_ONEDIR_ARCHIVE", "-uc", "-us") ctx.info("Done") @@ -89,57 +74,42 @@ def debian( @build.command( name="rpm", arguments={ - "salt_version": { - "help": ( - "The salt version for which to build the repository configuration files. " - "If not passed, it will be discovered by running 'python3 salt/version.py'." - ), - "required": True, + "onedir": { + "help": "The name of the onedir artifact, if given it should be under artifacts/", }, - "arch": { - "help": "The architecture to build the package for", - "choices": ("x86_64", "aarch64"), - "required": True, - }, - "checkout_root": { - "help": "The root of the salt checkout", - "required": True, + "patch": { + "help": "The name of the patch artifact, if given it should be under the root of the checkout", }, "use_existing_onedir": { - "help": "Overwrite 'salt/_version.txt' if it already exists", + "help": "Whether to build using the existing onedir or not", }, }, ) def rpm( ctx: Context, - salt_version: str = None, - arch: str = None, - checkout_root: str = None, + onedir: str | None = None, # pylint: disable=bad-whitespace + patch: str | None = None, # pylint: disable=bad-whitespace use_existing_onedir: bool = True, ): """ Build the RPM package. """ - if TYPE_CHECKING: - assert salt_version is not None - assert arch is not None - assert checkout_root is not None - - checkout = pathlib.Path(checkout_root) - onedir_artifact = ( - checkout / "artifacts" / f"salt-{salt_version}-onedir-linux-{arch}.tar.xz" - ) - patch = checkout / f"salt-{salt_version }.patch" - kwargs = {} if not use_existing_onedir else {"onedir_artifact": onedir_artifact} - _check_pkg_build_files_exist(ctx, checkout=checkout, patch=patch, **kwargs) + checkout = pathlib.Path.cwd() + if use_existing_onedir: + assert onedir is not None + assert patch is not None + onedir_artifact = checkout / "artifacts" / onedir + patch_artifact = checkout / patch + _check_pkg_build_files_exist( + ctx, patch_artifact=patch_artifact, onedir_artifact=onedir_artifact + ) _configure_git(ctx, checkout) - with ctx.chdir(checkout): - _apply_release_patch(ctx, patch) - _set_onedir_location_in_environment(ctx, onedir_artifact, use_existing_onedir) + _apply_release_patch(ctx, patch_artifact) + _set_onedir_location_in_environment(ctx, onedir_artifact, use_existing_onedir) - spec_file = checkout / "pkg" / "rpm" / "salt.spec" - ctx.run("rpmbuild", "-bb", f"--define=_salt_src {checkout}", str(spec_file)) + spec_file = checkout / "pkg" / "rpm" / "salt.spec" + ctx.run("rpmbuild", "-bb", f"--define=_salt_src {checkout}", str(spec_file)) ctx.info("Done") @@ -147,6 +117,10 @@ def rpm( @build.command( name="macos", arguments={ + "onedir": { + "help": "The name of the onedir artifact, if given it should be under artifacts/", + "required": True, + }, "salt_version": { "help": ( "The salt version for which to build the repository configuration files. " @@ -154,38 +128,19 @@ def rpm( ), "required": True, }, - "arch": { - "help": "The architecture to build the package for", - "choices": ("x86_64", "aarch64"), - "required": True, - }, - "checkout_root": { - "help": "The root of the salt checkout", - "required": True, - }, }, ) -def macos( - ctx: Context, - salt_version: str = None, - arch: str = None, - checkout_root: str = None, -): +def macos(ctx: Context, onedir: str = None, salt_version: str = None): """ Build the macOS package. """ if TYPE_CHECKING: + assert onedir is not None assert salt_version is not None - assert arch is not None - assert checkout_root is not None - checkout = pathlib.Path(checkout_root) - onedir_artifact = ( - checkout / "artifacts" / f"salt-{salt_version}-onedir-darwin-{arch}.tar.xz" - ) - _check_pkg_build_files_exist( - ctx, checkout=checkout, onedir_artifact=onedir_artifact - ) + checkout = pathlib.Path.cwd() + onedir_artifact = checkout / "artifacts" / onedir + _check_pkg_build_files_exist(ctx, onedir_artifact=onedir_artifact) build_root = checkout / "pkg" / "macos" / "build" / "opt" build_root.mkdir(parents=True, exist_ok=True) @@ -205,6 +160,10 @@ def macos( @build.command( name="windows", arguments={ + "onedir": { + "help": "The name of the onedir artifact, if given it should be under artifacts/", + "required": True, + }, "salt_version": { "help": ( "The salt version for which to build the repository configuration files. " @@ -212,38 +171,25 @@ def macos( ), "required": True, }, - "arch": { - "help": "The architecture to build the package for", - "choices": ("x86", "amd64"), - "required": True, - }, - "checkout_root": { - "help": "The root of the salt checkout", - "required": True, - }, }, ) def windows( ctx: Context, + onedir: str = None, salt_version: str = None, arch: str = None, - checkout_root: str = None, ): """ Build the Windows package. """ if TYPE_CHECKING: + assert onedir is not None assert salt_version is not None assert arch is not None - assert checkout_root is not None - checkout = pathlib.Path(checkout_root) - onedir_artifact = ( - checkout / "artifacts" / f"salt-{salt_version}-onedir-windows-{arch}.zip" - ) - _check_pkg_build_files_exist( - ctx, checkout=checkout, onedir_artifact=onedir_artifact - ) + checkout = pathlib.Path.cwd() + onedir_artifact = checkout / "artifacts" / onedir + _check_pkg_build_files_exist(ctx, onedir_artifact=onedir_artifact) unzip_dir = checkout / "pkg" / "windows" ctx.info(f"Unzipping the onedir artifact to {unzip_dir}") From 946f530b27e7c3e8532e1a8573d1ccfaad213bb2 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Mon, 6 Mar 2023 16:34:06 -0500 Subject: [PATCH 13/46] Factor out git configuration and applying the release patch to their own tools commands --- .../actions/build-source-tarball/action.yml | 6 +- .github/workflows/build-deb-packages.yml | 10 ++++ .github/workflows/build-rpm-packages.yml | 8 +++ tools/pkg.py | 45 ++++++++++++++ tools/pkgbuild.py | 60 +++++++------------ 5 files changed, 86 insertions(+), 43 deletions(-) diff --git a/.github/actions/build-source-tarball/action.yml b/.github/actions/build-source-tarball/action.yml index b1e0c27f496f..3312f5b3291c 100644 --- a/.github/actions/build-source-tarball/action.yml +++ b/.github/actions/build-source-tarball/action.yml @@ -32,14 +32,12 @@ runs: - name: Configure Git shell: bash run: | - git config --global user.name "Salt Project Packaging" - git config --global user.email saltproject-packaging@vmware.com + tools pkg configure-git - name: Apply Release Patch shell: bash run: | - git am --committer-date-is-author-date salt-${{ inputs.salt-version }}.patch - rm salt-${{ inputs.salt-version }}.patch + tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete - name: Create Source Tarball shell: bash diff --git a/.github/workflows/build-deb-packages.yml b/.github/workflows/build-deb-packages.yml index 3f36b83e3fa7..13f48d65e815 100644 --- a/.github/workflows/build-deb-packages.yml +++ b/.github/workflows/build-deb-packages.yml @@ -61,6 +61,16 @@ jobs: salt-version: "${{ inputs.salt-version }}" cwd: pkgs/checkout/ + - name: Configure Git + working-directory: pkgs/checkout/ + run: | + tools pkg configure-git + + - name: Apply release patch + working-directory: pkgs/checkout/ + run: | + tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete + - name: Build Deb working-directory: pkgs/checkout/ run: | diff --git a/.github/workflows/build-rpm-packages.yml b/.github/workflows/build-rpm-packages.yml index f40b9cd308c0..df924b4397c2 100644 --- a/.github/workflows/build-rpm-packages.yml +++ b/.github/workflows/build-rpm-packages.yml @@ -57,6 +57,14 @@ jobs: with: salt-version: "${{ inputs.salt-version }}" + - name: Configure Git + run: | + tools pkg configure-git + + - name: Apply release patch + run: | + tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete + - name: Build RPM run: | tools pkg build rpm --onedir salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz --patch salt-${{ inputs.salt-version }}.patch diff --git a/tools/pkg.py b/tools/pkg.py index fc1edea711d8..9730b552999a 100644 --- a/tools/pkg.py +++ b/tools/pkg.py @@ -429,3 +429,48 @@ def pypi_upload(ctx: Context, files: list[pathlib.Path], test: bool = False): if ret.returncode: ctx.error(ret.stderr.strip().decode()) ctx.exit(ret.returncode) + + +@pkg.command( + name="configure-git", + arguments={ + "user": { + "help": "The git global username", + "required": False, + }, + "email": { + "help": "The git global email", + "required": False, + }, + }, +) +def configure_git( + ctx: Context, + user: str = "Salt Project Packaging", + email: str = "saltproject-packaging@vmware.com", +): + cwd = pathlib.Path.cwd() + ctx.info("Setting name and email in git global config") + ctx.run("git", "config", "--global", "user.name", f"'{user}'") + ctx.run("git", "config", "--global", "user.email", f"{email}") + ctx.info(f"Adding {str(cwd)} as a safe directory") + ctx.run("git", "config", "--global", "--add", "safe.directory", str(cwd)) + + +@pkg.command( + name="apply-release-patch", + arguments={ + "patch": {"help": "The git global username"}, + "delete": { + "help": "Whether to delete the patch after applying", + "required": False, + }, + }, +) +def apply_release_patch(ctx: Context, patch: pathlib.Path, delete: bool = False): + patch = patch.resolve() + ctx.info("Applying the release patch") + ctx.run("git", "am", "--committer-date-is-author-date", patch.name) + if delete: + ctx.info("Deleting the release patch because --delete was passed") + patch.unlink() diff --git a/tools/pkgbuild.py b/tools/pkgbuild.py index 06b8fb53c9e9..615e2e35c7fc 100644 --- a/tools/pkgbuild.py +++ b/tools/pkgbuild.py @@ -44,8 +44,8 @@ ) def debian( ctx: Context, - onedir: str | None = None, # pylint: disable=bad-whitespace - patch: str | None = None, # pylint: disable=bad-whitespace + onedir: str = None, # pylint: disable=bad-whitespace + patch: str = None, # pylint: disable=bad-whitespace use_existing_onedir: bool = True, ): """ @@ -60,10 +60,12 @@ def debian( _check_pkg_build_files_exist( ctx, patch_artifact=patch_artifact, onedir_artifact=onedir_artifact ) - - _configure_git(ctx, checkout) - _apply_release_patch(ctx, patch_artifact) - _set_onedir_location_in_environment(ctx, onedir_artifact, use_existing_onedir) + ctx.info( + f"Building the package using the onedir artifact {str(onedir_artifact)}" + ) + os.environ["SALT_ONEDIR_ARCHIVE"] = str(onedir_artifact) + else: + ctx.info(f"Building the package from the source files") ctx.run("ln", "-sf", "pkg/debian/", ".") ctx.run("debuild", "-e", "SALT_ONEDIR_ARCHIVE", "-uc", "-us") @@ -87,8 +89,8 @@ def debian( ) def rpm( ctx: Context, - onedir: str | None = None, # pylint: disable=bad-whitespace - patch: str | None = None, # pylint: disable=bad-whitespace + onedir: str = None, # pylint: disable=bad-whitespace + patch: str = None, # pylint: disable=bad-whitespace use_existing_onedir: bool = True, ): """ @@ -103,10 +105,12 @@ def rpm( _check_pkg_build_files_exist( ctx, patch_artifact=patch_artifact, onedir_artifact=onedir_artifact ) - - _configure_git(ctx, checkout) - _apply_release_patch(ctx, patch_artifact) - _set_onedir_location_in_environment(ctx, onedir_artifact, use_existing_onedir) + ctx.info( + f"Building the package using the onedir artifact {str(onedir_artifact)}" + ) + os.environ["SALT_ONEDIR_ARCHIVE"] = str(onedir_artifact) + else: + ctx.info(f"Building the package from the source files") spec_file = checkout / "pkg" / "rpm" / "salt.spec" ctx.run("rpmbuild", "-bb", f"--define=_salt_src {checkout}", str(spec_file)) @@ -171,6 +175,11 @@ def macos(ctx: Context, onedir: str = None, salt_version: str = None): ), "required": True, }, + "arch": { + "help": "The architecture to build the package for", + "choices": ("x86_64", "aarch64"), + "required": True, + }, }, ) def windows( @@ -224,30 +233,3 @@ def _check_pkg_build_files_exist(ctx: Context, **kwargs): if not path.exists(): ctx.error(f"The path {path} does not exist, {name} is not valid... exiting") ctx.exit(1) - - -def _set_onedir_location_in_environment( - ctx: Context, onedir_artifact: pathlib.Path, use_existing_onedir: bool -): - if use_existing_onedir: - ctx.info( - f"Building the package using the onedir artifact {str(onedir_artifact)}" - ) - os.environ["SALT_ONEDIR_ARCHIVE"] = str(onedir_artifact) - else: - ctx.info(f"Building the package from the source files") - - -def _apply_release_patch(ctx: Context, patch: pathlib.Path): - ctx.info("Applying the release patch") - ctx.run("git", "am", "--committer-date-is-author-date", patch.name) - patch.unlink() - - -def _configure_git(ctx: Context, checkout: pathlib.Path): - ctx.info("Setting name and email in git global config") - ctx.run("git", "config", "--global", "user.name", "'Salt Project Packaging'") - ctx.run( - "git", "config", "--global", "user.email", "saltproject-packaging@vmware.com" - ) - ctx.run("git", "config", "--global", "--add", "safe.directory", str(checkout)) From 4b41329137b24be0d5e32e88c861976de01c2d7e Mon Sep 17 00:00:00 2001 From: MKLeb Date: Mon, 6 Mar 2023 16:42:46 -0500 Subject: [PATCH 14/46] Configure git and apply the release patch using tools for the docs builds --- .github/workflows/build-docs.yml | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml index 8546f096337c..27ec2ee83bf0 100644 --- a/.github/workflows/build-docs.yml +++ b/.github/workflows/build-docs.yml @@ -39,19 +39,6 @@ jobs: with: name: salt-${{ inputs.salt-version }}.patch - - name: Configure Git - shell: bash - run: | - git config --global user.name "Salt Project Packaging" - git config --global user.email saltproject-packaging@vmware.com - git config --global --add safe.directory "$(pwd)" - - - name: Apply Release Patch - shell: bash - run: | - git am --committer-date-is-author-date salt-${{ inputs.salt-version }}.patch - rm salt-${{ inputs.salt-version }}.patch - - name: Get Python Version id: get-python-version uses: ./.github/actions/get-python-version @@ -62,6 +49,16 @@ jobs: id: python-tools-scripts uses: ./.github/actions/setup-python-tools-scripts + - name: Configure Git + working-directory: pkgs/checkout/ + run: | + tools pkg configure-git + + - name: Apply release patch + working-directory: pkgs/checkout/ + run: | + tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete + - name: Cache Python Tools Docs Virtualenv id: tools-venvs-dependencies-cache uses: actions/cache@v3 From c211bf7baab9be2086c5ee0c2b9b979550cad823 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Mon, 6 Mar 2023 18:30:46 -0500 Subject: [PATCH 15/46] revert python 3.10 setup