Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package google-guest-agent for
openSUSE:Factory checked in at 2022-11-17 17:24:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/google-guest-agent (Old)
and /work/SRC/openSUSE:Factory/.google-guest-agent.new.1597 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "google-guest-agent"
Thu Nov 17 17:24:35 2022 rev:18 rq:1036260 version:20221109.00
Changes:
--------
--- /work/SRC/openSUSE:Factory/google-guest-agent/google-guest-agent.changes
2022-10-21 16:20:26.894274193 +0200
+++
/work/SRC/openSUSE:Factory/.google-guest-agent.new.1597/google-guest-agent.changes
2022-11-17 17:24:46.777152766 +0100
@@ -1,0 +2,12 @@
+Wed Nov 16 15:51:28 UTC 2022 - John Paul Adrian Glaubitz
<adrian.glaub...@suse.com>
+
+- Update to version 20221109.00
+ * Validate user key for whitespace chars (#188)
+- from version 20221107.00
+ * Fix typo with wsfc agent (#189)
+- from version 20221104.00
+ * Updates to gce-workload-cert-refresh (#186)
+- from version 20221025.00
+ * Add workload cert refresh to preset (#185)
+
+-------------------------------------------------------------------
Old:
----
guest-agent-20221018.00.tar.gz
New:
----
guest-agent-20221109.00.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ google-guest-agent.spec ++++++
--- /var/tmp/diff_new_pack.iaRe0h/_old 2022-11-17 17:24:48.229160447 +0100
+++ /var/tmp/diff_new_pack.iaRe0h/_new 2022-11-17 17:24:48.245160532 +0100
@@ -24,7 +24,7 @@
%global import_path %{provider_prefix}
Name: google-guest-agent
-Version: 20221018.00
+Version: 20221109.00
Release: 0
Summary: Google Cloud Guest Agent
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.iaRe0h/_old 2022-11-17 17:24:48.293160786 +0100
+++ /var/tmp/diff_new_pack.iaRe0h/_new 2022-11-17 17:24:48.297160807 +0100
@@ -3,8 +3,8 @@
<param
name="url">https://github.com/GoogleCloudPlatform/guest-agent/</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="versionformat">20221018.00</param>
- <param name="revision">20221018.00</param>
+ <param name="versionformat">20221109.00</param>
+ <param name="revision">20221109.00</param>
<param name="changesgenerate">enable</param>
</service>
<service name="recompress" mode="disabled">
@@ -15,7 +15,7 @@
<param name="basename">guest-agent</param>
</service>
<service name="go_modules" mode="disabled">
- <param name="archive">guest-agent-20221018.00.tar.gz</param>
+ <param name="archive">guest-agent-20221109.00.tar.gz</param>
</service>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.iaRe0h/_old 2022-11-17 17:24:48.313160892 +0100
+++ /var/tmp/diff_new_pack.iaRe0h/_new 2022-11-17 17:24:48.317160913 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/GoogleCloudPlatform/guest-agent/</param>
- <param
name="changesrevision">5dd01096fddd83d2ea4401fea078f343f8e26708</param></service></servicedata>
+ <param
name="changesrevision">8b46231252fe54d69287ff22ca2219e111dfb35d</param></service></servicedata>
(No newline at EOF)
++++++ guest-agent-20221018.00.tar.gz -> guest-agent-20221109.00.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/guest-agent-20221018.00/90-google-guest-agent.preset
new/guest-agent-20221109.00/90-google-guest-agent.preset
--- old/guest-agent-20221018.00/90-google-guest-agent.preset 2022-10-19
00:34:58.000000000 +0200
+++ new/guest-agent-20221109.00/90-google-guest-agent.preset 2022-11-08
02:00:38.000000000 +0100
@@ -1,3 +1,4 @@
enable google-guest-agent.service
enable google-shutdown-scripts.service
enable google-startup-scripts.service
+enable gce-workload-cert-refresh.timer
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/guest-agent-20221018.00/gce-workload-cert-refresh.timer
new/guest-agent-20221109.00/gce-workload-cert-refresh.timer
--- old/guest-agent-20221018.00/gce-workload-cert-refresh.timer 2022-10-19
00:34:58.000000000 +0200
+++ new/guest-agent-20221109.00/gce-workload-cert-refresh.timer 2022-11-08
02:00:38.000000000 +0100
@@ -3,7 +3,7 @@
[Timer]
OnBootSec=5
-OnUnitActiveSec=30m
+OnUnitActiveSec=10m
[Install]
WantedBy=timers.target
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/guest-agent-20221018.00/gce_workload_cert_refresh/main.go
new/guest-agent-20221109.00/gce_workload_cert_refresh/main.go
--- old/guest-agent-20221018.00/gce_workload_cert_refresh/main.go
2022-10-19 00:34:58.000000000 +0200
+++ new/guest-agent-20221109.00/gce_workload_cert_refresh/main.go
2022-11-08 02:00:38.000000000 +0100
@@ -77,6 +77,13 @@
return nil, fmt.Errorf("HTTP 404")
}
+ // GCE Workload Certificate endpoints return 412 Precondition failed if
the VM was
+ // never configured with valid config values at least once. Without
valid config
+ // values GCE cannot provision the workload certificates.
