File venv-salt-minion.spec of Package venv-salt-minion
#
# spec file for package venv-salt-minion
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# OBS directives (do not remove)
# needsbinariesforbuild
# Disable python bytecompile for all distros
# It's called explicitly in the spec
%global __brp_python_bytecompile %{nil}
%global __brp_check_rpaths %{nil}
%global _build_id_links none
%if 0%{?rhel} == 7
%undefine __debug_package
%else
%global debug_package %{nil}
%endif
%global salt_venv /usr/lib/
%global venv venv-salt-minion
Name: venv-salt-minion
Version: 3004
Release: 0
Summary: The venvjailed client component for Salt
License: Apache-2.0
Group: System/Management
URL: http://saltstack.org/
Source: v%{version}.tar.gz
%if "%_vendor" == "debbuild"
Source10: exclude-deb
Source11: include-deb
%else
Source10: exclude-rpm
Source11: include-rpm
%endif
Source12: remove-file
Source13: venv.py.src
Source14: venv-startup
Source100: venv-salt-minion-rpmlintrc
Source101: filter-requires.sh
Source200: venv-salt-minion-selinux.tar.gz
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/commit/88f40fff3b81edaa55f37949f56c67112ca2dcad
Patch1: run-salt-master-as-dedicated-salt-user.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/commit/cdecbbdf5db3f1cb6b603916fecd80738f5fae9a
Patch2: run-salt-api-as-user-salt-bsc-1064520.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/commit/c44b897eb1305c6b9c341fc16f729d2293ab24e4
Patch3: activate-all-beacons-sources-config-pillar-grains.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/commit/3c83bab3da101223c99af1f9ee2f3bf5e97be3f8
Patch4: avoid-excessive-syslogging-by-watchdog-cronjob-58.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/commit/1b9a160f578cf446f5ae622a450d23022e7e3ca5
Patch5: fix-bsc-1065792.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/commit/fec7f65b4debede8cf0eef335182fce2206e200d
Patch6: enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/90
Patch7: add-environment-variable-to-know-if-yum-is-invoked-f.patch
#### SUSE CAPABILITIES - unified ####
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/commit/713ccfdc5c6733495d3ce7f26a8cfeddb8e9e9c4
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/commit/b713d0b3031faadc17cd9cf09977ccc19e50bef7
Patch8: add-custom-suse-capabilities-as-grains.patch
###########
#### SUSE SLES-ES SUPPORT ####
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/57166
Patch9: fix-for-suse-expanded-support-detection.patch
############
#### ADLER - unified ####
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/48812
# (closed upstream in favor of different solution - might affect server_id)
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/159
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/commit/73e357d7eee19a73cade22becb30d9689cae27ba
