diff options
author | Matthew Thode <prometheanfire@gentoo.org> | 2014-06-09 04:56:40 +0000 |
---|---|---|
committer | Matthew Thode <prometheanfire@gentoo.org> | 2014-06-09 04:56:40 +0000 |
commit | 33db8e5169ec9e10022519b268b212047a607336 (patch) | |
tree | f7a41c0ddc9a3a4aa860d3e30608d85f7511641c /sys-cluster | |
parent | Version bump. Worked out some kind of multibuild for both C and C++ libraries (diff) | |
download | gentoo-2-33db8e5169ec9e10022519b268b212047a607336.tar.gz gentoo-2-33db8e5169ec9e10022519b268b212047a607336.tar.bz2 gentoo-2-33db8e5169ec9e10022519b268b212047a607336.zip |
fix for 2014.1-r1 bug 512296 CVE-2014-2573
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
Diffstat (limited to 'sys-cluster')
-rw-r--r-- | sys-cluster/nova/ChangeLog | 7 | ||||
-rw-r--r-- | sys-cluster/nova/files/2014.1-CVE-2014-2573-1.patch | 103 | ||||
-rw-r--r-- | sys-cluster/nova/files/2014.1-CVE-2014-2573-2.patch | 182 | ||||
-rw-r--r-- | sys-cluster/nova/nova-2014.1-r1.ebuild | 125 | ||||
-rw-r--r-- | sys-cluster/nova/nova-2014.1-r2.ebuild | 24 |
5 files changed, 304 insertions, 137 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog index 4878f5041497..2fde51567564 100644 --- a/sys-cluster/nova/ChangeLog +++ b/sys-cluster/nova/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for sys-cluster/nova # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.64 2014/06/04 14:42:31 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.65 2014/06/09 04:56:40 prometheanfire Exp $ + + 09 Jun 2014; Matthew Thode <prometheanfire@gentoo.org> + +files/2014.1-CVE-2014-2573-1.patch, +files/2014.1-CVE-2014-2573-2.patch, + -nova-2014.1-r1.ebuild, nova-2014.1-r2.ebuild: + fix for 2014.1-r1 bug 512296 CVE-2014-2573 04 Jun 2014; Ian Delaney <idella4@gentoo.org> nova-2014.1-r2.ebuild: add requ'd dep nbd, fixes Bug #509726 diff --git a/sys-cluster/nova/files/2014.1-CVE-2014-2573-1.patch b/sys-cluster/nova/files/2014.1-CVE-2014-2573-1.patch new file mode 100644 index 000000000000..8fc53fa901ed --- /dev/null +++ b/sys-cluster/nova/files/2014.1-CVE-2014-2573-1.patch @@ -0,0 +1,103 @@ +From fb030283bed9e41a0343581fa21b81b2ebb07f15 Mon Sep 17 00:00:00 2001 +From: Xiaoyan Ding <xyding@cn.ibm.com> +Date: Mon, 24 Feb 2014 16:17:46 +0800 +Subject: [PATCH] VMWare: add power off vm before detach disk during unrescue + +Non Hot Plug type disk like IDE can only be detached when the VM is power off. + +Change-Id: Ib1f387a41abe2b52357854e90c2535ebb7b43f18 +Close-bug: #1279199 +(cherry picked from commit 1e1915aaaca38b5691794e0e052a42b9d95dd3c2) +--- + nova/tests/virt/vmwareapi/test_driver_api.py | 27 ++++++++++++++++++++++----- + nova/virt/vmwareapi/vmops.py | 21 ++++++++++++++++----- + 2 files changed, 38 insertions(+), 10 deletions(-) + +diff --git a/nova/tests/virt/vmwareapi/test_driver_api.py b/nova/tests/virt/vmwareapi/test_driver_api.py +index fb60335..c1481aa 100644 +--- a/nova/tests/virt/vmwareapi/test_driver_api.py ++++ b/nova/tests/virt/vmwareapi/test_driver_api.py +@@ -1273,14 +1273,31 @@ def test_rescue_with_config_drive(self): + + def test_unrescue(self): + self._rescue() ++ self.test_vm_ref = None ++ self.test_device_name = None + +- def fake_detach_disk_from_vm(*args, **kwargs): +- pass ++ def fake_power_off_vm_ref(vm_ref): ++ self.test_vm_ref = vm_ref ++ self.assertIsNotNone(vm_ref) + +- self.stubs.Set(self.conn._volumeops, "detach_disk_from_vm", +- fake_detach_disk_from_vm) ++ def fake_detach_disk_from_vm(vm_ref, instance, ++ device_name, destroy_disk=False): ++ self.test_device_name = device_name ++ info = self.conn.get_info(instance) ++ self._check_vm_info(info, power_state.SHUTDOWN) + +- self.conn.unrescue(self.instance, None) ++ with contextlib.nested( ++ mock.patch.object(self.conn._vmops, "_power_off_vm_ref", ++ side_effect=fake_power_off_vm_ref), ++ mock.patch.object(self.conn._volumeops, "detach_disk_from_vm", ++ side_effect=fake_detach_disk_from_vm), ++ ) as (poweroff, detach): ++ self.conn.unrescue(self.instance, None) ++ poweroff.assert_called_once_with(self.test_vm_ref) ++ detach.assert_called_once_with(self.test_vm_ref, mock.ANY, ++ self.test_device_name) ++ self.test_vm_ref = None ++ self.test_device_name = None + info = self.conn.get_info({'name': 1, 'uuid': self.uuid, + 'node': self.instance_node}) + self._check_vm_info(info, power_state.RUNNING) +diff --git a/nova/virt/vmwareapi/vmops.py b/nova/virt/vmwareapi/vmops.py +index 0c28a29..30f8373 100644 +--- a/nova/virt/vmwareapi/vmops.py ++++ b/nova/virt/vmwareapi/vmops.py +@@ -1159,12 +1159,26 @@ def unrescue(self, instance): + "get_dynamic_property", vm_rescue_ref, + "VirtualMachine", "config.hardware.device") + device = vm_util.get_vmdk_volume_disk(hardware_devices, path=vmdk_path) ++ self._power_off_vm_ref(vm_rescue_ref) + self._volumeops.detach_disk_from_vm(vm_rescue_ref, r_instance, device) + self.destroy(r_instance, None, instance_name=instance_name) + self._power_on(instance) + ++ def _power_off_vm_ref(self, vm_ref): ++ """Power off the specifed vm. ++ ++ :param vm_ref: a reference object to the VM. ++ """ ++ poweroff_task = self._session._call_method( ++ self._session._get_vim(), ++ "PowerOffVM_Task", vm_ref) ++ self._session._wait_for_task(poweroff_task) ++ + def power_off(self, instance): +- """Power off the specified instance.""" ++ """Power off the specified instance. ++ ++ :param instance: nova.objects.instance.Instance ++ """ + vm_ref = vm_util.get_vm_ref(self._session, instance) + + pwr_state = self._session._call_method(vim_util, +@@ -1173,10 +1187,7 @@ def power_off(self, instance): + # Only PoweredOn VMs can be powered off. + if pwr_state == "poweredOn": + LOG.debug(_("Powering off the VM"), instance=instance) +- poweroff_task = self._session._call_method( +- self._session._get_vim(), +- "PowerOffVM_Task", vm_ref) +- self._session._wait_for_task(poweroff_task) ++ self._power_off_vm_ref(vm_ref) + LOG.debug(_("Powered off the VM"), instance=instance) + # Raise Exception if VM is suspended + elif pwr_state == "suspended": +-- +1.9.3 + diff --git a/sys-cluster/nova/files/2014.1-CVE-2014-2573-2.patch b/sys-cluster/nova/files/2014.1-CVE-2014-2573-2.patch new file mode 100644 index 000000000000..990b6a8899d4 --- /dev/null +++ b/sys-cluster/nova/files/2014.1-CVE-2014-2573-2.patch @@ -0,0 +1,182 @@ +From ffcb17678c7e5409a1f12a09945b18e8879a677d Mon Sep 17 00:00:00 2001 +From: Gary Kotton <gkotton@vmware.com> +Date: Thu, 13 Mar 2014 06:53:58 -0700 +Subject: [PATCH] VMware: ensure rescue instance is deleted when instance is + deleted + +If the user creates a rescue instance and then proceeded to delete +the original instance then the rescue instance would still be up +and running on the backend. + +This patch ensures that the rescue instance is cleaned up if +necessary. + +The vmops unrescue method has a new parameter indicating if +the original VM should be