from package build steps --- .github/workflows/build-deb-packages.yml | 5 ----- .github/workflows/build-macos-packages.yml | 6 ++---- .github/workflows/build-rpm-packages.yml | 5 ----- .github/workflows/build-windows-packages.yml | 6 ++---- tools/pkgbuild.py | 2 +- 5 files changed, 5 insertions(+), 19 deletions(-) diff --git a/.github/workflows/build-deb-packages.yml b/.github/workflows/build-deb-packages.yml index 13f48d65e815..2a9b24a18bee 100644 --- a/.github/workflows/build-deb-packages.yml +++ b/.github/workflows/build-deb-packages.yml @@ -32,11 +32,6 @@ jobs: path: pkgs/checkout/ - - name: Set up Python 3.10 - uses: actions/setup-python@v4 - with: - python-version: "3.10" - - name: Download Onedir Tarball as an Artifact uses: actions/download-artifact@v3 with: diff --git a/.github/workflows/build-macos-packages.yml b/.github/workflows/build-macos-packages.yml index 47b93189cc00..24c45a6c7e24 100644 --- a/.github/workflows/build-macos-packages.yml +++ b/.github/workflows/build-macos-packages.yml @@ -22,11 +22,9 @@ jobs: - macos-12 steps: - uses: actions/checkout@v3 - - - name: Set up Python 3.10 - uses: actions/setup-python@v4 + - uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: 3.9 - name: Setup Python Tools Scripts uses: ./.github/actions/setup-python-tools-scripts diff --git a/.github/workflows/build-rpm-packages.yml b/.github/workflows/build-rpm-packages.yml index df924b4397c2..2e2edb8856f4 100644 --- a/.github/workflows/build-rpm-packages.yml +++ b/.github/workflows/build-rpm-packages.yml @@ -32,11 +32,6 @@ jobs: steps: - uses: actions/checkout@v3 - - name: Set up Python 3.10 - uses: actions/setup-python@v4 - with: - python-version: "3.10" - - name: Download Onedir Tarball as an Artifact uses: actions/download-artifact@v3 with: diff --git a/.github/workflows/build-windows-packages.yml b/.github/workflows/build-windows-packages.yml index 82b06c112232..b30150a575fa 100644 --- a/.github/workflows/build-windows-packages.yml +++ b/.github/workflows/build-windows-packages.yml @@ -24,11 +24,9 @@ jobs: - windows-latest steps: - uses: actions/checkout@v3 - - - name: Set up Python 3.10 - uses: actions/setup-python@v4 + - uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: 3.9 - name: Setup Python Tools Scripts uses: ./.github/actions/setup-python-tools-scripts diff --git a/tools/pkgbuild.py b/tools/pkgbuild.py index 615e2e35c7fc..a38e7185ae13 100644 --- a/tools/pkgbuild.py +++ b/tools/pkgbuild.py @@ -177,7 +177,7 @@ def macos(ctx: Context, onedir: str = None, salt_version: str = None): }, "arch": { "help": "The architecture to build the package for", - "choices": ("x86_64", "aarch64"), + "choices": ("x86", "amd64"), "required": True, }, }, From cc35e3845daaddfdebd94d1fcee5de6e537c3a2d Mon Sep 17 00:00:00 2001 From: MKLeb Date: Mon, 6 Mar 2023 20:04:00 -0500 Subject: [PATCH 16/46] Add initial onedir dependencies command --- tools/pkgbuild.py | 75 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/tools/pkgbuild.py b/tools/pkgbuild.py index a38e7185ae13..5c7c6e39d977 100644 --- a/tools/pkgbuild.py +++ b/tools/pkgbuild.py @@ -228,6 +228,81 @@ def windows( ctx.info("Done") +@build.command( + name="onedir-dependencies", + arguments={ + "arch": { + "help": "The architecture to build the package for", + "choices": ("x86_64", "aarch64"), + "required": True, + }, + "python_version": { + "help": "The version of python to create an environment for using relenv", + "required": True, + }, + "package_name": { + "help": "The name of the relenv environment to be created under artifacts/", + "required": True, + }, + "platform": { + "help": "The platform the relenv environment is being created on", + "required": True, + }, + }, +) +def onedir_dependencies( + ctx: Context, + arch: str = None, + python_version: str = None, + package_name: str = None, + platform: str = None, +): + """ + Create a relenv environment with the onedir dependencies installed. + """ + if TYPE_CHECKING: + assert arch is not None + assert python_version is not None + assert package_name is not None + + # We import relenv here because it is not a hard requirement for the rest of the tools commands + try: + from relenv.create import create + except ImportError: + ctx.exit(1, "Relenv not installed in the current environment.") + + artifacts_dir = pathlib.Path("artifacts").resolve() + artifacts_dir.mkdir(exist_ok=True) + dest = artifacts_dir / package_name + + create(dest, arch=arch, version=python_version) + + if platform == "windows": + python_bin = dest / "Scripts" / "python" + pip_bin = dest / "Scripts" / "pip" + no_binary = [] + else: + python_bin = dest / "bin" / "python3" + pip_bin = dest / "bin" / "pip3" + no_binary = ["--no-binary=':all:'"] + + version_info = ctx.run( + str(python_bin), + "-c", + "import sys; print('{}.{}'.format(*sys.version_info))", + capture=True, + ) + requirements_version = version_info.stdout.strip().decode() + requirements_file = pathlib.Path( + "requirements", "static", "pkg", f"py{requirements_version}", f"{platform}.txt" + ) + + ctx.run(str(pip_bin), "install", "-U", "wheel") + ctx.run(str(pip_bin), "install", "-U", "pip>=22.3.1,<23.0") + ctx.run(str(pip_bin), "install", "-U", "setuptools>=65.6.3,<66") + ctx.run(str(pip_bin), "install", "-r", str(requirements_file), *no_binary) + + def _check_pkg_build_files_exist(ctx: Context, **kwargs): for name, path in kwargs.items(): if not path.exists(): From f4761fea307da7727d5ad4d410023ce6cc8062cb Mon Sep 17 00:00:00 2001 From: MKLeb Date: Tue, 7 Mar 2023 13:22:00 -0500 Subject: [PATCH 17/46] Run the get-python-version action inside setup-python-tools-scripts in the correct directory --- .github/actions/setup-python-tools-scripts/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-python-tools-scripts/action.yml b/.github/actions/setup-python-tools-scripts/action.yml index dcd46feb2b0f..bde264477989 100644 --- a/.github/actions/setup-python-tools-scripts/action.yml +++ b/.github/actions/setup-python-tools-scripts/action.yml @@ -25,7 +25,7 @@ runs: - name: Get Python Version id: get-python-version - uses: ./.github/actions/get-python-version + uses: ${{ inputs.cwd }}/.github/actions/get-python-version with: python-binary: python3 From 35a91e713b7cac566426bedb25778038ffbda975 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Tue, 7 Mar 2023 13:24:31 -0500 Subject: [PATCH 18/46] remove all references to the patch in the build steps and add a note about relenv needing to be installed for building the onedir dependencies --- tools/pkgbuild.py | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/tools/pkgbuild.py b/tools/pkgbuild.py index 5c7c6e39d977..5ac30140e2b9 100644 --- a/tools/pkgbuild.py +++ b/tools/pkgbuild.py @@ -34,9 +34,6 @@ "onedir": { "help": "The name of the onedir artifact, if given it should be under artifacts/", }, - "patch": { - "help": "The name of the patch artifact, if given it should be under the root of the checkout", - }, "use_existing_onedir": { "help": "Whether to build using the existing onedir or not", }, @@ -45,7 +42,6 @@ def debian( ctx: Context, onedir: str = None, # pylint: disable=bad-whitespace - patch: str = None, # pylint: disable=bad-whitespace use_existing_onedir: bool = True, ): """ @@ -54,12 +50,8 @@ def debian( checkout = pathlib.Path.cwd() if use_existing_onedir: assert onedir is not None - assert patch is not None onedir_artifact = checkout / "artifacts" / onedir - patch_artifact = checkout / patch - _check_pkg_build_files_exist( - ctx, patch_artifact=patch_artifact, onedir_artifact=onedir_artifact - ) + _check_pkg_build_files_exist(ctx, onedir_artifact=onedir_artifact) ctx.info( f"Building the package using the onedir artifact {str(onedir_artifact)}" ) @@ -79,9 +71,6 @@ def debian( "onedir": { "help": "The name of the onedir artifact, if given it should be under artifacts/", }, - "patch": { - "help": "The name of the patch artifact, if given it should be under the root of the checkout", - }, "use_existing_onedir": { "help": "Whether to build using the existing onedir or not", }, @@ -90,7 +79,6 @@ def debian( def rpm( ctx: Context, onedir: str = None, # pylint: disable=bad-whitespace - patch: str = None, # pylint: disable=bad-whitespace use_existing_onedir: bool = True, ): """ @@ -99,12 +87,8 @@ def rpm( checkout = pathlib.Path.cwd() if use_existing_onedir: assert onedir is not None - assert patch is not None onedir_artifact = checkout / "artifacts" / onedir - patch_artifact = checkout / patch - _check_pkg_build_files_exist( - ctx, patch_artifact=patch_artifact, onedir_artifact=onedir_artifact - ) + _check_pkg_build_files_exist(ctx, onedir_artifact=onedir_artifact) ctx.info( f"Building the package using the onedir artifact {str(onedir_artifact)}" ) @@ -259,6 +243,8 @@ def onedir_dependencies( ): """ Create a relenv environment with the onedir dependencies installed. + + NOTE: relenv needs to be installed into your environment and builds and toolchains (linux) fetched. """ if TYPE_CHECKING: assert arch is not None From 2676db097e79db0309c2dde196a8e61414f769a7 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Tue, 7 Mar 2023 13:56:22 -0500 Subject: [PATCH 19/46] Bump python-tools-scripts to 0.12.0 --- requirements/static/ci/py3.10/tools.txt | 2 +- requirements/static/ci/py3.9/tools.txt | 2 +- requirements/static/ci/tools.in | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/static/ci/py3.10/tools.txt b/requirements/static/ci/py3.10/tools.txt index ae921eb91f10..5b8e881d9374 100644 --- a/requirements/static/ci/py3.10/tools.txt +++ b/requirements/static/ci/py3.10/tools.txt @@ -36,7 +36,7 @@ pygments==2.13.0 # via rich python-dateutil==2.8.2 # via botocore -python-tools-scripts==0.11.1 +python-tools-scripts==0.12.0 # via -r requirements/static/ci/tools.in pyyaml==6.0 # via -r requirements/static/ci/tools.in diff --git a/requirements/static/ci/py3.9/tools.txt b/requirements/static/ci/py3.9/tools.txt index dd9c8e7e006c..99126e4d9923 100644 --- a/requirements/static/ci/py3.9/tools.txt +++ b/requirements/static/ci/py3.9/tools.txt @@ -36,7 +36,7 @@ pygments==2.13.0 # via rich python-dateutil==2.8.2 # via botocore -python-tools-scripts==0.11.1 +python-tools-scripts==0.12.0 # via -r requirements/static/ci/tools.in pyyaml==6.0 # via -r requirements/static/ci/tools.in diff --git a/requirements/static/ci/tools.in b/requirements/static/ci/tools.in index 08f134ab202a..519d59d17e6d 100644 --- a/requirements/static/ci/tools.in +++ b/requirements/static/ci/tools.in @@ -1,4 +1,4 @@ -python-tools-scripts >= 0.11.1 +python-tools-scripts >= 0.12.0 attrs boto3 pyyaml From b9f8caa51ea153fc861fb16c5c52e480ea7df21c Mon Sep 17 00:00:00 2001 From: MKLeb Date: Tue, 7 Mar 2023 14:42:58 -0500 Subject: [PATCH 20/46] Move packaging commands to a subdirectory --- .pre-commit-config.yaml | 2 +- tools/__init__.py | 4 ++-- tools/{pkg.py => pkg/__init__.py} | 0 tools/{pkgbuild.py => pkg/build.py} | 5 +---- tools/{pkgrepo.py => pkg/repo.py} | 2 +- 5 files changed, 5 insertions(+), 8 deletions(-) rename tools/{pkg.py => pkg/__init__.py} (100%) rename tools/{pkgbuild.py => pkg/build.py} (99%) rename tools/{pkgrepo.py => pkg/repo.py} (99%) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 719edae7b7b8..ce8ef31f493f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -46,7 +46,7 @@ repos: )$ - repo: https://github.com/s0undt3ch/python-tools-scripts - rev: "0.11.1" + rev: "0.12.0" hooks: - id: tools alias: check-changelog-entries diff --git a/tools/__init__.py b/tools/__init__.py index 3ef4b15bae2b..419ec309c2fc 100644 --- a/tools/__init__.py +++ b/tools/__init__.py @@ -6,8 +6,8 @@ ptscripts.register_tools_module("tools.ci") ptscripts.register_tools_module("tools.docs") ptscripts.register_tools_module("tools.pkg") -ptscripts.register_tools_module("tools.pkgrepo") -ptscripts.register_tools_module("tools.pkgbuild") +ptscripts.register_tools_module("tools.pkg.repo") +ptscripts.register_tools_module("tools.pkg.build") ptscripts.register_tools_module("tools.pre_commit") ptscripts.register_tools_module("tools.release") ptscripts.register_tools_module("tools.vm") diff --git a/tools/pkg.py b/tools/pkg/__init__.py similarity index 100% rename from tools/pkg.py rename to tools/pkg/__init__.py diff --git a/tools/pkgbuild.py b/tools/pkg/build.py similarity index 99% rename from tools/pkgbuild.py rename to tools/pkg/build.py index 5ac30140e2b9..fb77a183b947 100644 --- a/tools/pkgbuild.py +++ b/tools/pkg/build.py @@ -14,9 +14,6 @@ from ptscripts import Context, command_group -import tools.pkg -import tools.utils - log = logging.getLogger(__name__) # Define the command group @@ -24,7 +21,7 @@ name="build", help="Package build related commands.", description=__doc__, - parent=tools.pkg.pkg, + parent="pkg", ) diff --git a/tools/pkgrepo.py b/tools/pkg/repo.py similarity index 99% rename from tools/pkgrepo.py rename to tools/pkg/repo.py index d3d9bd1176d0..90f3f9c491ff 100644 --- a/tools/pkgrepo.py +++ b/tools/pkg/repo.py @@ -43,7 +43,7 @@ name="repo", help="Packaging Repository Related Commands", description=__doc__, - parent=tools.pkg.pkg, + parent="pkg", ) create = command_group( From a147939f6ab55511c83c718b29f549a5752b4e08 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Tue, 7 Mar 2023 15:04:35 -0500 Subject: [PATCH 21/46] checkout into the root directory when building debian packages as well for easy actions use --- .github/actions/setup-python-tools-scripts/action.yml | 2 +- .github/workflows/build-deb-packages.yml | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/actions/setup-python-tools-scripts/action.yml b/.github/actions/setup-python-tools-scripts/action.yml index bde264477989..dcd46feb2b0f 100644 --- a/.github/actions/setup-python-tools-scripts/action.yml +++ b/.github/actions/setup-python-tools-scripts/action.yml @@ -25,7 +25,7 @@ runs: - name: Get Python Version id: get-python-version - uses: ${{ inputs.cwd }}/.github/actions/get-python-version + uses: ./.github/actions/get-python-version with: python-binary: python3 diff --git a/.github/workflows/build-deb-packages.yml b/.github/workflows/build-deb-packages.yml index 2a9b24a18bee..052d3c8a6143 100644 --- a/.github/workflows/build-deb-packages.yml +++ b/.github/workflows/build-deb-packages.yml @@ -27,7 +27,12 @@ jobs: image: ghcr.io/saltstack/salt-ci-containers/packaging:debian-11 steps: + # Checkout here so we can easily use custom actions - uses: actions/checkout@v3 + + # Checkout here for the build process + - name: Checkout in build directory + uses: actions/checkout@v3 with: path: pkgs/checkout/ @@ -45,13 +50,13 @@ jobs: path: pkgs/checkout/ - name: Setup Python Tools Scripts - uses: ./pkgs/checkout/.github/actions/setup-python-tools-scripts + uses: ./.github/actions/setup-python-tools-scripts with: cwd: pkgs/checkout/ - name: Setup Salt Version id: setup-salt-version - uses: ./pkgs/checkout/.github/actions/setup-salt-version + uses: ./.github/actions/setup-salt-version with: salt-version: "${{ inputs.salt-version }}" cwd: pkgs/checkout/ From 36ca1926f6d2fc95dfff845240556d9c3f3c9aa2 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Tue, 7 Mar 2023 17:10:35 -0500 Subject: [PATCH 22/46] Install salt into the onedir using tools --- .github/actions/build-onedir-salt/action.yml | 23 +------- tools/pkg/build.py | 58 ++++++++++++++++++++ 2 files changed, 59 insertions(+), 22 deletions(-) diff --git a/.github/actions/build-onedir-salt/action.yml b/.github/actions/build-onedir-salt/action.yml index 94188eeef34b..5588ca1ceb12 100644 --- a/.github/actions/build-onedir-salt/action.yml +++ b/.github/actions/build-onedir-salt/action.yml @@ -53,30 +53,9 @@ runs: name: salt-${{ inputs.salt-version }}.tar.gz - name: Install Salt Into Onedir - if: ${{ inputs.platform != 'windows' }} - env: - USE_STATIC_REQUIREMENTS: "1" - RELENV_PIP_DIR: "1" shell: bash run: | - artifacts/${{ inputs.package-name }}/bin/python3 -m pip install salt-${{ inputs.salt-version }}.tar.gz - if [ ${{ inputs.platform }} == "darwin" ]; then - pkg/macos/prep_salt.sh --build-dir ./artifacts/${{ inputs.package-name }} - rm -rf ./artifacts/${{ inputs.package-name }}/opt - rm -rf ./artifacts/${{ inputs.package-name }}/etc - rm -rf ./artifacts/${{ inputs.package-name }}/Library - fi - - - name: Install Salt Into Onedir (Windows) - if: ${{ inputs.platform == 'windows' }} - env: - USE_STATIC_REQUIREMENTS: "1" - shell: powershell - run: | - # install salt - pkg\windows\install_salt.cmd -BuildDir ".