Hello community, here is the log from the commit of package etcd for openSUSE:Factory checked in at 2019-06-13 23:01:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/etcd (Old) and /work/SRC/openSUSE:Factory/.etcd.new.4811 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "etcd" Thu Jun 13 23:01:44 2019 rev:16 rq:708040 version:3.3.11 Changes: -------- --- /work/SRC/openSUSE:Factory/etcd/etcd.changes 2019-02-01 11:46:23.780493888 +0100 +++ /work/SRC/openSUSE:Factory/.etcd.new.4811/etcd.changes 2019-06-13 23:01:46.551489264 +0200 @@ -1,0 +2,7 @@ +Wed Jun 5 13:08:46 UTC 2019 - <jseg...@suse.com> + +- Added README.security and wording in the configuration file to + ensure users are aware that they need to configure etcd to require + authentication + +------------------------------------------------------------------- New: ---- README.security ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ etcd.spec ++++++ --- /var/tmp/diff_new_pack.nB3Tz3/_old 2019-06-13 23:01:47.303488133 +0200 +++ /var/tmp/diff_new_pack.nB3Tz3/_new 2019-06-13 23:01:47.303488133 +0200 @@ -33,6 +33,7 @@ Source2: %{name}.service Source3: etcd_client_firewall Source4: etcd_server_firewall +Source5: README.security BuildRequires: golang-packaging BuildRequires: shadow BuildRequires: systemd-rpm-macros @@ -68,6 +69,7 @@ %prep %setup -q +cp %{SOURCE5} . %build %{goprep} github.com/coreos/etcd @@ -111,7 +113,7 @@ %files %defattr(-,root,root) -%doc CONTRIBUTING.md README.md DCO NOTICE +%doc CONTRIBUTING.md README.md DCO NOTICE README.security %license LICENSE %{_sbindir}/%{name} ++++++ README.security ++++++ By default etcd doesn't require authentication. If you configure etcd to be reachable over the network, have untrustworthy local users on the system where etc runs or store date in etcd that needs to be kept confidential please make sure to enable authentication. You can do that by configuring the settings under [security] in /etc/sysconfig/etcd. For additional guidance please red https://coreos.com/etcd/docs/latest/v2/security.html and https://coreos.com/etcd/docs/latest/op-guide/authentication.html to ensure that you enforce proper access control ++++++ etcd.conf ++++++ --- /var/tmp/diff_new_pack.nB3Tz3/_old 2019-06-13 23:01:47.379488018 +0200 +++ /var/tmp/diff_new_pack.nB3Tz3/_new 2019-06-13 23:01:47.379488018 +0200 @@ -5,6 +5,10 @@ #ETCD_SNAPSHOT_COUNT="10000" #ETCD_HEARTBEAT_INTERVAL="100" #ETCD_ELECTION_TIMEOUT="1000" +# Before changing this setting allowing etcd to be reachable over the network +# or if you have untrustworthy local users on the system where etc runs please +# make sure to enable authentication in the [security] section below. Please +# also read README.security for this package #ETCD_LISTEN_PEER_URLS="http://localhost:2380" ETCD_LISTEN_CLIENT_URLS="http://localhost:2379" #ETCD_MAX_SNAPSHOTS="5"