Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kanku for openSUSE:Factory checked in at 2022-03-14 19:35:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kanku (Old) and /work/SRC/openSUSE:Factory/.kanku.new.25692 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kanku" Mon Mar 14 19:35:34 2022 rev:10 rq:961619 version:0.12.3 Changes: -------- --- /work/SRC/openSUSE:Factory/kanku/kanku.changes 2022-02-18 23:03:50.553408627 +0100 +++ /work/SRC/openSUSE:Factory/.kanku.new.25692/kanku.changes 2022-03-14 19:37:25.094151695 +0100 @@ -1,0 +2,17 @@ +Mon Mar 14 08:38:10 UTC 2022 - [email protected] + +- Update to version 0.12.3: + * [web] fix outdated cached settings in "Job Groups" + * [cli] added job_groups to check_configs command + * [core] fixed config read + * [core] improvments for config file handling + * [core] improved iptables/ss/netstat handling + * Fixes #boo 1196604 + * [setup] removed backup of sudoers file + * removed ssh_user from KankuFile + * [dist] change default logging to stderr/journald + * [util] VM::Image - use new buffer size while uncompressing + * [common] fixed x-scheme-handler_kanku + * [handler][bugfix] central config for host_interfaces in PortForward + +------------------------------------------------------------------- Old: ---- kanku-0.12.2.tar.xz New: ---- kanku-0.12.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kanku.spec ++++++ --- /var/tmp/diff_new_pack.FNRXd3/_old 2022-03-14 19:37:25.570152266 +0100 +++ /var/tmp/diff_new_pack.FNRXd3/_new 2022-03-14 19:37:25.574152270 +0100 @@ -22,7 +22,7 @@ Name: kanku # Version gets set by obs-service-tar_scm -Version: 0.12.2 +Version: 0.12.3 Release: 0 License: GPL-3.0-only Summary: Development and continuous integration @@ -304,6 +304,16 @@ Command line client for kanku, mainly used for setup tasks and in developer mode. +%post cli + cat >> %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-something << EOF + +WARNING: kankus iptables/ss/netstat handling changed. + +Please re-run "kanku setup --devel" if you are using kanku in developer mode. + + +EOF + %files cli %dir /usr/share/kanku/views/cli/ %dir /usr/share/kanku/views/cli/rjob @@ -311,7 +321,10 @@ /usr/share/kanku/views/cli/rjob/*.tt /usr/lib/kanku/lib/Kanku/Cli/ /usr/lib/kanku/lib/Kanku/Cli.pm +/usr/lib/kanku/iptables_wrapper +/usr/lib/kanku/ss_netstat_wrapper /etc/bash_completion.d/kanku.sh +%ghost %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-something %package common-server Summary: Common server files or settings for kanku ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.FNRXd3/_old 2022-03-14 19:37:25.622152328 +0100 +++ /var/tmp/diff_new_pack.FNRXd3/_new 2022-03-14 19:37:25.626152333 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/M0ses/kanku.git</param> - <param name="changesrevision">004146763606fbd08b5f629aedc9f3b1477f5037</param></service></servicedata> + <param name="changesrevision">cca272e0d9be007c988f6c320a0d8096f6c13196</param></service></servicedata> (No newline at EOF) ++++++ debian.changelog ++++++ --- /var/tmp/diff_new_pack.FNRXd3/_old 2022-03-14 19:37:25.646152357 +0100 +++ /var/tmp/diff_new_pack.FNRXd3/_new 2022-03-14 19:37:25.654152366 +0100 @@ -1,4 +1,10 @@ -kanku (0.12.2-0) UNRELEASED; urgency=medium +kanku (0.12.3-0) unstable; urgency=medium + + * updated to