+ if res.StatusCode == 412 {
+ return nil, fmt.Errorf("HTTP 412")
+ }
+
defer res.Body.Close()
md, err := ioutil.ReadAll(res.Body)
if err != nil {
@@ -223,9 +230,8 @@
defer logger.Infof("Done")
// TODO: prune old dirs
-
if err := refreshCreds(); err != nil {
- logger.Fatalf(err.Error())
+ logger.Fatalf("Error refreshCreds: %v", err.Error())
}
}
@@ -262,6 +268,16 @@
return fmt.Errorf("Error writing config_status: %v", err)
}
+ // Handles the edge case where the config values provided for the first
time may be invalid. This ensures
+ // that the symlink directory alwasys exists and contains the
config_status to surface config errors to the VM.
+ if _, err := os.Stat(symlink); os.IsNotExist(err) {
+ logger.Infof("Creating new symlink %s", symlink)
+
+ if err := os.Symlink(contentDir, symlink); err != nil {
+ return fmt.Errorf("Error creating symlink: %v", err)
+ }
+ }
+
// Now get the rest of the content.
wisMd, err := getMetadata("instance/workload-identities")
if err != nil {
@@ -275,7 +291,7 @@
wis := WorkloadIdentities{}
if err := json.Unmarshal(wisMd, &wis); err != nil {
- return fmt.Errorf("Error unmarshaling workload trusted root
certs: %v", err)
+ return fmt.Errorf("Error unmarshaling workload identities
response: %v", err)
}
wtrcs := WorkloadTrustedRootCerts{}
@@ -312,8 +328,13 @@
return fmt.Errorf("Error rotating target link: %v", err)
}
- if oldTarget != "" {
- logger.Infof("Remove old content dir %s", oldTarget)
+ // Clean up previous contents dir.
+ newTarget, err := os.Readlink(symlink)
+ if err != nil {
+ return fmt.Errorf("Error reading new symlink: %v, unable to
remove old symlink target", err)
+ }
+ if oldTarget != newTarget {
+ logger.Infof("Removing old content dir %s", oldTarget)
if err := os.RemoveAll(oldTarget); err != nil {
return fmt.Errorf("Failed to remove old symlink target:
%v", err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/guest-agent-20221018.00/google_guest_agent/wsfc.go
new/guest-agent-20221109.00/google_guest_agent/wsfc.go
--- old/guest-agent-20221018.00/google_guest_agent/wsfc.go 2022-10-19
00:34:58.000000000 +0200
+++ new/guest-agent-20221109.00/google_guest_agent/wsfc.go 2022-11-08
02:00:38.000000000 +0100
@@ -185,7 +185,7 @@
}
}()
- logger.Infof("wsfc agent stared. Listening on port: %s", a.port)
+ logger.Infof("wsfc agent started. Listening on port: %s", a.port)
a.listener = listener
return nil
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/guest-agent-20221018.00/utils/main.go
new/guest-agent-20221109.00/utils/main.go
--- old/guest-agent-20221018.00/utils/main.go 2022-10-19 00:34:58.000000000
+0200
+++ new/guest-agent-20221109.00/utils/main.go 2022-11-08 02:00:38.000000000
+0100
@@ -19,6 +19,7 @@
import (
"encoding/json"
"errors"
+ "regexp"
"strings"
"time"
@@ -88,6 +89,19 @@
}
+// ValidateUserKey checks for the presence of a characters which should not be
+// allowed in a username string, returns an error if any such characters are
+// detected, nil otherwise.
+// Currently, the only banned characters are whitespace characters.
+func ValidateUserKey(user string) error {
+ whiteSpaceRegexp, _ := regexp.Compile("\\s")
+
+ if whiteSpaceRegexp.MatchString(user) {
+ return errors.New("Invalid username - whitespace detected")
+ }
+ return nil
+}
+
// GetUserKey takes a string and determines if it is a valid SSH key and
returns
// the user and key if valid, nil otherwise.
func GetUserKey(rawKey string) (string, string, error) {
@@ -103,6 +117,9 @@
if user == "" {
return "", "", errors.New("Invalid ssh key entry - user
missing")
}
+ if err := ValidateUserKey(user); err != nil {
+ return "", "", err
+ }
if err := CheckExpiredKey(key[idx+1:]); err != nil {
return "", "", err
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/guest-agent-20221018.00/utils/main_test.go
new/guest-agent-20221109.00/utils/main_test.go
--- old/guest-agent-20221018.00/utils/main_test.go 2022-10-19
00:34:58.000000000 +0200
+++ new/guest-agent-20221109.00/utils/main_test.go 2022-11-08
02:00:38.000000000 +0100
@@ -83,3 +83,25 @@
}
}
}
+
+func TestValidateUserKey(t *testing.T) {
+ table := []struct {
+ user string
+ valid bool
+ }{
+ {"username", true},
+ {"username:key", true},
+ {"user -g", false},
+ {"user -g 27", false},
+ {"user\t-g", false},
+ {"user\n-g", false},
+ {"username\t-g\n27", false},
+ }
+ for _, tt := range table {
+ err := ValidateUserKey(tt.user)
+ isValid := err == nil
+ if isValid != tt.valid {
+ t.Errorf("Invalid ValidateUserKey(%s) return: expected:
%t - got: %t", tt.user, isValid, tt.valid)
+ }
+ }
+}
++++++ vendor.tar.gz ++++++