Patch10: use-adler32-algorithm-to-compute-string-checksums.patch
###########
#### X509 - unified ####
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/56819
Patch11: x509-fixes-111.patch
###########
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/58054
Patch12: do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
#### SALT SUPPORT - unified ####
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/57054
Patch13: early-feature-support-config.patch
###########
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/57071
Patch14: make-aptpkg.list_repos-compatible-on-enabled-disable.patch
### DEBIAN INFO_INSTALLED - unified ###
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/50453
# (master PR not yet created - codejam)
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/50453
# https://github.com/saltstack/salt/commit/e20362f6f053eaa4144583604e6aac3d62838419
# Can be dropped one pull/50453 is in released version.
Patch15: debian-info_installed-compatibility-50453.patch
###########
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/pull/116 (missing upstream PR to master)
Patch16: return-the-expected-powerpc-os-arch-bsc-1117995.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/51119 (master PR not yet created)
Patch17: fix-issue-2068-test.patch
# PATCH_FIX_OPENSUSE Temporary fix allowing "id_" and "force" params while upstrem figures it out
Patch18: temporary-fix-extend-the-whitelist-of-allowed-comman.patch
### FQDNS ####
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/51384 (master PR not yet created)
Patch19: include-aliases-in-the-fqdns-grains.patch
###########
#### BATCH ASYNC - unified #####
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/60269
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/50546
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/51863
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/139
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/141
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/144
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/52855
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/commit/6af07030a502c427781991fc9a2b994fa04ef32e
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/commit/002543df392f65d95dbc127dc058ac897f2035ed
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/commit/55d8a777d6a9b19c959e14a4060e5579e92cd106
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/commit/8378bb24a5a53973e8dba7658b8b3465d967329f
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/pull/182
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/pull/190
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/pull/217
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/commit/8a23030d347b7487328c0395f5e30ef29daf1455
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/commit/a38adfa2efe40c2b1508b685af0b5d28a6bbcfc8
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/commit/b4c401cfe6031b61e27f7795bfa1aca6e8341e52
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/320
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/commit/25b4e3ea983b2606b2fb3d3c0e42f9840208bf84 (cleanup local code)
Patch20: async-batch-implementation.patch
###########
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/52743
Patch21: switch-firewalld-state-to-use-change_interface.patch
### STANDALONE FORMULA CONFIGURATION ###
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/commit/8ad65d6fa39edc7fc1967e2df1f3db0aa7df4d11
Patch22: add-standalone-configuration-file-for-enabling-packa.patch
#############
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/53159 (missing PR to master)
Patch23: batch.py-avoid-exception-when-minion-does-not-respon.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/177
# (deviation from upstream - we should probably port this)
Patch24: restore-default-behaviour-of-pkg-list-return.patch
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/pull/186 (missing upstream PR to master)
Patch25: read-repo-info-without-using-interpolation-bsc-11356.patch
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/pull/191 (missing upstream PR to master)
Patch26: let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch
# PATCH_FIX_OPENSUSE https://github.com/openSUSE/salt/commit/a8f0a15e4067ec278c8a2d690e3bf815523286ca (missing upstream PR)
Patch27: fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/commit/a18ac47b75550bd55f4ca91dc221ed408881984c
Patch28: make-setup.py-script-to-not-require-setuptools-9.1.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/228 (missing upstream PR)
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/61017
Patch29: adds-explicit-type-cast-for-port.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/commit/da936daeebd701e147707ad814c07bfc259d4be (not yet upstream PR)
Patch30: add-publish_batch-to-clearfuncs-exposed-methods.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/57779
Patch31: info_installed-works-without-status-attr-now.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/58552
Patch32: zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
#### MICROOS - TRANSACTIONAL UPDATES ####
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/58520 (master PR merged but not included in 3003)
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/60903
Patch33: support-transactional-systems-microos.patch
###########
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/275 (missing upstream PR)
Patch34: bsc-1176024-fix-file-directory-user-and-group-owners.patch
#### NO VENDOR CHANGE ####
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/60421
