Hello community, here is the log from the commit of package openvswitch for openSUSE:Leap:15.2 checked in at 2020-06-06 15:48:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/openvswitch (Old) and /work/SRC/openSUSE:Leap:15.2/.openvswitch.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openvswitch" Sat Jun 6 15:48:11 2020 rev:55 rq:811961 version:unknown Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/openvswitch/openvswitch.changes 2020-01-15 15:37:30.195030916 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.openvswitch.new.3606/openvswitch.changes 2020-06-06 15:48:13.332003775 +0200 @@ -2 +2,67 @@ -Thu Aug 8 10:25:41 UTC 2019 - <[email protected]> +Wed Jun 3 14:53:21 UTC 2020 - Jaime Caamaño Ruiz <[email protected]> + +- add missing provides/obsoletes for python3-openvswitch-test + +------------------------------------------------------------------- +Mon May 4 11:38:26 UTC 2020 - Jaime Caamaño Ruiz <[email protected]> + +- Update openvswitch to 2.13.0. + * For a list of changes, check + https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS + * This version drops python2 binding support. Only python3 bindings + provided going forward. + * Tool ovs-vlan-bug-workaround is no longer provided. +- OVN was split to its own repo but is still built together with OVS and as + such from this same source package. OVN initial version is 20.03. + * For a list of changes, check + https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS + * Packages openvswitch-ovn* are renamed to ovn*. + * OVN now has its own sysconfig and log paths. +- Add OVS patch to be proposed upstream: + * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch +- Patch instead of post-processing configuration files to set running + credentials (bsc#1157338): + * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch + * 0001-Run-ovn-as-openvswitch-openvswitch.patch +- Will no longer change group ownership of /dev/hugepages to 'hugetlbfs' + (bsc#1140835). System admin should mount hugepages on a path and permissions of + his choosing for OVS. Add patch: + * 0001-Don-t-change-permissions-of-dev-hugepages.patch +- Will no longer install udev rule to change group ownership of vfio devices to + 'hugetlbfs'. Group name does not make much sense in this case and ownership of + vfio devices should be coordinated system wide or per device. +- Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled. + OVS will now run under group 'openvswitch' whether compiled with DPDK support + or not. +- OVS persistent state is now saved on /var/lib/openvswitch instead of + /etc/openvswitch for new installs. + +------------------------------------------------------------------- +Thu Feb 13 18:06:02 UTC 2020 - Dirk Mueller <[email protected]> + +- add missing sortedcontainers dependency to the python bindings + +------------------------------------------------------------------- +Mon Oct 28 14:56:34 UTC 2019 - Jaime Caamaño Ruiz <[email protected]> + +- Update openvswitch to 2.12.0. For a list of changes, check + https://github.com/openvswitch/ovs/blob/master/NEWS +- Removed patches that are already included upstream: + * 0001-rhel-secure-openvswitch-useropts.patch + * 0002-rhel-let-ctl-handle-runtime-directory.patch +- Rebased patches: + * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch + +------------------------------------------------------------------- +Thu Aug 8 11:55:36 UTC 2019 - <[email protected]> + +- Fixed missing obsoletes for old python-ovs (bsc#1138948). + +------------------------------------------------------------------- +Tue Jul 16 09:10:42 UTC 2019 - <[email protected]> + +- Add unbound as a build requirement to support asynchronous DNS + resolving for remotes. + +------------------------------------------------------------------- +Thu