upstream version 0.12.3 + + -- Frank Schreiner <[email protected]> Mon, 14 Mar 2022 10:18:03 +0100 + +kanku (0.12.2-0) unstable; urgency=medium * updated to upstream version 0.10.1 ++++++ debian.dsc ++++++ --- /var/tmp/diff_new_pack.FNRXd3/_old 2022-03-14 19:37:25.698152419 +0100 +++ /var/tmp/diff_new_pack.FNRXd3/_new 2022-03-14 19:37:25.702152424 +0100 @@ -2,7 +2,7 @@ Source: kanku Binary: kanku Architecture: any -Version: 0.12.2 +Version: 0.12.3 Maintainer: Frank Schreiner <[email protected]> Standards-Version: 3.8.2 Homepage: https://github.com/M0ses/kanku ++++++ kanku-0.12.2.tar.xz -> kanku-0.12.3.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/KankuFile new/kanku-0.12.3/KankuFile --- old/kanku-0.12.2/KankuFile 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/KankuFile 2022-03-14 08:43:00.000000000 +0100 @@ -2,13 +2,8 @@ Kanku::Util::IPTables: start_port: 49001 - domain_name: kanku-devel default_job: devel -ssh_user: root - -#qemu: -# user: jobs: ###### JOB: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/Makefile new/kanku-0.12.3/Makefile --- old/kanku-0.12.2/Makefile 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/Makefile 2022-03-14 08:43:00.000000000 +0100 @@ -72,6 +72,8 @@ install -m 755 bin/network-setup.pl $(DESTDIR)/usr/lib/kanku/network-setup.pl install -m 755 bin/kanku $(DESTDIR)/usr/bin/kanku install -m 755 bin/kanku-app.psgi $(DESTDIR)/usr/lib/kanku/kanku-app.psgi + install -m 755 bin/ss_netstat_wrapper $(DESTDIR)/usr/lib/kanku/ss_netstat_wrapper + install -m 755 bin/iptables_wrapper $(DESTDIR)/usr/lib/kanku/iptables_wrapper sbin: install -m 755 sbin/kanku-worker $(DESTDIR)/usr/sbin/kanku-worker diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/RELEASE-NOTES-0.12.0.md new/kanku-0.12.3/RELEASE-NOTES-0.12.0.md --- old/kanku-0.12.2/RELEASE-NOTES-0.12.0.md 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/RELEASE-NOTES-0.12.0.md 2022-03-14 08:43:00.000000000 +0100 @@ -1,4 +1,4 @@ -# kanku release notes 0.12.0 +# Release 0.12.0 ## New Featues diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/bin/iptables_wrapper new/kanku-0.12.3/bin/iptables_wrapper --- old/kanku-0.12.2/bin/iptables_wrapper 1970-01-01 01:00:00.000000000 +0100 +++ new/kanku-0.12.3/bin/iptables_wrapper 2022-03-14 08:43:00.000000000 +0100 @@ -0,0 +1,41 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +my $rule = $ARGV[0]; +die "No argument given!\n" unless $rule; +my ($action, $table, $chain, $args) = split /:/, $rule, 4; +die "Invalid table $table specified\n" unless $table =~ /^(nat|filter)$/; +my @iptables = ('iptables','-t', $table); +my @cmd; + +if ($action eq 'D') { + # D:<table>:<chain>:<line> + die "No valid line found" unless $args =~ /^\d+$/; + @cmd = (@iptables, '-D', $chain, $args); +} elsif ($action eq 'I') { + if ($table eq 'nat') { + # I:<table>:<chain>:<dest>:<proto>:<dport>:<to_host>:<to_port>:<comment> + my ($dest, $proto, $dport, $to_host, $to_port, $comment) = split /:/, $args, 6; + @cmd = (@iptables, '-I', $chain, '1', '-d', $dest, '-p', $proto, '--dport', $dport, '-j', 'DNAT', '--to', "$to_host:$to_port",'-m', 'comment', '--comment', "$comment"); + } elsif($table eq 'filter') { + # I:<table>:<chain>:<dest>:<proto>:<dport>:<comment> + my ($dest, $proto, $dport, $comment) = split /:/, $args, 4; + @cmd = (@iptables, '-I', $chain, '1', '-d', $dest, '-p', $proto, '--dport', $dport,'-m','state', '--state','NEW', '-j', 'ACCEPT','-m', 'comment', '--comment', "$comment"); + } else { + die "Invalid table $table specified\n"; + } +} elsif ($action eq 'L') { + # L:<table>:<chain> + @cmd = (@iptables,'-t', $table, '-L', $chain, qw{-v -n --line-numbers}); +} elsif ($action eq 'N') { + # N:<table>:<chain> + @cmd = (@iptables,'-t',$table,'-N', $chain); +} else { + die "No valid action!