\artifacts\${{ inputs.package-name }}" -CICD -SourceTarball salt-${{ inputs.salt-version }}.tar.gz - # prep salt - pkg\windows\prep_salt.cmd -BuildDir ".\artifacts\${{ inputs.package-name }}" -CICD + tools pkg build salt-onedir salt-${{ inputs.salt-version }}.tar.gz --platform ${{ inputs.platform }} --package-name artifacts/${{ inputs.package-name }} - name: Cleanup Salt Onedir Directory shell: bash diff --git a/tools/pkg/build.py b/tools/pkg/build.py index fb77a183b947..57f814945a82 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -286,6 +286,64 @@ def onedir_dependencies( ctx.run(str(pip_bin), "install", "-r", str(requirements_file), *no_binary) +@build.command( + name="salt-onedir", + arguments={ + "salt_archive": { + "help": "The name of the source tarball containing salt, stored under the repo root", + }, + "platform": { + "help": "The platform that installed is being installed on", + "required": True, + }, + "package_name": { + "help": "The name of the relenv environment to install salt into, stored under artifacts/", + "required": True, + }, + }, +) +def salt_onedir( + ctx: Context, + salt_archive: pathlib.Path, + platform: str = None, + package_name: str = None, +): + """ + Install salt into a relenv onedir environment. + """ + if TYPE_CHECKING: + assert platform is not None + assert package_name is not None + + onedir_env = pathlib.Path("artifacts", package_name) + _check_pkg_build_files_exist(ctx, onedir_env=onedir_env, salt_archive=salt_archive) + + if platform == "windows": + ctx.run( + "powershell.exe", + r"pkg\windows\install_salt.cmd", + "-BuildDir", + str(onedir_env), + "-CICD", + "-SourceTarball", + str(salt_archive), + ) + ctx.run( + "powershell.exe", + r"pkg\windows\prep_salt.cmd", + "-BuildDir", + str(onedir_env), + "-CICD", + ) + else: + pip_bin = onedir_env / "bin" / "pip3" + ctx.run(str(pip_bin), "install", str(salt_archive)) + if platform == "darwin": + shutil.rmtree(onedir_env / "opt") + shutil.rmtree(onedir_env / "etc") + shutil.rmtree(onedir_env / "Library") + + def _check_pkg_build_files_exist(ctx: Context, **kwargs): for name, path in kwargs.items(): if not path.exists(): From 4a669e9f52f86aebe9f7873f9d6d0b71fa62200a Mon Sep 17 00:00:00 2001 From: MKLeb Date: Wed, 8 Mar 2023 12:52:14 -0500 Subject: [PATCH 23/46] Actually update build-onedir-deps/action.yml --- .github/actions/build-onedir-deps/action.yml | 28 +------------------- tools/pkg/build.py | 3 ++- 2 files changed, 3 insertions(+), 28 deletions(-) diff --git a/.github/actions/build-onedir-deps/action.yml b/.github/actions/build-onedir-deps/action.yml index 2aff9df12088..b0ff43b40333 100644 --- a/.github/actions/build-onedir-deps/action.yml +++ b/.github/actions/build-onedir-deps/action.yml @@ -43,37 +43,11 @@ runs: path: artifacts/${{ inputs.package-name }} key: ${{ inputs.cache-prefix }}|${{ inputs.python-version }}|deps|${{ inputs.platform }}|${{ inputs.arch }}|${{ inputs.package-name }}|${{ hashFiles(format('{0}/.relenv/**/*.xz', github.workspace), 'requirements/static/pkg/*/*.txt', '.github/actions/build-onedir-deps/action.yml') }} - - name: Create Onedir Directory - shell: bash - if: steps.onedir-pkg-cache.outputs.cache-hit != 'true' - run: | - python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" - python3 -m relenv create --arch=${{ inputs.arch }} --python=${{ inputs.python-version }} artifacts/${{ inputs.package-name }} - - - name: Get Onedir Python Version - id: get-python-version - if: steps.onedir-pkg-cache.outputs.cache-hit != 'true' - uses: ./.github/actions/get-python-version - with: - python-binary: artifacts/${{ inputs.package-name }}/${{ inputs.platform == 'windows' && 'Scripts/python' || 'bin/python3' }} - - - name: Install Wheel & Upgrade Setuptools & Pip - shell: bash - if: steps.onedir-pkg-cache.outputs.cache-hit != 'true' - run: | - ${{ steps.get-python-version.outputs.binary }} -m pip install -U "wheel" - ${{ steps.get-python-version.outputs.binary }} -m pip install -U "pip>=22.3.1,<23.0" - ${{ steps.get-python-version.outputs.binary }} -m pip install -U "setuptools>=65.6.3,<66" - - name: Install Salt Onedir Package Dependencies shell: bash if: steps.onedir-pkg-cache.outputs.cache-hit != 'true' run: | - if [ "${{ inputs.platform }}" != "windows" ]; then - ${{ steps.get-python-version.outputs.binary }} -m pip install -r requirements/static/pkg/py${{ steps.get-python-version.outputs.version }}/${{ inputs.platform }}.txt --no-binary=':all:' - else - ${{ steps.get-python-version.outputs.binary }} -m pip install -r requirements/static/pkg/py${{ steps.get-python-version.outputs.version }}/${{ inputs.platform }}.txt - fi + tools pkg build onedir-dependencies --arch ${{ inputs.arch }} --python-version ${{ inputs.python-version }} --package-name ${{ inputs.package-name }} --platform ${{ inputs.platform }} - name: Cleanup Salt Onedir Directory shell: bash diff --git a/tools/pkg/build.py b/tools/pkg/build.py index 57f814945a82..f1fa39c947b3 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -214,7 +214,7 @@ def windows( arguments={ "arch": { "help": "The architecture to build the package for", - "choices": ("x86_64", "aarch64"), + "choices": ("x86_64", "aarch64", "x86", "aarch64"), "required": True, }, "python_version": { @@ -247,6 +247,7 @@ def onedir_dependencies( assert arch is not None assert python_version is not None assert package_name is not None + assert platform is not None # We import relenv here because it is not a hard requirement for the rest of the tools commands try: From 8adf3ed1b99c8e7fe86a05a3a51d851d147dfb7f Mon Sep 17 00:00:00 2001 From: MKLeb Date: Wed, 8 Mar 2023 12:55:40 -0500 Subject: [PATCH 24/46] Remove accidental working-directory in docs builds workflow --- .github/workflows/build-docs.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml index 27ec2ee83bf0..64c37092e35e 100644 --- a/.github/workflows/build-docs.yml +++ b/.github/workflows/build-docs.yml @@ -50,12 +50,10 @@ jobs: uses: ./.github/actions/setup-python-tools-scripts - name: Configure Git - working-directory: pkgs/checkout/ run: | tools pkg configure-git - name: Apply release patch - working-directory: pkgs/checkout/ run: | tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete From 82a6deb7713e58dd0bf73ff92b5aca9d499e24a9 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Wed, 8 Mar 2023 13:00:57 -0500 Subject: [PATCH 25/46] Set USE_STATIC_REQUIREMENTS and RELENV_PIP_DIR when building salt onedir with tools --- tools/pkg/build.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/pkg/build.py b/tools/pkg/build.py index f1fa39c947b3..9f418aea686c 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -319,6 +319,7 @@ def salt_onedir( onedir_env = pathlib.Path("artifacts", package_name) _check_pkg_build_files_exist(ctx, onedir_env=onedir_env, salt_archive=salt_archive) + os.environ["USE_STATIC_REQUIREMENTS"] = "1" if platform == "windows": ctx.run( "powershell.exe", @@ -337,6 +338,7 @@ def salt_onedir( "-CICD", ) else: + os.environ["RELENV_PIP_DIR"] = "1" pip_bin = onedir_env / "bin" / "pip3" ctx.run(str(pip_bin), "install", str(salt_archive)) if platform == "darwin": From 3b662a54516b3b5b757901e4d68a80b71a2b67bf Mon Sep 17 00:00:00 2001 From: MKLeb Date: Wed, 8 Mar 2023 14:28:19 -0500 Subject: [PATCH 26/46] assert the requirements file exists when installing dependencies --- tools/pkg/build.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/pkg/build.py b/tools/pkg/build.py index 9f418aea686c..4c3252c5d6e9 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -279,7 +279,8 @@ def onedir_dependencies( requirements_version = version_info.stdout.strip().decode() requirements_file = pathlib.Path( "requirements", "static", "pkg", f"py{requirements_version}", f"{platform}.txt" - ) + ).resolve() + _check_pkg_build_files_exist(ctx, requirements_file=requirements_file) ctx.run(str(pip_bin), "install", "-U", "wheel") ctx.run(str(pip_bin), "install", "-U", "pip>=22.3.1,<23.0") From 9ba8bb6c449f298716193c01d22d67ea901b4a70 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Wed, 8 Mar 2023 15:59:00 -0500 Subject: [PATCH 27/46] install using pip as a module --- tools/pkg/build.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/tools/pkg/build.py b/tools/pkg/build.py index 4c3252c5d6e9..3b7dd0289de7 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -263,11 +263,9 @@ def onedir_dependencies( if platform == "windows": python_bin = dest / "Scripts" / "python" - pip_bin = dest / "Scripts" / "pip" no_binary = [] else: python_bin = dest / "bin" / "python3" - pip_bin = dest / "bin" / "pip3" no_binary = ["--no-binary=':all:'"] version_info = ctx.run( @@ -282,10 +280,18 @@ def onedir_dependencies( ).resolve() _check_pkg_build_files_exist(ctx, requirements_file=requirements_file) - ctx.run(str(pip_bin), "install", "-U", "wheel") - ctx.run(str(pip_bin), "install", "-U", "pip>=22.3.1,<23.0") - ctx.run(str(pip_bin), "install", "-U", "setuptools>=65.6.3,<66") - ctx.run(str(pip_bin), "install", "-r", str(requirements_file), *no_binary) + ctx.run(str(python_bin), "-m", "pip", "install", "-U", "wheel") + ctx.run(str(python_bin), "-m", "pip", "install", "-U", "pip>=22.3.1,<23.0") + ctx.run(str(python_bin), "-m", "pip", "install", "-U", "setuptools>=65.6.3,<66") + ctx.run( + str(python_bin), + "-m", + "pip", + "install", + "-r", + str(requirements_file), + *no_binary, + ) @build.command( From f917258322295fa773c5f3878fd125fb41765ad1 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Wed, 8 Mar 2023 16:44:04 -0500 Subject: [PATCH 28/46] windows uses amd64, not aarch64 --- tools/pkg/build.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/pkg/build.py b/tools/pkg/build.py index 3b7dd0289de7..5d478bc8ff38 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -214,7 +214,7 @@ def windows( arguments={ "arch": { "help": "The architecture to build the package for", - "choices": ("x86_64", "aarch64", "x86", "aarch64"), + "choices": ("x86_64", "aarch64", "x86", "amd64"), "required": True, }, "python_version": { From 4029f40484ec92d98d276a10667b6235913873ae Mon Sep 17 00:00:00 2001 From: MKLeb Date: Thu, 9 Mar 2023 12:04:36 -0500 Subject: [PATCH 29/46] The package is under artifacts/name not artifacts/artifacts/name --- .github/actions/build-onedir-salt/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/build-onedir-salt/action.yml b/.github/actions/build-onedir-salt/action.yml index 5588ca1ceb12..e15f03c2a63a 100644 --- a/.github/actions/build-onedir-salt/action.yml +++ b/.github/actions/build-onedir-salt/action.yml @@ -55,7 +55,7 @@ runs: - name: Install Salt Into Onedir shell: bash run: | - tools pkg build salt-onedir salt-${{ inputs.salt-version }}.tar.gz --platform ${{ inputs.platform }} --package-name artifacts/${{ inputs.package-name }} + tools pkg build salt-onedir salt-${{ inputs.salt-version }}.tar.gz --platform ${{ inputs.platform }} --package-name ${{ inputs.package-name }} - name: Cleanup Salt Onedir Directory shell: bash From 00e73da68ab41da0671ef15c1b49c59be433fe4e Mon Sep 17 00:00:00 2001 From: MKLeb Date: Thu, 9 Mar 2023 16:57:37 -0500 Subject: [PATCH 30/46] take in the path for the salt archive as a string --- tools/pkg/build.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/pkg/build.py b/tools/pkg/build.py index 5d478bc8ff38..53b2d4cb1a4b 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -297,7 +297,7 @@ def onedir_dependencies( @build.command( name="salt-onedir", arguments={ - "salt_archive": { + "salt_name": { "help": "The name of the source tarball containing salt, stored under the repo root", }, "platform": { @@ -312,7 +312,7 @@ def onedir_dependencies( ) def salt_onedir( ctx: Context, - salt_archive: pathlib.Path, + salt_name: str, platform: str = None, package_name: str = None, ): @@ -323,6 +323,7 @@ def salt_onedir( assert platform is not None assert package_name is not None + salt_archive = pathlib.Path(salt_name) onedir_env = pathlib.Path("artifacts", package_name) _check_pkg_build_files_exist(ctx, onedir_env=onedir_env, salt_archive=salt_archive) From 9d80605623ef43109dec5f17b7128723a234068e Mon Sep 17 00:00:00 2001 From: MKLeb Date: Fri, 10 Mar 2023 16:44:53 -0500 Subject: [PATCH 31/46] Try resolving the salt archive name to resolve the macos issue --- tools/pkg/build.