Patch35: allow-vendor-change-option-with-zypper.patch
###########
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/58784
Patch36: add-migrated-state-and-gpg-key-management-functions-.patch
### BEACON CONFIG ###
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/commit/5ea2f10b15684dd417bad858642faafc92cd382
# (revert https://github.com/saltstack/salt/pull/58655)
Patch37: revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
###########
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/298 (missing upstream PR)
Patch38: fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/304 (missing uptstream PR)
Patch39: force-zyppnotify-to-prefer-packages.db-than-packages.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/59354 (master PR merged but not included in 3003)
Patch40: do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/56173
Patch41: fixes-56144-to-enable-hotadd-profile-support.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/307 (missing upstream PR)
Patch42: add-sleep-on-exception-handling-on-minion-connection.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/323 (missing upstream PR)
Patch43: implementation-of-suse_ip-execution-module-bsc-10999.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/347 (missing upstream PR)
Patch44: notify-beacon-for-debian-ubuntu-systems-347.patch
### SALT-SSH PROCESSING TARGETS ###
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/336 (missing upstream PR)
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/353 (missing upstream PR)
Patch45: update-target-fix-for-salt-ssh-to-process-targets-li.patch
############
#### ANSIBLE GATE IMPROVEMENTS ####
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/60056
Patch46: improvements-on-ansiblegate-module-354.patch
##########
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/376 (missing upstream PR)
Patch47: check-if-dpkgnotify-is-executable-bsc-1186674-376.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/58503
Patch48: fix-missing-minion-returns-in-batch-mode-360.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/60402
Patch49: enhance-logging-when-inotify-beacon-is-missing-pyino.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/60356
Patch50: fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/60432 (merged on master but not included in 3003)
Patch51: implementation-of-held-unheld-functions-for-state-pk.patch
#### OPENSCAP ENHANCE ####
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/59756
Patch52: enhance-openscap-module-add-xccdf_eval-call-386.patch
###############
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/413 (missing upstream PR)
Patch53: don-t-use-shell-sbin-nologin-in-requisites.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/59777
Patch54: 3003.3-postgresql-json-support-in-pillar-423.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/60983
Patch55: 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/61017
Patch56: fix-crash-when-calling-manage.not_alive-runners.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/61014
Patch57: fix-issues-with-salt-ssh-s-extra-filerefs.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61061
Patch58: fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/432 (missing upstream PR)
Patch59: fix-traceback.print_exc-calls-for-test_pip_state-432.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/415 (missing upstream PR)
Patch60: prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/60815
Patch61: add-rpm_vercmp-python-library-for-version-comparison.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61180
Patch62: dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/60324
Patch63: mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
# PATCH-FIX_OPENSUSE https://github.com/openSUSE/salt/pull/456 (missing upstream PR)
Patch64: fix-the-regression-for-yumnotify-plugin-456.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61188
Patch65: refactor-and-improvements-for-transactional-updates-.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61189
Patch66: state.apply-don-t-check-for-cached-pillar-errors.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61393
Patch67: wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61530
Patch68: fix-inspector-module-export-function-bsc-1097531-481.patch
# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/482
Patch69: drop-serial-from-event.unpack-in-cli.batch_async.patch
# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/485
Patch70: add-missing-ansible-module-functions-to-whitelist-in.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/61256
Patch71: fix-salt-call-event.send-call-with-grains-and-pillar.patch
# PATCH-FIX_UPSTREAM https://github.com/saltstack/salt/pull/61093
Patch72: state.orchestrate_single-does-not-pass-pillar-none-4.patch
### SALT-SSH WITH SALT BUNDLE ###
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61715 (ssh_pre_flight_args)
# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/493
# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/497
Patch73: add-salt-ssh-support-with-venv-salt-minion-3004-493.patch
Patch74: prevent-shell-injection-via-pre_flight_script_args-4.patch
###############
# PATCH-FIX_UPSTREAM: implemented at 3004.1 release (no PR)
Patch75: fix-multiple-security-issues-bsc-1197417.patch
# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/501
Patch76: fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61064
Patch77: fixes-for-python-3.10-502.patch
# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/505