\n"; +} + +print "@cmd\n" if $::ENV{KANKU_DEBUG}; +system(@cmd); +exit $? >> 8; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/bin/ss_netstat_wrapper new/kanku-0.12.3/bin/ss_netstat_wrapper --- old/kanku-0.12.2/bin/ss_netstat_wrapper 1970-01-01 01:00:00.000000000 +0100 +++ new/kanku-0.12.3/bin/ss_netstat_wrapper 2022-03-14 08:43:00.000000000 +0100 @@ -0,0 +1,11 @@ +#!/bin/bash +set -e +export LANG=C +BIN=`type -p ss` +if [ -z "$BIN" ];then + BIN=`type -p netstat` +fi + +$BIN -ltn + +exit 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/dist/kanku.spec new/kanku-0.12.3/dist/kanku.spec --- old/kanku-0.12.2/dist/kanku.spec 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/dist/kanku.spec 2022-03-14 08:43:00.000000000 +0100 @@ -304,6 +304,16 @@ Command line client for kanku, mainly used for setup tasks and in developer mode. +%post cli + cat >> %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-something << EOF + +WARNING: kankus iptables/ss/netstat handling changed. + +Please re-run "kanku setup --devel" if you are using kanku in developer mode. + + +EOF + %files cli %dir /usr/share/kanku/views/cli/ %dir /usr/share/kanku/views/cli/rjob @@ -311,7 +321,10 @@ /usr/share/kanku/views/cli/rjob/*.tt /usr/lib/kanku/lib/Kanku/Cli/ /usr/lib/kanku/lib/Kanku/Cli.pm +/usr/lib/kanku/iptables_wrapper +/usr/lib/kanku/ss_netstat_wrapper /etc/bash_completion.d/kanku.sh +%ghost %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-something %package common-server Summary: Common server files or settings for kanku diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/dist/x-scheme-handler_kanku.xml new/kanku-0.12.3/dist/x-scheme-handler_kanku.xml --- old/kanku-0.12.2/dist/x-scheme-handler_kanku.xml 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/dist/x-scheme-handler_kanku.xml 2022-03-14 08:43:00.000000000 +0100 @@ -1,6 +1,8 @@ <?xml version="1.0" encoding="utf-8"?> -<mime-type xmlns="http://www.freedesktop.org/standards/shared-mime-info"; type="x-scheme-handler/kanku"> - <!--Created automatically by update-mime-database. DO NOT EDIT!--> - <comment>kanku mime type</comment> - <glob pattern="KankuFile"/> -</mime-type> +<mime-info xmlns='http://www.freedesktop.org/standards/shared-mime-info'> + <mime-type type="x-scheme-handler/kanku"> + <!--Created automatically by update-mime-database. DO NOT EDIT!--> + <comment>kanku mime type</comment> + <glob pattern="KankuFile"/> + </mime-type> +</mime-info> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/etc/logging/default.conf new/kanku-0.12.3/etc/logging/default.conf --- old/kanku-0.12.2/etc/logging/default.conf 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/etc/logging/default.conf 2022-03-14 08:43:00.000000000 +0100 @@ -1,11 +1,10 @@ log4perl.rootLogger=DEBUG, LOGFILE -log4perl.appender.LOGFILE=Log::Log4perl::Appender::File -log4perl.appender.LOGFILE.filename=/var/log/kanku/kanku.log -log4perl.appender.LOGFILE.mode=append +log4perl.appender.LOGFILE = Log::Log4perl::Appender::Screen +log4perl.appender.LOGFILE.stderr = 1 +log4perl.appender.LOGFILE.layout = Log::Log4perl::Layout::PatternLayout +log4perl.appender.LOGFILE.layout.ConversionPattern = %C %L - %m%n -log4perl.appender.LOGFILE.layout=PatternLayout -log4perl.appender.LOGFILE.layout.ConversionPattern=[%d][%p][%P] %C %L - %m%n log4perl.category.WebUI = DEBUG, WebUILog log4perl.appender.WebUILog=Log::Log4perl::Appender::File diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/lib/Kanku/Cli/check_configs.pm new/kanku-0.12.3/lib/Kanku/Cli/check_configs.pm --- old/kanku-0.12.2/lib/Kanku/Cli/check_configs.pm 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/lib/Kanku/Cli/check_configs.pm 2022-03-14 08:43:00.000000000 +0100 @@ -68,6 +68,15 @@ $logger->debug("$job - ok"); } } + for my $job (sort Kanku::Config->instance()->job_group_list) { + eval { Kanku::Config->instance()->job_group_config($job); }; + if($@) { + $logger->error("Failed to load job config $job:\n$@"); + $result = 1; + } else { + $logger->debug("$job - ok"); + } + } } elsif ($self->devel) { eval { Kanku::Config->initialize(class=>'KankuFile'); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/lib/Kanku/Handler/PortForward.pm new/kanku-0.12.3/lib/Kanku/Handler/PortForward.pm --- old/kanku-0.12.2/lib/Kanku/Handler/PortForward.pm 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/lib/Kanku/Handler/PortForward.pm 2022-03-14 08:43:00.000000000 +0100 @@ -31,7 +31,14 @@ has '+host_interface' => ( lazy => 1, - default => sub { $_[0]->job()->context()->{host_interface} || '' } + default => sub { + my $pkg = __PACKAGE__; + my $cfg = Kanku::Config->instance()->config(); + return + $_[0]->job()->context()->{host_interface} + || $cfg->{$pkg}->{host_interface} + || '' + }, ); has '+ipaddress' => ( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/lib/Kanku/REST.pm new/kanku-0.12.3/lib/Kanku/REST.pm --- old/kanku-0.12.2/lib/Kanku/REST.pm 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/lib/Kanku/REST.pm 2022-03-14 08:43:00.000000000 +0100 @@ -12,6 +12,7 @@ use Try::Tiny; use Session::Token; use Carp qw/longmess/; +use Digest::SHA qw(sha512_base64); use Kanku::Config; use Kanku::Schema; @@ -138,11 +139,12 @@ } foreach my $name (@_job_groups) { - my $job_group_config = { name => $name, groups => []}; + my $job_group_config = { name => $name, groups => [], digest => undef}; push @config , $job_group_config; my $job_group_cfg; try { $job_group_cfg = $cfg->job_group_config($name); + $job_group_config->{digest} = sha512_base64($cfg->job_group_config_plain($name)); } catch { $job_group_cfg = $_; }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/lib/Kanku/Roles/Config/Base.pm new/kanku-0.12.3/lib/Kanku/Roles/Config/Base.pm --- old/kanku-0.12.2/lib/Kanku/Roles/Config/Base.pm 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/lib/Kanku/Roles/Config/Base.pm 2022-03-14 08:43:00.000000000 +0100 @@ -30,6 +30,8 @@ has config => ( is => 'rw', isa => 'HashRef', + lazy => 1, + default => sub { return Kanku::YAML::LoadFile($_[0]->file) }, ); has cf => ( @@ -67,25 +69,20 @@ } ); -sub _build_config { - my $self = shift; - return Kanku::YAML::LoadFile($self->file); -} +sub _build_config { return Kanku::YAML::LoadFile($_[0]->file) } around 'config' => sub { my ($orig, $self) = @_; my $cfg_file = $self->file->stringify; - if ( ! -f $cfg_file ) { - die "Configuration file $cfg_file doesn`t exists\n"; - } + die "Configuration file $cfg_file doesn`t exists\n" unless -f $cfg_file; + + my $mtime = $self->file->stat->mtime; + my $ltime = $self->last_modified; - if ( - $self->file->stat->mtime > $self->last_modified or - ! $self->$orig - ) { - if ( $self->last_modified ) { - $self->logger->debug("Modification of config file ($cfg_file) detected. Re-reading"); + if ($mtime != $ltime) { + if ($ltime) { + $self->logger->debug("Modification of config file detected. Re-reading ($mtime/$ltime)"); } else { $self->logger->debug("Initial read of config file '$cfg_file'"); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/lib/Kanku/Roles/Config.pm new/kanku-0.12.3/lib/Kanku/Roles/Config.pm --- old/kanku-0.12.2/lib/Kanku/Roles/Config.pm 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/lib/Kanku/Roles/Config.pm 2022-03-14 08:43:00.000000000 +0100 @@ -41,11 +41,6 @@ } } -has config => ( - is => 'rw', - isa => 'HashRef', -); - has last_modified => ( is => 'rw', isa => "Int", @@ -67,34 +62,6 @@ } ); -sub _build_config { - my ($self) = @_; - my $cfg = Kanku::YAML::LoadFile($_[0]->file); - $self->logger->debug('Config from file "'.$_[0]->file.'"'); - $self->logger->debug(Dumper($cfg)); - return $cfg; -} - -around 'config' => sub { - my ($orig, $self) = @_; - my $cfg_file = $self->file->stringify; - if ( ! -f $cfg_file ) { - die "Configuration file $cfg_file doesn`t exists\n"; - } - - if ( $self->file->stat->mtime > $self->last_modified ) { - if ( $self->last_modified ) { - $self->logger->debug("Modification of config file detected. Re-reading"); - } else { - $self->logger->debug("Initial read of config file '$cfg_file'"); - } - $self->last_modified($self->file->stat->mtime); - return $self->$orig( $self->_build_config() ); - } - - return $self->$orig(); -}; - sub job_config { my ($self, $job_name) = @_; my ($cfg, $yml); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/lib/Kanku/Setup/Roles/Common.pm new/kanku-0.12.3/lib/Kanku/Setup/Roles/Common.pm --- old/kanku-0.12.2/lib/Kanku/Setup/Roles/Common.pm 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/lib/Kanku/Setup/Roles/Common.pm 2022-03-14 08:43:00.000000000 +0100 @@ -375,14 +375,8 @@ if ($choice) { my $sudoers_file = file('/etc/sudoers.d/kanku'); - $self->_backup_config_file($sudoers_file); $logger->info("Adding commands for user $user in " . $sudoers_file->stringify); - my @tcmd; - for my $cmd (qw/iptables ss netstat/) { - my $cmdpath = which($cmd); - push @tcmd, $cmdpath if $cmdpath; - } - $sudoers_file->spew("$user ALL=NOPASSWD: ".join(',', @tcmd)."\n"); + $sudoers_file->spew("$user ALL=NOPASSWD: /usr/lib/kanku/ss_netstat_wrapper,/usr/lib/kanku/iptables_wrapper\n"); } return; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/lib/Kanku/Util/IPTables.pm new/kanku-0.12.3/lib/Kanku/Util/IPTables.pm --- old/kanku-0.12.2/lib/Kanku/Util/IPTables.pm 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/lib/Kanku/Util/IPTables.pm 2022-03-14 08:43:00.000000000 +0100 @@ -28,9 +28,10 @@ # For future use: we could also get the ip from the serial login # but therefore we need the