summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Thode <prometheanfire@gentoo.org>2014-06-09 04:56:40 +0000
committerMatthew Thode <prometheanfire@gentoo.org>2014-06-09 04:56:40 +0000
commit33db8e5169ec9e10022519b268b212047a607336 (patch)
treef7a41c0ddc9a3a4aa860d3e30608d85f7511641c /sys-cluster
parentVersion bump. Worked out some kind of multibuild for both C and C++ libraries (diff)
downloadgentoo-2-33db8e5169ec9e10022519b268b212047a607336.tar.gz
gentoo-2-33db8e5169ec9e10022519b268b212047a607336.tar.bz2
gentoo-2-33db8e5169ec9e10022519b268b212047a607336.zip
fix for 2014.1-r1 bug 512296 CVE-2014-2573
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
Diffstat (limited to 'sys-cluster')
-rw-r--r--sys-cluster/nova/ChangeLog7
-rw-r--r--sys-cluster/nova/files/2014.1-CVE-2014-2573-1.patch103
-rw-r--r--sys-cluster/nova/files/2014.1-CVE-2014-2573-2.patch182
-rw-r--r--sys-cluster/nova/nova-2014.1-r1.ebuild125
-rw-r--r--sys-cluster/nova/nova-2014.1-r2.ebuild24
5 files changed, 304 insertions, 137 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog
index 4878f5041497..2fde51567564 100644
--- a/sys-cluster/nova/ChangeLog
+++ b/sys-cluster/nova/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for sys-cluster/nova
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.64 2014/06/04 14:42:31 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.65 2014/06/09 04:56:40 prometheanfire Exp $
+
+ 09 Jun 2014; Matthew Thode <prometheanfire@gentoo.org>
+ +files/2014.1-CVE-2014-2573-1.patch, +files/2014.1-CVE-2014-2573-2.patch,
+ -nova-2014.1-r1.ebuild, nova-2014.1-r2.ebuild:
+ fix for 2014.1-r1 bug 512296 CVE-2014-2573
04 Jun 2014; Ian Delaney <idella4@gentoo.org> nova-2014.1-r2.ebuild:
add requ'd dep nbd, fixes Bug #509726
diff --git a/sys-cluster/nova/files/2014.1-CVE-2014-2573-1.patch b/sys-cluster/nova/files/2014.1-CVE-2014-2573-1.patch
new file mode 100644
index 000000000000..8fc53fa901ed
--- /dev/null
+++ b/sys-cluster/nova/files/2014.1-CVE-2014-2573-1.patch
@@ -0,0 +1,103 @@
+From fb030283bed9e41a0343581fa21b81b2ebb07f15 Mon Sep 17 00:00:00 2001
+From: Xiaoyan Ding <xyding@cn.ibm.com>
+Date: Mon, 24 Feb 2014 16:17:46 +0800
+Subject: [PATCH] VMWare: add power off vm before detach disk during unrescue
+
+Non Hot Plug type disk like IDE can only be detached when the VM is power off.