Patch78: prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/506
Patch79: fix-regression-with-depending-client.ssh-on-psutil-b.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61895
Patch80: make-sure-saltcacheloader-use-correct-fileclient-519.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/commit/e068a34ccb2e17ae7224f8016a24b727f726d4c8
Patch81: fix-for-cve-2022-22967-bsc-1200566.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61827
Patch82: ignore-erros-on-reading-license-files-with-dpkg_lowp.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/62109
Patch83: use-salt-bundle-in-dockermod.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61984
Patch84: save-log-to-logfile-with-docker.build.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/62029
Patch85: normalize-package-names-once-with-pkg.installed-remo.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/62089
Patch86: set-default-target-for-pip-from-venv_pip_target-envi.patch
# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/534
Patch87: fix-ownership-of-salt-thin-directory-when-using-the-.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/62033
Patch88: add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/62119
Patch89: fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/62067
Patch90: fix-salt.states.file.managed-for-follow_symlinks-tru.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61856
Patch91: fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/62209
Patch92: add-support-for-gpgautoimport-539.patch
# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/commit/2b486d0484c51509e9972e581d97655f4f87852e
Patch93: fix-test_ipc-unit-tests.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/62204
Patch94: retry-if-rpm-lock-is-temporarily-unavailable-547.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/62519
Patch95: change-the-delimeters-to-prevent-possible-tracebacks.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61847
Patch96: fix-state.apply-in-test-mode-with-file-state-module-.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61423
Patch97: fix-the-regression-in-schedule-module-releasded-in-3.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/62539
Patch98: add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/commit/643bd4b572ca97466e085ecd1d84da45b1684332
Patch99: backport-syndic-auth-fixes.patch
# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/62633
Patch100: ignore-non-utf8-characters-while-reading-files-with-.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: binutils
BuildRequires: fdupes
BuildRequires: logrotate
BuildRequires: saltbundlepy-rpm-macros
BuildRequires: saltbundlepy-setuptools
BuildRequires: saltbundlepy-venvjail
# --- [venvjail - BuildRequires] START ---
BuildRequires: saltbundle-libsodium
BuildRequires: saltbundle-libzmq
BuildRequires: saltbundlepy-base
BuildRequires: saltbundlepy-distro
BuildRequires: saltbundlepy-jinja2
BuildRequires: saltbundlepy-m2crypto
BuildRequires: saltbundlepy-markupsafe
BuildRequires: saltbundlepy-msgpack > 0.3
BuildRequires: saltbundlepy-pyzmq >= 2.2.0
BuildRequires: saltbundlepy-psutil
BuildRequires: saltbundlepy-pyyaml
BuildRequires: saltbundlepy-requests >= 1.0.0
BuildRequires: saltbundlepy-netaddr
BuildRequires: saltbundlepy-pyinotify
%if 0%{?suse_version} || 0%{?fedora} || 0%{?rhel}
BuildRequires: saltbundlepy-rpm-vercmp
%endif
%if 0%{?fedora} || 0%{?rhel}
%if 0%{?fedora} >= 22 || 0%{?rhel} >= 8
%if 0%{?rhel} >= 8
BuildRequires: platform-python
%else
%if 0%{?fedora} < 35
BuildRequires: python3
%endif
%endif
%else
BuildRequires: python
%endif
%endif
# SELinux dependencies
%if 0%{?fedora} >= 22 || 0%{?rhel} >= 7
BuildRequires: selinux-policy-targeted
BuildRequires: policycoreutils-devel
Requires(post): policycoreutils
%endif
%if 0%{?ubuntu} >= 2004
BuildRequires: selinux-policy-default
BuildRequires: selinux-policy-dev
BuildRequires: policycoreutils-dev
Requires(post): policycoreutils
%endif
%if 0%{?debian} || 0%{?raspbian} || 0%{?ubuntu}
BuildRequires: saltbundlepy-apt
%endif
# --- [venvjail - BuildRequires] END ---
# --- [venvjail - Requires] START ---
# --- [venvjail - Requires] END ---
%if 0%{?suse_version}
# required for zypper.py
Requires(pre): libzypp(plugin:system) >= 0
BuildRequires: saltbundlepy-zypp-plugin
# required for virtualisation hosts (libvirt)
BuildRequires: saltbundlepy-libvirt
%endif
BuildRequires: saltbundlepy-docker
BuildRequires: saltbundlepy-pip
%if "%_vendor" == "debbuild"
BuildRequires: debbuild-macros
Requires: gnupg
%endif
Requires: logrotate
Requires: systemd
%if "%_vendor" == "debbuild"
AutoReqProv: 0
%else
AutoProv: 0
Provides: config(%{name}) = %{version}-%{release}
# Use custom filter to prevent wrong requires
%define _use_internal_dependency_generator 0
%define __find_requires sh %{SOURCE101}
%endif
%description
Virtual environment jail for Salt minion.
Salt minion is queried and controlled from the master.
Listens to the salt master and execute the commands.
%prep
%autosetup -n salt-%{version}-suse -p1
# Expand SELinux policy files
tar zxvf %{S:200}
%build
%if 0%{?fedora} || 0%{?rhel}
export PATH=/usr/bin:$PATH
%endif
%{__saltbundlepy} setup.py --with-salt-version=%{version} --salt-transport=both build
cp ./build/lib/salt/_version.py ./salt
# Create SELinux policy
pushd venv-salt-minion-selinux
%if 0%{?fedora} >= 22 || 0%{?rhel} >= 7 || 0%{?ubuntu} >= 2004
if test -f /usr/share/selinux/devel/Makefile; then
rm -f venv-salt-minion.pp
make -f /usr/share/selinux/devel/Makefile venv-salt-minion.pp
fi;
%endif
popd
%install
cp %{S:10} %{S:11} %{S:12} .
