Mailing List Archive | ports@openbsd.org

Sorry for the confusion. I mixed the patch with an old one which tried to patch this file... My fault. On 06 Mar 10:26, Robert Nagy wrote: > On 06/03/24 10:44 +0100, Uwe Werler wrote: > > Salü Robert, > > > > it seems that patches/patch-salt_utils_network_py is already in the attic... > > > > Best regards > > > > Uwe > > Why whould we need that patch? I am confused. > > > On 06 Mar 08:56, Robert Nagy wrote: > > > On 06/03/24 08:43 +0100, Robert Nagy wrote: > > > > I think we can backport this until there is a new release out. > > > > > > Please try the following diff: > > > > > > Index: Makefile > > > =================================================================== > > > RCS file: /cvs/ports/sysutils/salt/Makefile,v > > > diff -u -p -u -r1.183 Makefile > > > --- Makefile 1 Mar 2024 12:02:55 -0000 1.183 > > > +++ Makefile 6 Mar 2024 07:56:07 -0000 > > > @@ -18,6 +18,8 @@ COMMENT = remote execution and configur > > > MODPY_EGG_VERSION = 3006.7 > > > DISTNAME = salt-${MODPY_EGG_VERSION} > > > > > > +REVISION = 0 > > > + > > > CATEGORIES = sysutils net devel > > > > > > HOMEPAGE = https://saltproject.io/ > > > Index: patches/patch-salt_channel_server_py > > > =================================================================== > > > RCS file: patches/patch-salt_channel_server_py > > > diff -N patches/patch-salt_channel_server_py > > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > > +++ patches/patch-salt_channel_server_py 6 Mar 2024 07:56:07 -0000 > > > @@ -0,0 +1,52 @@ > > > +52d98866200384dbaf3dbdecf66de00ff6d2195c fix: Older keys end with a newline, this breaks minion auth. > > > +4e72e2f0a57b594c3f7e14cc385a066097a268b2 fix: typo's > > > +0f4c022fdaabb41962e7fde1baca7bf73122f534 Simply check against cleaned key from disk. > > > +ecc39aa994c55b22c10320380abf6bd24529496d Refactor and add some tests > > > + > > > +Index: salt/channel/server.py > > > +--- salt/channel/server.py.orig > > > ++++ salt/channel/server.py > > > +@@ -52,6 +52,16 @@ class ReqServerChannel: > > > + transport = salt.transport.request_server(opts, **kwargs) > > > + return cls(opts, transport) > > > + > > > ++ @classmethod > > > ++ def compare_keys(cls, key1, key2): > > > ++ """ > > > ++ Normalize and compare two keys > > > ++ > > > ++ Returns: > > > ++ bool: ``True`` if the keys match, otherwise ``False`` > > > ++ """ > > > ++ return salt.crypt.clean_key(key1) == salt.crypt.clean_key(key2) > > > ++ > > > + def __init__(self, opts, transport): > > > + self.opts = opts > > > + self.transport = transport > > > +@@ -371,7 +381,7 @@ class ReqServerChannel: > > > + elif os.path.isfile(pubfn): > > > + # The key has been accepted, check it > > > + with salt.utils.files.fopen(pubfn, "r") as pubfn_handle: > > > +- if salt.crypt.clean_key(pubfn_handle.read()) != load["pub"]: > > > ++ if not self.compare_keys(pubfn_handle.read(), load["pub"]): > > > + log.error( > > > + "Authentication attempt from %s failed, the public " > > > + "keys did not match. This may be an attempt to compromise " > > > +@@ -480,7 +490,7 @@ class ReqServerChannel: > > > + # case. Otherwise log the fact that the minion is still > > > + # pending. > > > + with salt.utils.files.fopen(pubfn_pend, "r") as pubfn_handle: > > > +- if salt.crypt.clean_key(pubfn_handle.read()) != load["pub"]: > > > ++ if not self.compare_keys(pubfn_handle.read(), load["pub"]): > > > + log.error( > > > + "Authentication attempt from %s failed, the public " > > > + "key in pending did not match. This may be an " > > > +@@ -536,7 +546,7 @@ class ReqServerChannel: > > > + # so, pass on doing anything here, and let it get automatically > > > + # accepted below. > > > + with salt.utils.files.fopen(pubfn_pend, "r") as pubfn_handle: > > > +- if salt.crypt.clean_key(pubfn_handle.read()) != load["pub"]: > > > ++ if not self.compare_keys(pubfn_handle.read(), load["pub"]): > > > + log.error( > > > + "Authentication attempt from %s failed, the public " > > > + "keys in pending did not match. This may be an " > > > Index: patches/patch-salt_grains_core_py > > > =================================================================== > > > RCS file: /cvs/ports/sysutils/salt/patches/patch-salt_grains_core_py,v > > > diff -u -p -u -r1.12 patch-salt_grains_core_py > > > --- patches/patch-salt_grains_core_py 28 Apr 2023 18:30:40 -0000 1.12 > > > +++ patches/patch-salt_grains_core_py 6 Mar 2024 07:56:07 -0000 > > > @@ -24,7 +24,7 @@ Index: salt/grains/core.py > > > return grains > > > > > > > > > -@@ -2652,10 +2654,12 @@ def os_data(): > > > +@@ -2744,10 +2746,12 @@ def os_data(): > > > # derive osrelease from kernelversion prior to that > > > grains["osrelease"] = grains["kernelrelease"].split("-")[0] > > > grains.update(_bsd_cpudata(grains)) > > > > -- > > wq: ~uw > > -- > Regards, > Robert Nagy -- wq: ~uw

- 2024-03-06 09:22 Stuart Henderson:
  Salt master on -stable and communication with minions on -current 3006.7 version
- 2024-03-06 09:26 Robert Nagy:
  Salt master on -stable and communication with minions on -current 3006.7 version
- - 2024-03-06 12:47 Uwe Werler:
    Salt master on -stable and communication with minions on -current 3006.7 version
2024-03-06 14:11 Uwe Werler:
Salt master on -stable and communication with minions on -current 3006.7 version
- 2024-03-06 14:15 Uwe Werler:
  Salt master on -stable and communication with minions on -current 3006.7 version