+
+Change-Id: Ib1f387a41abe2b52357854e90c2535ebb7b43f18
+Close-bug: #1279199
+(cherry picked from commit 1e1915aaaca38b5691794e0e052a42b9d95dd3c2)
+---
+ nova/tests/virt/vmwareapi/test_driver_api.py | 27 ++++++++++++++++++++++-----
+ nova/virt/vmwareapi/vmops.py | 21 ++++++++++++++++-----
+ 2 files changed, 38 insertions(+), 10 deletions(-)
+
+diff --git a/nova/tests/virt/vmwareapi/test_driver_api.py b/nova/tests/virt/vmwareapi/test_driver_api.py
+index fb60335..c1481aa 100644
+--- a/nova/tests/virt/vmwareapi/test_driver_api.py
++++ b/nova/tests/virt/vmwareapi/test_driver_api.py
+@@ -1273,14 +1273,31 @@ def test_rescue_with_config_drive(self):
+
+ def test_unrescue(self):
+ self._rescue()
++ self.test_vm_ref = None
++ self.test_device_name = None
+
+- def fake_detach_disk_from_vm(*args, **kwargs):
+- pass
++ def fake_power_off_vm_ref(vm_ref):
++ self.test_vm_ref = vm_ref
++ self.assertIsNotNone(vm_ref)
+
+- self.stubs.Set(self.conn._volumeops, "detach_disk_from_vm",
+- fake_detach_disk_from_vm)
++ def fake_detach_disk_from_vm(vm_ref, instance,
++ device_name, destroy_disk=False):
++ self.test_device_name = device_name
++ info = self.conn.get_info(instance)
++ self._check_vm_info(info, power_state.SHUTDOWN)
+
+- self.conn.unrescue(self.instance, None)
++ with contextlib.nested(
++ mock.patch.object(self.conn._vmops, "_power_off_vm_ref",
++ side_effect=fake_power_off_vm_ref),
++ mock.patch.object(self.conn._volumeops, "detach_disk_from_vm",
++ side_effect=fake_detach_disk_from_vm),
++ ) as (poweroff, detach):
++ self.conn.unrescue(self.instance, None)
++ poweroff.assert_called_once_with(self.test_vm_ref)
++ detach.assert_called_once_with(self.test_vm_ref, mock.ANY,
++ self.test_device_name)
++ self.test_vm_ref = None
++ self.test_device_name = None
+ info = self.conn.get_info({'name': 1, 'uuid': self.uuid,
+ 'node': self.instance_node})
+ self._check_vm_info(info, power_state.RUNNING)
+diff --git a/nova/virt/vmwareapi/vmops.py b/nova/virt/vmwareapi/vmops.py
+index 0c28a29..30f8373 100644
+--- a/nova/virt/vmwareapi/vmops.py
++++ b/nova/virt/vmwareapi/vmops.py
+@@ -1159,12 +1159,26 @@ def unrescue(self, instance):
+ "get_dynamic_property", vm_rescue_ref,
+ "VirtualMachine", "config.hardware.device")
+ device = vm_util.get_vmdk_volume_disk(hardware_devices, path=vmdk_path)
++ self._power_off_vm_ref(vm_rescue_ref)
+ self._volumeops.detach_disk_from_vm(vm_rescue_ref, r_instance, device)
+ self.destroy(r_instance, None, instance_name=instance_name)
+ self._power_on(instance)
+
++ def _power_off_vm_ref(self, vm_ref):
++ """Power off the specifed vm.
++
++ :param vm_ref: a reference object to the VM.
++ """
++ poweroff_task = self._session._call_method(
++ self._session._get_vim(),
++ "PowerOffVM_Task", vm_ref)
++ self._session._wait_for_task(poweroff_task)
++
+ def power_off(self, instance):
+- """Power off the specified instance."""
++ """Power off the specified instance.
++
++ :param instance: nova.objects.instance.Instance
++ """
+ vm_ref = vm_util.get_vm_ref(self._session, instance)
+
+ pwr_state = self._session._call_method(vim_util,
+@@ -1173,10 +1187,7 @@ def power_off(self, instance):
+ # Only PoweredOn VMs can be powered off.
+ if pwr_state == "poweredOn":
+ LOG.debug(_("Powering off the VM"), instance=instance)
+- poweroff_task = self._session._call_method(
+- self._session._get_vim(),
+- "PowerOffVM_Task", vm_ref)
+- self._session._wait_for_task(poweroff_task)
++ self._power_off_vm_ref(vm_ref)
+ LOG.debug(_("Powered off the VM"), instance=instance)
+ # Raise Exception if VM is suspended
+ elif pwr_state == "suspended":
+--
+1.9.3
+
diff --git a/sys-cluster/nova/files/2014.1-CVE-2014-2573-2.patch b/sys-cluster/nova/files/2014.1-CVE-2014-2573-2.patch
new file mode 100644
index 000000000000..990b6a8899d4
--- /dev/null
+++ b/sys-cluster/nova/files/2014.1-CVE-2014-2573-2.patch
@@ -0,0 +1,182 @@
+From ffcb17678c7e5409a1f12a09945b18e8879a677d Mon Sep 17 00:00:00 2001
+From: Gary Kotton <gkotton@vmware.com>
+Date: Thu, 13 Mar 2014 06:53:58 -0700
+Subject: [PATCH] VMware: ensure rescue instance is deleted when instance is
+ deleted
+
+If the user creates a rescue instance and then proceeded to delete
+the original instance then the rescue instance would still be up
+and running on the backend.
