commit warewulf4 for openSUSE:Leap:16.0

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package warewulf4 for openSUSE:Leap:16.0 
checked in at 2025-07-21 15:30:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:16.0/warewulf4 (Old)
 and      /work/SRC/openSUSE:Leap:16.0/.warewulf4.new.8875 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "warewulf4"

Mon Jul 21 15:30:04 2025 rev:2 rq:1294381 version:4.6.2

Changes:
--------
--- /work/SRC/openSUSE:Leap:16.0/warewulf4/warewulf4.changes    2025-05-16 
08:30:09.315718116 +0200
+++ /work/SRC/openSUSE:Leap:16.0/.warewulf4.new.8875/warewulf4.changes  
2025-07-21 15:30:26.248262679 +0200
@@ -1,0 +2,82 @@
+Thu Jul 10 07:00:04 UTC 2025 - cg...@suse.com
+
+- update to 4.6.2 which contains the (preview) support for 
+  provisioning to local disk
+- incoperated from 4.6.1
+  * rest api which is disabled in the default configuration
+- removed following files as fixed upstream:
+  * fixup-pdf-build.patch
+  * security-fixes.patch
+  * udev-regression.patch
+- marked slurm as recommeneded in the warewulf4-overlay-slurm
+  package bsc#124608
+
+-------------------------------------------------------------------
+Fri Mar 28 09:59:27 UTC 2025 - Christian Goll <cg...@suse.com>
+
+- SUSEConnect is now correctly mounted into the images
+
+-------------------------------------------------------------------
+Wed Mar 26 12:43:35 UTC 2025 - Egbert Eich <e...@suse.com>
+
+- Fix typo in %post script.
+
+-------------------------------------------------------------------
+Wed Mar 19 13:04:30 UTC 2025 - Christian Goll <cg...@suse.com>
+
+- added security-fixes.patch which fixes
+  * CVE-2025-22869 bsc#1239322
+  * CVE-2025-22870 bsc#1238611
+- added udev-regression.patch to take care of bsc#1226654
+- renamed package warewulf-reference to warewulf-reference-doc
+  for better package description
+
+-------------------------------------------------------------------
+Mon Mar 03 09:21:05 UTC 2025 - cg...@suse.com
+
+- updated to 4.6.0 which is without any functional changes to 4.6.0rc3
+- removed WWWORKER-overwrites-runtime.NumCPU.patch as upstream 
+- added fixup-pdf-build.patch to build pdf which is published now
+  in the warewul4-reference package
+
+-------------------------------------------------------------------
+Wed Feb 26 16:26:11 UTC 2025 - Christian Goll <cg...@suse.com>
+
+- added WWWORKER-overwrites-runtime.NumCPU.patch for reproducible
+  builds
+
+-------------------------------------------------------------------
+Tue Feb 25 14:13:23 UTC 2025 - Christian Goll <cg...@suse.com>
+
+- Update to version 4.6.0rc3 what is a major upgrade with following
+  highlights:
+  * renamed container to images
+  * "sprig" functions in overlays
+  * support for yaml and json formatted output
+  * completely re-designed kernel selection support
+  * nested profiles
+  * arbitrary node and profile data in new "resources" structure
+  * moved NFS mount options to resources / fstab overlay
+  * split overlays by function
+  * split overlays, site vs distribution
+  * replaced defaults.conf with settings on default profile
+  * improved tabular output
+  * parallel overlay build
+  * improved networking functionality (static route, vlans, and bonds)
+  * kernel arguments as a list
+  * non-zero exit codes on wwctl errors
+  * fixed argument parsing for wwctl image exec
+  * Defined menu for ipxe boot
+  * Re-order SSH key types to make ed25519 default.
+- The configuation files nodes.conf and warewulf.conf will be updated
+  on upgrade and the unmodified configuration files will be saved 
+  as nodes.conf.4.5.x and warewulf.conf.4.5.x
+
+-------------------------------------------------------------------
+Fri Feb 21 08:17:53 UTC 2025 - Egbert Eich <e...@suse.com>
+
+- Provide an overlay package for the cluster-wide configuration
+  of an RKE2 cluster. This allows to share the connection token
+  across all node and sthe first server endpoint across all agents.
+
+-------------------------------------------------------------------
@@ -10,10 +92,11 @@
-- Warewulf v4.5.8 simplifies the "wwinit" boot process for SELinux and
-  configures tmpfs to spread the node image across all available NUMA nodes. It
-  also improves the detection of kernels in the container image to more
-  reliably detect the newest available kernel and to avoid debug / rescue
-  kernels.
-- Warewulf v4.5.7 fixes the ability to override overlay files configured in
-  profiles with overlays configured per-node; fixes a template processing bug
-  bug in development-time overlay rendering; and improves the preview
-  dracut-based boot process to better support a "secure" boot process.
-- rmeoved added-cow-option-to-bind.patch as now in upstream
+- Warewulf v4.5.8 simplifies the `wwinit` boot process for SELinux
+  and configures tmpfs to spread the node image across all
+  available NUMA nodes. It also improves the detection of kernels
+  in the container image to more reliably detect the newest
+  available kernel and to avoid debug / rescue kernels.
+- Warewulf v4.5.7 fixes the ability to override overlay files
+  configured in profiles with overlays configured per-node; fixes
+  a template processing bug bug in development-time overlay
+  rendering; and improves the preview dracut-based boot process to
+  better support a "secure" boot process.
+- removed added-cow-option-to-bind.patch as now in upstream
@@ -33,3 +116,3 @@
-  * Show more information during wwctl container <shell|exec> about 
-    when and if the container image will be rebuilt. 
-  * Command-line completion for wwctl overlay <edit|delete|chmod|chown>. 
+  * Show more information during `wwctl container <shell|exec>`
+    about when and if the container image will be rebuilt.
+  * Command-line completion for `wwctl overlay <edit|delete|chmod|chown>`.
@@ -37,5 +120,6 @@
-  * wwctl conaitner list --kernel shows the kernel detected for each 
container. 
-  *  wwctl container list --size shows the uncompressed size of each 
container. 
-    --compressed shows the compressed size, and --chroot shows the size of the 
container i
-    source on the server. 
-  * Add a logrotate config for warewulfd.log.
+  * `wwctl container list --kernel` shows the kernel detected for
+    each container.
+  *  `wwctl container list --size` shows the uncompressed size of
+     each container. `--compressed` shows the compressed size, and
+     `--chroot` shows the size of the container source on the server.
+  * Add a logrotate config for `warewulfd.log`.