Jun 20 12:00:42 UTC 2019 - <[email protected]> @@ -4,0 +71,11 @@ + +------------------------------------------------------------------- +Mon Jun 10 17:12:00 UTC 2019 - <[email protected]> + +- Add upstream patches to fix bsc#1135884: + * 0001-rhel-secure-openvswitch-useropts.patch + * 0002-rhel-let-ctl-handle-runtime-directory.patch + +------------------------------------------------------------------- +Mon May 6 17:08:26 UTC 2019 - <[email protected]> + @@ -5,0 +83,10 @@ + +------------------------------------------------------------------- +Mon Apr 29 14:12:36 UTC 2019 - <[email protected]> + +- Fix problem preventing new installs to run as non root (bsc#1132029), + including: + * Align with upstream so that no running configuration is changed on + upgrades, specifically to avoid changes on the user Open vSwitch runs + under. + * hugetblfs groups is created as system group. @@ -14,13 +101 @@ -- Disable dpdk on ix86, due to lack of proper SSE support. -- Fixed missing obsoletes for old python-ovs (bsc#1138948). - -------------------------------------------------------------------- -Mon Jul 15 13:22:11 UTC 2019 - <[email protected]> - -- Fix problem preventing new installs to run as non root (bsc#1132029, - bsc#1139798), including: - * Align with upstream so that no running configuration is changed on - upgrades, specifically to avoid changes on the user Open vSwitch runs - under. - * hugetblfs groups is created as system group. -- Version bump to bugfix release 2.11.1 (bsc#1130276). Some of the changes are: +- Version bump to 2.11.1. Some of the changes are: @@ -69 +144 @@ -Thu Feb 28 11:32:27 UTC 2019 - [email protected] +Mon Mar 25 14:18:56 UTC 2019 - <[email protected]> @@ -71,2 +146,12 @@ -- Version bump to 2.11.0 (fate#325916, fate#325951, fate#326025, fate#326992). - Some of the changes are: +- Disable dpdk on ix86, aligned with dpdk package. + +------------------------------------------------------------------- +Thu Mar 21 15:12:55 UTC 2019 - Jan Engelhardt <[email protected]> + +- Combine %service_* calls to reduce generated boilerplate. +- Reduce scriptlets' hard dependency on systemd. + +------------------------------------------------------------------- +Thu Feb 28 11:16:58 UTC 2019 - [email protected] + +- Version bump to 2.11.0. Some of the changes are: @@ -122 +207 @@ -Fri Feb 15 16:07:10 UTC 2019 - [email protected] +Fri Feb 15 16:16:32 UTC 2019 - [email protected] @@ -127 +212 @@ -Thu Jan 24 18:21:01 UTC 2019 - Jaime Caamaño ([email protected]) +Thu Jan 24 16:52:16 UTC 2019 - [email protected] @@ -129,2 +214,6 @@ -- Version bump to 2.11.0+git20190123.ad83fc9ab (fate#325916, fate#325951, - fate#326025, fate#326992). Some of the changes are: +- Fixed package name libopenvswitch-2_10-0 to libopenvswitch-2_11-0 + +------------------------------------------------------------------- +Thu Jan 24 11:34:15 UTC 2019 - Jaime Caamaño ([email protected]) + +- Version bump to 2.11.0+git20190123.ad83fc9ab. Some of the changes are: @@ -178 +267,7 @@ -Mon Nov 26 10:11:12 UTC 2018 - [email protected] +Sun Jan 20 07:58:20 UTC 2019 - Thomas Bechtold <[email protected]> + +- python2-ovs provides now also python-ovs which is the standard + for singlespec python packages. + +------------------------------------------------------------------- +Mon Nov 26 11:07:30 UTC 2018 - [email protected] @@ -199 +294 @@ -Mon Oct 22 11:51:58 UTC 2018 - Markos Chandras <[email protected]> +Mon Oct 22 09:38:00 UTC 2018 - Markos Chandras <[email protected]> @@ -201 +296 @@ -- Version bump to 2.9.3. Some of the changes are: +- Version bump to 2.10.1. Some of the changes are: @@ -203,0 +299,3 @@ + * dpif-netdev-perf: Print SMC statistics. + * dpif-netdev-unixctl: Change 'masked' to 'megaflow'. + * ovn-controller: Support processing