+
+This patch ensures that the rescue instance is cleaned up if
+necessary.
+
+The vmops unrescue method has a new parameter indicating if
+the original VM should be powered on.
+
+Closes-bug: 1269418
+(cherry picked from commit efb66531bc37ee416778a70d46c657608ca767af)
+
+Conflicts:
+
+ nova/virt/vmwareapi/vmops.py
+
+Change-Id: I3c1d0b1d003392b306094b80ea1ac99377441fbf
+---
+ nova/tests/virt/vmwareapi/test_driver_api.py | 26 +++++++++++++
+ nova/virt/vmwareapi/vmops.py | 55 ++++++++++++++++++++--------
+ 2 files changed, 65 insertions(+), 16 deletions(-)
+
+diff --git a/nova/tests/virt/vmwareapi/test_driver_api.py b/nova/tests/virt/vmwareapi/test_driver_api.py
+index c1481aa..63f0c59 100644
+--- a/nova/tests/virt/vmwareapi/test_driver_api.py
++++ b/nova/tests/virt/vmwareapi/test_driver_api.py
+@@ -34,6 +34,7 @@
+ from nova.compute import api as compute_api
+ from nova.compute import power_state
+ from nova.compute import task_states
++from nova.compute import vm_states
+ from nova import context
+ from nova import exception
+ from nova.openstack.common import jsonutils
+@@ -1191,6 +1192,31 @@ def test_get_info(self):
+ 'node': self.instance_node})
+ self._check_vm_info(info, power_state.RUNNING)
+
++ def destroy_rescued(self, fake_method):
++ self._rescue()
++ with (
++ mock.patch.object(self.conn._volumeops, "detach_disk_from_vm",
++ fake_method)
++ ):
++ self.instance['vm_state'] = vm_states.RESCUED
++ self.conn.destroy(self.context, self.instance, self.network_info)
++ inst_path = '[%s] %s/%s.vmdk' % (self.ds, self.uuid, self.uuid)
++ self.assertFalse(vmwareapi_fake.get_file(inst_path))
++ rescue_file_path = '[%s] %s-rescue/%s-rescue.vmdk' % (self.ds,
++ self.uuid,
++ self.uuid)
++ self.assertFalse(vmwareapi_fake.get_file(rescue_file_path))
++
++ def test_destroy_rescued(self):
++ def fake_detach_disk_from_vm(*args, **kwargs):
++ pass
++ self.destroy_rescued(fake_detach_disk_from_vm)
++
++ def test_destroy_rescued_with_exception(self):
++ def fake_detach_disk_from_vm(*args, **kwargs):
++ raise exception.NovaException('Here is my fake exception')
++ self.destroy_rescued(fake_detach_disk_from_vm)
++
+ def test_destroy(self):
+ self._create_vm()
+ info = self.conn.get_info({'uuid': self.uuid,
+diff --git a/nova/virt/vmwareapi/vmops.py b/nova/virt/vmwareapi/vmops.py
+index 30f8373..831da48 100644
+--- a/nova/virt/vmwareapi/vmops.py
++++ b/nova/virt/vmwareapi/vmops.py
+@@ -29,6 +29,7 @@
+ from nova import compute
+ from nova.compute import power_state
+ from nova.compute import task_states
++from nova.compute import vm_states
+ from nova import context as nova_context
+ from nova import exception
+ from nova.openstack.common import excutils
+@@ -985,13 +986,9 @@ def _delete(self, instance, network_info):
+ except Exception as exc:
+ LOG.exception(exc, instance=instance)
+
+- def destroy(self, instance, network_info, destroy_disks=True,
+- instance_name=None):
+- """Destroy a VM instance. Steps followed are:
+- 1. Power off the VM, if it is in poweredOn state.
+- 2. Un-register a VM.
+- 3. Delete the contents of the folder holding the VM related data.
+- """
++ def _destroy_instance(self, instance, network_info, destroy_disks=True,
++ instance_name=None):
++ # Destroy a VM instance
+ # Get the instance name. In some cases this may differ from the 'uuid',
+ # for example when the spawn of a rescue instance takes place.
