commit etcd for openSUSE:Factory

Thu, 13 Jun 2019 14:02:49 -0700 

Hello community,

here is the log from the commit of package etcd for openSUSE:Factory checked in 
at 2019-06-13 23:01:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/etcd (Old)
 and      /work/SRC/openSUSE:Factory/.etcd.new.4811 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "etcd"

Thu Jun 13 23:01:44 2019 rev:16 rq:708040 version:3.3.11

Changes:
--------
--- /work/SRC/openSUSE:Factory/etcd/etcd.changes        2019-02-01 
11:46:23.780493888 +0100
+++ /work/SRC/openSUSE:Factory/.etcd.new.4811/etcd.changes      2019-06-13 
23:01:46.551489264 +0200
@@ -1,0 +2,7 @@
+Wed Jun  5 13:08:46 UTC 2019 -  <jseg...@suse.com>
+
+- Added README.security and wording in the configuration file to
+  ensure users are aware that they need to configure etcd to require
+  authentication
+
+-------------------------------------------------------------------

New:
----
  README.security

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ etcd.spec ++++++
--- /var/tmp/diff_new_pack.nB3Tz3/_old  2019-06-13 23:01:47.303488133 +0200
+++ /var/tmp/diff_new_pack.nB3Tz3/_new  2019-06-13 23:01:47.303488133 +0200
@@ -33,6 +33,7 @@
 Source2:        %{name}.service
 Source3:        etcd_client_firewall
 Source4:        etcd_server_firewall
+Source5:        README.security
 BuildRequires:  golang-packaging
 BuildRequires:  shadow
 BuildRequires:  systemd-rpm-macros
@@ -68,6 +69,7 @@
 
 %prep
 %setup -q
+cp %{SOURCE5} .
 
 %build
 %{goprep} github.com/coreos/etcd
@@ -111,7 +113,7 @@
 
 %files
 %defattr(-,root,root)
-%doc CONTRIBUTING.md README.md DCO NOTICE
+%doc CONTRIBUTING.md README.md DCO NOTICE README.security
 %license LICENSE
 %{_sbindir}/%{name}
 

++++++ README.security ++++++
By default etcd doesn't require authentication.  If you configure etcd to be 
reachable
over the network, have untrustworthy local users on the system where etc runs 
or store
date in etcd that needs to be kept confidential please make sure to enable 
authentication.

You can do that by configuring the settings under [security] in 
/etc/sysconfig/etcd.
For additional guidance please red
https://coreos.com/etcd/docs/latest/v2/security.html
and
https://coreos.com/etcd/docs/latest/op-guide/authentication.html
to ensure that you enforce proper access control
++++++ etcd.conf ++++++
--- /var/tmp/diff_new_pack.nB3Tz3/_old  2019-06-13 23:01:47.379488018 +0200
+++ /var/tmp/diff_new_pack.nB3Tz3/_new  2019-06-13 23:01:47.379488018 +0200
@@ -5,6 +5,10 @@
 #ETCD_SNAPSHOT_COUNT="10000"
 #ETCD_HEARTBEAT_INTERVAL="100"
 #ETCD_ELECTION_TIMEOUT="1000"
+# Before changing this setting allowing etcd to be reachable over the network
+# or if you have untrustworthy local users on the system where etc runs please
+# make sure to enable authentication in the [security] section below. Please
+# also read README.security for this package
 #ETCD_LISTEN_PEER_URLS="http://localhost:2380";
 ETCD_LISTEN_CLIENT_URLS="http://localhost:2379";
 #ETCD_MAX_SNAPSHOTS="5"

Reply via email to