venvjail create %{venv} \
%if "%_vendor" == "debbuild"
-i include-deb \
-e exclude-deb \
%endif
--python-version %{saltbundlepy_version} \
--relocate %{salt_venv} \
--version %{version} \
--track ../../OTHER/%{name}-%{_arch}-%{version}-%{release}.noarch.rpm.packages
mkdir -p %{buildroot}%{salt_venv}
mv %{venv} %{buildroot}%{salt_venv}
# Install salt right into virtual environment
%{__saltbundlepy} setup.py --salt-transport=both \
--salt-config-dir=%{_sysconfdir}/%{venv} \
--salt-cache-dir=%{_localstatedir}/cache/%{venv} \
--salt-logs-dir=%{_localstatedir}/log \
install --prefix=%{_prefix} --root=%{buildroot}%{salt_venv}%{venv} --no-compile
# Remove packages.log
rm -f %{buildroot}%{salt_venv}%{venv}/packages.log
# Remove not used activate scripts
rm -f %{buildroot}%{salt_venv}%{venv}/bin/Activate.ps1 \
%{buildroot}%{salt_venv}%{venv}/bin/activate.csh \
%{buildroot}%{salt_venv}%{venv}/bin/activate.fish
# Fix links for python interpreter files
sed -i '4 i export VENV_PIP_TARGET="${VENV_PIP_TARGET:-/var/lib/venv-salt-minion/local}"' "%{buildroot}%{salt_venv}%{venv}/bin/python"
sed -i '8 i export PYTHONSTARTUP="$VIRTUAL_ENV/bin/venv-startup"' "%{buildroot}%{salt_venv}%{venv}/bin/python"
sed -i '9 i export PYTHONPATH="$VENV_PIP_TARGET"' "%{buildroot}%{salt_venv}%{venv}/bin/python"
sed -i '10 i export SALT_CONFIG_DIR="%{_sysconfdir}/%{venv}"' "%{buildroot}%{salt_venv}%{venv}/bin/python"
sed -i 's=^exec %{salt_venv}%{venv}/bin/python.original =exec "$VIRTUAL_ENV/bin/python.original" =' "%{buildroot}%{salt_venv}%{venv}/bin/python"
rm -f %{buildroot}%{salt_venv}%{venv}/bin/python3 \
%{buildroot}%{salt_venv}%{venv}/bin/python%{saltbundlepy_version} \
%{buildroot}%{salt_venv}%{venv}/bin/python3.original \
%{buildroot}%{salt_venv}%{venv}/bin/python%{saltbundlepy_version}.original
ln -s python %{buildroot}%{salt_venv}%{venv}/bin/python3
ln -s python %{buildroot}%{salt_venv}%{venv}/bin/python%{saltbundlepy_version}
ln -s python.original %{buildroot}%{salt_venv}%{venv}/bin/python3.original
ln -s python.original %{buildroot}%{salt_venv}%{venv}/bin/python%{saltbundlepy_version}.original
# Fix salt scripts
find %{buildroot}%{salt_venv}%{venv}/bin/ -type f -name 'salt*' -delete
for script in build/scripts-*/salt-minion build/scripts-*/salt-call \
build/scripts-*/salt-unity build/scripts-*/salt-support \
build/scripts-*/spm; do
SCRIPT_NAME=$(basename $script)
install -m 0755 $script %{buildroot}%{salt_venv}%{venv}/bin
sed -i '1s=^#!/usr/bin/\(python\|env python\)[0-9.]*=#!%{salt_venv}%{venv}/bin/python=' %{buildroot}%{salt_venv}%{venv}/bin/$SCRIPT_NAME
done
# Fix salt scripts to bindir with venv- prefix
install -Dd -m 0755 %{buildroot}%{_bindir}
find "%{buildroot}%{salt_venv}%{venv}/bin/" -type f -name 'salt-*' | while read _FILE; do
FILE_NAME=$(basename "${_FILE}")
ln -s "%{salt_venv}%{venv}/bin/${FILE_NAME}" "%{buildroot}%{_bindir}/venv-${FILE_NAME}"
done
# Remove some of the files
rm -rf %{buildroot}%{salt_venv}%{venv}/usr/share/man