DHCPv6 information request message type @@ -208,0 +307 @@ + * ovn: Fix IPv6 DAD failure for container ports @@ -209,0 +309,2 @@ + * ovs-save: Parse geneve tlv map correctly. + * extend-table: Fix a bug that iterates wrong table @@ -210,0 +312 @@ + * ofp-packet: Fix NXT_RESUME with geneve tunnel metadata @@ -211,0 +314,2 @@ + * ofproto-dpif-xlate.c: Fix uninitialized variable warning. + * dpif: Remove support for multiple queues per port. @@ -212,0 +317 @@ + * ovsdb-types: Refactor structs so as to comply with C++ standard @@ -213,0 +319,3 @@ + * ovsdb-data: Improve grammar in error message. + * condition: Reject <, <=, >=, > with optional scalar against empty set. + * condition: Fix ==, !=, includes, excludes on optional scalars. @@ -215,0 +324 @@ + * sflow: Set agent address properly based on collector address. @@ -216,0 +326 @@ + * ofproto: Fix build with some GCC versions. @@ -217,0 +328 @@ + * ofproto: Handle OpenFlow version mismatch for requestforward with groups. @@ -218,0 +330 @@ + * sparse: check if floatn-common.h is available. @@ -221,2 +333 @@ - * dhparams: Fix .c file generation with OpenSSL >= 1.1.1-pre9 - * ovn: Add DHCP support for option 252. + * ovn: Add the documentation for the DHCP opt 'wpad' in proper section @@ -223,0 +335 @@ + * gre: Rename fallback devices to avoid udev's interference @@ -224,0 +337,5 @@ + * ovsdb-idlc: Use ALIGNED_CAST to avoid spurious warnings for index rows. + * ofproto-dpif-xlate: Fix translation of groups with no buckets. + * ovn: Add DHCP support for option 252. + * ofp-port: Don't leak on error in ofputil_pull_ofp14_port_stats(). + * ofp-print: Fix a memory leak reported by fuzz @@ -227 +343,0 @@ - * datapath: lisp: Fix uninitialized field in tunnel_cfg. @@ -229,0 +346 @@ ++++ 404 more lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/openvswitch/openvswitch.changes ++++ and /work/SRC/openSUSE:Leap:15.2/.openvswitch.new.3606/openvswitch.changes Old: ---- openvswitch-2.11.1.tar.gz New: ---- 0001-Don-t-change-permissions-of-dev-hugepages.patch 0001-Run-openvswitch-as-openvswitch-openvswitch.patch 0001-Run-ovn-as-openvswitch-openvswitch.patch 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch openvswitch-2.13.0.tar.gz ovn-20.03.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openvswitch.spec ++++++ ++++ 1467 lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/openvswitch/openvswitch.spec ++++ and /work/SRC/openSUSE:Leap:15.2/.openvswitch.new.3606/openvswitch.spec ++++++ 0001-Don-t-change-permissions-of-dev-hugepages.patch ++++++ >From e54cce931bafa12176989a5d59e3839f1bcfdf0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <[email protected]> Date: Wed, 6 May 2020 16:32:28 +0200 Subject: [PATCH 1/2] Don't change permissions of /dev/hugepages For SLES/openSUSE, don't change permissions of /dev/hugepages as that is a system path. Sysadmin shoudl mount hugepages on a path and permission of his choosing if OVS either manually or via hugeadm. --- rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 4 ---- 1 file changed, 4 deletions(-) diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in index ff43dae96..08355d950 100644 --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in @@ -16,10 +16,6 @@ EnvironmentFile=/etc/openvswitch/default.conf EnvironmentFile=-/etc/sysconfig/openvswitch EnvironmentFile=-/run/openvswitch.useropts LimitSTACK=2M -@begin_dpdk@ -ExecStartPre=-/bin/sh -c '/usr/bin/chown :$${OVS_USER_ID##*:} /dev/hugepages' -ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages -@end_dpdk@ ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ --no-ovsdb-server --no-monitor --system-id=random \ ${OVS_USER_OPT} \ -- 2.16.4 ++++++ 0001-Run-openvswitch-as-openvswitch-openvswitch.patch ++++++ >From 