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/pkg/build.py b/tools/pkg/build.py index 53b2d4cb1a4b..4355074e1c7a 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -323,7 +323,7 @@ def salt_onedir( assert platform is not None assert package_name is not None - salt_archive = pathlib.Path(salt_name) + salt_archive = pathlib.Path(salt_name).resolve() onedir_env = pathlib.Path("artifacts", package_name) _check_pkg_build_files_exist(ctx, onedir_env=onedir_env, salt_archive=salt_archive) From 1e319f84fce0641f5a73f4e38231c578a3dd566e Mon Sep 17 00:00:00 2001 From: MKLeb Date: Fri, 10 Mar 2023 18:15:24 -0500 Subject: [PATCH 32/46] handle errors on removing paths on macos if they don't exist --- tools/pkg/build.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/pkg/build.py b/tools/pkg/build.py index 4355074e1c7a..8ad9e7f3da53 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -350,9 +350,13 @@ def salt_onedir( pip_bin = onedir_env / "bin" / "pip3" ctx.run(str(pip_bin), "install", str(salt_archive)) if platform == "darwin": - shutil.rmtree(onedir_env / "opt") - shutil.rmtree(onedir_env / "etc") - shutil.rmtree(onedir_env / "Library") + + def errfn(fn, path, err): + ctx.info(f"Removing {path} failed: {err}") + + shutil.rmtree(onedir_env / "opt", onerror=errfn) + shutil.rmtree(onedir_env / "etc", onerror=errfn) + shutil.rmtree(onedir_env / "Library", onerror=errfn) def _check_pkg_build_files_exist(ctx: Context, **kwargs): From aa3e2a08e6a07540872026bb16d27fedc990118b Mon Sep 17 00:00:00 2001 From: MKLeb Date: Fri, 10 Mar 2023 18:44:19 -0500 Subject: [PATCH 33/46] We don't need to supply the patch argument anymore --- .github/workflows/build-deb-packages.yml | 2 +- .github/workflows/build-rpm-packages.yml | 2 +- tools/pkg/build.py | 14 ++------------ 3 files changed, 4 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-deb-packages.yml b/.github/workflows/build-deb-packages.yml index 052d3c8a6143..9b79d0cbed69 100644 --- a/.github/workflows/build-deb-packages.yml +++ b/.github/workflows/build-deb-packages.yml @@ -74,7 +74,7 @@ jobs: - name: Build Deb working-directory: pkgs/checkout/ run: | - tools pkg build deb --onedir salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz --patch salt-${{ inputs.salt-version }}.patch + tools pkg build deb --onedir salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz - name: Cleanup run: | diff --git a/.github/workflows/build-rpm-packages.yml b/.github/workflows/build-rpm-packages.yml index 2e2edb8856f4..ab2f258a8976 100644 --- a/.github/workflows/build-rpm-packages.yml +++ b/.github/workflows/build-rpm-packages.yml @@ -62,7 +62,7 @@ jobs: - name: Build RPM run: | - tools pkg build rpm --onedir salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz --patch salt-${{ inputs.salt-version }}.patch + tools pkg build rpm --onedir salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz - name: Upload RPMs uses: actions/upload-artifact@v3 diff --git a/tools/pkg/build.py b/tools/pkg/build.py index 8ad9e7f3da53..343a81c4fab5 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -31,22 +31,17 @@ "onedir": { "help": "The name of the onedir artifact, if given it should be under artifacts/", }, - "use_existing_onedir": { - "help": "Whether to build using the existing onedir or not", - }, }, ) def debian( ctx: Context, onedir: str = None, # pylint: disable=bad-whitespace - use_existing_onedir: bool = True, ): """ Build the deb package. """ checkout = pathlib.Path.cwd() - if use_existing_onedir: - assert onedir is not None + if onedir: onedir_artifact = checkout / "artifacts" / onedir _check_pkg_build_files_exist(ctx, onedir_artifact=onedir_artifact) ctx.info( @@ -68,22 +63,17 @@ def debian( "onedir": { "help": "The name of the onedir artifact, if given it should be under artifacts/", }, - "use_existing_onedir": { - "help": "Whether to build using the existing onedir or not", - }, }, ) def rpm( ctx: Context, onedir: str = None, # pylint: disable=bad-whitespace - use_existing_onedir: bool = True, ): """ Build the RPM package. """ checkout = pathlib.Path.cwd() - if use_existing_onedir: - assert onedir is not None + if onedir: onedir_artifact = checkout / "artifacts" / onedir _check_pkg_build_files_exist(ctx, onedir_artifact=onedir_artifact) ctx.info( From 73c0104ad4686a914a8be65410770951daaaf6da Mon Sep 17 00:00:00 2001 From: MKLeb Date: Thu, 16 Mar 2023 16:33:25 -0400 Subject: [PATCH 34/46] add `--no-cache-dir` to pip install requirements --- .github/workflows/ci.yml | 2 +- .github/workflows/nightly.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scheduled.yml | 2 +- .github/workflows/staging.yml | 2 +- .github/workflows/templates/layout.yml.jinja | 2 +- tools/pkg/build.py | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5e0102eacc9d..f9be7326d693 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ on: env: COLUMNS: 190 - CACHE_SEED: SEED-3 # Bump the number to invalidate all caches + CACHE_SEED: SEED-4 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" permissions: diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 5dfcd885ecff..cbad346f55a4 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -13,7 +13,7 @@ on: env: COLUMNS: 190 - CACHE_SEED: SEED-3 # Bump the number to invalidate all caches + CACHE_SEED: SEED-4 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" permissions: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0ef297db125d..750061d81899 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ on: env: COLUMNS: 190 - CACHE_SEED: SEED-3 # Bump the number to invalidate all caches + CACHE_SEED: SEED-4 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" REPO_BASE_URL: "https://${{ secrets.SALT_REPO_DOMAIN }}" diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml index 1ebcf20b72b0..adb65797b74f 100644 --- a/.github/workflows/scheduled.yml +++ b/.github/workflows/scheduled.yml @@ -12,7 +12,7 @@ on: env: COLUMNS: 190 - CACHE_SEED: SEED-3 # Bump the number to invalidate all caches + CACHE_SEED: SEED-4 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" permissions: diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index 991400a4a2ce..6c3c2ec84bf5 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -25,7 +25,7 @@ on: env: COLUMNS: 190 - CACHE_SEED: SEED-3 # Bump the number to invalidate all caches + CACHE_SEED: SEED-4 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" REPO_BASE_URL: "https://${{ secrets.SALT_REPO_USER }}:${{ secrets.SALT_REPO_PASS }}@${{ secrets.SALT_REPO_DOMAIN }}" diff --git a/.github/workflows/templates/layout.yml.jinja b/.github/workflows/templates/layout.yml.jinja index e5cd9ceb4c20..79b45d5d2d71 100644 --- a/.github/workflows/templates/layout.yml.jinja +++ b/.github/workflows/templates/layout.yml.jinja @@ -31,7 +31,7 @@ on: env: COLUMNS: 190 - CACHE_SEED: SEED-3 # Bump the number to invalidate all caches + CACHE_SEED: SEED-4 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" <%- endblock env %> diff --git a/tools/pkg/build.py b/tools/pkg/build.py index 343a81c4fab5..25b835ec4453 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -256,7 +256,7 @@ def onedir_dependencies( no_binary = [] else: python_bin = dest / "bin" / "python3" - no_binary = ["--no-binary=':all:'"] + no_binary = ["--no-binary=':all:'", "--no-cache-dir"] version_info = ctx.run( str(python_bin), From c7f08b61e5ddbf2284a055c16af305d8101a36a1 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Thu, 16 Mar 2023 21:01:27 -0400 Subject: [PATCH 35/46] remove the quotes from `--no-binary` --- .github/workflows/ci.yml | 2 +- .github/workflows/nightly.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scheduled.yml | 2 +- .github/workflows/staging.yml | 2 +- .github/workflows/templates/layout.yml.jinja | 2 +- tools/pkg/build.py | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f9be7326d693..0082d8b58661 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ on: env: COLUMNS: 190 - CACHE_SEED: SEED-4 # Bump the number to invalidate all caches + CACHE_SEED: SEED-5 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" permissions: diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index cbad346f55a4..a55fce71173f 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -13,7 +13,7 @@ on: env: COLUMNS: 190 - CACHE_SEED: SEED-4 # Bump the number to invalidate all caches + CACHE_SEED: SEED-5 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" permissions: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 750061d81899..4e96fcf4bc7d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ on: env: COLUMNS: 190 - CACHE_SEED: SEED-4 # Bump the number to invalidate all caches + CACHE_SEED: SEED-5 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" REPO_BASE_URL: "https://${{ secrets.SALT_REPO_DOMAIN }}" diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml index adb65797b74f..68feee577186 100644 --- a/.github/workflows/scheduled.yml +++ b/.github/workflows/scheduled.yml @@ -12,7 +12,7 @@ on: env: COLUMNS: 190 - CACHE_SEED: SEED-4 # Bump the number to invalidate all caches + CACHE_SEED: SEED-5 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" permissions: diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index 6c3c2ec84bf5..e351c0f09f60 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -25,7 +25,7 @@ on: env: COLUMNS: 190 - CACHE_SEED: SEED-4 # Bump the number to invalidate all caches + CACHE_SEED: SEED-5 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" REPO_BASE_URL: "https://${{ secrets.SALT_REPO_USER }}:${{ secrets.SALT_REPO_PASS }}@${{ secrets.SALT_REPO_DOMAIN }}" diff --git a/.github/workflows/templates/layout.yml.jinja b/.github/workflows/templates/layout.yml.jinja index 79b45d5d2d71..5f60a9b7bbde 100644 --- a/.github/workflows/templates/layout.yml.jinja +++ b/.github/workflows/templates/layout.yml.jinja @@ -31,7 +31,7 @@ on: env: COLUMNS: 190 - CACHE_SEED: SEED-4 # Bump the number to invalidate all caches + CACHE_SEED: SEED-5 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" <%- endblock env %> diff --git a/tools/pkg/build.py b/tools/pkg/build.py index 25b835ec4453..5b6de74738a7 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -256,7 +256,7 @@ def onedir_dependencies( no_binary = [] else: python_bin = dest / "bin" / "python3" - no_binary = ["--no-binary=':all:'", "--no-cache-dir"] + no_binary = ["--no-binary=:all:"] version_info = ctx.run( str(python_bin), From 467740f4abacb22d1c75747d8b80b55653d8da63 Mon Sep 17 00:00:00 2001 From: MKLeb Date: Mon, 20 Mar 2023 17:25:43 -0400 Subject: [PATCH 36/46] utilize `tools.utils.REPO_ROOT` --- tools/pkg/build.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/tools/pkg/build.py b/tools/pkg/build.py index 5b6de74738a7..be5f347cbd43 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -14,6 +14,8 @@ from ptscripts import Context, command_group +import tools.utils + log = logging.getLogger(__name__) # Define the command group @@ -265,9 +267,14 @@ def onedir_dependencies( capture=True, ) requirements_version = version_info.stdout.strip().decode() - requirements_file = pathlib.Path( - "requirements", "static", "pkg", f"py{requirements_version}", f"{platform}.txt" - ).resolve() + requirements_file = ( + tools.utils.REPO_ROOT + / "requirements" + / "static" + / "pkg" + / f"py{requirements_version}" + / f"{platform}.txt" + ) _check_pkg_build_files_exist(ctx, requirements_file=requirements_file) ctx.run(str(python_bin), "-m", "pip", "install", "-U", "wheel") From 36e150861cb10b0b284764909bf6f52507b52e37 Mon Sep 17 00:00:00 2001 From: cmcmarrow Date: Tue, 21 Mar 2023 10:44:39 -0500 Subject: [PATCH 37/46] rebase --- changelog/63904.fixed.md | 1 + salt/grains/core.py | 12 +----------- salt/utils/platform.py | 11 ++++++++++- salt/version.py | 2 +- tests/pytests/unit/test_version.py | 12 ++++++------ 5 files changed, 19 insertions(+), 19 deletions(-) create mode 100644 changelog/63904.fixed.md diff --git a/changelog/63904.fixed.md b/changelog/63904.fixed.md new file mode 100644 index 000000000000..8aff8d12b509 --- /dev/null +++ b/changelog/63904.fixed.md @@ -0,0 +1 @@ +add linux_distribution to util to stop dep warning diff --git a/salt/grains/core.py b/salt/grains/core.py index f4361a693612..710c57f28fbf 100644 --- a/salt/grains/core.py +++ b/salt/grains/core.py @@ -23,8 +23,6 @@ import uuid from errno import EACCES, EPERM -import distro - import salt.exceptions # Solve the Chicken and egg problem where grains need to run before any @@ -41,6 +39,7 @@ import salt.utils.platform import salt.utils.stringutils from salt.utils.network import _clear_interfaces, _get_interfaces +from salt.utils.platform import linux_distribution as _linux_distribution try: # pylint: disable=no-name-in-module @@ -90,15 +89,6 @@ def _freedesktop_os_release(): return _parse_os_release("/etc/os-release", "/usr/lib/os-release") -# rewrite distro.linux_distribution to allow best=True kwarg in version(), needed to get the minor version numbers in CentOS -def _linux_distribution(): - return ( - distro.id(), - distro.version(best=True), - distro.codename(), - ) - - def __init__(opts): _clear_interfaces() diff --git a/salt/utils/platform.py b/salt/utils/platform.py index 6b66da629207..c580882f15cf 100644 --- a/salt/utils/platform.py +++ b/salt/utils/platform.py @@ -8,11 +8,20 @@ import subprocess import sys -from distro import linux_distribution +import distro from salt.utils.decorators import memoize as real_memoize +def linux_distribution(full_distribution_name=True): + """ + Simple function to return information about the OS distribution (id_name, version, codename). + """ + if full_distribution_name: + return distro.name(), distro.version(best=True), distro.codename() + return distro.id(), distro.version(best=True), distro.codename() + + @real_memoize def is_windows(): """ diff --git a/salt/version.py b/salt/version.py index 88f95febe0f3..67719bd0201f 100644 --- a/salt/version.py +++ b/salt/version.py @@ -755,7 +755,7 @@ def system_information(): Report system versions. """ # Late import so that when getting called from setup.py does not break - from distro import linux_distribution + from salt.utils.platform import linux_distribution def system_version(): """ diff --git a/tests/pytests/unit/test_version.py b/tests/pytests/unit/test_version.py index b5f2b105a70e..73befea4cf4e 100644 --- a/tests/pytests/unit/test_version.py +++ b/tests/pytests/unit/test_version.py @@ -433,7 +433,7 @@ def test_system_version_linux(): """ with patch( - "distro.linux_distribution", + "salt.utils.platform.linux_distribution", MagicMock(return_value=("Manjaro Linux", "20.0.2", "Lysia")), ): versions = [item for item in system_information()] @@ -441,7 +441,7 @@ def test_system_version_linux(): assert version in versions with patch( - "distro.linux_distribution", + "salt.utils.platform.linux_distribution", MagicMock(return_value=("Debian GNU/Linux", "9", "stretch")), ): versions = [item for item in system_information()] @@ -449,7 +449,7 @@ def test_system_version_linux(): assert version in versions with patch( - "distro.linux_distribution", + "salt.utils.platform.linux_distribution", MagicMock(return_value=("Debian GNU/Linux", "10", "buster")), ): versions = [item for item in system_information()] @@ -457,7 +457,7 @@ def test_system_version_linux(): assert version in versions with patch( - "distro.linux_distribution", + "salt.utils.platform.linux_distribution", MagicMock(return_value=("CentOS Linux", "7", "Core")), ): versions = [item for item in system_information()] @@ -465,7 +465,7 @@ def test_system_version_linux(): assert version in versions with patch( - "distro.linux_distribution", + "salt.utils.platform.linux_distribution", MagicMock(return_value=("CentOS Linux", "8", "Core")), ): versions = [item for item in system_information()] @@ -473,7 +473,7 @@ def test_system_version_linux(): assert version in versions with patch( - "distro.linux_distribution", + "salt.utils.platform.linux_distribution", MagicMock(return_value=("OpenSUSE Leap", "15.1", "")), ): versions = [item for item in system_information()] From d8fb625f77b2a50a6caf7ce853c2b7a6b9d2634f Mon Sep 17 00:00:00 2001 From: MKLeb Date: Tue, 21 Mar 2023 14:40:24 -0400 Subject: [PATCH 38/46] Build the rpm and deb packages from source using `--no-binary=':all:'` --- pkg/debian/rules | 2 +- pkg/rpm/salt.