find %{buildroot}%{salt_venv}%{venv}%{saltbundlepy_sitelib}/salt/cloud/deploy/ -name '*.sh' -delete
# Copy venv executor in place
cp %{S:13} %{buildroot}%{salt_venv}%{venv}/lib/python%{saltbundlepy_version}/site-packages/salt/executors/venv.py
# Copy venv-exec wrapper script
cp %{S:14} %{buildroot}%{salt_venv}%{venv}/bin/venv-startup
# Create systemd service file: venv-salt-minion.service
%if 0%{?suse_version}
install -Dpm 0644 pkg/suse/salt-minion.service %{buildroot}%{_unitdir}/venv-salt-minion.service
%else
install -Dpm 0644 pkg/suse/salt-minion.service.rhel7 %{buildroot}%{_unitdir}/venv-salt-minion.service
%endif
sed -i 's/^After=.*/After=network.target/; s/^Description=.*/Description=The venvjailed Salt Minion/; s#^ExecStart=.*#ExecStart=%{salt_venv}%{venv}/bin/salt-minion#' \
%{buildroot}%{_unitdir}/venv-salt-minion.service
install -Dd -m 0755 %{buildroot}%{_sbindir}
ln -s service %{buildroot}%{_sbindir}/rcvenv-salt-minion
install -Dd -m 0750 %{buildroot}%{_sysconfdir}/%{venv}/minion.d
install -Dd -m 0750 %{buildroot}%{_sysconfdir}/%{venv}/pki/minion
install -Dpm 0640 conf/minion %{buildroot}%{_sysconfdir}/%{venv}/minion
install -Dpm 0640 /dev/null %{buildroot}%{_sysconfdir}/%{venv}/minion_id
# Create default minion config file: 00-venv.conf
cat <<EOF > "%{buildroot}%{_sysconfdir}/%{venv}/minion.d/00-venv.conf"
pki_dir: %{_sysconfdir}/%{venv}/pki/minion
pidfile: /run/%{venv}.pid
log_file: /var/log/%{venv}.log
cachedir: /var/cache/%{venv}
sock_dir: /run/%{venv}
module_executors: [venv]
server_id_use_crc: adler32
enable_legacy_startup_events: False
enable_fqdns_grains: False
start_event_grains: [machine_id, saltboot_initrd, susemanager]
EOF
mkdir -p "%{buildroot}%{_sysconfdir}/logrotate.d"
cat <<EOF > "%{buildroot}%{_sysconfdir}/logrotate.d/venv-salt-minion"
/var/log/%{venv}.log {
weekly
missingok
rotate 7
compress
notifempty
}
EOF
mkdir -p "%{buildroot}/usr/lib/tmpfiles.d"
cat <<EOF > "%{buildroot}/usr/lib/tmpfiles.d/venv-salt-minion.conf"
# Type Path Mode UID GID Age Argument
d /run/venv-salt-minion 0750 root root
EOF
mkdir -p "%{buildroot}/var/cache/%{venv}"
rm -rf "%{buildroot}%{salt_venv}%{venv}/etc" "%{buildroot}%{salt_venv}%{venv}/var" \
"%{buildroot}%{salt_venv}%{venv}/srv" "%{buildroot}%{salt_venv}%{venv}/usr/share"
find "%{buildroot}%{salt_venv}%{venv}/lib/" -type d -name 'test*' | while read _DIR; do
rm -rf "${_DIR}"
done
# Remove build IDs
rm -rf "%{buildroot}%{salt_venv}%{venv}/lib/.build-id"
# Recompile python sources
find %{buildroot}%{salt_venv}%{venv} -name '*.pyc' -delete
%{__saltbundlepy} -m compileall -d %{salt_venv}%{venv} %{buildroot}%{salt_venv}%{venv}
%{__saltbundlepy} -O -m compileall -d %{salt_venv}%{venv} %{buildroot}%{salt_venv}%{venv}
## Install Zypper plugins only on SUSE machines
%if 0%{?suse_version}
install -Dd -m 0750 %{buildroot}%{_prefix}/lib/zypp/plugins/commit
%{__install} scripts/suse/zypper/plugins/commit/zyppnotify %{buildroot}%{_prefix}/lib/zypp/plugins/commit/venv-zyppnotify