4de3a6e6fc67125a900913598344881c0b0bed71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <[email protected]> Date: Fri, 8 May 2020 11:15:57 +0200 Subject: [PATCH] Run openvswitch as openvswitch:openvswitch Change default run configuration to unprivilieged user openvswitch and group openvswitch. Expect any further customization from user in sysconfig/openvswitch, including setting it back to privileged root:root configuration. --- rhel/etc_logrotate.d_openvswitch | 2 +- rhel/etc_openvswitch_default.conf | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/rhel/etc_logrotate.d_openvswitch b/rhel/etc_logrotate.d_openvswitch index f4302ffbc..eaf1fd5bf 100644 --- a/rhel/etc_logrotate.d_openvswitch +++ b/rhel/etc_logrotate.d_openvswitch @@ -6,7 +6,7 @@ # without warranty of any kind. /var/log/openvswitch/*.log { - su root root + su openvswitch openvswitch daily compress sharedscripts diff --git a/rhel/etc_openvswitch_default.conf b/rhel/etc_openvswitch_default.conf index c74417db6..20d1f5f54 100644 --- a/rhel/etc_openvswitch_default.conf +++ b/rhel/etc_openvswitch_default.conf @@ -1,5 +1,4 @@ # DO NOT EDIT THIS FILE # The following is the *default* configuration for the openvswitch user ID. -# This is for backward compatibility. -OVS_USER_ID="root:root" +OVS_USER_ID="openvswitch:openvswitch" -- 2.16.4 ++++++ 0001-Run-ovn-as-openvswitch-openvswitch.patch ++++++ >From aa1869378cf512fd7aeee16c0a030264c2623270 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <[email protected]> Date: Fri, 8 May 2020 11:23:04 +0200 Subject: [PATCH] Run ovn as openvswitch:openvswitch Change default run configuration to unprivilieged user openvswitch and group openvswitch. Expect any further customization from user in sysconfig/ovn. --- rhel/etc_logrotate.d_ovn | 2 +- rhel/usr_lib_systemd_system_ovn-controller-vtep.service | 1 + rhel/usr_lib_systemd_system_ovn-controller.service | 1 + rhel/usr_lib_systemd_system_ovn-northd.service | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) diff --git a/rhel/etc_logrotate.d_ovn b/rhel/etc_logrotate.d_ovn index a351ec303..4b26333fc 100644 --- a/rhel/etc_logrotate.d_ovn +++ b/rhel/etc_logrotate.d_ovn @@ -6,7 +6,7 @@ # without warranty of any kind. /var/log/ovn/*.log { - su root root + su openvswitch openvswitch daily compress sharedscripts diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service index 09ad0612c..dd6ff6675 100644 --- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service +++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service @@ -35,6 +35,7 @@ After=openvswitch.service [Service] Type=simple Restart=on-failure +Environment=OVN_USER_ID=openvswitch:openvswitch Environment=OVS_RUNDIR=%t/openvswitch Environment=OVN_RUNDIR=%t/ovn Environment=OVN_DB=unix:%t/ovn/ovnsb_db.sock diff --git a/rhel/usr_lib_systemd_system_ovn-controller.service b/rhel/usr_lib_systemd_system_ovn-controller.service index 15d0ac853..c602760f1 100644 --- a/rhel/usr_lib_systemd_system_ovn-controller.service +++ b/rhel/usr_lib_systemd_system_ovn-controller.service @@ -23,6 +23,7 @@ After=openvswitch.service Type=forking PIDFile=/var/run/ovn/ovn-controller.pid Restart=on-failure +Environment=OVN_USER_ID=openvswitch:openvswitch Environment=OVN_RUNDIR=%t/ovn OVS_RUNDIR=%t/openvswitch EnvironmentFile=-/etc/sysconfig/ovn EnvironmentFile=-/etc/sysconfig/ovn-controller diff --git a/rhel/usr_lib_systemd_system_ovn-northd.service b/rhel/usr_lib_systemd_system_ovn-northd.service index d281f861c..d5c7dfa5f 100644 --- a/rhel/usr_lib_systemd_system_ovn-northd.service +++ b/rhel/usr_lib_systemd_system_ovn-northd.service @@ -20,6 +20,7 @@ After=syslog.target [Service] Type=oneshot RemainAfterExit=yes +Environment=OVN_USER_ID=openvswitch:openvswitch Environment=OVN_RUNDIR=%t/ovn OVN_DBDIR=/var/lib/ovn EnvironmentFile=-/etc/sysconfig/ovn