diff options
| author |   Matthew Thode <prometheanfire@gentoo.org> | 2014-06-15 04:27:28 +0000 |
|---|---|---|
| committer | Matthew Thode <prometheanfire@gentoo.org> | 2014-06-15 04:27:28 +0000 |
| commit | dbd5edc7a379016cbca06ecf8538d40904e807b3 (patch) | |
| tree | 21bfecad2bb67d82cd67db39704b5d6f3d397ae6 /sys-cluster | |
| parent | removing the old badness (diff) | |
| download | gentoo-2-dbd5edc7a379016cbca06ecf8538d40904e807b3.tar.gz gentoo-2-dbd5edc7a379016cbca06ecf8538d40904e807b3.tar.bz2 gentoo-2-dbd5edc7a379016cbca06ecf8538d40904e807b3.zip | |
removing the old badness
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
Diffstat (limited to 'sys-cluster')
| -rw-r--r-- | sys-cluster/neutron/ChangeLog | 7 | ||||
| -rw-r--r-- | sys-cluster/neutron/files/2013.2.2-CVE-2014-0056.patch | 245 | ||||
| -rw-r--r-- | sys-cluster/neutron/files/2013.2.3-CVE-2014-0187.patch | 257 | ||||
| -rw-r--r-- | sys-cluster/neutron/neutron-2013.2.3-r1.ebuild | 157 | ||||
| -rw-r--r-- | sys-cluster/neutron/neutron-2013.2.9999.ebuild | 157 |
5 files changed, 6 insertions, 817 deletions
diff --git a/sys-cluster/neutron/ChangeLog b/sys-cluster/neutron/ChangeLog index 0d98d5322d30..573c6597ab7f 100644 --- a/sys-cluster/neutron/ChangeLog +++ b/sys-cluster/neutron/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for sys-cluster/neutron # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/ChangeLog,v 1.31 2014/05/14 06:01:28 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/ChangeLog,v 1.32 2014/06/15 04:27:28 prometheanfire Exp $ + + 15 Jun 2014; Matthew Thode <prometheanfire@gentoo.org> + -files/2013.2.2-CVE-2014-0056.patch, -files/2013.2.3-CVE-2014-0187.patch, + -neutron-2013.2.3-r1.ebuild, -neutron-2013.2.9999.ebuild: + removing the old badness *neutron-2014.1-r2 (14 May 2014) *neutron-2013.2.3-r1 (14 May 2014) diff --git a/sys-cluster/neutron/files/2013.2.2-CVE-2014-0056.patch b/sys-cluster/neutron/files/2013.2.2-CVE-2014-0056.patch deleted file mode 100644 index fc3a37dbcc38..000000000000 --- a/sys-cluster/neutron/files/2013.2.2-CVE-2014-0056.patch +++ /dev/null @@ -1,245 +0,0 @@ -From 1faec8354a0fab953524eaeb6042ad38461a58bc Mon Sep 17 00:00:00 2001 -From: Aaron Rosen <aaronorosen@gmail.com> -Date: Wed, 26 Mar 2014 16:36:56 -0700 -Subject: [PATCH] Prevent cross plugging router ports from other tenants - -Previously, a tenant could plug an interface into another tenant's -router if he knew their router_id by creating a port with the correct -device_id and device_owner. This patch prevents this from occuring -by preventing non-admin users from creating ports with device_owner -network:router_interface with a device_id that matches another tenants router. -In addition, it prevents one from updating a ports device_owner and device_id -so that the device_id won't match another tenants router with device_owner -being network:router_interface. - -NOTE: with this change it does open up the possiblity for a tenant to discover -router_id's of another tenant's by guessing them and updating a port till -a conflict occurs. That said, randomly guessing the router id would be hard -and in theory should not matter if exposed. We also need to allow a tenant -to update the device_id on network:router_interface ports as this would be -used for by anyone using a vm as a service router. This issue will be fixed in -another patch upstream as a db migration is required but since this needs -to be backported to all stable branches this is not possible. - -NOTE: The only plugins affect by this are the ones that use the l3-agent. - -NOTE: **One should perform and audit of the ports that are already - attached to routers after applying this patch and remove ports - that a tenant may have cross plugged.