Old:
----
  warewulf-4.5.8.obscpio

New:
----
  README.RKE2.md
  warewulf-4.6.2.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ warewulf4.spec ++++++
--- /var/tmp/diff_new_pack.oaAyzi/_old  2025-07-21 15:30:26.576276333 +0200
+++ /var/tmp/diff_new_pack.oaAyzi/_new  2025-07-21 15:30:26.580276500 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package warewulf4
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,12 +18,17 @@
 
 %global tftpdir /srv/tftpboot
 %global srvdir %{_sharedstatedir}
-#%%global githash 5b0de8ea5397ca42584335517fd4959d7ffe3da5
+#%%global githash fd49254ac592d325056aa58a564933a008539607
+%if 0%{?githash}
+%define srcdir warewulf-%{githash}
+%else
+%define srcdir warewulf-%{version}
+%endif
 
 ExclusiveArch:  x86_64 aarch64
 
 Name:           warewulf4
-Version:        4.5.8
+Version:        4.6.2
 Release:        0
 Summary:        A suite of tools for clustering
 License:        BSD-3-Clause
@@ -35,12 +40,15 @@
 Source10:       config-ww4.sh
 Source11:       adjust_overlays.sh
 Source20:       README.dnsmasq
+Source21:       README.RKE2.md
 
+BuildRequires:  %{python_module Sphinx-latex}
 BuildRequires:  distribution-release
 BuildRequires:  dracut
 BuildRequires:  firewalld
-BuildRequires:  go >= 1.20
+BuildRequires:  go >= 1.23
 BuildRequires:  golang-packaging
+BuildRequires:  graphviz
 BuildRequires:  iproute2
 BuildRequires:  libgpg-error-devel
 BuildRequires:  logrotate
@@ -91,18 +99,36 @@
 %description man
 Man pages for warewulf4.
 