+ if not instance_name:
+@@ -1029,8 +1026,9 @@ def destroy(self, instance, network_info, destroy_disks=True,
+ "UnregisterVM", vm_ref)
+ LOG.debug(_("Unregistered the VM"), instance=instance)
+ except Exception as excep:
+- LOG.warn(_("In vmwareapi:vmops:destroy, got this exception"
+- " while un-registering the VM: %s") % str(excep))
++ LOG.warn(_("In vmwareapi:vmops:_destroy_instance, got this "
++ "exception while un-registering the VM: %s"),
++ excep)
+ # Delete the folder holding the VM related content on
+ # the datastore.
+ if destroy_disks and datastore_name:
+@@ -1053,15 +1051,39 @@ def destroy(self, instance, network_info, destroy_disks=True,
+ {'datastore_name': datastore_name},
+ instance=instance)
+ except Exception as excep:
+- LOG.warn(_("In vmwareapi:vmops:destroy, "
+- "got this exception while deleting"
+- " the VM contents from the disk: %s")
+- % str(excep))
++ LOG.warn(_("In vmwareapi:vmops:_destroy_instance, "
++ "got this exception while deleting "
++ "the VM contents from the disk: %s"),
++ excep)
+ except Exception as exc:
+ LOG.exception(exc, instance=instance)
+ finally:
+ vm_util.vm_ref_cache_delete(instance_name)
+
++ def destroy(self, instance, network_info, destroy_disks=True):
++ """Destroy a VM instance.
++
++ Steps followed for each VM are:
++ 1. Power off, if it is in poweredOn state.
++ 2. Un-register.
++ 3. Delete the contents of the folder holding the VM related data.
++ """
++ # If there is a rescue VM then we need to destroy that one too.
++ LOG.debug(_("Destroying instance"), instance=instance)
++ if instance['vm_state'] == vm_states.RESCUED:
++ LOG.debug(_("Rescue VM configured"), instance=instance)
++ try:
++ self.unrescue(instance, power_on=False)
++ LOG.debug(_("Rescue VM destroyed"), instance=instance)
++ except Exception:
++ rescue_name = instance['uuid'] + self._rescue_suffix
++ self._destroy_instance(instance, network_info,
++ destroy_disks=destroy_disks,
++ instance_name=rescue_name)
++ self._destroy_instance(instance, network_info,
++ destroy_disks=destroy_disks)
++ LOG.debug(_("Instance destroyed"), instance=instance)
++
+ def pause(self, instance):
+ msg = _("pause not supported for vmwareapi")
+ raise NotImplementedError(msg)
+@@ -1139,7 +1161,7 @@ def rescue(self, context, instance, network_info, image_meta):
+ adapter_type, disk_type, vmdk_path)
+ self._power_on(instance, vm_ref=rescue_vm_ref)
+
+- def unrescue(self, instance):
++ def unrescue(self, instance, power_on=True):
+ """Unrescue the specified instance."""
+ # Get the original vmdk_path
+ vm_ref = vm_util.get_vm_ref(self._session, instance)
+@@ -1161,8 +1183,9 @@ def unrescue(self, instance):
+ device = vm_util.get_vmdk_volume_disk(hardware_devices, path=vmdk_path)
+ self._power_off_vm_ref(vm_rescue_ref)
+ self._volumeops.detach_disk_from_vm(vm_rescue_ref, r_instance, device)
+- self.destroy(r_instance, None, instance_name=instance_name)
+- self._power_on(instance)
++ self._destroy_instance(r_instance, None, instance_name=instance_name)
++ if power_on:
++ self._power_on(instance)
+
+ def _power_off_vm_ref(self, vm_ref):
+ """Power off the specifed vm.
+--
+1.9.3
+
diff --git a/sys-cluster/nova/nova-2014.1-r1.ebuild b/sys-cluster/nova/nova-2014.1-r1.ebuild
deleted file mode 100644
index 700d3ad47714..000000000000
--- a/sys-cluster/nova/nova-2014.1-r1.ebuild
+++ /dev/null
@@ -1,125 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2014.1-r1.ebuild,v 1.1 2014/05/05 06:17:52 idella4 Exp $
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 )
-
-inherit distutils-r1 eutils multilib user
-
-DESCRIPTION="A cloud computing fabric controller (main part of an IaaS system) written in Python."