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/debian/rules b/pkg/debian/rules index 98a99d97a176..8a5a915b7226 100755 --- a/pkg/debian/rules +++ b/pkg/debian/rules @@ -23,7 +23,7 @@ override_dh_auto_build: build/onedir/venv/bin/relenv create build/onedir/salt build/onedir/salt/bin/python3 -m pip install "pip>=22.3.1,<23.0" "setuptools>=65.6.3,<66" "wheel" export PY=$$(build/onedir/salt/bin/python3 -c 'import sys; sys.stdout.write("{}.{}".format(*sys.version_info)); sys.stdout.flush()') \ - && build/onedir/salt/bin/python3 -m pip install -r requirements/static/pkg/py$${PY}/linux.txt + && build/onedir/salt/bin/python3 -m pip install -r requirements/static/pkg/py$${PY}/linux.txt --no-binary=':all:' # Fix any hardcoded paths to the relenv python binary on any of the scripts installed in the /bin directory find build/onedir/salt/bin/ -type f -exec sed -i 's:#!/\(.*\)salt/bin/python3:#!/bin/sh\n"exec" "$$(dirname $$(readlink -f $$0))/python3" "$$0" "$$@":g' {} \; diff --git a/pkg/rpm/salt.spec b/pkg/rpm/salt.spec index cf0086e26617..70f9aff43597 100644 --- a/pkg/rpm/salt.spec +++ b/pkg/rpm/salt.spec @@ -142,7 +142,7 @@ cd $RPM_BUILD_DIR build/venv/bin/relenv create build/salt build/salt/bin/python3 -m pip install "pip>=22.3.1,<23.0" "setuptools>=65.6.3,<66" "wheel" export PY=$(build/salt/bin/python3 -c 'import sys; sys.stdout.write("{}.{}".format(*sys.version_info)); sys.stdout.flush()') - build/salt/bin/python3 -m pip install -r %{_salt_src}/requirements/static/pkg/py${PY}/linux.txt + build/salt/bin/python3 -m pip install -r %{_salt_src}/requirements/static/pkg/py${PY}/linux.txt --no-binary=':all:' # Fix any hardcoded paths to the relenv python binary on any of the scripts installed in # the /bin directory From 7aba250138c3097b6d5f71e9e24cc91d9985e7ef Mon Sep 17 00:00:00 2001 From: Twangboy Date: Mon, 20 Mar 2023 17:12:48 -0600 Subject: [PATCH 39/46] Handle CRLF when generating fingerprint --- changelog/63742.fixed.md | 1 + salt/utils/crypt.py | 4 +++ tests/pytests/unit/utils/test_crypt.py | 46 ++++++++++++++++++++++++-- 3 files changed, 48 insertions(+), 3 deletions(-) create mode 100644 changelog/63742.fixed.md diff --git a/changelog/63742.fixed.md b/changelog/63742.fixed.md new file mode 100644 index 000000000000..0358da151615 --- /dev/null +++ b/changelog/63742.fixed.md @@ -0,0 +1 @@ +Fixed an issue with generating fingerprints for public keys with different line endings diff --git a/salt/utils/crypt.py b/salt/utils/crypt.py index ac3c220cf312..c4fb52a51058 100644 --- a/salt/utils/crypt.py +++ b/salt/utils/crypt.py @@ -143,6 +143,10 @@ def pem_finger(path=None, key=None, sum_type="sha256"): with salt.utils.files.fopen(path, "rb") as fp_: key = b"".join([x for x in fp_.readlines() if x.strip()][1:-1]) + # We should never have \r\n in a key file. This will cause the + # finger to be different even though the only difference is the line + # endings. + key = key.replace(b"\r\n", b"\n") pre = getattr(hashlib, sum_type)(key).hexdigest() finger = "" diff --git a/tests/pytests/unit/utils/test_crypt.py b/tests/pytests/unit/utils/test_crypt.py index 8a9432c19c2d..7f265f2dfe21 100644 --- a/tests/pytests/unit/utils/test_crypt.py +++ b/tests/pytests/unit/utils/test_crypt.py @@ -1,11 +1,16 @@ """ Unit tests for salt.utils.crypt.py """ - +import pytest import salt.utils.crypt from tests.support.mock import patch +pytestmark = [ + pytest.mark.windows_whitelisted, +] + + try: import M2Crypto # pylint: disable=unused-import @@ -29,8 +34,23 @@ HAS_CRYPTO = False +@pytest.fixture +def pub_key_data(): + return [ + "-----BEGIN PUBLIC KEY-----", + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc9ehbU4J2uzPZZCEw8K", + "5URYcKSUh0h/c6m9PR2kRFbXkHcSnpkWX+LCuFKQ5iF2+0rVn9pO/94rL5zAQ6DU", + "lucqk9EvamSk+TjHh3Ps/HdSxxVbkLk3nglVJrDgENxnAz+Kp+OSNfI2uhhzJiu1", + "Dhn86Wb46eu7EFYeJ+7z9+29UXuCiMIUL5sRx3Xy37gpiD4Z+JVtoBNx1MKJ4MqB", + "24ZXsvtEyrCmuLwhKCiQqvNx91CkyIL+sfMoHDSf7sLwl1CuCEgny7EV7bJpoNzN", + "ZFKggcJCopfzLWDijF5A5OOvvvFrr/rYjW79LkGviWTzJrBPNgoD01zWIlzJfLdh", + "ywIDAQAB", + "-----END PUBLIC KEY-----", + ] + + def test_random(): - # make sure the right liberty is used for random + # make sure the right library is used for random if HAS_M2CRYPTO: assert None is salt.utils.crypt.Random elif HAS_CYPTODOME: @@ -40,7 +60,7 @@ def test_random(): def test_reinit_crypto(): - # make sure reinit cryptot does not crash + # make sure reinit crypto does not crash salt.utils.crypt.reinit_crypto() # make sure reinit does not crash when no crypt is found @@ -49,3 +69,23 @@ def test_reinit_crypto(): with patch("salt.utils.crypt.HAS_CRYPTO", False): with patch("salt.utils.crypt.Random", None): salt.utils.crypt.reinit_crypto() + + +def test_pem_finger_lf(tmp_path, pub_key_data): + key_file = tmp_path / "master_lf.pub" + key_file.write_bytes("\n".join(pub_key_data).encode("utf-8")) + finger = salt.utils.crypt.pem_finger(path=str(key_file)) + assert ( + finger + == "9b:42:66:92:8a:d1:b9:27:42:e0:6d:f3:12:c9:74:74:b0:e0:0e:42:83:87:62:ad:95:49:9d:6f:8e:d0:ed:35" + ) + + +def test_pem_finger_crlf(tmp_path, pub_key_data): + key_file = tmp_path / "master_crlf.pub" + key_file.write_bytes("\r\n".join(pub_key_data).encode("utf-8")) + finger = salt.utils.crypt.pem_finger(path=str(key_file)) + assert ( + finger + == "9b:42:66:92:8a:d1:b9:27:42:e0:6d:f3:12:c9:74:74:b0:e0:0e:42:83:87:62:ad:95:49:9d:6f:8e:d0:ed:35" + ) From 0b89e917de90c6cec32f68cb6af8dbf13c097076 Mon Sep 17 00:00:00 2001 From: Twangboy Date: Mon, 20 Mar 2023 18:36:57 -0600 Subject: [PATCH 40/46] Remove windows whitelist --- tests/pytests/unit/utils/test_crypt.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tests/pytests/unit/utils/test_crypt.py b/tests/pytests/unit/utils/test_crypt.py index 7f265f2dfe21..0192de3523b4 100644 --- a/tests/pytests/unit/utils/test_crypt.py +++ b/tests/pytests/unit/utils/test_crypt.py @@ -6,11 +6,6 @@ import salt.utils.crypt from tests.support.mock import patch -pytestmark = [ - pytest.mark.windows_whitelisted, -] - - try: import M2Crypto # pylint: disable=unused-import From eeac74785b317f19e1274164604004253dfc9a9b Mon Sep 17 00:00:00 2001 From: Twangboy Date: Tue, 21 Mar 2023 09:18:05 -0600 Subject: [PATCH 41/46] Paramatrized tests, added more tests, convert str to bytes --- salt/utils/crypt.py | 3 +++ tests/pytests/unit/utils/test_crypt.py | 25 +++++++++++++++++-------- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/salt/utils/crypt.py b/salt/utils/crypt.py index c4fb52a51058..b89a477a380c 100644 --- a/salt/utils/crypt.py +++ b/salt/utils/crypt.py @@ -148,6 +148,9 @@ def pem_finger(path=None, key=None, sum_type="sha256"): # endings. key = key.replace(b"\r\n", b"\n") + if not isinstance(key, bytes): + key = key.encode("utf-8") + pre = getattr(hashlib, sum_type)(key).hexdigest() finger = "" for ind, _ in enumerate(pre): diff --git a/tests/pytests/unit/utils/test_crypt.py b/tests/pytests/unit/utils/test_crypt.py index 0192de3523b4..9a7b35f3d2b8 100644 --- a/tests/pytests/unit/utils/test_crypt.py +++ b/tests/pytests/unit/utils/test_crypt.py @@ -66,9 +66,10 @@ def test_reinit_crypto(): salt.utils.crypt.reinit_crypto() -def test_pem_finger_lf(tmp_path, pub_key_data): - key_file = tmp_path / "master_lf.pub" - key_file.write_bytes("\n".join(pub_key_data).encode("utf-8")) +@pytest.mark.parametrize("line_ending", ["\n", "\r\n"]) +def test_pem_finger_file_line_endings(tmp_path, pub_key_data, line_ending): + key_file = tmp_path / "master_crlf.pub" + key_file.write_bytes(line_ending.join(pub_key_data).encode("utf-8")) finger = salt.utils.crypt.pem_finger(path=str(key_file)) assert ( finger @@ -76,11 +77,19 @@ def test_pem_finger_lf(tmp_path, pub_key_data): ) -def test_pem_finger_crlf(tmp_path, pub_key_data): - key_file = tmp_path / "master_crlf.pub" - key_file.write_bytes("\r\n".join(pub_key_data).encode("utf-8")) - finger = salt.utils.crypt.pem_finger(path=str(key_file)) +@pytest.mark.parametrize("key", [b"123abc", "123abc"]) +def test_pem_finger_key(key): + finger = salt.utils.crypt.pem_finger(key=key) assert ( finger - == "9b:42:66:92:8a:d1:b9:27:42:e0:6d:f3:12:c9:74:74:b0:e0:0e:42:83:87:62:ad:95:49:9d:6f:8e:d0:ed:35" + == "dd:13:0a:84:9d:7b:29:e5:54:1b:05:d2:f7:f8:6a:4a:cd:4f:1e:c5:98:c1:c9:43:87:83:f5:6b:c4:f0:ff:80" + ) + + +def test_pem_finger_sha512(): + finger = salt.utils.crypt.pem_finger(key="123abc", sum_type="sha512") + assert ( + finger + == "7b:6a:d7:9b:34:6f:b6:95:12:75:34:39:48:e1:3c:1b:4e:bc:a8:2a:54:52:a6:c5:d1:56:84:37:7f:09:6c:a9:" + "27:50:6a:23:a8:47:e6:e0:46:06:13:99:63:1b:16:fc:28:20:c8:b0:e0:2d:0e:a8:7a:a5:a2:03:a7:7c:2a:7e" ) From 5e7d4e3021b03014a373821c4ea23ede4159d5a3 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 14 Mar 2023 19:48:45 +0000 Subject: [PATCH 42/46] Upgrade to cryptography>=39.0.1 Due to: * GHSA-x4qr-2fvf-3mr5 * GHSA-w7pp-m8wf-vj6r Signed-off-by: Pedro Algarvio --- changelog/63882.security.md | 5 +++++ requirements/darwin.txt | 2 +- requirements/static/ci/py3.10/cloud.txt | 4 ++-- requirements/static/ci/py3.10/darwin.txt | 3 +-- requirements/static/ci/py3.10/freebsd.txt | 3 +-- requirements/static/ci/py3.10/lint.txt | 3 ++- requirements/static/ci/py3.10/linux.txt | 4 ++-- requirements/static/ci/py3.10/windows.txt | 2 +- requirements/static/ci/py3.7/cloud.txt | 4 ++-- requirements/static/ci/py3.7/freebsd.txt | 3 +-- requirements/static/ci/py3.7/lint.txt | 3 ++- requirements/static/ci/py3.7/linux.txt | 4 ++-- requirements/static/ci/py3.7/windows.txt | 2 +- requirements/static/ci/py3.8/cloud.txt | 4 ++-- requirements/static/ci/py3.8/freebsd.txt | 3 +-- requirements/static/ci/py3.8/lint.txt | 3 ++- requirements/static/ci/py3.8/linux.txt | 4 ++-- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/cloud.txt | 4 ++-- requirements/static/ci/py3.9/darwin.txt | 3 +-- requirements/static/ci/py3.9/freebsd.txt | 3 +-- requirements/static/ci/py3.9/lint.txt | 3 ++- requirements/static/ci/py3.9/linux.txt | 4 ++-- requirements/static/ci/py3.9/windows.txt | 2 +- requirements/static/pkg/linux.in | 1 + requirements/static/pkg/py3.10/darwin.txt | 3 +-- requirements/static/pkg/py3.10/freebsd.txt | 3 +-- requirements/static/pkg/py3.10/linux.txt | 7 ++++--- requirements/static/pkg/py3.10/windows.txt | 2 +- requirements/static/pkg/py3.7/freebsd.txt | 3 +-- requirements/static/pkg/py3.7/linux.txt | 7 ++++--- requirements/static/pkg/py3.7/windows.txt | 2 +- requirements/static/pkg/py3.8/freebsd.txt | 3 +-- requirements/static/pkg/py3.8/linux.txt | 7 ++++--- requirements/static/pkg/py3.8/windows.txt | 2 +- requirements/static/pkg/py3.9/darwin.txt | 3 +-- requirements/static/pkg/py3.9/freebsd.txt | 3 +-- requirements/static/pkg/py3.9/linux.txt | 7 ++++--- requirements/static/pkg/py3.9/windows.txt | 2 +- requirements/windows.txt | 2 +- 40 files changed, 68 insertions(+), 66 deletions(-) create mode 100644 changelog/63882.security.md diff --git a/changelog/63882.security.md b/changelog/63882.security.md new file mode 100644 index 000000000000..d592f1372d72 --- /dev/null +++ b/changelog/63882.security.md @@ -0,0 +1,5 @@ +Upgrade Requirements Due to Security Issues. + +* Upgrade to `cryptography>=39.0.1` due to: + * https://github.com/advisories/GHSA-x4qr-2fvf-3mr5 + * https://github.com/advisories/GHSA-w7pp-m8wf-vj6r diff --git a/requirements/darwin.txt b/requirements/darwin.txt index ebd6e174696a..8f157d3387f8 100644 --- a/requirements/darwin.txt +++ b/requirements/darwin.txt @@ -5,7 +5,7 @@ apache-libcloud>=2.4.0 backports.ssl_match_hostname>=3.7.0.1; python_version < '3.7' cherrypy>=17.4.1 -cryptography>=2.6.1 +cryptography>=39.0.1 gitpython>=3.1.30; python_version >= '3.7' idna>=2.8 linode-python>=1.1.1 diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index aa15dd90e2b0..0be345391fef 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -385,8 +385,9 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via + # -r requirements/static/pkg/linux.in # adal # azure-cosmosdb-table # azure-keyvault @@ -807,7 +808,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 75d7a117c1b5..fc7011854e8e 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -386,7 +386,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via # -r requirements/darwin.txt # adal @@ -800,7 +800,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index f67c0c60268d..5634f932fb0f 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -384,7 +384,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via # adal # azure-cosmosdb-table @@ -796,7 +796,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index a564ae9b00ad..c896951fe801 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -390,8 +390,9 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.4.7 +cryptography==39.0.2 # via + # -r requirements/static/pkg/linux.in # adal # ansible-core # azure-cosmosdb-table diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index d1ab1dee4177..80997206e924 