Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Dear release team, Here's a list of changes: */ Package is rebuilt against openstack-pkg-tools >= 22~ to fix the last systemd issue that was preventing startup of daemons on the first install (see unblock bug #775278). */ To make sure the database directive is left unchanged unless the user explicitely asked for automated management, and for consistency across all OpenStack packages, the heat/configure_db debconf variable default value is now set to false. */ For consistency with other OpenStack packages and to allow a better compatibility with official puppet scripts, the postinst doesn't touch the db connection directive and doesn't do the "heat-manage db_sync" unless explicitely requested by the user through debconf. The pkgos_dbc_postinst isn't called either if no db management is requested. */ As SSL version 3 support has been removed from Debian, the Python object ssl.PROTOCOL_SSLv3 doesn't work anymore. During my tests, I have found out that this prevented heat from authenticating against Keystone. This upload fixes it by removing completely the use of the object ssl.PROTOCOL_SSLv3 (added patch). Please unblock heat/2014.1.3-7. Cheers, Thomas Goirand (zigo)
diff -Nru heat-2014.1.3/debian/changelog heat-2014.1.3/debian/changelog --- heat-2014.1.3/debian/changelog 2015-01-07 13:59:20.000000000 +0000 +++ heat-2014.1.3/debian/changelog 2015-01-12 23:32:36.000000000 +0000 @@ -1,3 +1,29 @@ +heat (2014.1.3-7) unstable; urgency=medium + + * Removed the use of PROTOCOL_SSLv3 which is removed form Debian. + + -- Thomas Goirand <[email protected]> Tue, 13 Jan 2015 00:30:06 +0100 + +heat (2014.1.3-6) unstable; urgency=medium + + * Fixed the use of a wrong Debconf template name (Closes: #774952). + + -- Thomas Goirand <[email protected]> Fri, 09 Jan 2015 22:40:22 +0000 + +heat (2014.1.3-5) unstable; urgency=medium + + * Sets heat/configure_db to false by default. + * Only calls pkgos_dbc_postinst and su heat -c "heat-manage db_sync" if + heat/configure_db is set to true. + + -- Thomas Goirand <[email protected]> Thu, 08 Jan 2015 16:28:44 +0000 + +heat (2014.1.3-4) unstable; urgency=medium + + * Rebuilt with openstack-pkg-tools (>= 22~): starts daemons on first install. + + -- Thomas Goirand <[email protected]> Thu, 08 Jan 2015 15:58:40 +0000 + heat (2014.1.3-3) unstable; urgency=medium * Added Dutch translation of debconf messages thanks to Frans Spiesschaert diff -Nru heat-2014.1.3/debian/control heat-2014.1.3/debian/control --- heat-2014.1.3/debian/control 2015-01-07 13:59:20.000000000 +0000 +++ heat-2014.1.3/debian/control 2015-01-12 23:32:36.000000000 +0000 @@ -6,7 +6,7 @@ Mehdi Abaakouk <[email protected]> Build-Depends: debhelper (>= 9), dh-systemd, - openstack-pkg-tools (>= 21~), + openstack-pkg-tools (>= 22~), po-debconf, python-all (>= 2.6.6-3~), python-pbr (>= 0.6), diff -Nru heat-2014.1.3/debian/heat-common.postinst.in heat-2014.1.3/debian/heat-common.postinst.in --- heat-2014.1.3/debian/heat-common.postinst.in 2015-01-07 13:59:20.000000000 +0000 +++ heat-2014.1.3/debian/heat-common.postinst.in 2015-01-12 23:32:36.000000000 +0000 @@ -19,15 +19,22 @@ chown heat:heat /var/lib/heat /etc/heat pkgos_write_new_conf heat heat.conf - pkgos_dbc_postinst ${CONF} database connection heat $@ + db_get heat/configure_db + if [ "$RET" = "true" ] ; then + pkgos_dbc_postinst ${CONF} database connection heat $@ + fi pkgos_rabbit_write_conf ${CONF} DEFAULT heat pkgos_write_admin_creds ${CONF} keystone_authtoken heat pkgos_register_endpoint_postinst heat heat orchestration "Heat Orchestration API" 8004 /v1/'%(tenant_id)s' # This is the equivalent of db-sync: - su heat -c "heat-manage db_sync" + db_get heat/configure_db + if [ "$RET" = "true" ] ; then + su heat -c "heat-manage db_sync" + fi chown -R heat:adm /var/log/heat chmod 0750 /var/log/heat + db_stop fi #DEBHELPER# diff -Nru heat-2014.1.3/debian/heat-common.templates heat-2014.1.3/debian/heat-common.templates --- heat-2014.1.3/debian/heat-common.templates 2015-01-07 13:59:20.000000000 +0000 +++ heat-2014.1.3/debian/heat-common.templates 2015-01-12 23:32:36.000000000 +0000 @@ -80,7 +80,7 @@ Template: heat/configure_db Type: boolean -Default: true +Default: false _Description: Set up a database for heat-common? No database has been set up for heat-common to use. Before continuing, you should make sure you have the following information: diff -Nru heat-2014.1.3/debian/patches/remove-the-use-of-ssl.PROTOCOL_SSLv3.patch heat-2014.1.3/debian/patches/remove-the-use-of-ssl.PROTOCOL_SSLv3.patch --- heat-2014.1.3/debian/patches/remove-the-use-of-ssl.PROTOCOL_SSLv3.patch 1970-01-01 00:00:00.000000000 +0000 +++ heat-2014.1.3/debian/patches/remove-the-use-of-ssl.PROTOCOL_SSLv3.patch 2015-01-12 23:32:36.000000000 +0000 @@ -0,0 +1,19 @@ +Description: Remove the use of ssl.PROTOCOL_SSLv23 + The ssl.PROTOCOL_SSLv23 object cannot be used in Debian anymore, this patch + removes it from heat/openstack/common/sslutils.py. +Author: Thomas Goirand <[email protected]> +Forwarded: not-needed +Last-Update: 2014-01-13 + +--- heat-2014.1.3.orig/heat/openstack/common/sslutils.py ++++ heat-2014.1.3/heat/openstack/common/sslutils.py +@@ -80,8 +80,7 @@ def wrap(sock): + + _SSL_PROTOCOLS = { + "tlsv1": ssl.PROTOCOL_TLSv1, +- "sslv23": ssl.PROTOCOL_SSLv23, +- "sslv3": ssl.PROTOCOL_SSLv3 ++ "sslv23": ssl.PROTOCOL_SSLv23 + } + + try: diff -Nru heat-2014.1.3/debian/patches/series heat-2014.1.3/debian/patches/series --- heat-2014.1.3/debian/patches/series 2015-01-07 13:59:20.000000000 +0000 +++ heat-2014.1.3/debian/patches/series 2015-01-12 23:32:36.000000000 +0000 @@ -1 +1,2 @@ fix-default-db.patch +remove-the-use-of-ssl.PROTOCOL_SSLv3.patch