sed -i '1s=^#!/usr/bin/\(python\|env python\)[0-9.]*=#!%{salt_venv}%{venv}/bin/python=' %{buildroot}%{_prefix}/lib/zypp/plugins/commit/venv-zyppnotify
sed -i -E 's#self.ck_path = ".*#self.ck_path = "/var/cache/%{venv}/rpmdb.cookie"#' \
%{buildroot}%{_prefix}/lib/zypp/plugins/commit/venv-zyppnotify
%endif
# Install Yum plugins only on RH machines
%if 0%{?fedora} || 0%{?rhel}
%if 0%{?fedora} >= 22 || 0%{?rhel} >= 8
%if 0%{?fedora} >= 33
%if 0%{?fedora} < 35
%define __platform_python python3
%else
%define __platform_python %{__saltbundlepy}
%define python3_sitelib %{saltbundlepy_sitelib}
%endif
%else
%if 0%{?rhel} >= 8
%define __platform_python /usr/libexec/platform-python
%else
%define __platform_python python3
%endif
%endif
%define python3_sitelib %(%{__platform_python} -c "import sysconfig as s; print(s.get_paths().get('purelib'))")
install -Dd %{buildroot}%{python3_sitelib}/dnf-plugins
install -Dd %{buildroot}%{_sysconfdir}/dnf/plugins
%{__install} scripts/suse/dnf/plugins/dnfnotify.py %{buildroot}%{python3_sitelib}/dnf-plugins/venv-dnfnotify.py
sed -i -E 's#self\.cookie_file = ".*#self.cookie_file = "/var/cache/%{venv}/rpmdb.cookie"#' \
%{buildroot}%{python3_sitelib}/dnf-plugins/venv-dnfnotify.py
%{__platform_python} -m compileall -d %{python3_sitelib}/dnf-plugins %{buildroot}%{python3_sitelib}/dnf-plugins
%{__platform_python} -O -m compileall -d %{python3_sitelib}/dnf-plugins %{buildroot}%{python3_sitelib}/dnf-plugins
%fdupes %{buildroot}%{python3_sitelib}/dnf-plugins
%{__install} scripts/suse/dnf/plugins/dnfnotify.conf %{buildroot}%{_sysconfdir}/dnf/plugins/venv-dnfnotify.conf
%else
install -Dd %{buildroot}%{_prefix}/share/yum-plugins
install -Dd %{buildroot}%{_sysconfdir}/yum/pluginconf.d
%{__install} -m 0644 scripts/suse/yum/plugins/yumnotify.py %{buildroot}%{_prefix}/share/yum-plugins/venv-yumnotify.py
sed -i -E 's#CK_PATH = ".*#CK_PATH = "/var/cache/%{venv}/rpmdb.cookie"#' \
%{buildroot}%{_prefix}/share/yum-plugins/venv-yumnotify.py
python -m compileall -d %{_prefix}/share/yum-plugins %{buildroot}%{_prefix}/share/yum-plugins
python -O -m compileall -d %{_prefix}/share/yum-plugins %{buildroot}%{_prefix}/share/yum-plugins
%fdupes %{buildroot}%{_prefix}/share/yum-plugins
%{__install} -m 0644 scripts/suse/yum/plugins/yumnotify.conf %{buildroot}%{_sysconfdir}/yum/pluginconf.d/venv-yumnotify.conf
%endif
%endif
# Install DPkg plugins only on Debian machines
%if "%_vendor" == "debbuild"
install -Dd %{buildroot}%{_sysconfdir}/apt/apt.conf.d
%{__install} scripts/suse/dpkg/99dpkgnotify %{buildroot}%{_sysconfdir}/apt/apt.conf.d/99dpkgnotify-venv
%{__install} scripts/suse/dpkg/dpkgnotify %{buildroot}%{_bindir}/venv-dpkgnotify
sed -i -E 's#/usr/bin/dpkgnotify#%{_bindir}/venv-dpkgnotify#g' \
%{buildroot}%{_sysconfdir}/apt/apt.conf.d/99dpkgnotify-venv
sed -i -E 's#CK_PATH = ".*#CK_PATH = "%{_localstatedir}/cache/%{venv}/dpkg.cookie"#' \
%{buildroot}%{_bindir}/venv-dpkgnotify