powered on. + +Closes-bug: 1269418 +(cherry picked from commit efb66531bc37ee416778a70d46c657608ca767af) + +Conflicts: + + nova/virt/vmwareapi/vmops.py + +Change-Id: I3c1d0b1d003392b306094b80ea1ac99377441fbf +--- + nova/tests/virt/vmwareapi/test_driver_api.py | 26 +++++++++++++ + nova/virt/vmwareapi/vmops.py | 55 ++++++++++++++++++++-------- + 2 files changed, 65 insertions(+), 16 deletions(-) + +diff --git a/nova/tests/virt/vmwareapi/test_driver_api.py b/nova/tests/virt/vmwareapi/test_driver_api.py +index c1481aa..63f0c59 100644 +--- a/nova/tests/virt/vmwareapi/test_driver_api.py ++++ b/nova/tests/virt/vmwareapi/test_driver_api.py +@@ -34,6 +34,7 @@ + from nova.compute import api as compute_api + from nova.compute import power_state + from nova.compute import task_states ++from nova.compute import vm_states + from nova import context + from nova import exception + from nova.openstack.common import jsonutils +@@ -1191,6 +1192,31 @@ def test_get_info(self): + 'node': self.instance_node}) + self._check_vm_info(info, power_state.RUNNING) + ++ def destroy_rescued(self, fake_method): ++ self._rescue() ++ with ( ++ mock.patch.object(self.conn._volumeops, "detach_disk_from_vm", ++ fake_method) ++ ): ++ self.instance['vm_state'] = vm_states.RESCUED ++ self.conn.destroy(self.context, self.instance, self.network_info) ++ inst_path = '[%s] %s/%s.vmdk' % (self.ds, self.uuid, self.uuid) ++ self.assertFalse(vmwareapi_fake.get_file(inst_path)) ++ rescue_file_path = '[%s] %s-rescue/%s-rescue.vmdk' % (self.ds, ++ self.uuid, ++ self.uuid) ++ self.assertFalse(vmwareapi_fake.get_file(rescue_file_path)) ++ ++ def test_destroy_rescued(self): ++ def fake_detach_disk_from_vm(*args, **kwargs): ++ pass ++ self.destroy_rescued(fake_detach_disk_from_vm) ++ ++ def test_destroy_rescued_with_exception(self): ++ def fake_detach_disk_from_vm(*args, **kwargs): ++ raise exception.NovaException('Here is my fake exception') ++ self.destroy_rescued(fake_detach_disk_from_vm) ++ + def test_destroy(self): + self._create_vm() + info = self.conn.get_info({'uuid': self.uuid, +diff --git a/nova/virt/vmwareapi/vmops.py b/nova/virt/vmwareapi/vmops.py +index 30f8373..831da48 100644 +--- a/nova/virt/vmwareapi/vmops.py ++++ b/nova/virt/vmwareapi/vmops.py +@@ -29,6 +29,7 @@ + from nova import compute + from nova.compute import power_state + from nova.compute import task_states ++from nova.compute import vm_states + from nova import context as nova_context + from nova import exception + from nova.openstack.common import excutils +@@ -985,13 +986,9 @@ def _delete(self, instance, network_info): + except Exception as exc: + LOG.exception(exc, instance=instance) + +- def destroy(self, instance, network_info, destroy_disks=True, +- instance_name=None): +- """Destroy a VM instance. Steps followed are: +- 1. Power off the VM, if it is in poweredOn state. +- 2. Un-register a VM. +- 3. Delete the contents of the folder holding the VM related data. +- """ ++ def _destroy_instance(self, instance, network_info, destroy_disks=True, ++ instance_name=None): ++ # Destroy a VM instance + # Get the instance name. In some cases this may differ from the 'uuid', + # for example when the spawn of a rescue instance takes place. + if not instance_name: +@@ -1029,8 +1026,9 @@ def destroy(self, instance, network_info, destroy_disks=True, + "UnregisterVM", vm_ref) + LOG.debug(_("Unregistered the VM"), instance=instance) + except Exception