domain_name has [qw/domain_name/] => (is=>'rw',isa=>'Str'); -has [qw/guest_ipaddress forward_port_list iptables_chain/] => (is=>'rw',isa=>'Str'); +has [qw/guest_ipaddress forward_port_list iptables_chain iptables_wrapper/] => (is=>'rw',isa=>'Str'); has forward_ports => (is=>'rw',isa=>'ArrayRef',default=>sub { [] }); has '+iptables_chain' => (lazy=>1, default => 'KANKU_HOSTS'); +has '+iptables_wrapper' => (lazy=>1, default => '/usr/lib/kanku/iptables_wrapper'); has 'host_interface' => ( is => 'rw', @@ -44,7 +45,7 @@ default =>sub { my $host_interface = $_[0]->host_interface; if (! $host_interface ) { - my $cfg = Kanku::Config->instance()->config(); + my $cfg = Kanku::Config->instance->cf; $host_interface = $cfg->{'Kanku::Util::IPTables'}->{host_interface}; } @@ -124,11 +125,12 @@ my $domain_name = shift || $self->domain_name; my $rules = $self->get_active_rules_for_domain($domain_name); my $sudo = $self->sudo(); + my $wrapper = $self->iptables_wrapper; foreach my $table (keys(%{$rules})) { foreach my $chain (keys(%{$rules->{$table}})) { foreach my $line_number (reverse(@{$rules->{$table}->{$chain}})) { - my $cmd = $sudo."iptables -t $table -D $chain $line_number"; + my $cmd = $sudo."$wrapper D:$table:$chain:$line_number"; my @out = `$cmd 2>&1`; if ($?) { die "Error while deleting rules by executing command: $?\n\t$cmd\n\n@out" @@ -136,7 +138,7 @@ } } } -}; +} sub add_forward_rules_for_domain { my $self = shift; @@ -148,6 +150,8 @@ my $portlist = { tcp =>[],udp=>[] }; my $host_ip = $self->host_ipaddress; + my $wrapper = $self->iptables_wrapper; + my $chain = $self->iptables_chain; if (! $host_ip ) { $self->logger->warn("No ipaddress found for host_interface '".$self->host_interface."'"); @@ -167,7 +171,7 @@ # ignore case for protocol TCP = tcp my $trans = lc($1); my $port = $2; - my $app = lc($4); + my $app = lc($4||q{}); push(@{$portlist->{$trans}}, [$port, $app]); } else { die "Malicious rule detected '$rule'\n"; @@ -184,11 +188,11 @@ foreach my $port ( @{$portlist->{$proto}} ) { my $host_port = shift(@fw_ports); - my $comment = " -m comment --comment 'Kanku:host:".$self->domain_name.":$port->[1]:".$self->domain_autostart."'"; + my $comment = "Kanku:host:".$self->domain_name.":$port->[1]:".$self->domain_autostart; my @cmds = ( - "iptables -t nat -I ".$self->iptables_chain." 1 -d $host_ip -p $proto --dport $host_port -j DNAT --to $guest_ip:$port->[0] $comment", - "iptables -I ".$self->iptables_chain." 1 -d $guest_ip/32 -p $proto -m state --state NEW -m tcp --dport $port->[0] -j ACCEPT $comment" + "$wrapper I:nat:$chain:$host_ip:$proto:$host_port:$guest_ip:$port->[0]:$comment", + "$wrapper I:filter:$chain:$guest_ip/32:$proto:$port->[0]:$comment" ); for my $cmd (@cmds) { @@ -200,7 +204,7 @@ } } -}; +} sub store_iptables_autostart { my ($self, $file) = @_; @@ -222,7 +226,9 @@ sub restore_iptables_autostart { my ($self, $file) = @_; - my $sudo = $self->sudo || q{}; + my $sudo = $self->sudo || q{}; + my $wrapper = $self->iptables_wrapper; + my $chain = $self->iptables_chain; my $lines; if(-f $file) { open(my $fh, '<', $file) || die "Could not open $file: $!\n"; @@ -238,9 +244,9 @@ for my $rule (@{$restore->{$table}}) { my $cmd; if ($rule->{target} eq 'DNAT') { - $cmd = "iptables -t $table -I ".$self->iptables_chain." 