+%package reference-doc
+Supplements:    %{name} = %version
+Summary:        Warewulf4 Reference book
+BuildArch:      noarch
+
+%description reference-doc
+Reference documentation for warewulf4.
+
 %package overlay-slurm
 Summary:        Configuration template for slurm
 Requires:       %{name} = %{version}
-Requires:       slurm
+Recommends:     slurm
 BuildArch:      noarch
 Obsoletes:      warewulf4-slurm <= 4.4.0
 Provides:       warewulf4-slurm = %version
 
 %description overlay-slurm
-This package install the necessary configuration files in order to run a slurm
+This package installs the necessary configuration files in order to run a slurm
 cluster on the configured warewulf nodes.
 
+%package overlay-rke2
+Summary:        Configuration template for RKE2
+Requires:       %{name} = %{version}
+Requires:       slurm
+BuildArch:      noarch
+
+%description overlay-rke2
+This package provides a template that is used to share a connection token
+and server endpoint information across an RKE2 cluster.
+
 %package dracut
 Summary:        Dracut module for loading a Warewulf container image
 BuildArch:      noarch
@@ -115,7 +141,7 @@
 Warewulf server.
 
 %prep
-%autosetup -a1 -p1 -n warewulf-%{version}
+%autosetup -a1 -p1 -n %{srcdir}
 echo %{version} > VERSION
 
 %build
@@ -137,23 +163,10 @@
     SYSTEMDDIR=%{_unitdir} \
     BASHCOMPDIR=/etc/bash_completion.d/ \
     FIREWALLDDIR=/usr/lib/firewalld/services \
-    WWCLIENTDIR=/warewulf
-make %{?_smp_mflags} build \
-    PREFIX=%{_prefix} \
-    BINDIR=%{_bindir} \
-    SYSCONFDIR=%{_sysconfdir} \
-    DATADIR=%{_datadir} \
-    LOCALSTATEDIR=%{_sharedstatedir} \
-    SHAREDSTATEDIR=%{_sharedstatedir} \
-    MANDIR=%{_mandir} \
-    INFODIR=%{_infodir} \
-    DOCDIR=%{_docdir} \
-    SRVDIR=%{srvdir} \
-    TFTPDIR=%{tftpdir} \
-    SYSTEMDDIR=%{_unitdir} \
-    BASHCOMPDIR=/etc/bash_completion.d/ \
-    FIREWALLDDIR=/usr/lib/firewalld/services \
-    WWCLIENTDIR=/warewulf
+    WWCLIENTDIR=/warewulf \
+    %{nil}
+make %{?_smp_mflags} build
+make %{?_smp_mflags} latexpdf
 
 %install
 # we have a broken symlink for wwclient
@@ -173,7 +186,7 @@
   %{buildroot}%{_datadir}/bash-completion/completions/wwctl
 # copy the LICESNSE.md via %%doc
 rm -f %{buildroot}/usr/share/doc/packages/warewulf/LICENSE.md
-cp %{S:20} .
+cp %{S:20} %{S:21} .
 