** - -Closes-bug: #1243327 - -Conflicts: - neutron/common/exceptions.py - neutron/db/db_base_plugin_v2.py - -Change-Id: I8bc6241f537d937e5729072dcc76871bf407cdb3 ---- - neutron/common/exceptions.py | 5 +++ - neutron/db/db_base_plugin_v2.py | 62 +++++++++++++++++++++++++++++++++++ - neutron/tests/unit/test_l3_plugin.py | 63 +++++++++++++++++++++++++++++++++++- - 3 files changed, 129 insertions(+), 1 deletion(-) - -diff --git a/neutron/common/exceptions.py b/neutron/common/exceptions.py -index 7b02647..88fa6e4 100644 ---- a/neutron/common/exceptions.py -+++ b/neutron/common/exceptions.py -@@ -301,3 +301,8 @@ def __init__(self, **kwargs): - - class NetworkVxlanPortRangeError(object): - message = _("Invalid network VXLAN port range: '%(vxlan_range)s'") -+ -+ -+class DeviceIDNotOwnedByTenant(Conflict): -+ message = _("The following device_id %(device_id)s is not owned by your " -+ "tenant or matches another tenants router.") -diff --git a/neutron/db/db_base_plugin_v2.py b/neutron/db/db_base_plugin_v2.py -index 2afbac5..872463f 100644 ---- a/neutron/db/db_base_plugin_v2.py -+++ b/neutron/db/db_base_plugin_v2.py -@@ -27,14 +27,18 @@ - from neutron.api.v2 import attributes - from neutron.common import constants - from neutron.common import exceptions as q_exc -+from neutron import context as ctx - from neutron.db import api as db - from neutron.db import models_v2 - from neutron.db import sqlalchemyutils -+from neutron.extensions import l3 -+from neutron import manager - from neutron import neutron_plugin_base_v2 - from neutron.openstack.common import excutils - from neutron.openstack.common import log as logging - from neutron.openstack.common import timeutils - from neutron.openstack.common import uuidutils -+from neutron.plugins.common import constants as service_constants - - - LOG = logging.getLogger(__name__) -@@ -1311,6 +1315,9 @@ def create_port(self, context, port): - # NOTE(jkoelker) Get the tenant_id outside of the session to avoid - # unneeded db action if the operation raises - tenant_id = self._get_tenant_id_for_create(context, p) -+ if p.get('device_owner') == constants.DEVICE_OWNER_ROUTER_INTF: -+ self._enforce_device_owner_not_router_intf_or_device_id(context, p, -+ tenant_id) - - with context.session.begin(subtransactions=True): - network = self._get_network(context, network_id) -@@ -1374,6 +1381,23 @@ def update_port(self, context, id, port): - changed_ips = False - with context.session.begin(subtransactions=True): - port = self._get_port(context, id) -+ if 'device_owner' in p: -+ current_device_owner = p['device_owner'] -+ changed_device_owner = True -+ else: -+ current_device_owner = port['device_owner'] -+ changed_device_owner = False -+ if p.get('device_id') != port['device_id']: -+ changed_device_id = True -+ -+ # if the current device_owner is ROUTER_INF and the device_id or -+ # device_owner changed check device_id is not another tenants -+ # router -+ if ((current_device_owner == constants.DEVICE_OWNER_ROUTER_INTF) -+ and (changed_device_id or changed_device_owner)): -+ self._enforce_device_owner_not_router_intf_or_device_id( -+ context, p, port['tenant_id'], port) -+ - # Check if the IPs need to be updated - if 'fixed_ips' in p: - changed_ips = True -@@ -1483,3 +1507,41 @@ def get_ports(self, context, filters=None, fields=None, - - def get_ports_count(self, context, filters=None): - return self._get_ports_query(context, filters).count() -+ -+ def _enforce_device_owner_not_router_intf_or_device_id(self, context, -+ port_request, -+ tenant_id, -+ db_port=None): -+ if not context.is_admin: -+ # find the device_id. If the call was update_port and the -+ # device_id was not passed in we use the device_id from the -+ # db. -+ device_id = port_request.get('device_id') -+ if not device_id and db_port: -+ device_id = db_port.get('device_id') -+ # check to make sure device_id does not match another tenants -+ # router. -+ if device_id: -+ if hasattr(self, 'get_router'): -+ try: -+ ctx_admin = ctx.get_admin_context() -+ router = self.get_router(ctx_admin, device_id) -+ except l3.RouterNotFound: -+ return -+ else: -+ l3plugin = ( -+ manager.NeutronManager.get_service_plugins().get( -+ service_constants.L3_ROUTER_NAT)) -+ if l3plugin: -+ try: -+ ctx_admin = ctx.get_admin_context() -+ router = l3plugin.get_router(ctx_admin, -+ device_id) -+ except l3.RouterNotFound: -+ return -+ else: -+ # raise as extension doesn't support L3 anyways. -+ raise q_exc.DeviceIDNotOwnedByTenant( -+ device_id=device_id) -+ if tenant_id != router['tenant_id']: -+ raise q_exc.DeviceIDNotOwnedByTenant(device_id=device_id) -diff --git a/neutron/tests/unit/test_l3_plugin.py b/neutron/tests/unit/test_l3_plugin.py -index 4f75b57..9cc5cf9 100644 ---- a/neutron/tests/unit/test_l3_plugin.py -+++ b/neutron/tests/unit/test_l3_plugin.py -@@ -379,7 +379,8 @@ def _remove_external_gateway_from_router(self, router_id, network_id, - - def _router_interface_action(self, action, router_id, subnet_id, port_id, - expected_code=exc.HTTPOk.code, -- expected_body=None): -+ expected_body=None, -+ tenant_id=None): - interface_data = {} - if subnet_id: - interface_data.update({'subnet_id': subnet_id}) -@@ -388,6 +389,10 @@ def _router_interface_action(self, action, router_id, subnet_id, port_id, - - req = self.new_action_request('routers', interface_data, router_id, - "%s_router_interface" % action) -+ # if tenant_id was specified, create a tenant context for this request -+ if tenant_id: -+ req.environ['neutron.context'] = context.Context( -+ '', tenant_id) - res = req.get_response(self.ext_api) - self.assertEqual(res.status_int, expected_code) - response = self.deserialize(self.fmt, res) -@@ -968,6 +973,62 @@ def test_router_add_gateway_tenant_ctx(self): - gw_info = body['router']['external_gateway_info'] - self.assertEqual(gw_info, None) - -+ def test_create_router_port_with_device_id_of_other_teants_router(self): -+ with self.router() as admin_router: -+ with self.network(tenant_id='tenant_a', -+ set_context=True) as n: -+ with self.subnet(network=n): -+ self._create_port( -+ self.fmt, n['network']['id'], -+ tenant_id='tenant_a', -+ device_id=admin_router['router']['id'], -+ device_owner='network:router_interface', -+ set_context=True, -+ expected_res_status=exc.HTTPConflict.code) -+ -+ def test_create_non_router_port_device_id_of_other_teants_router_update( -+ self): -+ # This tests that HTTPConflict is raised if we create a non-router -+ # port that matches the device_id of another tenants router and then -+ # we change the device_owner to be network:router_interface. -+ with self.router() as admin_router: -+ with self.network(tenant_id='tenant_a', -+ set_context=True) as n: -+ with self.subnet(network=n): -+ port_res = self._create_port( -+ self.fmt, n['network']['id'], -+ tenant_id='tenant_a', -+ device_id=admin_router['router']['id'], -+ set_context=True) -+ port = self.deserialize(self.fmt, port_res) -+ neutron_context = context.Context('', 'tenant_a') -+ data = {'port': {'device_owner': -+ 'network:router_interface'}} -+ self._update('ports', port['port']['id'], data, -+ neutron_context=neutron_context, -+ expected_code=exc.HTTPConflict.code) -+ self._delete('ports', port['port']['id']) -+ -+ def test_update_port_device_id_to_different_tenants_router(self): -+ with self.router() as admin_router: -+ with self.router(tenant_id='tenant_a', -+ set_context=True) as tenant_router: -+ with self.network(tenant_id='tenant_a', -+ set_context=True) as n: -+ with self.subnet(network=n) as s: -+ port = self._router_interface_action( -+ 'add', tenant_router['router']['id'], -+ s['subnet']['id'], None, tenant_id='tenant_a') -+ neutron_context = context.Context('', 'tenant_a') -+ data = {'port': -+ {'device_id': admin_router['router']['id']}} -+ self._update('ports', port['port_id'], data, -+ neutron_context=neutron_context, -+ expected_code=exc.HTTPConflict.code) -+ self._router_interface_action( -+ 'remove', tenant_router['router']['id'], -+ s['subnet']['id'], None, tenant_id='tenant_a') -+ - def test_router_add_gateway_invalid_network_returns_404(self): - with self.router() as r: - self._add_external_gateway_to_router( --- -1.8.5.5 - diff --git a/sys-cluster/neutron/files/2013.2.3-CVE-2014-0187.patch b/sys-cluster/neutron/files/2013.2.3-CVE-2014-0187.patch deleted file mode 100644 index 182b709e1e1b..000000000000 --- a/sys-cluster/neutron/files/2013.2.3-CVE-2014-0187.patch +++ /dev/null @@ -1,257 +0,0 @@ -From 03eed8cd34cd4fb043c11fc99f6bb0b4fbd5728d Mon Sep 17 00:00:00 2001 -From: marios <marios@redhat.com> -Date: Fri, 29 Nov 2013 18:23:54 +0200 -Subject: [PATCH] Validate CIDR given as ip-prefix in - security-group-rule-create - -There was no validation for the provided ip prefix. This just adds -a simple parse using