as excep: +- LOG.warn(_("In vmwareapi:vmops:destroy, got this exception" +- " while un-registering the VM: %s") % str(excep)) ++ LOG.warn(_("In vmwareapi:vmops:_destroy_instance, got this " ++ "exception while un-registering the VM: %s"), ++ excep) + # Delete the folder holding the VM related content on + # the datastore. + if destroy_disks and datastore_name: +@@ -1053,15 +1051,39 @@ def destroy(self, instance, network_info, destroy_disks=True, + {'datastore_name': datastore_name}, + instance=instance) + except Exception as excep: +- LOG.warn(_("In vmwareapi:vmops:destroy, " +- "got this exception while deleting" +- " the VM contents from the disk: %s") +- % str(excep)) ++ LOG.warn(_("In vmwareapi:vmops:_destroy_instance, " ++ "got this exception while deleting " ++ "the VM contents from the disk: %s"), ++ excep) + except Exception as exc: + LOG.exception(exc, instance=instance) + finally: + vm_util.vm_ref_cache_delete(instance_name) + ++ def destroy(self, instance, network_info, destroy_disks=True): ++ """Destroy a VM instance. ++ ++ Steps followed for each VM are: ++ 1. Power off, if it is in poweredOn state. ++ 2. Un-register. ++ 3. Delete the contents of the folder holding the VM related data. ++ """ ++ # If there is a rescue VM then we need to destroy that one too. ++ LOG.debug(_("Destroying instance"), instance=instance) ++ if instance['vm_state'] == vm_states.RESCUED: ++ LOG.debug(_("Rescue VM configured"), instance=instance) ++ try: ++ self.unrescue(instance, power_on=False) ++ LOG.debug(_("Rescue VM destroyed"), instance=instance) ++ except Exception: ++ rescue_name = instance['uuid'] + self._rescue_suffix ++ self._destroy_instance(instance, network_info, ++ destroy_disks=destroy_disks, ++ instance_name=rescue_name) ++ self._destroy_instance(instance, network_info, ++ destroy_disks=destroy_disks) ++ LOG.debug(_("Instance destroyed"), instance=instance) ++ + def pause(self, instance): + msg = _("pause not supported for vmwareapi") + raise NotImplementedError(msg) +@@ -1139,7 +1161,7 @@ def rescue(self, context, instance, network_info, image_meta): + adapter_type, disk_type, vmdk_path) + self._power_on(instance, vm_ref=rescue_vm_ref) + +- def unrescue(self, instance): ++ def unrescue(self, instance, power_on=True): + """Unrescue the specified instance.""" + # Get the original vmdk_path + vm_ref = vm_util.get_vm_ref(self._session, instance) +@@ -1161,8 +1183,9 @@ def unrescue(self, instance): + device = vm_util.get_vmdk_volume_disk(hardware_devices, path=vmdk_path) + self._power_off_vm_ref(vm_rescue_ref) + self._volumeops.detach_disk_from_vm(vm_rescue_ref, r_instance, device) +- self.destroy(r_instance, None, instance_name=instance_name) +- self._power_on(instance) ++ self._destroy_instance(r_instance, None, instance_name=instance_name) ++ if power_on: ++ self._power_on(instance) + + def _power_off_vm_ref(self, vm_ref): + """Power off the specifed vm. +-- +1.9.3 + diff --git a/sys-cluster/nova/nova-2014.1-r1.ebuild b/sys-cluster/nova/nova-2014.1-r1.ebuild deleted file mode 100644 index 700d3ad47714..000000000000 --- a/sys-cluster/nova/nova-2014.1-r1.ebuild +++ /dev/null @@ -1,125 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2014.1-r1.ebuild,v 1.1 2014/05/05 06:17:52 idella4 Exp $ - -EAPI=5 -PYTHON_COMPAT=( python2_7 ) - -inherit distutils-r1 eutils multilib user - -DESCRIPTION="A cloud computing fabric controller (main part of an IaaS