-HOMEPAGE="https://launchpad.net/nova"
-SRC_URI="http://launchpad.net/${PN}/icehouse/${PV}/+download/${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="+compute +kvm +network +novncproxy sqlite mysql postgres xen"
-REQUIRED_USE="|| ( mysql postgres sqlite )
- compute? ( || ( kvm xen ) )"
-
-DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
- >=dev-python/pbr-0.6[${PYTHON_USEDEP}]
- <dev-python/pbr-1.0[${PYTHON_USEDEP}]
- app-admin/sudo"
-
-RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}] )
- mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-0.9.99[mysql,${PYTHON_USEDEP}] )
- postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-0.9.99[postgres,${PYTHON_USEDEP}] )
- >=dev-python/amqplib-0.6.1[${PYTHON_USEDEP}]
- >=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}]
- virtual/python-argparse[${PYTHON_USEDEP}]
- >=dev-python/boto-2.12.0[${PYTHON_USEDEP}]
- !~dev-python/boto-2.13.0[${PYTHON_USEDEP}]
- >=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}]
- dev-python/jinja[${PYTHON_USEDEP}]
- >=dev-python/kombu-2.4.8[${PYTHON_USEDEP}]
- >=dev-python/lxml-2.3[${PYTHON_USEDEP}]
- >=dev-python/routes-1.12.3-r1[${PYTHON_USEDEP}]
- >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
- >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
- >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
- dev-python/paste[${PYTHON_USEDEP}]
- >=dev-python/sqlalchemy-migrate-0.8.2[${PYTHON_USEDEP}]
- !~dev-python/sqlalchemy-migrate-0.8.4[${PYTHON_USEDEP}]
- >=dev-python/netaddr-0.7.6[${PYTHON_USEDEP}]
- >=dev-python/suds-0.4[${PYTHON_USEDEP}]
- >=dev-python/paramiko-1.9.0[${PYTHON_USEDEP}]
- dev-python/pyasn1[${PYTHON_USEDEP}]
- >=dev-python/Babel-1.3[${PYTHON_USEDEP}]
- >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
- >=dev-python/python-cinderclient-1.0.6[${PYTHON_USEDEP}]
- >=dev-python/python-neutronclient-2.3.4[${PYTHON_USEDEP}]
- <=dev-python/python-neutronclient-3.0.0[${PYTHON_USEDEP}]
- >=dev-python/python-glanceclient-0.9.0[${PYTHON_USEDEP}]
- >=dev-python/python-keystoneclient-0.7.0[${PYTHON_USEDEP}]
- >=dev-python/six-1.5.2[${PYTHON_USEDEP}]
- >=dev-python/stevedore-0.14[${PYTHON_USEDEP}]
- >=dev-python/websockify-0.5.1[${PYTHON_USEDEP}]
- <dev-python/websockify-0.6[${PYTHON_USEDEP}]
- >=dev-python/oslo-config-1.2.0[${PYTHON_USEDEP}]
- dev-python/oslo-rootwrap[${PYTHON_USEDEP}]
- >=dev-python/pycadf-0.4.1[${PYTHON_USEDEP}]
- >=dev-python/oslo-messaging-1.3.0[${PYTHON_USEDEP}]
- dev-python/libvirt-python[${PYTHON_USEDEP}]
- novncproxy? ( www-apps/novnc )
- sys-apps/iproute2
- net-misc/openvswitch
- net-misc/rabbitmq-server
- sys-fs/sysfsutils
- sys-fs/multipath-tools
- kvm? ( app-emulation/qemu )
- xen? ( app-emulation/xen
- app-emulation/xen-tools )"
-
-PATCHES=(
-)
-
-pkg_setup() {
- enewgroup nova
- enewuser nova -1 -1 /var/lib/nova nova
-}
-
-python_compile() {
- distutils-r1_python_compile
- ./tools/config/generate_sample.sh -b ./ -p nova -o etc/nova
-}
-
-python_install() {
- distutils-r1_python_install
-
- for svc in api cert compute conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
- newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
- done
- use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
- use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy"
-
- diropts -m 0750 -o nova -g nova
- dodir /var/log/nova /var/lib/nova/instances
-
- insinto /etc/nova
- insopts -m 0640 -o nova -g nova