netaddr and explodes with appropriate message. -Also makes sure ip prefix _is_ cidr (192.168.1.1-->192.168.1.1/32). - -Validation occurs at the attribute level (API model) as well as at -the db level, where the ethertype is validated against the ip_prefix -address type. - -Unit test cases added - bad prefix, unmasked prefix and incorrect -ethertype. Also adds attribute test cases for the added -convert_ip_prefix_to_cidr method - -Closes-Bug: 1255338 - -Conflicts: - neutron/tests/unit/test_security_groups_rpc.py - neutron/tests/unit/test_extension_security_group.py - -Change-Id: I71fb8c887963a122a5bd8cfdda800026c1cd3954 -(cherry picked from commit 65aa92b0348b7ab8413f359b00825610cdf66607) ---- - neutron/common/exceptions.py | 4 + - neutron/db/securitygroups_db.py | 20 +++++ - neutron/extensions/securitygroup.py | 18 ++++- - .../tests/unit/test_extension_security_group.py | 86 ++++++++++++++++++++++ - 4 files changed, 127 insertions(+), 1 deletion(-) - -diff --git a/neutron/common/exceptions.py b/neutron/common/exceptions.py -index 88fa6e4..80a75d1 100644 ---- a/neutron/common/exceptions.py -+++ b/neutron/common/exceptions.py -@@ -306,3 +306,7 @@ class NetworkVxlanPortRangeError(object): - class DeviceIDNotOwnedByTenant(Conflict): - message = _("The following device_id %(device_id)s is not owned by your " - "tenant or matches another tenants router.") -+ -+ -+class InvalidCIDR(BadRequest): -+ message = _("Invalid CIDR %(input)s given as IP prefix") -diff --git a/neutron/db/securitygroups_db.py b/neutron/db/securitygroups_db.py -index 2a7d2ef..8868546 100644 ---- a/neutron/db/securitygroups_db.py -+++ b/neutron/db/securitygroups_db.py -@@ -16,6 +16,7 @@ - # - # @author: Aaron Rosen, Nicira, Inc - -+import netaddr - import sqlalchemy as sa - from sqlalchemy import orm - from sqlalchemy.orm import exc -@@ -331,6 +332,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): - new_rules.add(rule['security_group_id']) - - self._validate_port_range(rule) -+ self._validate_ip_prefix(rule) - - if rule['remote_ip_prefix'] and rule['remote_group_id']: - raise ext_sg.SecurityGroupRemoteGroupAndRemoteIpPrefix() -@@ -411,6 +413,24 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): - if (i['security_group_rule'] == db_rule): - raise ext_sg.SecurityGroupRuleExists(id=id) - -+ def _validate_ip_prefix(self, rule): -+ """Check that a valid cidr was specified as remote_ip_prefix -+ -+ No need to check that it is in fact an IP address as this is already -+ validated by attribute validators. -+ Check that rule ethertype is consistent with remote_ip_prefix ip type. -+ Add mask to ip_prefix if absent (192.168.1.10 -> 192.168.1.10/32). -+ """ -+ input_prefix = rule['remote_ip_prefix'] -+ if input_prefix: -+ addr = netaddr.IPNetwork(input_prefix) -+ # set input_prefix to always include the netmask: -+ rule['remote_ip_prefix'] = str(addr) -+ # check consistency of ethertype with addr version -+ if rule['ethertype'] != "IPv%d" % (addr.version): -+ raise ext_sg.SecurityGroupRuleParameterConflict( -+ ethertype=rule['ethertype'], cidr=input_prefix) -+ - def get_security_group_rules(self, context, filters=None, fields=None, - sorts=None, limit=None, marker=None, - page_reverse=False): -diff --git a/neutron/extensions/securitygroup.py b/neutron/extensions/securitygroup.py -index 85d499a..3d10b5a 100644 ---- a/neutron/extensions/securitygroup.py -+++ b/neutron/extensions/securitygroup.py -@@ -17,6 +17,7 @@ - - from abc import ABCMeta - from abc import abstractmethod -+import netaddr - - from oslo.config import cfg - -@@ -102,6 +103,10 @@ class SecurityGroupRuleExists(qexception.InUse): - message = _("Security group rule already exists. Group id is %(id)s.") - - -+class SecurityGroupRuleParameterConflict(qexception.InvalidInput): -+ message = _("Conflicting value ethertype %(ethertype)s for CIDR %(cidr)s") -+ -+ - def convert_protocol(value): - if value is None: - return -@@ -152,6 +157,16 @@ def convert_to_uuid_list_or_none(value_list): - return value_list - - -+def convert_ip_prefix_to_cidr(ip_prefix): -+ if not ip_prefix: -+ return -+ try: -+ cidr = netaddr.IPNetwork(ip_prefix) -+ return str(cidr) -+ except (TypeError, netaddr.AddrFormatError): -+ raise qexception.InvalidCIDR(input=ip_prefix) -+ -+ - def _validate_name_not_default(data, valid_values=None): - if data == "default": - raise SecurityGroupDefaultAlreadyExists() -@@ -207,7 +222,8 @@ RESOURCE_ATTRIBUTE_MAP = { - 'convert_to': convert_ethertype_to_case_insensitive, - 'validate': {'type:values': sg_supported_ethertypes}}, - 'remote_ip_prefix': {'allow_post': True, 'allow_put': False, -- 'default': None, 'is_visible': True}, -+ 'default': None, 'is_visible': True, -+ 'convert_to': convert_ip_prefix_to_cidr}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'required_by_policy': True, - 'is_visible': True}, -diff --git a/neutron/tests/unit/test_extension_security_group.py b/neutron/tests/unit/test_extension_security_group.py -index d53e140..f0b1636 100644 ---- a/neutron/tests/unit/test_extension_security_group.py -+++ b/neutron/tests/unit/test_extension_security_group.py -@@ -21,11 +21,13 @@ import webob.exc - - from neutron.api.v2 import attributes as attr - from neutron.common import constants as const -+from neutron.common import exceptions as n_exc - from neutron.common.test_lib import test_config - from neutron import context - from neutron.db import db_base_plugin_v2 - from neutron.db import securitygroups_db - from neutron.extensions import securitygroup as ext_sg -+from neutron.tests import base - from neutron.tests.unit import test_db_plugin - - DB_PLUGIN_KLASS = ('neutron.tests.unit.test_extension_security_group.' -@@ -413,6 +415,70 @@ class TestSecurityGroups(SecurityGroupDBTestCase): - self.deserialize(self.fmt, res) - self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) - -+ def test_create_security_group_rule_invalid_ip_prefix(self): -+ name = 'webservers' -+ description = 'my webservers' -+ for bad_prefix in ['bad_ip', 256, "2001:db8:a::123/129", '172.30./24']: -+ with self.security_group(name, description) as sg: -+ sg_id = sg['security_group']['id'] -+ remote_ip_prefix = bad_prefix -+ rule = self._build_security_group_rule( -+ sg_id, -+ 'ingress', -+ const.PROTO_NAME_TCP, -+ '22', '22', -+ remote_ip_prefix) -+ res = self._create_security_group_rule(self.fmt, rule) -+ self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) -+ -+ def test_create_security_group_rule_invalid_ethertype_for_prefix(self): -+ name = 'webservers' -+ description = 'my webservers' -+ test_addr = {'192.168.1.1/24': 'ipv4', '192.168.1.1/24': 'IPv6', -+ '2001:db8:1234::/48': 'ipv6', -+ '2001:db8:1234::/48': 'IPv4'} -+ for prefix, ether in test_addr.iteritems(): -+ with self.security_group(name, description) as sg: -+ sg_id = sg['security_group']['id'] -+ ethertype = ether -+ remote_ip_prefix = prefix -+ rule = self._build_security_group_rule( -+ sg_id, -+ 'ingress', -+ const.PROTO_NAME_TCP, -+ '22', '22', -+ remote_ip_prefix, -+ None, -+ None, -+ ethertype) -+ res = self._create_security_group_rule(self.fmt, rule) -+ self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) -+ -+ def test_create_security_group_rule_with_unmasked_prefix(self): -+ name = 'webservers' -+ description = 'my webservers' -+ addr = {'10.1.2.3': {'mask': '32', 'ethertype': 'IPv4'}, -+ 'fe80::2677:3ff:fe7d:4c': {'mask': '128', 'ethertype': 'IPv6'}} -+ for ip in addr: -+ with self.security_group(name, description) as sg: -+ sg_id = sg['security_group']['id'] -+ ethertype = addr[ip]['ethertype'] -+ remote_ip_prefix = ip -+ rule = self._build_security_group_rule( -+ sg_id, -+ 'ingress', -+ const.PROTO_NAME_TCP, -+ '22', '22', -+ remote_ip_prefix, -+ None, -+ None, -+ ethertype) -+ res = self._create_security_group_rule(self.fmt, rule) -+ self.assertEqual(res.status_int, 201) -+ res_sg = self.deserialize(self.fmt, res) -+ prefix = res_sg['security_group_rule']['remote_ip_prefix'] -+ self.assertEqual(prefix, '%s/%s' % (ip, addr[ip]['mask'])) -+ - def test_create_security_group_rule_tcp_protocol_as_number(self): - name = 'webservers' - description = 'my webservers' -@@ -1348,5 +1414,25 @@ class TestSecurityGroups(SecurityGroupDBTestCase): - self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) - - -+class TestConvertIPPrefixToCIDR(base.BaseTestCase): -+ -+ def