Hello community,
here is the log from the commit of package caasp-container-manifests for
openSUSE:Factory checked in at 2018-07-13 10:21:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/caasp-container-manifests (Old)
and /work/SRC/openSUSE:Factory/.caasp-container-manifests.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "caasp-container-manifests"
Fri Jul 13 10:21:31 2018 rev:17 rq:622261 version:4.0.0+git_r316_7a19ed1
Changes:
--------
---
/work/SRC/openSUSE:Factory/caasp-container-manifests/caasp-container-manifests.changes
2018-06-22 13:35:33.938245957 +0200
+++
/work/SRC/openSUSE:Factory/.caasp-container-manifests.new/caasp-container-manifests.changes
2018-07-13 10:21:34.758471819 +0200
@@ -1,0 +2,41 @@
+Fri Jul 6 09:32:16 UTC 2018 - [email protected]
+
+- Commit f23f049 by Maximilian Meister [email protected]
+ use 503 error file (bsc#1080636)
+
+ Signed-off-by: Maximilian Meister <[email protected]>
+
+ Commit 5ceb972 by Maximilian Meister [email protected]
+ mount static pages from velum-branding (bsc#1080636)
+
+ Signed-off-by: Maximilian Meister <[email protected]>
+
+
+-------------------------------------------------------------------
+Thu Jul 5 16:20:34 UTC 2018 - [email protected]
+
+- Commit 79bf8f4 by Alvaro Saurin [email protected]
+ We should generate a random CA serial number. According to the CA/Browser
+ Forum Baseline Requirements section 7.1: "CAs SHOULD generate non‐sequential
+ Certificate serial numbers that exhibit at least 20 bits of entropy.". In
+ general it is considered a good practice to use a random number instead of a
+ constant...
+
+ feature#security
+
+
+-------------------------------------------------------------------
+Tue Jul 3 11:14:09 UTC 2018 - [email protected]
+
+- Commit 0f2b13b by Maximilian Meister [email protected]
+ drop branding mount for images
+
+ the images have to be precompiled into the velum rpm, therefore a mount is
+ useless
+
+ velum#branding
+
+ Signed-off-by: Maximilian Meister <[email protected]>
+
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ caasp-container-manifests.spec ++++++
--- /var/tmp/diff_new_pack.a0NyCW/_old 2018-07-13 10:21:35.650472887 +0200
+++ /var/tmp/diff_new_pack.a0NyCW/_new 2018-07-13 10:21:35.650472887 +0200
@@ -29,7 +29,7 @@
%endif
Name: caasp-container-manifests
-Version: 4.0.0+git_r309_e863888
+Version: 4.0.0+git_r316_7a19ed1
Release: 0
Summary: Manifest file templates for containers on controller node
License: Apache-2.0
++++++ master.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/caasp-container-manifests-master/config/haproxy/haproxy.cfg
new/caasp-container-manifests-master/config/haproxy/haproxy.cfg
--- old/caasp-container-manifests-master/config/haproxy/haproxy.cfg
2018-06-21 08:56:09.000000000 +0200
+++ new/caasp-container-manifests-master/config/haproxy/haproxy.cfg
2018-07-06 11:33:33.000000000 +0200
@@ -22,6 +22,7 @@
default-server inter 10s fall 3
balance roundrobin
server velum unix@/var/run/puma/dashboard.sock
+ errorfile 503 /etc/caasp/haproxy/errors/503.html.http
listen velum-api
bind 127.0.0.1:444 ssl crt /etc/pki/private/velum-bundle.pem ca-file
/etc/pki/ca.crt
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/caasp-container-manifests-master/gen-certs.sh
new/caasp-container-manifests-master/gen-certs.sh
--- old/caasp-container-manifests-master/gen-certs.sh 2018-06-21
08:56:09.000000000 +0200
+++ new/caasp-container-manifests-master/gen-certs.sh 2018-07-06
11:33:33.000000000 +0200
@@ -9,11 +9,16 @@
STATE=${STATE:-Bavaria}
COUNTRY=${COUNTRY:-DE}
-DIR="/etc/pki"
+DIR="${DIR:-/etc/pki}"
CERTS="$DIR/_certs"
PRIVATEDIR="$DIR/private"
WORK="$DIR/_work"
+
+random_serial() {
+ xxd -l 16 -p /dev/random
+}
+
genca() {
[ -f $PRIVATEDIR/ca.key ] && [ -f $DIR/ca.crt ] && return
@@ -85,11 +90,16 @@
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
EOF
+ random_serial > $WORK/serial
+
rm -f $WORK/index.txt $WORK/index.txt.attr
touch $WORK/index.txt $WORK/index.txt.attr
- echo 1000 > $WORK/serial
- openssl req -batch -config $WORK/ca.cfg -sha256 -new -x509 -days 3650
-extensions v3_ca -key $PRIVATEDIR/ca.key -out $DIR/ca.crt
+ openssl req -batch -config $WORK/ca.cfg \
+ -sha256 -new -x509 -days 3650 \
+ -extensions v3_ca \
+ -key $PRIVATEDIR/ca.key \
+ -out $DIR/ca.crt
}
gencert() {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/caasp-container-manifests-master/manifests/haproxy.yaml
new/caasp-container-manifests-master/manifests/haproxy.yaml
--- old/caasp-container-manifests-master/manifests/haproxy.yaml 2018-06-21
08:56:09.000000000 +0200
+++ new/caasp-container-manifests-master/manifests/haproxy.yaml 2018-07-06
11:33:33.000000000 +0200
@@ -41,6 +41,8 @@
readOnly: True
- name: velum-unix-socket
mountPath: /var/run/puma
+ - name: velum-static-pages
+ mountPath: /etc/caasp/haproxy/errors
volumes:
- name: haproxy-cfg
hostPath:
@@ -62,3 +64,6 @@
- name: velum-unix-socket
hostPath:
path: /var/run/puma
+ - name: velum-static-pages
+ hostPath:
+ path: /usr/share/velum/static-pages
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/caasp-container-manifests-master/manifests/public.yaml
new/caasp-container-manifests-master/manifests/public.yaml
--- old/caasp-container-manifests-master/manifests/public.yaml 2018-06-21
08:56:09.000000000 +0200
+++ new/caasp-container-manifests-master/manifests/public.yaml 2018-07-06
11:33:33.000000000 +0200
@@ -312,9 +312,6 @@
- mountPath: /srv/velum/PRODUCT
name: velum-dist-name
readOnly: True
- - mountPath: /srv/velum/public/branding
- name: velum-branding
- readOnly: True
- mountPath: /srv/velum/public/favicon.ico
name: velum-icon
readOnly: True
@@ -592,9 +589,6 @@
- name: velum-dist-name
hostPath:
path: /usr/share/velum/PRODUCT
- - name: velum-branding
- hostPath:
- path: /usr/share/velum/images
- name: velum-icon
hostPath:
path: /usr/share/velum/images/favicon.ico