%endif
# Install SELinux profile
install -Dd -m 0755 %{buildroot}%{salt_venv}%{venv}/selinux
%{__install} -m 0644 venv-salt-minion-selinux/venv-salt-minion.pp %{buildroot}%{salt_venv}%{venv}/selinux/venv-salt-minion.pp
%fdupes %{buildroot}%{salt_venv}%{venv}
# Strip debuginfo
strip %{buildroot}%{salt_venv}%{venv}/bin/python.original
find "%{buildroot}%{salt_venv}%{venv}" -type f -name '*.so*' | while read _FILE; do
strip $_FILE
done
%pre
%if 0%{?suse_version}
%service_add_pre venv-salt-minion.service
%endif
%post
if test -f %{salt_venv}%{venv}/selinux/venv-salt-minion.pp ; then
if which semodule > /dev/null 2>&1 ; then
semodule -n -i %{salt_venv}%{venv}/selinux/venv-salt-minion.pp 2> /dev/null || :
if /usr/sbin/selinuxenabled ; then
/usr/sbin/load_policy
restorecon -R %{salt_venv}%{venv}/bin || :
fi;
fi;
fi;
%if 0%{?suse_version}
%service_add_post venv-salt-minion.service
%else
%systemd_post venv-salt-minion.service
%endif
%preun
%if 0%{?suse_version}
%service_del_preun venv-salt-minion.service
%else
%systemd_preun venv-salt-minion.service
%endif
%postun
%if 0%{?suse_version}
%service_del_postun venv-salt-minion.service
%else
%systemd_postun_with_restart venv-salt-minion.service
%endif
%if "%_vendor" == "debbuild"
if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then
%else
if [ $1 -eq 0 ]; then
%endif
if which semodule > /dev/null 2>&1 ; then
semodule -n -r venv-salt-minion 2> /dev/null || :
if /usr/sbin/selinuxenabled ; then
/usr/sbin/load_policy
fi;
fi;
fi;
%files
%defattr(-,root,root)
%{salt_venv}%{venv}
%{_bindir}/venv-salt-*
%{_sbindir}/rcvenv-salt-minion
%dir %attr(0750, root, root) %{_sysconfdir}/%{venv}
%dir %attr(0750, root, root) %{_sysconfdir}/%{venv}/pki
%config(noreplace) %attr(0640, root, root) %{_sysconfdir}/%{venv}/minion
%config(noreplace) %attr(0640, root, root) %ghost %{_sysconfdir}/%{venv}/minion_id
%dir %attr(0750, root, root) %{_sysconfdir}/%{venv}/minion.d/
%config %attr(0640, root, root) %{_sysconfdir}/%{venv}/minion.d/00-venv.conf
%dir %attr(0750, root, root) %{_sysconfdir}/%{venv}/pki/minion/
%dir %attr(0750, root, root) %{_localstatedir}/cache/%{venv}/
# Install plugin only on SUSE machines
%if 0%{?suse_version}
%{_prefix}/lib/zypp/plugins/commit/venv-zyppnotify
%endif
# Install Yum plugins only on RH machines
%if 0%{?fedora} || 0%{?rhel}
%if 0%{?fedora} >= 22 || 0%{?rhel} >= 8
%{python3_sitelib}/dnf-plugins/venv-dnfnotify.py
%{python3_sitelib}/dnf-plugins/__pycache__/venv-dnfnotify.*
%{_sysconfdir}/dnf/plugins/venv-dnfnotify.conf
%else
%{_prefix}/share/yum-plugins/venv-yumnotify.*
%{_sysconfdir}/yum/pluginconf.d/venv-yumnotify.conf
%endif
%endif
# Install DPkg plugins only on Debian machines
%if "%_vendor" == "debbuild"
%{_sysconfdir}/apt/apt.conf.d/99dpkgnotify-venv
/usr/bin/venv-dpkgnotify
%endif
%{_unitdir}/venv-salt-minion.service
%config(noreplace) %{_sysconfdir}/logrotate.d/venv-salt-minion
%{_prefix}/lib/tmpfiles.d/venv-salt-minion.conf
%changelog