test_convert_bad_ip_prefix_to_cidr(self): -+ for val in ['bad_ip', 256, "2001:db8:a::123/129"]: -+ self.assertRaises(n_exc.InvalidCIDR, -+ ext_sg.convert_ip_prefix_to_cidr, val) -+ self.assertIsNone(ext_sg.convert_ip_prefix_to_cidr(None)) -+ -+ def test_convert_ip_prefix_no_netmask_to_cidr(self): -+ addr = {'10.1.2.3': '32', 'fe80::2677:3ff:fe7d:4c': '128'} -+ for k, v in addr.iteritems(): -+ self.assertEqual(ext_sg.convert_ip_prefix_to_cidr(k), -+ '%s/%s' % (k, v)) -+ -+ def test_convert_ip_prefix_with_netmask_to_cidr(self): -+ addresses = ['10.1.0.0/16', '10.1.2.3/32', '2001:db8:1234::/48'] -+ for addr in addresses: -+ self.assertEqual(ext_sg.convert_ip_prefix_to_cidr(addr), addr) -+ -+ - class TestSecurityGroupsXML(TestSecurityGroups): - fmt = 'xml' --- -1.8.5.5
\ No newline at end of file diff --git a/sys-cluster/neutron/neutron-2013.2.3-r1.ebuild b/sys-cluster/neutron/neutron-2013.2.3-r1.ebuild deleted file mode 100644 index 663ff9cbf2f9..000000000000 --- a/sys-cluster/neutron/neutron-2013.2.3-r1.ebuild +++ /dev/null @@ -1,157 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/neutron-2013.2.3-r1.ebuild,v 1.1 2014/05/14 06:01:28 prometheanfire Exp $ - -EAPI=5 -PYTHON_COMPAT=( python2_7 ) - -inherit distutils-r1 user - -DESCRIPTION="A virtual network service for Openstack." -HOMEPAGE="https://launchpad.net/neutron" -SRC_URI="http://launchpad.net/${PN}/havana/${PV}/+download/${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+dhcp doc +l3 +metadata +openvswitch +server test sqlite mysql postgres" -REQUIRED_USE="|| ( mysql postgres sqlite )" - -#the cliff dep is as below because it depends on pyparsing, which only has 2.7 OR 3.2, not both -DEPEND="dev-python/setuptools[${PYTHON_USEDEP}] - >=dev-python/pbr-0.5.21[${PYTHON_USEDEP}] - <dev-python/pbr-1.0[${PYTHON_USEDEP}] - app-admin/sudo - test? ( >=dev-python/cliff-1.4.3[${PYTHON_USEDEP}] - >=dev-python/coverage-3.6[${PYTHON_USEDEP}] - >=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}] - >=dev-python/mock-1.0[${PYTHON_USEDEP}] - >=dev-python/mox-0.5.3[${PYTHON_USEDEP}] - dev-python/subunit[${PYTHON_USEDEP}] - >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] - <dev-python/sphinx-1.2[${PYTHON_USEDEP}] - >=dev-python/testrepository-0.0.17[${PYTHON_USEDEP}] - >=dev-python/testtools-0.9.32[${PYTHON_USEDEP}] - >=dev-python/webtest-2.0[${PYTHON_USEDEP}] - dev-python/configobj[${PYTHON_USEDEP}] - <dev-python/hacking-0.8[${PYTHON_USEDEP}] - >=dev-python/hacking-0.5.6[${PYTHON_USEDEP}] - dev-python/mimeparse[${PYTHON_USEDEP}] )" - -RDEPEND="dev-python/paste[${PYTHON_USEDEP}] - >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}] - >=dev-python/routes-1.12.3[${PYTHON_USEDEP}] - >=dev-python/amqplib-0.6.1-r1[${PYTHON_USEDEP}] - >=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}] - virtual/python-argparse[${PYTHON_USEDEP}] - >=dev-python/Babel-1.3[${PYTHON_USEDEP}] - >=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}] - >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}] - dev-python/httplib2[${PYTHON_USEDEP}] - >=dev-python/requests-1.1[${PYTHON_USEDEP}] - >=dev-python/iso8601-0.1.8[${PYTHON_USEDEP}] - dev-python/jsonrpclib[${PYTHON_USEDEP}] - dev-python/jinja[${PYTHON_USEDEP}] - >=dev-python/kombu-2.4.8[${PYTHON_USEDEP}] - dev-python/netaddr[${PYTHON_USEDEP}] - >=dev-python/python-neutronclient-2.3.4[${PYTHON_USEDEP}] - <=dev-python/python-neutronclient-3.0.0[${PYTHON_USEDEP}] - sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.7.99[sqlite,${PYTHON_USEDEP}] ) - mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.7.99[mysql,${PYTHON_USEDEP}] ) - postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.7.99[postgres,${PYTHON_USEDEP}] ) - >=dev-python/webob-1.2.3[${PYTHON_USEDEP}] - <dev-python/webob-1.3[${PYTHON_USEDEP}] - >=dev-python/python-keystoneclient-0.3.2[${PYTHON_USEDEP}] - >=dev-python/alembic-0.4.1[${PYTHON_USEDEP}] - >=dev-python/six-1.4.1[${PYTHON_USEDEP}] - >=dev-python/stevedore-0.10[${PYTHON_USEDEP}] - >=dev-python/oslo-config-1.2.0[${PYTHON_USEDEP}] - >=dev-python/python-novaclient-2.15.0[${PYTHON_USEDEP}] - dev-python/pyudev[${PYTHON_USEDEP}] - sys-apps/iproute2 - openvswitch? ( net-misc/openvswitch ) - dhcp? ( net-dns/dnsmasq[dhcp-tools] )" - -PATCHES=( "${FILESDIR}/sphinx_mapping.patch" - "${FILESDIR}/nicira.patch" - "${FILESDIR}/2013.2.3-CVE-2014-0187.patch" ) - -pkg_setup() { - enewgroup neutron - enewuser neutron -1 -1 /var/lib/neutron neutron -} - -pkg_config() { - fperms 0700 /var/log/neutron - fowners neutron:neutron /var/log neutron -} - -src_prepare() { - #it's /bin/ip not /sbin/ip - sed -i 's/sbin\/ip\,/bin\/ip\,/g' etc/neutron/rootwrap.d/* - distutils-r1_src_prepare -} - -python_compile_all() { - use doc && make -C doc html -} - -python_test() { - # https://bugs.launchpad.net/neutron/+bug/1234857 - # https://bugs.launchpad.net/swift/+bug/1249727 - # https://bugs.launchpad.net/neutron/+bug/1251657 - # turn multiprocessing off, testr will use it --parallel - local DISTUTILS_NO_PARALLEL_BUILD=1 - # Move tests out that attempt net connection, have failures - mv $(find . -name test_ovs_tunnel.py) . || die - sed -e 's:test_app_using_ipv6_and_ssl:_&:' \ - -e 's:test_start_random_port_with_ipv6:_&:' \ - -i neutron/tests/unit/test_wsgi.py || die - testr init - testr run --parallel || die "failed testsuite under python2.7" -} - -python_install() { - distutils-r1_python_install - newconfd "${FILESDIR}/neutron-confd" "neutron" - newinitd "${FILESDIR}/neutron-initd" "neutron" - - use server && dosym /etc/init.d/neutron /etc/init.d/neutron-server - use dhcp && dosym /etc/init.d/neutron /etc/init.d/neutron-dhcp-agent - use l3 && dosym /etc/init.d/neutron /etc/init.d/neutron-l3-agent - use metadata && dosym /etc/init.d/neutron /etc/init.d/neutron-metadata-agent - use openvswitch && dosym /etc/init.d/neutron /etc/init.d/neutron-openvswitch-agent - - diropts -m 750 - dodir /var/log/neutron /var/log/neutron - fowners neutron:neutron /var/log/neutron - keepdir /etc/neutron - insinto /etc/neutron - - doins "etc/api-paste.ini" - doins "etc/dhcp_agent.ini" - doins "etc/l3_agent.ini" - doins "etc/policy.json" - doins "etc/neutron.conf" - doins "etc/rootwrap.conf" - insinto /etc - doins -r "etc/neutron/" - - #remove the etc stuff from usr... - rm -R "${D}/usr/etc/" - - insinto "/usr/lib64/python2.7/site-packages/neutron/db/migration/alembic_migrations/" - doins -r "neutron/db/migration/alembic_migrations/versions" - - #add sudoers definitions for user neutron - insinto /etc/sudoers.d/ - doins "${FILESDIR}/neutron-sudoers" -} - -python_install_all() { - use doc && local HTML_DOCS=( doc/build/html/. ) - distutils-r1_python_install_all -} diff --git a/sys-cluster/neutron/neutron-2013.2.9999.ebuild b/sys-cluster/neutron/neutron-2013.2.9999.ebuild deleted file mode 100644 index b3bca6b6bbb4..000000000000 --- a/sys-cluster/neutron/neutron-2013.2.9999.ebuild +++ /dev/null @@ -1,157 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/neutron-2013.2.9999.ebuild,v 1.7 2014/01/08 05:57:29 vapier Exp $ - -EAPI=5 -PYTHON_COMPAT=( python2_7 ) - -inherit distutils-r1 git-2 user - -DESCRIPTION="A virtual network service for Openstack." -HOMEPAGE="https://launchpad.net/neutron" -EGIT_REPO_URI="https://github.com/openstack/neutron.git" -EGIT_BRANCH="stable/havana" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="" -IUSE="+dhcp doc +l3 +metadata +openvswitch +server test sqlite mysql postgres" -REQUIRED_USE="|| ( mysql postgres sqlite )" - -#the cliff dep is as below because it depends on pyparsing, which only has 2.7 OR 3.2, not both -DEPEND="dev-python/setuptools[${PYTHON_USEDEP}] - >=dev-python/pbr-0.5.21[${PYTHON_USEDEP}] - <dev-python/pbr-1.0[${PYTHON_USEDEP}] - app-admin/sudo - test? ( >=dev-python/cliff-1.4.3[${PYTHON_USEDEP}] - >=dev-python/coverage-3.6[${PYTHON_USEDEP}] - >=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}] - >=dev-python/mock-1.0[${PYTHON_USEDEP}] - >=dev-python/mox-0.5.3[${PYTHON_USEDEP}] - dev-python/subunit[${PYTHON_USEDEP}] - >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] - <dev-python/sphinx-1.2[${PYTHON_USEDEP}] - >=dev-python/testrepository-0.0.17[${PYTHON_USEDEP}] - >=dev-python/testtools-0.9.32[${PYTHON_USEDEP}] - >=dev-python/webtest-2.0[${PYTHON_USEDEP}] - dev-python/configobj[${PYTHON_USEDEP}] - <dev-python/hacking-0.8[${PYTHON_USEDEP}] - >=dev-python/hacking-0.5.6[${PYTHON_USEDEP}] - dev-python/mimeparse[${PYTHON_USEDEP}] )" - -RDEPEND="dev-python/paste[${PYTHON_USEDEP}] - >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}] - >=dev-python/routes-1.12.3[${PYTHON_USEDEP}] - >=dev-python/amqplib-0.6.1-r1[${PYTHON_USEDEP}] - >=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}] - virtual/python-argparse[${PYTHON_USEDEP}] - >=dev-python/Babel-1.3[${PYTHON_USEDEP}] - >=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}] - >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}] - dev-python/httplib2[${PYTHON_USEDEP}] - >=dev-python/requests-1.1[${PYTHON_USEDEP}] - >=dev-python/iso8601-0.1.8[${PYTHON_USEDEP}] - dev-python/jsonrpclib[${PYTHON_USEDEP}] - dev-python/jinja[${PYTHON_USEDEP}] - >=dev-python/kombu-2.4.8[${PYTHON_USEDEP}] - dev-python/netaddr[${PYTHON_USEDEP}] - >=dev-python/python-neutronclient-2.3.0[${PYTHON_USEDEP}] - <=dev-python/python-neutronclient-3.0.0[${PYTHON_USEDEP}] - sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.7.99[sqlite,${PYTHON_USEDEP}] ) - mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.7.99[mysql,${PYTHON_USEDEP}] ) - postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.7.99[postgres,${PYTHON_USEDEP}] ) - >=dev-python/webob-1.2.3[${PYTHON_USEDEP}] - <dev-python/webob-1.3[${PYTHON_USEDEP}] - >=dev-python/python-keystoneclient-0.3.2[${PYTHON_USEDEP}] - >=dev-python/alembic-0.4.1[${PYTHON_USEDEP}] - >=dev-python/six-1.4.1[${PYTHON_USEDEP}] - >=dev-python/stevedore-0.10[${PYTHON_USEDEP}] - >=dev-python/oslo-config-1.2.0[${PYTHON_USEDEP}] - >=dev-python/python-novaclient-2.15.0[${PYTHON_USEDEP}] - dev-python/pyudev[${PYTHON_USEDEP}] - sys-apps/iproute2 - openvswitch? ( net-misc/openvswitch ) - dhcp? ( net-dns/dnsmasq[dhcp-tools] )" - -PATCHES=( "${FILESDIR}/sphinx_mapping.patch" - "${FILESDIR}/nicira.patch" ) - -pkg_setup() { - enewgroup neutron - enewuser neutron -1 -1 /var/lib/neutron neutron -} - -pkg_config() { - fperms 0700 /var/log/neutron - fowners neutron:neutron /var/log neutron -} - -src_prepare() { - #it's /bin/ip not /sbin/ip - sed -i 's/sbin\/ip\,/bin\/ip\,/g' etc/neutron/rootwrap.d/* - distutils-r1_src_prepare -} - -python_compile_all() { - use doc && make -C doc html -} - -python_test() { - # https://bugs.launchpad.net/neutron/+bug/1234857 - # https://bugs.launchpad.net/swift/+bug/1249727 - # https://bugs.launchpad.net/neutron/+bug/1251657 - # turn multiprocessing off, testr will use it --parallel - local DISTUTILS_NO_PARALLEL_BUILD=1 - # Move tests out that attempt net connection, have failures - mv $(find . -name test_ovs_tunnel.py) . || die - sed -e 's:test_app_using_ipv6_and_ssl:_&:' \ - -e 's:test_start_random_port_with_ipv6:_&:' \ - -i neutron/tests/unit/test_wsgi.py || die - testr init - testr run --parallel || die "failed testsuite under python2.7" -} - -python_install() { - distutils-r1_python_install - newconfd "${FILESDIR}/neutron-confd" "neutron" - newinitd "${FILESDIR}/neutron-initd" "neutron" - - use server && dosym /etc/init.d/neutron /etc/init.d/neutron-server - use dhcp && dosym /etc/init.d/neutron /etc/init.d/neutron-dhcp-agent - use l3 && dosym /etc/init.d/neutron /etc/init.d/neutron-l3-agent - use metadata && dosym /etc/init.d/neutron /etc/init.d/neutron-metadata-agent - use openvswitch && dosym /etc/init.d/neutron /etc/init.d/neutron-openvswitch-agent - - diropts -m 750 - dodir /var/log/neutron /var/log/neutron - fowners neutron:neutron /var/log/neutron - keepdir /etc/neutron - insinto /etc/neutron - - doins "etc/api-paste.ini" - doins "etc/dhcp_agent.ini" - doins "etc/l3_agent.ini" - doins "etc/policy.json" - doins "etc/neutron.conf" - doins "etc/rootwrap.conf" - insinto /etc - doins -r "etc/neutron/" - - #remove the etc stuff from usr... - rm -R "${D}/usr/etc/" - - insinto "/usr/lib64/python2.7/site-packages/neutron/db/migration/alembic_migrations/" - doins -r "neutron/db/migration/alembic_migrations/versions" - - #add sudoers definitions for user neutron - insinto /etc/sudoers.d/ - doins "${FILESDIR}/neutron-sudoers" -} - -python_install_all() { - use doc && local HTML_DOCS=( doc/build/html/. ) - distutils-r1_python_install_all -} |