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -398,8 +398,9 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via + # -r requirements/static/pkg/linux.in # adal # ansible-core # azure-cosmosdb-table @@ -833,7 +834,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index 265b2dfb66da..eafea0b25057 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -71,7 +71,7 @@ colorama==0.4.1 # via pytest contextvars==2.4 # via -r requirements/base.txt -cryptography==3.4.7 +cryptography==39.0.2 # via # -r requirements/windows.txt # etcd3-py diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index 6b4e2129b380..984cafb66b43 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -392,8 +392,9 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via + # -r requirements/static/pkg/linux.in # adal # azure-cosmosdb-table # azure-keyvault @@ -856,7 +857,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 8740222b714d..f10fde1ef60a 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -391,7 +391,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via # adal # azure-cosmosdb-table @@ -839,7 +839,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index ee878c1e38df..d524c68a311a 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -399,8 +399,9 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.4.7 +cryptography==39.0.2 # via + # -r requirements/static/pkg/linux.in # adal # ansible-core # azure-cosmosdb-table diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 0ec357f1038d..98ecd320aeff 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -405,8 +405,9 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via + # -r requirements/static/pkg/linux.in # adal # ansible-core # azure-cosmosdb-table @@ -878,7 +879,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index 024a5d7bdc28..fb70497ae4b4 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -77,7 +77,7 @@ colorama==0.4.1 # via pytest contextvars==2.4 # via -r requirements/base.txt -cryptography==3.4.7 +cryptography==39.0.2 # via # -r requirements/windows.txt # etcd3-py diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index 558984c02e07..805c73a1b4cd 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -390,8 +390,9 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via + # -r requirements/static/pkg/linux.in # adal # azure-cosmosdb-table # azure-keyvault @@ -845,7 +846,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index fbace010c72c..549d3da04802 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -389,7 +389,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via # adal # azure-cosmosdb-table @@ -829,7 +829,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index b2de8278b693..01d863a5be23 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -397,8 +397,9 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.4.7 +cryptography==39.0.2 # via + # -r requirements/static/pkg/linux.in # adal # ansible-core # azure-cosmosdb-table diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 66550bd047dd..c495f71a5c87 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -403,8 +403,9 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via + # -r requirements/static/pkg/linux.in # adal # ansible-core # azure-cosmosdb-table @@ -866,7 +867,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 42b3da15f552..b830179f17d9 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -73,7 +73,7 @@ colorama==0.4.1 # via pytest contextvars==2.4 # via -r requirements/base.txt -cryptography==3.4.7 +cryptography==39.0.2 # via # -r requirements/windows.txt # etcd3-py diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index b9bd2abca6a3..985b8ea271f7 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -390,8 +390,9 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via + # -r requirements/static/pkg/linux.in # adal # azure-cosmosdb-table # azure-keyvault @@ -848,7 +849,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index 471416696b3f..a5a05356a9ae 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -391,7 +391,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via # -r requirements/darwin.txt # adal @@ -836,7 +836,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index 2ac12e3f50d0..9a1cad6bb1c3 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -389,7 +389,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via # adal # azure-cosmosdb-table @@ -832,7 +832,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index bcee7fb59a80..983e2d5de736 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -395,8 +395,9 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.4.7 +cryptography==39.0.2 # via + # -r requirements/static/pkg/linux.in # adal # ansible-core # azure-cosmosdb-table diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index 9b910c3f48e1..1f5e131e3634 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -405,8 +405,9 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==3.3.2 +cryptography==39.0.2 # via + # -r requirements/static/pkg/linux.in # adal # ansible-core # azure-cosmosdb-table @@ -871,7 +872,6 @@ six==1.16.0 # bcrypt # cassandra-driver # cheroot - # cryptography # etcd3-py # genshi # geomet diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index 8c2bc2144fd1..213bc5bd83a7 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -73,7 +73,7 @@ colorama==0.4.1 # via pytest contextvars==2.4 # via -r requirements/base.txt -cryptography==3.4.7 +cryptography==39.0.2 # via # -r requirements/windows.txt # etcd3-py diff --git a/requirements/static/pkg/linux.in b/requirements/static/pkg/linux.in index baed44be17c7..3555af3b9c30 100644 --- a/requirements/static/pkg/linux.in +++ b/requirements/static/pkg/linux.in @@ -10,3 +10,4 @@ rpm-vercmp setproctitle>=1.2.3 timelib>=0.2.5 importlib-metadata>=3.3.0 +cryptography>=39.0.1 diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index 3234ecf5e771..e49f3f70761b 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -18,7 +18,7 @@ cherrypy==18.6.1 # via -r requirements/darwin.txt contextvars==2.4 # via -r requirements/base.txt -cryptography==3.3.2 +cryptography==39.0.2 # via # -r requirements/darwin.txt # pyopenssl @@ -106,7 +106,6 @@ setproctitle==1.3.2 six==1.16.0 # via # cheroot - # cryptography # pyopenssl # python-dateutil smmap==3.0.2 diff --git a/requirements/static/pkg/py3.10/freebsd.txt b/requirements/static/pkg/py3.10/freebsd.txt index e34627b28a35..d8f815ea4771 100644 --- a/requirements/static/pkg/py3.10/freebsd.txt +++ b/requirements/static/pkg/py3.10/freebsd.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/freebsd.in contextvars==2.4 # via -r requirements/base.txt -cryptography==3.3.2 +cryptography==39.0.2 # via pyopenssl distro==1.5.0 # via @@ -88,7 +88,6 @@ setproctitle==1.3.2 six==1.16.0 # via # cheroot - # cryptography # more-itertools # pyopenssl # python-dateutil diff --git a/requirements/static/pkg/py3.10/linux.txt b/requirements/static/pkg/py3.10/linux.txt index f82f067553e3..c7cb948af926 100644 --- a/requirements/static/pkg/py3.10/linux.txt +++ b/requirements/static/pkg/py3.10/linux.txt @@ -16,8 +16,10 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/linux.in contextvars==2.4 # via -r requirements/base.txt -cryptography==3.3.2 - # via pyopenssl +cryptography==39.0.2 + # via + # -r requirements/static/pkg/linux.in + # pyopenssl distro==1.5.0 # via -r requirements/base.txt idna==2.8 @@ -88,7 +90,6 @@ setproctitle==1.3.2 six==1.16.0 # via # cheroot - # cryptography # more-itertools # pyopenssl # python-dateutil diff --git a/requirements/static/pkg/py3.10/windows.txt b/requirements/static/pkg/py3.10/windows.txt index f7713b8b9a05..cd5cbbabd1cf 100644 --- a/requirements/static/pkg/py3.10/windows.txt +++ b/requirements/static/pkg/py3.10/windows.txt @@ -23,7 +23,7 @@ clr-loader==0.2.4 # via pythonnet contextvars==2.4 # via -r requirements/base.txt -cryptography==3.4.7 +cryptography==39.0.2 # via # -r requirements/windows.txt # pyopenssl diff --git a/requirements/static/pkg/py3.7/freebsd.txt b/requirements/static/pkg/py3.7/freebsd.txt index b1cb9e6f64cd..c79281d18555 100644 --- a/requirements/static/pkg/py3.7/freebsd.txt +++ b/requirements/static/pkg/py3.7/freebsd.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/freebsd.in contextvars==2.4 # via -r requirements/base.txt -cryptography==3.3.2 +cryptography==39.0.2 # via pyopenssl distro==1.5.0 # via @@ -86,7 +86,6 @@ setproctitle==1.3.2 six==1.16.0 # via # cheroot - # cryptography # more-itertools # pyopenssl # python-dateutil diff --git a/requirements/static/pkg/py3.7/linux.txt b/requirements/static/pkg/py3.7/linux.txt index c59877186214..a55c7fa62bf8 100644 --- a/requirements/static/pkg/py3.7/linux.txt +++ b/requirements/static/pkg/py3.7/linux.txt @@ -16,8 +16,10 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/linux.in contextvars==2.4 # via -r requirements/base.txt -cryptography==3.3.2 - # via pyopenssl +cryptography==39.0.2 + # via + # -r requirements/static/pkg/linux.in + # pyopenssl distro==1.5.0 # via -r requirements/base.txt idna==2.8 @@ -86,7 +88,6 @@ setproctitle==1.3.2 six==1.16.0 # via # cheroot - # cryptography # more-itertools # pyopenssl # python-dateutil diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index 795acec69967..3ea3dcb3b527 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -23,7 +23,7 @@ clr-loader==0.2.4 # via pythonnet contextvars==2.4 # via -r requirements/base.txt -cryptography==3.4.7 +cryptography==39.0.2 # via # -r requirements/windows.txt # pyopenssl diff --git a/requirements/static/pkg/py3.8/freebsd.txt b/requirements/static/pkg/py3.8/freebsd.txt index 8e46fd2742e7..e39a28599dec 100644 --- a/requirements/static/pkg/py3.8/freebsd.txt +++ b/requirements/static/pkg/py3.8/freebsd.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/freebsd.in contextvars==2.4 # via -r requirements/base.txt -cryptography==3.3.2 +cryptography==39.0.2 # via pyopenssl distro==1.5.0 # via @@ -86,7 +86,6 @@ setproctitle==1.3.2 six==1.16.0 # via # cheroot - # cryptography # more-itertools # pyopenssl # python-dateutil diff --git a/requirements/static/pkg/py3.8/linux.txt b/requirements/static/pkg/py3.8/linux.txt index e33e43c56d3d..4bf289e82cef 100644 --- a/requirements/static/pkg/py3.8/linux.txt +++ b/requirements/static/pkg/py3.8/linux.txt @@ -16,8 +16,10 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/linux.in contextvars==2.4 # via -r requirements/base.txt -cryptography==3.3.2 - # via pyopenssl +cryptography==39.0.2 + # via + # -r requirements/static/pkg/linux.in + # pyopenssl distro==1.5.0 # via -r requirements/base.txt idna==2.8 @@ -86,7 +88,6 @@ setproctitle==1.3.2 six==1.16.0 # via # cheroot - # cryptography # more-itertools # pyopenssl # python-dateutil diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index cec5b3f4da4c..66f133ee46b3 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -23,7 +23,7 @@ clr-loader==0.2.4 # via pythonnet contextvars==2.4 # via -r requirements/base.txt -cryptography==3.4.7 +cryptography==39.0.2 # via # -r requirements/windows.txt # pyopenssl diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index b7484906ee06..43dcc07c414f 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -18,7 +18,7 @@ cherrypy==18.6.1 # via -r requirements/darwin.txt contextvars==2.4 # via -r requirements/base.txt -cryptography==3.3.2 +cryptography==39.0.2 # via # -r requirements/darwin.txt # pyopenssl @@ -106,7 +106,6 @@ setproctitle==1.3.2 six==1.16.0 # via # cheroot - # cryptography # pyopenssl # python-dateutil smmap==3.0.2 diff --git a/requirements/static/pkg/py3.9/freebsd.txt b/requirements/static/pkg/py3.9/freebsd.txt index 2d9583f4d9a5..e9dba71820ad 100644 --- a/requirements/static/pkg/py3.9/freebsd.txt +++ b/requirements/static/pkg/py3.9/freebsd.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/freebsd.in contextvars==2.4 # via -r requirements/base.txt -cryptography==3.3.2 +cryptography==39.0.2 # via pyopenssl distro==1.5.0 # via @@ -88,7 +88,6 @@ setproctitle==1.3.2 six==1.16.0 # via # cheroot - # cryptography # more-itertools # pyopenssl # python-dateutil diff --git a/requirements/static/pkg/py3.9/linux.txt b/requirements/static/pkg/py3.9/linux.txt index fb9a9fc775c0..531e9c764509 100644 --- a/requirements/static/pkg/py3.9/linux.txt +++ b/requirements/static/pkg/py3.9/linux.txt @@ -16,8 +16,10 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/linux.in contextvars==2.4 # via -r requirements/base.txt -cryptography==3.3.2 - # via pyopenssl +cryptography==39.0.2 + # via + # -r requirements/static/pkg/linux.in + # pyopenssl distro==1.5.0 # via -r requirements/base.txt idna==2.8 @@ -88,7 +90,6 @@ setproctitle==1.3.2 six==1.16.0 # via # cheroot - # cryptography # more-itertools # pyopenssl # python-dateutil diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index 79418f826020..7c917d405007 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -23,7 +23,7 @@ clr-loader==0.2.4 # via pythonnet contextvars==2.4 # via -r requirements/base.txt -cryptography==3.4.7 +cryptography==39.0.2 # via # -r requirements/windows.txt # pyopenssl diff --git a/requirements/windows.txt b/requirements/windows.txt index fddac463c2a0..6fd3f75cabdb 100644 --- a/requirements/windows.txt +++ b/requirements/windows.txt @@ -10,7 +10,7 @@ backports.ssl-match-hostname>=3.7.0.1; python_version < '3.7' certifi>=2022.12.07 cffi>=1.14.5 cherrypy>=18.6.1 -cryptography>=3.4.7 +cryptography>=39.0.1 gitpython>=3.1.30; python_version >= '3.7' ioloop>=0.1a0 lxml>=4.6.3 From 9a32f14e41b189b9f88098fc9c8afcec0ffa8f88 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 14 Mar 2023 19:54:51 +0000 Subject: [PATCH 43/46] Upgrade to pyopenssl==23.0.0 due to the cryptography upgrade. Signed-off-by: Pedro Algarvio --- changelog/63882.security.md | 1 + requirements/static/ci/py3.10/cloud.txt | 3 +-- requirements/static/ci/py3.10/darwin.txt | 3 +-- requirements/static/ci/py3.10/freebsd.txt | 3 +-- requirements/static/ci/py3.10/lint.txt | 3 +-- requirements/static/ci/py3.10/linux.txt | 3 +-- requirements/static/ci/py3.10/windows.txt | 3 +-- requirements/static/ci/py3.7/cloud.txt | 3 +-- requirements/static/ci/py3.7/freebsd.txt | 3 +-- requirements/static/ci/py3.7/lint.txt | 3 +-- requirements/static/ci/py3.7/linux.txt | 3 +-- requirements/static/ci/py3.7/windows.txt | 3 +-- requirements/static/ci/py3.8/cloud.txt | 3 +-- requirements/static/ci/py3.8/freebsd.txt | 3 +-- requirements/static/ci/py3.8/lint.txt | 3 +-- requirements/static/ci/py3.8/linux.txt | 3 +-- requirements/static/ci/py3.8/windows.txt | 3 +-- requirements/static/ci/py3.9/cloud.txt | 3 +-- requirements/static/ci/py3.9/darwin.txt | 3 +-- requirements/static/ci/py3.9/freebsd.txt | 3 +-- requirements/static/ci/py3.9/lint.txt | 3 +-- requirements/static/ci/py3.9/linux.txt | 3 +-- requirements/static/ci/py3.9/windows.txt | 3 +-- requirements/static/pkg/py3.10/darwin.txt | 3 +-- requirements/static/pkg/py3.10/freebsd.txt | 3 +-- requirements/static/pkg/py3.10/linux.txt | 3 +-- requirements/static/pkg/py3.10/windows.txt | 3 +-- requirements/static/pkg/py3.7/freebsd.txt | 3 +-- requirements/static/pkg/py3.7/linux.txt | 3 +-- requirements/static/pkg/py3.7/windows.txt | 3 +-- requirements/static/pkg/py3.8/freebsd.txt | 3 +-- requirements/static/pkg/py3.8/linux.txt | 3 +-- requirements/static/pkg/py3.8/windows.txt | 3 +-- requirements/static/pkg/py3.9/darwin.txt | 3 +-- requirements/static/pkg/py3.9/freebsd.txt | 3 +-- requirements/static/pkg/py3.9/linux.txt | 3 +-- requirements/static/pkg/py3.9/windows.txt | 3 +-- 37 files changed, 37 insertions(+), 72 deletions(-) diff --git a/changelog/63882.security.md b/changelog/63882.security.md index d592f1372d72..b139e778eebd 100644 --- a/changelog/63882.security.md +++ b/changelog/63882.security.md @@ -3,3 +3,4 @@ Upgrade Requirements Due to Security Issues. * Upgrade to `cryptography>=39.0.1` due to: * https://github.com/advisories/GHSA-x4qr-2fvf-3mr5 * https://github.com/advisories/GHSA-w7pp-m8wf-vj6r +* Upgrade to `pyopenssl==23.0.0` due to the cryptography upgrade. diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index 0be345391fef..74213f7c962c 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -671,7 +671,7 @@ pyjwt==2.4.0 # via adal pynacl==1.4.0 # via paramiko -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/linux.in # etcd3-py @@ -821,7 +821,6 @@ six==1.16.0 # paramiko # profitbricks # pynacl - # pyopenssl # pypsexec # python-dateutil # pyvmomi diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index fc7011854e8e..9b82dc76155d 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -672,7 +672,7 @@ pyjwt==2.4.0 # via adal pynacl==1.3.0 # via paramiko -pyopenssl==19.0.0 +pyopenssl==23.0.0 # via # -r requirements/darwin.txt # etcd3-py @@ -813,7 +813,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-dateutil # pyvmomi # responses diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 5634f932fb0f..1dc6b98462dc 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -669,7 +669,7 @@ pyjwt==2.4.0 # via adal pynacl==1.3.0 # via paramiko -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/freebsd.in # etcd3-py @@ -811,7 +811,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-dateutil # pyvmomi # responses diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index c896951fe801..a3a1f55d398c 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -675,7 +675,7 @@ pymysql==1.0.2 ; python_version > "3.5" # via -r requirements/static/ci/linux.in pynacl==1.4.0 # via paramiko -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/linux.in # etcd3-py @@ -794,7 +794,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-consul # python-dateutil # pyvmomi diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index 80997206e924..9bad6a4db403 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -689,7 +689,7 @@ pymysql==1.0.2 ; python_version > "3.5" # via -r requirements/static/ci/linux.in pynacl==1.3.0 # via paramiko -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/linux.in # etcd3-py @@ -848,7 +848,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-consul # python-dateutil # pyvmomi diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index eafea0b25057..a2427697092c 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -239,7 +239,7 @@ pymssql==2.2.7 # via -r requirements/windows.txt pymysql==1.0.2 # via -r requirements/windows.txt -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via # -r requirements/windows.txt # etcd3-py @@ -364,7 +364,6 @@ six==1.15.0 # jsonschema # kubernetes # mock - # pyopenssl # python-dateutil # pyvmomi # pywinrm diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index 984cafb66b43..bde1f0ba3b95 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -713,7 +713,7 @@ pyjwt==2.4.0 # via adal pynacl==1.4.0 # via paramiko -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/linux.in # etcd3-py @@ -870,7 +870,6 @@ six==1.16.0 # paramiko # profitbricks # pynacl - # pyopenssl # pypsexec # python-dateutil # pyvmomi diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index f10fde1ef60a..b09283b6b714 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -705,7 +705,7 @@ pyjwt==2.4.0 # via adal pynacl==1.3.0 # via paramiko -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/freebsd.in # etcd3-py @@ -854,7 +854,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-dateutil # pyvmomi # responses diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index d524c68a311a..56ded064f0b5 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -718,7 +718,7 @@ pymysql==1.0.2 ; python_version > "3.5" # via -r requirements/static/ci/linux.in pynacl==1.4.0 # via paramiko -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/linux.in # etcd3-py @@ -844,7 +844,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-consul # python-dateutil # pyvmomi diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 98ecd320aeff..c2b36fdb36b9 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -725,7 +725,7 @@ pymysql==1.0.2 ; python_version > "3.5" # via -r requirements/static/ci/linux.in pynacl==1.3.0 # via paramiko -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/linux.in # etcd3-py @@ -893,7 +893,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-consul # python-dateutil # pyvmomi diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index fb70497ae4b4..2821b15bc031 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -252,7 +252,7 @@ pymssql==2.2.1 # via -r requirements/windows.txt pymysql==1.0.2 # via -r requirements/windows.txt -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via # -r requirements/windows.txt # etcd3-py @@ -378,7 +378,6 @@ six==1.15.0 # jsonschema # kubernetes # mock - # pyopenssl # python-dateutil # pyvmomi # pywinrm diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index 805c73a1b4cd..85d503331d71 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -702,7 +702,7 @@ pyjwt==2.4.0 # via adal pynacl==1.4.0 # via paramiko -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/linux.in # etcd3-py @@ -859,7 +859,6 @@ six==1.16.0 # paramiko # profitbricks # pynacl - # pyopenssl # pypsexec # python-dateutil # pyvmomi diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 549d3da04802..d7db453ff39e 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -695,7 +695,7 @@ pyjwt==2.4.0 # via adal pynacl==1.3.0 # via paramiko -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/freebsd.in # etcd3-py @@ -844,7 +844,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-dateutil # pyvmomi # responses diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index 01d863a5be23..b9112a901424 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -709,7 +709,7 @@ pymysql==1.0.2 ; python_version > "3.5" # via -r requirements/static/ci/linux.in pynacl==1.4.0 # via paramiko -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/linux.in # etcd3-py @@ -835,7 +835,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-consul # python-dateutil # pyvmomi diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index c495f71a5c87..c63fbc126d77 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -715,7 +715,7 @@ pymysql==1.0.2 ; python_version > "3.5" # via -r requirements/static/ci/linux.in pynacl==1.3.0 # via paramiko -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/linux.in # etcd3-py @@ -881,7 +881,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-consul # python-dateutil # pyvmomi diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index b830179f17d9..80082ee5443f 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -240,7 +240,7 @@ pymssql==2.2.1 # via -r requirements/windows.txt pymysql==1.0.2 # via -r requirements/windows.txt -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via # -r requirements/windows.txt # etcd3-py @@ -366,7 +366,6 @@ six==1.15.0 # jsonschema # kubernetes # mock - # pyopenssl # python-dateutil # pyvmomi # pywinrm diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 985b8ea271f7..08f57ab1c24d 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -705,7 +705,7 @@ pyjwt==2.4.0 # via adal pynacl==1.4.0 # via paramiko -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/linux.in # etcd3-py @@ -862,7 +862,6 @@ six==1.16.0 # paramiko # profitbricks # pynacl - # pyopenssl # pypsexec # python-dateutil # pyvmomi diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index a5a05356a9ae..e7f0109bb6a0 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -701,7 +701,7 @@ pyjwt==2.4.0 # via adal pynacl==1.3.0 # via paramiko -pyopenssl==19.0.0 +pyopenssl==23.0.0 # via # -r requirements/darwin.txt # etcd3-py @@ -849,7 +849,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-dateutil # pyvmomi # responses diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index 9a1cad6bb1c3..5c01bd43804b 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -698,7 +698,7 @@ pyjwt==2.4.0 # via adal pynacl==1.3.0 # via paramiko -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/freebsd.in # etcd3-py @@ -847,7 +847,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-dateutil # pyvmomi # responses diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 983e2d5de736..5cc37808c9d1 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -710,7 +710,7 @@ pymysql==1.0.2 ; python_version > "3.5" # via -r requirements/static/ci/linux.in pynacl==1.4.0 # via paramiko -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/linux.in # etcd3-py @@ -836,7 +836,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-consul # python-dateutil # pyvmomi diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index 1f5e131e3634..050570b49dcf 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -720,7 +720,7 @@ pymysql==1.0.2 ; python_version > "3.5" # via -r requirements/static/ci/linux.in pynacl==1.3.0 # via paramiko -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via # -r requirements/static/pkg/linux.in # etcd3-py @@ -886,7 +886,6 @@ six==1.16.0 # ncclient # paramiko # pynacl - # pyopenssl # python-consul # python-dateutil # pyvmomi diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index 213bc5bd83a7..dacf397da055 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -241,7 +241,7 @@ pymssql==2.2.1 # via -r requirements/windows.txt pymysql==1.0.2 # via -r requirements/windows.txt -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via # -r requirements/windows.txt # etcd3-py @@ -367,7 +367,6 @@ six==1.15.0 # jsonschema # kubernetes # mock - # pyopenssl # python-dateutil # pyvmomi # pywinrm diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index e49f3f70761b..0b681543ae5c 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -84,7 +84,7 @@ pycparser==2.21 # cffi pycryptodomex==3.9.8 # via -r requirements/crypto.txt -pyopenssl==19.0.0 +pyopenssl==23.0.0 # via -r requirements/darwin.txt python-dateutil==2.8.0 # via -r requirements/darwin.txt @@ -106,7 +106,6 @@ setproctitle==1.3.2 six==1.16.0 # via # cheroot - # pyopenssl # python-dateutil smmap==3.0.2 # via gitdb diff --git a/requirements/static/pkg/py3.10/freebsd.txt b/requirements/static/pkg/py3.10/freebsd.txt index d8f815ea4771..0c1a98b17f12 100644 --- a/requirements/static/pkg/py3.10/freebsd.txt +++ b/requirements/static/pkg/py3.10/freebsd.txt @@ -69,7 +69,7 @@ pycparser==2.21 ; python_version >= "3.9" # cffi pycryptodomex==3.9.8 # via -r requirements/crypto.txt -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via -r requirements/static/pkg/freebsd.in python-dateutil==2.8.1 # via -r requirements/static/pkg/freebsd.in @@ -89,7 +89,6 @@ six==1.16.0 # via # cheroot # more-itertools - # pyopenssl # python-dateutil tempora==4.1.1 # via portend diff --git a/requirements/static/pkg/py3.10/linux.txt b/requirements/static/pkg/py3.10/linux.txt index c7cb948af926..50a863a604c2 100644 --- a/requirements/static/pkg/py3.10/linux.txt +++ b/requirements/static/pkg/py3.10/linux.txt @@ -69,7 +69,7 @@ pycparser==2.21 ; python_version >= "3.9" # cffi pycryptodomex==3.9.8 # via -r requirements/crypto.txt -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via -r requirements/static/pkg/linux.in python-dateutil==2.8.1 # via -r requirements/static/pkg/linux.in @@ -91,7 +91,6 @@ six==1.16.0 # via # cheroot # more-itertools - # pyopenssl # python-dateutil tempora==4.1.1 # via portend diff --git a/requirements/static/pkg/py3.10/windows.txt b/requirements/static/pkg/py3.10/windows.txt index cd5cbbabd1cf..d205b3c28cbe 100644 --- a/requirements/static/pkg/py3.10/windows.txt +++ b/requirements/static/pkg/py3.10/windows.txt @@ -93,7 +93,7 @@ pymssql==2.2.7 # via -r requirements/windows.txt pymysql==1.0.2 # via -r requirements/windows.txt -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via -r requirements/windows.txt python-dateutil==2.8.1 # via -r requirements/windows.txt @@ -120,7 +120,6 @@ setproctitle==1.3.2 six==1.15.0 # via # cheroot - # pyopenssl # python-dateutil smmap==4.0.0 # via gitdb diff --git a/requirements/static/pkg/py3.7/freebsd.txt b/requirements/static/pkg/py3.7/freebsd.txt index c79281d18555..06b8baff901a 100644 --- a/requirements/static/pkg/py3.7/freebsd.txt +++ b/requirements/static/pkg/py3.7/freebsd.txt @@ -67,7 +67,7 @@ pycparser==2.17 # via cffi pycryptodomex==3.9.8 # via -r requirements/crypto.txt -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via -r requirements/static/pkg/freebsd.in python-dateutil==2.8.1 # via -r requirements/static/pkg/freebsd.in @@ -87,7 +87,6 @@ six==1.16.0 # via # cheroot # more-itertools - # pyopenssl # python-dateutil tempora==4.1.1 # via portend diff --git a/requirements/static/pkg/py3.7/linux.txt b/requirements/static/pkg/py3.7/linux.txt index a55c7fa62bf8..6f5f4715f1ae 100644 --- a/requirements/static/pkg/py3.7/linux.txt +++ b/requirements/static/pkg/py3.7/linux.txt @@ -67,7 +67,7 @@ pycparser==2.17 # via cffi pycryptodomex==3.9.8 # via -r requirements/crypto.txt -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via -r