 # use ipxe-bootimgs images from distribution
 yq e '
@@ -182,12 +195,13 @@
   .tftp.ipxe."00:07" = "ipxe-x86_64.efi" |
   .tftp.ipxe."00:09" = "ipxe-x86_64.efi" |
   .tftp.ipxe."00:0B" = "snp-arm64.efi" |
-  .["container mounts"] += {"source": "/etc/SUSEConnect", "dest": 
"/etc/SUSEConnect", "readonly": true} |
-  .["container mounts"] += {"source": 
"/etc/zypp/credentials.d/SCCcredentials", "dest": 
"/etc/zypp/credentials.d/SCCcredentials", "readonly": true}' \
+  .["image mounts"] += {"source": "/etc/SUSEConnect", "dest": 
"/etc/SUSEConnect", "readonly": true} |
+  .["image mounts"] += {"source": "/etc/zypp/credentials.d/SCCcredentials", 
"dest": "/etc/zypp/credentials.d/SCCcredentials", "readonly": true}' \
   -i %{buildroot}%{_sysconfdir}/warewulf/warewulf.conf
 # SUSE starts user UIDs at 1000
-sed -i -e 's@\(.* \$_UID \(>\|-ge\) \)500\(.*\)@\11000\3@' 
%{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/profile.d/ssh_setup.*sh.ww
+#sed -i -e 's@\(.* \$_UID \(>\|-ge\) \)500\(.*\)@\11000\3@' 
%{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/profile.d/ssh_setup.*sh.ww
 # fix dhcp for SUSE
+mv %{buildroot}%{_prefix}/share/warewulf/overlays 
%{buildroot}%{_localstatedir}/lib/warewulf/
 mv 
%{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcp/dhcpd.conf.ww
 
%{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcpd.conf.ww
 rmdir %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcp
 
@@ -211,18 +225,38 @@
 cat >  
%{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/slurm/slurm.conf.ww
 <<EOF
 {{ Include "/etc/slurm/slurm.conf" }}
 EOF
+# prepare RKE2 configuration template
+mkdir -p 
%{buildroot}%{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2
+cat > 
%{buildroot}%{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww
 <<EOF
+{{ if ne (index .Tags "server") "" -}}
+server: https://{{ index .Tags "server" }}:9345
+{{ end -}}
+{{ if ne (index .Tags "clienttoken") "" -}}
+token: {{ index .Tags "connectiontoken" }}
+{{ end -}}
+EOF
+chmod 600 
%{buildroot}%{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww
 # move the other example templates for client overlays to package documentation
 mkdir -p %{buildroot}/%{_defaultdocdir}/%{name}
 mv %{buildroot}/%{_sysconfdir}/warewulf/examples 
%{buildroot}%{_defaultdocdir}/%{name}/example-templates
 # fix logrotate name
 mv %{buildroot}/%{_sysconfdir}/logrotate.d/warewulfd.conf 
%{buildroot}/%{_sysconfdir}/logrotate.d/warewulf4
+# add version tag to documentation
+mv ./userdocs/_build/latex/warewulfuserguide.pdf 
./userdocs/_build/latex/warewulfuserguide-%{version}.pdf
 
 %pre -f %{name}.pre
 %service_add_pre warewulfd.service
 
 %post
 %service_add_post warewulfd.service
-%{_datadir}/warewulf/scripts/config-warewulf.sh
+if [ $1 -eq 1 ] ; then
+    cp %{_sysconfdir}/warewulf/nodes.conf 
%{_sysconfdir}/warewulf/nodes.conf.4.5.x
+    cp %{_sysconfdir}/warewulf/warewulf.conf 
%{_sysconfdir}/warewulf/warewulf.conf.4.5.x
+    %{_bindir}/wwctl upgrade nodes --replace-overlay --add-defaults
+    %{_bindir}/wwctl upgrade config
+else
+    %{_datadir}/warewulf/scripts/config-warewulf.sh
+fi
 
 %preun
 %service_del_preun warewulfd.service
@@ -245,6 +279,7 @@
 %config(noreplace) %{_sysconfdir}/warewulf/warewulf.conf
 %config(noreplace) %{_sysconfdir}/warewulf/grub
 %config(noreplace) %{_sysconfdir}/warewulf/ipxe
+%config(noreplace) %{_sysconfdir}/warewulf/auth.conf
 %config %{_sysconfdir}/logrotate.d/warewulf4
 %{_defaultdocdir}/%{name}/example-templates
 %{_prefix}/lib/firewalld/services/warewulf.xml
@@ -273,6 +308,7 @@
 %exclude %{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/slurm
 %exclude %{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/slurm
 %exclude %{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge
+%exclude %{_localstatedir}/lib/warewulf/overlays/rke2-config
 