EnvironmentFile=-/etc/sysconfig/ovn-northd -- 2.16.4 ++++++ 0001-Use-strongswan-for-openvswitch-ipsec-service.patch ++++++ --- /var/tmp/diff_new_pack.BdmZJW/_old 2020-06-06 15:48:13.880005715 +0200 +++ /var/tmp/diff_new_pack.BdmZJW/_new 2020-06-06 15:48:13.884005729 +0200 @@ -1,7 +1,7 @@ -From 6aca005f17aecf003da9a85f8dd099baef771572 Mon Sep 17 00:00:00 2001 +From f786cf97880bdf1ebed65db2f560ff15f1f29413 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <[email protected]> -Date: Fri, 26 Apr 2019 15:27:05 +0200 -Subject: [PATCH 1/6] Use strongswan for openvswitch-ipsec service +Date: Mon, 28 Oct 2019 15:14:19 +0100 +Subject: [PATCH] Use strongswan for openvswitch-ipsec service Since libreswan is not packaged for Leap/SLES, use strongswan for the time being. @@ -10,12 +10,12 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service -index 6e309aa57..34e3f4c90 100644 +index d8f47af68..3c4a40138 100644 --- a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service +++ b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service -@@ -6,7 +6,7 @@ After=openvswitch.service - [Service] +@@ -7,7 +7,7 @@ After=openvswitch.service Type=forking + PIDFile=/var/run/openvswitch/ovs-monitor-ipsec.pid ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ - --ike-daemon=libreswan start-ovs-ipsec + --ike-daemon=strongswan start-ovs-ipsec ++++++ 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch ++++++ >From c349652c106b4c4e54e5a4a2f05546d35a801601 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <[email protected]> Date: Tue, 5 May 2020 18:41:30 +0200 Subject: [PATCH] rhel: Fix reload of OVS_USER_ID on startup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OVS_USER_ID was being picked up from a previously existing openvswitch.useropts rendering innefective any configuration change through sysconfig. There is no explicit ordering between Exec* and Environment* stanzas of systemd, full enviroment is always reloaded before each Exec. We make sure that openvswitch.useropts is removed first so that a fresh OVS_USER_ID can be picked up from config. Signed-off-by: Jaime Caamaño Ruiz <[email protected]> --- rhel/usr_lib_systemd_system_ovsdb-server.service | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/rhel/usr_lib_systemd_system_ovsdb-server.service b/rhel/usr_lib_systemd_system_ovsdb-server.service index 4c170c09b..98338b9df 100644 --- a/rhel/usr_lib_systemd_system_ovsdb-server.service +++ b/rhel/usr_lib_systemd_system_ovsdb-server.service @@ -11,10 +11,16 @@ PIDFile=/var/run/openvswitch/ovsdb-server.pid Restart=on-failure EnvironmentFile=/etc/openvswitch/default.conf EnvironmentFile=-/etc/sysconfig/openvswitch +EnvironmentFile=-/run/openvswitch.useropts + +# Environment is reloaded for each Exec*, make sure to +# remove openvswitch.useropts first to reload a fresh +# OVS_USER_ID from default.conf or sysconfig. +ExecStartPre=/usr/bin/rm -f /run/openvswitch.useropts + ExecStartPre=-/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch /var/log/openvswitch -ExecStartPre=/bin/sh -c 'rm -f /run/openvswitch.useropts; /usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts' +ExecStartPre=/bin/sh -c '/usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts' ExecStartPre=/bin/sh -c 'if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVS_USER_OPT=--ovs-user=${OVS_USER_ID}" >> /run/openvswitch.useropts; fi' -EnvironmentFile=-/run/openvswitch.useropts ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ --no-ovs-vswitchd --no-monitor --system-id=random \ ${OVS_USER_OPT} \ -- 2.16.4 ++++++ openvswitch-2.11.1.tar.gz -> openvswitch-2.13.0.tar.gz ++++++ /work/SRC/openSUSE:Leap:15.2/openvswitch/openvswitch-2.11.1.tar.gz /work/SRC/openSUSE:Leap:15.2/.openvswitch.new.3606/openvswitch-2.13.0.tar.gz differ: char 5, line 1
