Hello community, here is the log from the commit of package salt for openSUSE:Factory checked in at 2017-11-30 12:44:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/salt (Old) and /work/SRC/openSUSE:Factory/.salt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "salt" Thu Nov 30 12:44:48 2017 rev:67 rq:546091 version:2017.7.2 Changes: -------- --- /work/SRC/openSUSE:Factory/salt/salt.changes 2017-11-22 11:21:33.875222195 +0100 +++ /work/SRC/openSUSE:Factory/.salt.new/salt.changes 2017-11-30 12:44:50.271126163 +0100 @@ -0,0 +1,11 @@ +------------------------------------------------------------------- +Mon Nov 27 17:13:03 UTC 2017 - [email protected] + +- Run salt master as dedicated salt user +- Run salt-api as user salt (bsc#1064520) + +- Added: + * run-salt-master-as-dedicated-salt-user.patch + * run-salt-api-as-user-salt-bsc-1064520.patch + +------------------------------------------------------------------- Old: ---- _service New: ---- run-salt-api-as-user-salt-bsc-1064520.patch run-salt-master-as-dedicated-salt-user.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ salt.spec ++++++ --- /var/tmp/diff_new_pack.76jc4Q/_old 2017-11-30 12:44:51.459082976 +0100 +++ /var/tmp/diff_new_pack.76jc4Q/_new 2017-11-30 12:44:51.463082831 +0100 @@ -1,7 +1,7 @@ # # spec file for package salt # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -57,10 +57,12 @@ Patch4: introduce-process_count_max-minion-configuration-par.patch Patch5: bugfix-always-return-a-string-list-on-unknown-job-ta.patch Patch6: enable-with-salt-version-parameter-for-setup.py-scri.patch +Patch7: run-salt-master-as-dedicated-salt-user.patch +Patch8: run-salt-api-as-user-salt-bsc-1064520.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: python-rpm-macros BuildRequires: logrotate +BuildRequires: python-rpm-macros BuildRequires: python3 BuildRequires: python3-devel # requirements/base.txt @@ -70,11 +72,11 @@ BuildRequires: python3-Jinja2 %endif BuildRequires: python3-MarkupSafe +BuildRequires: python3-PyYAML BuildRequires: python3-msgpack-python > 0.3 BuildRequires: python3-psutil BuildRequires: python3-requests >= 1.0.0 BuildRequires: python3-tornado >= 4.2.1 -BuildRequires: python3-PyYAML # requirements/zeromq.txt BuildRequires: python3-pycrypto >= 2.6.1 @@ -110,8 +112,8 @@ Requires(pre): dbus %endif -Requires: procps Requires: logrotate +Requires: procps Requires: python3 # %if ! 0%{?suse_version} > 1110 @@ -128,11 +130,11 @@ Requires: python3-Jinja2 %endif Requires: python3-MarkupSafe +Requires: python3-PyYAML Requires: python3-msgpack-python > 0.3 Requires: python3-psutil Requires: python3-requests >= 1.0.0 Requires: python3-tornado >= 4.2.1 -Requires: python3-PyYAML %if 0%{?suse_version} # required for zypper.py Requires: python3-rpm @@ -402,6 +404,8 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 %build %{__python3} setup.py --salt-transport=both build ++++++ run-salt-api-as-user-salt-bsc-1064520.patch ++++++ >From 8f81bee8d8929cc4cd30dabc7cbc92d2cba9760e Mon Sep 17 00:00:00 2001 From: Christian Lanig <[email protected]> Date: Mon, 27 Nov 2017 13:10:26 +0100 Subject: [PATCH 2/2] Run salt-api as user salt (bsc#1064520) --- pkg/salt-api.service | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/salt-api.service b/pkg/salt-api.service index 7ca582dfb4..bf513e4dbd 100644 --- a/pkg/salt-api.service +++ b/pkg/salt-api.service @@ -6,6 +6,7 @@ After=network.target [Service] Type=notify NotifyAccess=all +User=salt LimitNOFILE=8192 ExecStart=/usr/bin/salt-api TimeoutStopSec=3 -- 2.14.2 ++++++ run-salt-master-as-dedicated-salt-user.patch ++++++ >From 3902fe4183d169808b9d248b9b963926035ba954 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <[email protected]> Date: Wed, 20 Jan 2016 11:01:06 +0100 Subject: [PATCH 1/2] Run salt master as dedicated salt user * Minion runs always as a root --- conf/master | 3 ++- pkg/salt-common.logrotate | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/conf/master b/conf/master index abfc1fa808..bd28f6d406 100644 --- a/conf/master +++ b/conf/master @@ -25,7 +25,8 @@ # permissions to allow the specified user to run the master. The exception is # the job cache, which must be deleted if this user is changed. If the # modified files cause conflicts, set verify_env to False. -#user: root +user: salt +syndic_user: salt # The port used by the communication interface. The ret (return) port is the # interface used for the file server, authentication, job returns, etc. diff --git a/pkg/salt-common.logrotate b/pkg/salt-common.logrotate index 3cd002308e..0d99d1b801 100644 --- a/pkg/salt-common.logrotate +++ b/pkg/salt-common.logrotate @@ -1,4 +1,5 @@ /var/log/salt/master { + su salt salt weekly missingok rotate 7 @@ -15,6 +16,7 @@ } /var/log/salt/key { + su salt salt weekly missingok rotate 7 -- 2.14.2