 %files overlay-slurm
 %dir %{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/slurm
@@ -284,8 +320,18 @@
 %dir %attr(0700,munge,munge) 
%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge
 %attr(0600,munge,munge) %config(noreplace) 
%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge/munge.key.ww
 
+%files overlay-rke2
+%doc README.RKE2.md
+%dir %{_localstatedir}/lib/warewulf/overlays/rke2-config
+%dir %{_localstatedir}/lib/warewulf/overlays/rke2-config/etc
+%dir %{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher
+%dir %{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2
+%attr(0600,root,root) 
%{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww
+
 %files dracut
 %defattr(-, root, root)
-%dir %{_prefix}/lib/dracut/modules.d/90wwinit
-%{_prefix}/lib/dracut/modules.d/90wwinit/*.sh
+%{_prefix}/lib/dracut/modules.d/90wwinit
+
+%files reference-doc
+%doc ./userdocs/_build/latex/warewulfuserguide-%{version}.pdf
 

++++++ README.RKE2.md ++++++
# RKE2 Cluster Configuration HOWTO

The package warewulf4-overlay-rke2 provides a configuration template
to share a connection token - a shared secret - and the hostname of
the first server endpoint across an RKE2 cluster.  
To use it,

- create a profile `rke2-config-key`:

    ```
        wwctl profile add rke2-config-key
        token="$(printf 'K'; \
         for n in {1..20}; do printf %x $RANDOM; done; \
         printf "::server:"; \
         for n in {1..20}; do printf %x $RANDOM; done)"
         wwctl profile set --tagadd="connectiontoken=${token}" \
              -O rke2-config rke2-config-key
    ```
- create a profile `rke2-config-first-server`:

        ```
    server=<hostname_of_first_rke2_server>
        wwctl profile add rke2-config-first-server
        wwctl profile set --tagadd="server=${server}" -O rke2-config 
rke2-config-first-server

        ```
- add the `rke2-config-key` profile to the server node:

    ```
        wwctl node set -P default,rke2-config-key $server

        ```
- finally, add both profiles to the agent nodes:

        ```
        agents="<agent_list>"
        wwctl node set -P default,rke2-config-key,rke2-config-first-server 
$agents
        ```

In case the RKE2 server node is not deployed by Warewulf, you will
have to grab the connection token (see variable `token` above) from
the file `/var/lib/rancher/rke2/server/node-token` on the running
server.

++++++ _service ++++++
--- /var/tmp/diff_new_pack.oaAyzi/_old  2025-07-21 15:30:26.640278998 +0200
+++ /var/tmp/diff_new_pack.oaAyzi/_new  2025-07-21 15:30:26.644279164 +0200
@@ -2,7 +2,7 @@
   <service name="obs_scm" mode="manual">
     <param name="url">https://github.com/warewulf/warewulf.git</param>
     <param name="scm">git</param>
-    <param name="revision">v4.5.8</param>
+    <param name="revision">v4.6.2</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>

++++++ vendor.tar.xz ++++++
++++ 312259 lines of diff (skipped)

++++++ warewulf-4.5.8.obscpio -> warewulf-4.6.2.obscpio ++++++
++++ 78934 lines of diff (skipped)

++++++ warewulf.obsinfo ++++++
--- /var/tmp/diff_new_pack.oaAyzi/_old  2025-07-21 15:30:28.844370752 +0200
+++ /var/tmp/diff_new_pack.oaAyzi/_new  2025-07-21 15:30:28.848370918 +0200
@@ -1,5 +1,5 @@
 name: warewulf
-version: 4.5.8
-mtime: 1727737516
-commit: f69dac7264522dda383ebb1584ddb6ddd82cb199
+version: 4.6.2
+mtime: 1752075635
+commit: 0cb9354364433a67b610278632cf46e3388f7045