requirements/static/pkg/linux.in python-dateutil==2.8.1 # via -r requirements/static/pkg/linux.in @@ -89,7 +89,6 @@ six==1.16.0 # via # cheroot # more-itertools - # pyopenssl # python-dateutil tempora==4.1.1 # via portend diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index 3ea3dcb3b527..88f06315e621 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -95,7 +95,7 @@ pymssql==2.2.1 # via -r requirements/windows.txt pymysql==1.0.2 # via -r requirements/windows.txt -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via -r requirements/windows.txt python-dateutil==2.8.1 # via -r requirements/windows.txt @@ -123,7 +123,6 @@ setproctitle==1.3.2 six==1.15.0 # via # cheroot - # pyopenssl # python-dateutil smmap==4.0.0 # via gitdb diff --git a/requirements/static/pkg/py3.8/freebsd.txt b/requirements/static/pkg/py3.8/freebsd.txt index e39a28599dec..f0f9cb52c14a 100644 --- a/requirements/static/pkg/py3.8/freebsd.txt +++ b/requirements/static/pkg/py3.8/freebsd.txt @@ -67,7 +67,7 @@ pycparser==2.17 # via cffi pycryptodomex==3.9.8 # via -r requirements/crypto.txt -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via -r requirements/static/pkg/freebsd.in python-dateutil==2.8.1 # via -r requirements/static/pkg/freebsd.in @@ -87,7 +87,6 @@ six==1.16.0 # via # cheroot # more-itertools - # pyopenssl # python-dateutil tempora==4.1.1 # via portend diff --git a/requirements/static/pkg/py3.8/linux.txt b/requirements/static/pkg/py3.8/linux.txt index 4bf289e82cef..01da74d3da37 100644 --- a/requirements/static/pkg/py3.8/linux.txt +++ b/requirements/static/pkg/py3.8/linux.txt @@ -67,7 +67,7 @@ pycparser==2.17 # via cffi pycryptodomex==3.9.8 # via -r requirements/crypto.txt -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via -r requirements/static/pkg/linux.in python-dateutil==2.8.1 # via -r requirements/static/pkg/linux.in @@ -89,7 +89,6 @@ six==1.16.0 # via # cheroot # more-itertools - # pyopenssl # python-dateutil tempora==4.1.1 # via portend diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index 66f133ee46b3..1161bd302750 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -93,7 +93,7 @@ pymssql==2.2.1 # via -r requirements/windows.txt pymysql==1.0.2 # via -r requirements/windows.txt -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via -r requirements/windows.txt python-dateutil==2.8.1 # via -r requirements/windows.txt @@ -121,7 +121,6 @@ setproctitle==1.3.2 six==1.15.0 # via # cheroot - # pyopenssl # python-dateutil smmap==4.0.0 # via gitdb diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index 43dcc07c414f..979b60339300 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -84,7 +84,7 @@ pycparser==2.21 # cffi pycryptodomex==3.9.8 # via -r requirements/crypto.txt -pyopenssl==19.0.0 +pyopenssl==23.0.0 # via -r requirements/darwin.txt python-dateutil==2.8.0 # via -r requirements/darwin.txt @@ -106,7 +106,6 @@ setproctitle==1.3.2 six==1.16.0 # via # cheroot - # pyopenssl # python-dateutil smmap==3.0.2 # via gitdb diff --git a/requirements/static/pkg/py3.9/freebsd.txt b/requirements/static/pkg/py3.9/freebsd.txt index e9dba71820ad..2aa66565594d 100644 --- a/requirements/static/pkg/py3.9/freebsd.txt +++ b/requirements/static/pkg/py3.9/freebsd.txt @@ -69,7 +69,7 @@ pycparser==2.21 ; python_version >= "3.9" # cffi pycryptodomex==3.9.8 # via -r requirements/crypto.txt -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via -r requirements/static/pkg/freebsd.in python-dateutil==2.8.1 # via -r requirements/static/pkg/freebsd.in @@ -89,7 +89,6 @@ six==1.16.0 # via # cheroot # more-itertools - # pyopenssl # python-dateutil tempora==4.1.1 # via portend diff --git a/requirements/static/pkg/py3.9/linux.txt b/requirements/static/pkg/py3.9/linux.txt index 531e9c764509..704ced76aea4 100644 --- a/requirements/static/pkg/py3.9/linux.txt +++ b/requirements/static/pkg/py3.9/linux.txt @@ -69,7 +69,7 @@ pycparser==2.21 ; python_version >= "3.9" # cffi pycryptodomex==3.9.8 # via -r requirements/crypto.txt -pyopenssl==19.1.0 +pyopenssl==23.0.0 # via -r requirements/static/pkg/linux.in python-dateutil==2.8.1 # via -r requirements/static/pkg/linux.in @@ -91,7 +91,6 @@ six==1.16.0 # via # cheroot # more-itertools - # pyopenssl # python-dateutil tempora==4.1.1 # via portend diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index 7c917d405007..bac77f07e6d5 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -93,7 +93,7 @@ pymssql==2.2.1 # via -r requirements/windows.txt pymysql==1.0.2 # via -r requirements/windows.txt -pyopenssl==20.0.1 +pyopenssl==23.0.0 # via -r requirements/windows.txt python-dateutil==2.8.1 # via -r requirements/windows.txt @@ -121,7 +121,6 @@ setproctitle==1.3.2 six==1.15.0 # via # cheroot - # pyopenssl # python-dateutil smmap==4.0.0 # via gitdb From 3f6f5a6078cda275efda2cbc6ed354b01d47f7db Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 15 Mar 2023 06:24:00 +0000 Subject: [PATCH 44/46] Update to `markdown-it-py==2.2.0` Due to: * https://github.com/advisories/GHSA-jrwr-5x3p-hvc3 * https://github.com/advisories/GHSA-vrjv-mxr7-vjf8 Signed-off-by: Pedro Algarvio --- changelog/63882.security.md | 3 +++ requirements/static/ci/py3.10/docs.txt | 2 +- requirements/static/ci/py3.7/docs.txt | 2 +- requirements/static/ci/py3.8/docs.txt | 2 +- requirements/static/ci/py3.9/docs.txt | 2 +- 5 files changed, 7 insertions(+), 4 deletions(-) diff --git a/changelog/63882.security.md b/changelog/63882.security.md index b139e778eebd..90374cb28396 100644 --- a/changelog/63882.security.md +++ b/changelog/63882.security.md @@ -4,3 +4,6 @@ Upgrade Requirements Due to Security Issues. * https://github.com/advisories/GHSA-x4qr-2fvf-3mr5 * https://github.com/advisories/GHSA-w7pp-m8wf-vj6r * Upgrade to `pyopenssl==23.0.0` due to the cryptography upgrade. +* Update to `markdown-it-py==2.2.0` due to: + * https://github.com/advisories/GHSA-jrwr-5x3p-hvc3 + * https://github.com/advisories/GHSA-vrjv-mxr7-vjf8 diff --git a/requirements/static/ci/py3.10/docs.txt b/requirements/static/ci/py3.10/docs.txt index 5bdd38ff930f..3ab9f5eab1a4 100644 --- a/requirements/static/ci/py3.10/docs.txt +++ b/requirements/static/ci/py3.10/docs.txt @@ -78,7 +78,7 @@ looseversion==1.0.2 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/base.txt -markdown-it-py==2.1.0 +markdown-it-py==2.2.0 # via # mdit-py-plugins # myst-docutils diff --git a/requirements/static/ci/py3.7/docs.txt b/requirements/static/ci/py3.7/docs.txt index eb989910d526..78983020144e 100644 --- a/requirements/static/ci/py3.7/docs.txt +++ b/requirements/static/ci/py3.7/docs.txt @@ -82,7 +82,7 @@ looseversion==1.0.2 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/base.txt -markdown-it-py==2.1.0 +markdown-it-py==2.2.0 # via # mdit-py-plugins # myst-docutils diff --git a/requirements/static/ci/py3.8/docs.txt b/requirements/static/ci/py3.8/docs.txt index 05d47e714327..fb8348f70bca 100644 --- a/requirements/static/ci/py3.8/docs.txt +++ b/requirements/static/ci/py3.8/docs.txt @@ -78,7 +78,7 @@ looseversion==1.0.2 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/base.txt -markdown-it-py==2.1.0 +markdown-it-py==2.2.0 # via # mdit-py-plugins # myst-docutils diff --git a/requirements/static/ci/py3.9/docs.txt b/requirements/static/ci/py3.9/docs.txt index d364b113a864..b8f13d0cb66d 100644 --- a/requirements/static/ci/py3.9/docs.txt +++ b/requirements/static/ci/py3.9/docs.txt @@ -82,7 +82,7 @@ looseversion==1.0.2 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/base.txt -markdown-it-py==2.1.0 +markdown-it-py==2.2.0 # via # mdit-py-plugins # myst-docutils From 18babefe14999d1adee0091619e4b35294feb71f Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 21 Mar 2023 15:03:36 +0000 Subject: [PATCH 45/46] Get more information when installing packaging dependencies from source Signed-off-by: Pedro Algarvio --- tools/pkg/build.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/tools/pkg/build.py b/tools/pkg/build.py index be5f347cbd43..d7735e2d4e74 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -253,12 +253,18 @@ def onedir_dependencies( create(dest, arch=arch, version=python_version) + install_args = ["-v"] if platform == "windows": python_bin = dest / "Scripts" / "python" - no_binary = [] else: python_bin = dest / "bin" / "python3" - no_binary = ["--no-binary=:all:"] + install_args.extend( + [ + "--use-pep517", + "--no-cache-dir", + "--no-binary=:all:", + ] + ) version_info = ctx.run( str(python_bin), @@ -285,9 +291,9 @@ def onedir_dependencies( "-m", "pip", "install", + *install_args, "-r", str(requirements_file), - *no_binary, ) From e9ce7a60a595813f20af58d64100672ee9831ca7 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Mon, 20 Mar 2023 19:28:20 +0000 Subject: [PATCH 46/46] Switch `pytest.deprecated_call` to `pytest.warns`. Skip serial check for `tests/pytests/functional/states/test_x509_v2.py::test_certificate_managed_chain_change[existing_cert_chain1]` Signed-off-by: Pedro Algarvio --- .../pytests/functional/states/test_x509_v2.py | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/pytests/functional/states/test_x509_v2.py b/tests/pytests/functional/states/test_x509_v2.py index fe7cea6ba840..e74bdd73f377 100644 --- a/tests/pytests/functional/states/test_x509_v2.py +++ b/tests/pytests/functional/states/test_x509_v2.py @@ -1205,7 +1205,7 @@ def test_certificate_managed_chain_change( if cert_args["encoding"].startswith("pkcs7"): cert = cert[0] elif cert_args["encoding"] == "pkcs12": - if CRYPTOGRAPHY_VERSION[0] == 36: + if CRYPTOGRAPHY_VERSION[0] >= 36: # it seems (serial number) parsing of pkcs12 certificates is broken (?) in that release return cert = cert.cert.certificate @@ -2456,7 +2456,7 @@ def test_certificate_managed_should_not_fail_with_removed_args( cert_args["days_valid"] = 30 cert_args["days_remaining"] = 7 cert_args["private_key"] = rsa_privkey - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.certificate_managed(**cert_args, **arg) assert ret.result is True cert = _get_cert(cert_args["name"]) @@ -2469,7 +2469,7 @@ def test_certificate_managed_warns_about_algorithm_renaming( cert_args["days_valid"] = 30 cert_args["days_remaining"] = 7 cert_args["private_key"] = rsa_privkey - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.certificate_managed(**cert_args, algorithm="sha512") assert ret.result is True cert = _get_cert(cert_args["name"]) @@ -2483,7 +2483,7 @@ def test_certificate_managed_warns_about_long_name_attributes( cert_args["days_remaining"] = 7 cert_args["commonName"] = "success" cert_args["private_key"] = rsa_privkey - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.certificate_managed(**cert_args) assert ret.result is True cert = _get_cert(cert_args["name"]) @@ -2495,7 +2495,7 @@ def test_certificate_managed_warns_about_long_extensions(x509, cert_args, rsa_pr cert_args["days_valid"] = 30 cert_args["days_remaining"] = 7 cert_args["private_key"] = rsa_privkey - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.certificate_managed(**cert_args) assert ret.result is True cert = _get_cert(cert_args["name"]) @@ -2508,7 +2508,7 @@ def test_certificate_managed_warns_about_long_extensions(x509, cert_args, rsa_pr @pytest.mark.parametrize("arg", [{"version": 1}, {"text": True}]) def test_csr_managed_should_not_fail_with_removed_args(x509, arg, csr_args): - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.csr_managed(**csr_args, **arg) assert ret.result is True csr = _get_csr(csr_args["name"]) @@ -2516,7 +2516,7 @@ def test_csr_managed_should_not_fail_with_removed_args(x509, arg, csr_args): def test_csr_managed_warns_about_algorithm_renaming(x509, csr_args): - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.csr_managed(**csr_args, algorithm="sha512") assert ret.result is True csr = _get_csr(csr_args["name"]) @@ -2525,7 +2525,7 @@ def test_csr_managed_warns_about_algorithm_renaming(x509, csr_args): def test_csr_managed_warns_about_long_name_attributes(x509, csr_args): csr_args.pop("CN", None) - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.csr_managed(**csr_args, commonName="deprecated_yo") assert ret.result is True csr = _get_csr(csr_args["name"]) @@ -2534,7 +2534,7 @@ def test_csr_managed_warns_about_long_name_attributes(x509, csr_args): def test_csr_managed_warns_about_long_extensions(x509, csr_args): csr_args["X509v3 Basic Constraints"] = "critical CA:FALSE" - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.csr_managed(**csr_args) assert ret.result is True csr = _get_csr(csr_args["name"]) @@ -2549,7 +2549,7 @@ def test_csr_managed_warns_about_long_extensions(x509, csr_args): def test_crl_managed_should_not_fail_with_removed_args(x509, arg, crl_args): crl_args["days_remaining"] = 3 crl_args["days_valid"] = 7 - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.crl_managed(**crl_args, **arg) assert ret.result is True crl = _get_crl(crl_args["name"]) @@ -2564,7 +2564,7 @@ def test_crl_managed_should_recognize_old_style_revoked(x509, crl_args, crl_revo crl_args["revoked"] = revoked crl_args["days_remaining"] = 3 crl_args["days_valid"] = 7 - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.crl_managed(**crl_args) assert ret.result is True crl = _get_crl(crl_args["name"]) @@ -2587,7 +2587,7 @@ def test_crl_managed_should_recognize_old_style_revoked_for_change_detection( crl_args["revoked"] = revoked crl_args["days_remaining"] = 3 crl_args["days_valid"] = 7 - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.crl_managed(**crl_args) assert ret.result is True assert not ret.changes @@ -2598,7 +2598,7 @@ def test_crl_managed_should_recognize_old_style_reason(x509, crl_args): crl_args["revoked"] = revoked crl_args["days_remaining"] = 3 crl_args["days_valid"] = 7 - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.crl_managed(**crl_args) assert ret.result is True crl = _get_crl(crl_args["name"]) @@ -2614,14 +2614,14 @@ def test_crl_managed_should_recognize_old_style_reason(x509, crl_args): "arg", [{"cipher": "aes_256_cbc"}, {"verbose": True}, {"text": True}] ) def test_private_key_managed_should_not_fail_with_removed_args(x509, arg, pk_args): - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.private_key_managed(**pk_args, **arg) assert ret.result is True assert _get_privkey(pk_args["name"]) def test_private_key_managed_warns_about_bits_renaming(x509, pk_args): - with pytest.deprecated_call(): + with pytest.warns(DeprecationWarning): ret = x509.private_key_managed(**pk_args, bits=3072) assert ret.result is True pk = _get_privkey(pk_args["name"])