- newins "etc/nova/nova.conf.sample" "nova.conf"
- doins "etc/nova/api-paste.ini"
- doins "etc/nova/logging_sample.conf"
- doins "etc/nova/policy.json"
- doins "etc/nova/rootwrap.conf"
- #rootwrap filters
- insinto /etc/nova/rootwrap.d
- doins "etc/nova/rootwrap.d/api-metadata.filters"
- doins "etc/nova/rootwrap.d/compute.filters"
- doins "etc/nova/rootwrap.d/network.filters"
- #copy migration conf file (not coppied on install via setup.py script)
- insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/
- doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg"
- #copy the CA cert dir (not coppied on install via setup.py script)
- cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "installing CA files failed"
-
- #add sudoers definitions for user nova
- insinto /etc/sudoers.d/
- insopts -m 0600 -o root -g root
- doins "${FILESDIR}/nova-sudoers"
-}
diff --git a/sys-cluster/nova/nova-2014.1-r2.ebuild b/sys-cluster/nova/nova-2014.1-r2.ebuild
index b23b3c6d6818..d9891d234a2d 100644
--- a/sys-cluster/nova/nova-2014.1-r2.ebuild
+++ b/sys-cluster/nova/nova-2014.1-r2.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2014.1-r2.ebuild,v 1.2 2014/06/04 14:42:31 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2014.1-r2.ebuild,v 1.3 2014/06/09 04:56:40 prometheanfire Exp $
EAPI=5
PYTHON_COMPAT=( python2_7 )
@@ -23,11 +23,12 @@ DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
<dev-python/pbr-1.0[${PYTHON_USEDEP}]
app-admin/sudo"
-RDEPEND=">=dev-python/sqlalchemy-0.7.8[${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
- mysql? ( dev-python/mysql-python[${PYTHON_USEDEP}] )
- postgres? ( >=dev-python/psycopg-2[${PYTHON_USEDEP}] )
- sqlite? ( dev-db/sqlite )
+RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}]
+ <dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}] )
+ mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}]
+ <dev-python/sqlalchemy-0.9.99[mysql,${PYTHON_USEDEP}] )
+ postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}]
+ <dev-python/sqlalchemy-0.9.99[postgres,${PYTHON_USEDEP}] )
>=dev-python/amqplib-0.6.1[${PYTHON_USEDEP}]
>=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}]
virtual/python-argparse[${PYTHON_USEDEP}]
@@ -70,12 +71,13 @@ RDEPEND=">=dev-python/sqlalchemy-0.7.8[${PYTHON_USEDEP}]
net-misc/rabbitmq-server
sys-fs/sysfsutils
sys-fs/multipath-tools
- sys-block/nbd
kvm? ( app-emulation/qemu )
xen? ( app-emulation/xen
app-emulation/xen-tools )"
PATCHES=(
+ "${FILESDIR}/2014.1-CVE-2014-2573-1.patch"
+ "${FILESDIR}/2014.1-CVE-2014-2573-2.patch"
)
pkg_setup() {
@@ -91,7 +93,7 @@ python_compile() {
python_install() {
distutils-r1_python_install
- for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
+ for svc in api cert compute conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
done
use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
@@ -102,7 +104,7 @@ python_install() {
insinto /etc/nova
insopts -m 0640 -o nova -g nova
- #newins "etc/nova/nova.conf.sample" "nova.conf"
+ newins "etc/nova/nova.conf.sample" "nova.conf"
doins "etc/nova/api-paste.ini"
doins "etc/nova/logging_sample.conf"
doins "etc/nova/policy.json"
@@ -120,6 +122,6 @@ python_install() {
#add sudoers definitions for user nova
insinto /etc/sudoers.d/
- insopts -m 0440 -o root -g root
- newins "${FILESDIR}/nova.sudoersd" nova
+ insopts -m 0600 -o root -g root
+ doins "${FILESDIR}/nova-sudoers"
}