1 -d $rule->{dest}/32 -p $rule->{proto} --dport $rule->{dpt} -j DNAT --to $rule->{to_host}:$rule->{to_port} -m comment --comment \"$rule->{comment}\""; + $cmd = "$wrapper I:$table:$chain:$rule->{dest}/32:$rule->{proto}:$rule->{dpt}:$rule->{to_host}:$rule->{to_port}:$rule->{comment}"; } elsif ($rule->{target} eq 'ACCEPT'){ - $cmd = "iptables -I ".$self->iptables_chain." 1 -d $rule->{dest}/32 -p $rule->{proto} -m state --state NEW -m tcp --dport $rule->{dpt} -j ACCEPT -m comment --comment \"$rule->{comment}\""; + $cmd = "$wrapper I:$table:$chain:$rule->{dest}/32:$rule->{proto}:$rule->{dpt}:$rule->{comment}"; } $self->logger->debug("Executing command '$cmd'"); @@ -254,11 +260,12 @@ sub chain_exists { my ($self, $table, $chain) = @_; - my $sudo = $self->sudo(); + my $sudo = $self->sudo(); + my $wrapper = $self->iptables_wrapper; my @rules; $table ||= 'filter'; $chain ||= $self->iptables_chain; - my $cmd = "$sudo LANG=C iptables -t $table -L $chain"; + my $cmd = "$sudo $wrapper L:$table:$chain"; my @lines = `$cmd`; return 1 unless $?; @@ -271,9 +278,10 @@ my ($self, $table, $chain) = @_; my $sudo = $self->sudo(); my @rules; - $table ||= 'filter'; - $chain ||= $self->iptables_chain; - my $cmd = "$sudo LANG=C iptables -t $table -L $chain -v -n --line-numbers"; + $table ||= 'filter'; + $chain ||= $self->iptables_chain; + my $wrapper = $self->iptables_wrapper; + my $cmd = "$sudo $wrapper L:$table:$chain"; my @lines = `$cmd`; @@ -337,17 +345,20 @@ sub _check_chain { my ($self) = @_; - my $sudo = $self->sudo(); - my $cmd = "LANG=C iptables -L ".$self->iptables_chain." -n"; + my $wrapper = $self->iptables_wrapper; + my $sudo = $self->sudo(); + my $chain = $self->iptables_chain; + my $cmd = "$wrapper L:filter:$chain"; my $out = `$sudo$cmd 2>&1`; if ($out =~ /iptables: No chain\/target\/match by that name./ ) { - $cmd = "LANG=C iptables -N ".$self->iptables_chain; + $cmd = "$wrapper N:filter:$chain"; $out = `$sudo$cmd 2>&1`; if ($?) { die "Error while creating iptables chain($?):\n\t$cmd\n\n$out\n"; } } } + sub _find_free_ports { my $self = shift; my $start_port = shift; @@ -367,24 +378,24 @@ } return @result; -}; +} has _used_ports => ( is => 'rw', isa => 'HashRef', lazy => 1, default => sub { + # TODO: make usable for tcp and udp my $self = shift; my $hostip = $self->host_ipaddress; my $result = {}; - my $cmd = ""; - # TODO: make usable for tcp and udp + my $sudo = $self->sudo; + my $lib_p = '/usr/lib/kanku'; + my $bin = "$lib_p/ss_netstat_wrapper"; + die "$bin not found" unless -f $bin; - # prepare command to read used ports from host services - my $bin = which 'ss'; - $bin = which 'netstat' unless $bin; if ($bin) { - $cmd = $self->sudo . "LANG=C $bin -ltn"; + my $cmd = $sudo.$bin; foreach my $line (`$cmd`) { chomp $line; @@ -417,15 +428,7 @@ ); sub sudo { - - my $sudo = ""; - - # if EUID not root - if ( $> != 0 ) { - $sudo = "sudo -n "; - } - - return $sudo; + return ($> != 0) ? "sudo -n " : q{}; } __PACKAGE__->meta->make_immutable; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/lib/Kanku/Util/VM/Image.pm new/kanku-0.12.3/lib/Kanku/Util/VM/Image.pm --- old/kanku-0.12.2/lib/Kanku/Util/VM/Image.pm 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/lib/Kanku/Util/VM/Image.pm 2022-03-14 08:43:00.000000000 +0100 @@ -272,7 +272,7 @@ my $to_read = $final_size - $self->_total_sent; my $nbytes = $self->_nbytes; - $self->logger->info("-- Sending another $to_read bytes"); + $self->logger->info("-- Sending another $to_read bytes BufferSize"); my $f = '/dev/zero'; @@ -302,7 +302,7 @@ sub _simple_upload { my ($self, $f, $st) = @_; my $nbytes = $self->_nbytes; - $self->logger->info('-- _copy_volume -- Uploading file'); + $self->logger->info("-- _copy_volume -- Uploading file (BufferSize: $nbytes)"); open my $fh, '<', $f or croak("cannot open $f: $!"); @@ -334,15 +334,16 @@ sub _extract_and_upload { my ($self, $f, $st) = @_; + my $nbytes = $self->_nbytes; - $self->logger->info('-- _copy_volume -- Uncompressing and uploading file'); + $self->logger->info("-- _copy_volume -- Uncompressing and uploading file (BufferSize: $nbytes)"); my $z = new IO::Uncompress::AnyUncompress $f or croak("IO::Uncompress::AnyUncompress failed: $AnyUncompressError\n"); while (1) { my $data; - my $rv = $z->read(\$data); + my $rv = $z->read(\$data, $nbytes); if ($rv < 0) { croak("cannot read $f: $!"); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kanku-0.12.2/public/js/kanku/job_group.js new/kanku-0.12.3/public/js/kanku/job_group.js --- old/kanku-0.12.2/public/js/kanku/job_group.js 2022-02-18 09:38:15.000000000 +0100 +++ new/kanku-0.12.3/public/js/kanku/job_group.js 2022-03-14 08:43:00.000000000 +0100 @@ -3,7 +3,8 @@ data: function() { this.restoreSettings(); return { - allJobs: this.allJobs || [], + allJobs: this.allJobs || {jobs:[], digest:undefined}, + digest: this.digest || "", showGroupList: 0 } }, @@ -30,7 +31,10 @@ this.restoreDefaults(); } else { currentSettings = JSON.parse(currentSettingsString); - if (!currentSettings[this.job_group.name]) { + if ( + !currentSettings[this.job_group.name] || + currentSettings[this.job_group.name].digest != this.job_group.digest + ) { this.restoreDefaults(); } else { this.allJobs = currentSettings[this.job_group.name]; @@ -41,7 +45,7 @@ }, restoreDefaults: function() { console.log("Started restoreDefaults"); - this.allJobs = new Array(); + this.allJobs = {jobs:[], digest:this.job_group.digest}; console.log("Started restoreDefaults for "+this.job_group.name); console.log(this.job_group); var jgl = Object.keys(this.job_group.groups).length; @@ -50,11 +54,11 @@ for (let i=0; i < jgl;i++) { console.log("blah (i): "+i); console.log(this.job_group.groups[i]); - this.allJobs[i]=new Array(); + this.allJobs.jobs[i]=new Array(); var groups_count = this.job_group.groups[i].jobs.length; for (let a=0; a < groups_count;a++) { console.log("blah (i)(a): "+a); - this.allJobs[i][a]=true; + this.allJobs.jobs[i][a]=true; } } console.log("restoreDefaults this.allJobs:"); @@ -66,7 +70,7 @@ var url = uri_base + "/rest/job_group/trigger/"+this.job_group.name+".json"; console.log(this.allJobs); this.saveSettings(); - var data = this.allJobs; + var data = this.allJobs.jobs; axios.post(url, { data: data, is_admin: this.is_admin}).then(function(response) { show_messagebox(response.data.state, response.data.msg); }); @@ -90,7 +94,7 @@ + ' <input type=hidden name="description" :value="group.description">' + ' <div class="form-group">' + ' <div v-for="(c,a) in group.jobs">' - + ' <input type=checkbox v-model="allJobs[i][a]"> <label>{{ c }}</label>' + + ' <input type=checkbox v-model="allJobs.jobs[i][a]"> <label>{{ c }}</label>' + ' </div>' + ' </div>' + ' </div>'