system) written in Python." -HOMEPAGE="https://launchpad.net/nova" -SRC_URI="http://launchpad.net/${PN}/icehouse/${PV}/+download/${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+compute +kvm +network +novncproxy sqlite mysql postgres xen" -REQUIRED_USE="|| ( mysql postgres sqlite ) - compute? ( || ( kvm xen ) )" - -DEPEND="dev-python/setuptools[${PYTHON_USEDEP}] - >=dev-python/pbr-0.6[${PYTHON_USEDEP}] - <dev-python/pbr-1.0[${PYTHON_USEDEP}] - app-admin/sudo" - -RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}] ) - mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.9.99[mysql,${PYTHON_USEDEP}] ) - postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.9.99[postgres,${PYTHON_USEDEP}] ) - >=dev-python/amqplib-0.6.1[${PYTHON_USEDEP}] - >=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}] - virtual/python-argparse[${PYTHON_USEDEP}] - >=dev-python/boto-2.12.0[${PYTHON_USEDEP}] - !~dev-python/boto-2.13.0[${PYTHON_USEDEP}] - >=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}] - dev-python/jinja[${PYTHON_USEDEP}] - >=dev-python/kombu-2.4.8[${PYTHON_USEDEP}] - >=dev-python/lxml-2.3[${PYTHON_USEDEP}] - >=dev-python/routes-1.12.3-r1[${PYTHON_USEDEP}] - >=dev-python/webob-1.2.3[${PYTHON_USEDEP}] - >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}] - >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}] - dev-python/paste[${PYTHON_USEDEP}] - >=dev-python/sqlalchemy-migrate-0.8.2[${PYTHON_USEDEP}] - !~dev-python/sqlalchemy-migrate-0.8.4[${PYTHON_USEDEP}] - >=dev-python/netaddr-0.7.6[${PYTHON_USEDEP}] - >=dev-python/suds-0.4[${PYTHON_USEDEP}] - >=dev-python/paramiko-1.9.0[${PYTHON_USEDEP}] - dev-python/pyasn1[${PYTHON_USEDEP}] - >=dev-python/Babel-1.3[${PYTHON_USEDEP}] - >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}] - >=dev-python/python-cinderclient-1.0.6[${PYTHON_USEDEP}] - >=dev-python/python-neutronclient-2.3.4[${PYTHON_USEDEP}] - <=dev-python/python-neutronclient-3.0.0[${PYTHON_USEDEP}] - >=dev-python/python-glanceclient-0.9.0[${PYTHON_USEDEP}] - >=dev-python/python-keystoneclient-0.7.0[${PYTHON_USEDEP}] - >=dev-python/six-1.5.2[${PYTHON_USEDEP}] - >=dev-python/stevedore-0.14[${PYTHON_USEDEP}] - >=dev-python/websockify-0.5.1[${PYTHON_USEDEP}] - <dev-python/websockify-0.6[${PYTHON_USEDEP}] - >=dev-python/oslo-config-1.2.0[${PYTHON_USEDEP}] - dev-python/oslo-rootwrap[${PYTHON_USEDEP}] - >=dev-python/pycadf-0.4.1[${PYTHON_USEDEP}] - >=dev-python/oslo-messaging-1.3.0[${PYTHON_USEDEP}] - dev-python/libvirt-python[${PYTHON_USEDEP}] - novncproxy? ( www-apps/novnc ) - sys-apps/iproute2 - net-misc/openvswitch - net-misc/rabbitmq-server - sys-fs/sysfsutils - sys-fs/multipath-tools - kvm? ( app-emulation/qemu ) - xen? ( app-emulation/xen - app-emulation/xen-tools )" - -PATCHES=( -) - -pkg_setup() { - enewgroup nova - enewuser nova -1 -1 /var/lib/nova nova -} - -python_compile() { - distutils-r1_python_compile - ./tools/config/generate_sample.sh -b ./ -p nova -o etc/nova -} - -python_install() { - distutils-r1_python_install - - for svc in api cert compute conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do - newinitd "${FILESDIR}/nova.initd" "nova-${svc}" - done - use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute" - use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy" - - diropts -m 0750 -o nova -g nova - dodir /var/log/nova /var/lib/nova/instances - - insinto /etc/nova - insopts -m 0640 -o nova -g nova - newins "etc/nova/nova.conf.sample" "nova.conf" - doins "etc/nova/api-paste.ini" - doins "etc/nova/logging_sample.conf" - doins "etc/nova/policy.json" - doins "etc/nova/rootwrap.conf" - #rootwrap filters - insinto /etc/nova/rootwrap.d - doins "etc/nova/rootwrap.d/api-metadata.filters" - doins "etc/nova/rootwrap.d/compute.filters" - doins "etc/nova/rootwrap.d/network.filters" - #copy migration conf file (not coppied on install via setup.py script) - insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/ - doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg" - #copy the CA cert dir (not coppied on install via setup.py script) - cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "installing CA files failed" - - #add sudoers definitions for user nova - insinto /etc/sudoers.d/ - insopts -m 0600 -o root -g root - doins "${FILESDIR}/nova-sudoers" -} diff --git a/sys-cluster/nova/nova-2014.1-r2.ebuild b/sys-cluster/nova/nova-2014.1-r2.ebuild index b23b3c6d6818..d9891d234a2d 100644 --- a/sys-cluster/nova/nova-2014.1-r2.ebuild +++ b/sys-cluster/nova/nova-2014.1-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2014.1-r2.ebuild,v 1.2 2014/06/04 14:42:31 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2014.1-r2.ebuild,v 1.3 2014/06/09 04:56:40 prometheanfire Exp $ EAPI=5 PYTHON_COMPAT=( python2_7 ) @@ -23,11 +23,12 @@ DEPEND="dev-python/setuptools[${PYTHON_USEDEP}] <dev-python/pbr-1.0[${PYTHON_USEDEP}] app-admin/sudo" -RDEPEND=">=dev-python/sqlalchemy-0.7.8[${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}] - mysql? ( dev-python/mysql-python[${PYTHON_USEDEP}] ) - postgres? ( >=dev-python/psycopg-2[${PYTHON_USEDEP}] ) - sqlite? ( dev-db/sqlite ) +RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}] + <dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}] ) + mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}] + <dev-python/sqlalchemy-0.9.99[mysql,${PYTHON_USEDEP}] ) + postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}] + <dev-python/sqlalchemy-0.9.99[postgres,${PYTHON_USEDEP}] ) >=dev-python/amqplib-0.6.1[${PYTHON_USEDEP}] >=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}] virtual/python-argparse[${PYTHON_USEDEP}] @@ -70,12 +71,13 @@ RDEPEND=">=dev-python/sqlalchemy-0.7.8[${PYTHON_USEDEP}] net-misc/rabbitmq-server sys-fs/sysfsutils sys-fs/multipath-tools - sys-block/nbd kvm? ( app-emulation/qemu ) xen? ( app-emulation/xen app-emulation/xen-tools )" PATCHES=( + "${FILESDIR}/2014.1-CVE-2014-2573-1.patch" + "${FILESDIR}/2014.1-CVE-2014-2573-2.patch" ) pkg_setup() { @@ -91,7 +93,7 @@ python_compile() { python_install() { distutils-r1_python_install - for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do + for svc in api cert compute conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do newinitd "${FILESDIR}/nova.initd" "nova-${svc}" done use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute" @@ -102,7 +104,7 @@ python_install() { insinto /etc/nova insopts -m 0640 -o nova -g nova - #newins "etc/nova/nova.conf.sample" "nova.conf" + newins "etc/nova/nova.conf.sample" "nova.conf" doins "etc/nova/api-paste.ini" doins "etc/nova/logging_sample.conf" doins "etc/nova/policy.json" @@ -120,6 +122,6 @@ python_install() { #add sudoers definitions for user nova insinto /etc/sudoers.d/ - insopts -m 0440 -o root -g root - newins "${FILESDIR}/nova.sudoersd" nova + insopts -m 0600 -o root -g root + doins "${FILESDIR}/nova-sudoers" } |