saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #64998 from s0undt3ch/hotfix/merge-forward

Browse source 
[master] Merge 3006.x into master
This commit is contained in:
Megan Wilhite 2023-08-24 17:58:00 +00:00 committed by GitHub
commit 17a9837e36
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
133 changed files with 1508 additions and 747 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
.github/workflows/ci.yml vendored
View file

@ -22,6 +22,7 @@ env:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
actions: read # for technote-space/workflow-conclusion-action to get the job statuses
concurrency:
# Concurrency is defined in a way that concurrent builds against branches do
@ -35,7 +36,7 @@ jobs:
prepare-workflow:
name: Prepare Workflow Run
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
outputs:
jobs: ${{ steps.define-jobs.outputs.jobs }}
runners: ${{ steps.runner-types.outputs.runners }}
@ -266,8 +267,7 @@ jobs:
prepare-release:
name: "Prepare Release: ${{ needs.prepare-workflow.outputs.salt-version }}"
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['prepare-release'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
runs-on:
- ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "medium", "x86_64"]') || 'ubuntu-latest' }}
needs:
- prepare-workflow
steps:
@ -416,7 +416,7 @@ jobs:
needs:
- prepare-workflow
- prepare-release
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "medium", "x86_64"]') || 'ubuntu-latest' }}
steps:
- uses: actions/checkout@v3
@ -463,7 +463,7 @@ jobs:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-salt-onedir:
@ -479,7 +479,7 @@ jobs:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-rpm-pkgs:
@ -491,7 +491,7 @@ jobs:
uses: ./.github/workflows/build-rpm-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-deb-pkgs:
@ -503,7 +503,7 @@ jobs:
uses: ./.github/workflows/build-deb-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-windows-pkgs:
@ -515,7 +515,7 @@ jobs:
uses: ./.github/workflows/build-windows-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-macos-pkgs:
@ -527,7 +527,7 @@ jobs:
uses: ./.github/workflows/build-macos-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
amazonlinux-2-pkg-tests:
@ -1309,7 +1309,7 @@ jobs:
# on a pull request instead of requiring all
name: Set the ${{ github.workflow }} Pipeline Exit Status
if: always()
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
needs:
- prepare-workflow
- pre-commit

25
.github/workflows/lint-action.yml vendored
View file

@ -18,19 +18,21 @@ env:
jobs:
Salt:
name: Lint Salt's Source Code
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "large", "x86_64"]') || 'ubuntu-latest' }}
if: ${{ contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name) || fromJSON(inputs.changed-files)['salt'] || fromJSON(inputs.changed-files)['lint'] }}
container:
image: python:3.8-slim-buster
image: ghcr.io/saltstack/salt-ci-containers/python:3.8
steps:
- name: Install System Deps
run: |
echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
apt-get update
apt-get install -y enchant git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev
apt-get install -y git/buster-backports
apt-get install -y enchant-2 git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev
- name: Add Git Safe Directory
run: |
git config --global --add safe.directory "$(pwd)"
- uses: actions/checkout@v3
@ -60,19 +62,22 @@ jobs:
Tests:
name: Lint Salt's Test Suite
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "large", "x86_64"]') || 'ubuntu-latest' }}
if: ${{ contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name) || fromJSON(inputs.changed-files)['tests'] || fromJSON(inputs.changed-files)['lint'] }}
container:
image: python:3.8-slim-buster
image: ghcr.io/saltstack/salt-ci-containers/python:3.8
steps:
- name: Install System Deps
run: |
echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
echo "deb http://deb.debian.org/debian bookworm-backports main" >> /etc/apt/sources.list
apt-get update
apt-get install -y enchant git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev
apt-get install -y git/buster-backports
apt-get install -y enchant-2 git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev
- name: Add Git Safe Directory
run: |
git config --global --add safe.directory "$(pwd)"
- uses: actions/checkout@v3

26
.github/workflows/nightly.yml vendored
View file

@ -38,7 +38,7 @@ jobs:
workflow-requirements:
name: Check Workflow Requirements
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
outputs:
requirements-met: ${{ steps.check-requirements.outputs.requirements-met }}
steps:
@ -65,8 +65,7 @@ jobs:
trigger-branch-nightly-builds:
name: Trigger Branch Workflows
if: ${{ github.event_name == 'schedule' && fromJSON(needs.workflow-requirements.outputs.requirements-met) }}
runs-on:
- ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
needs:
- workflow-requirements
steps:
@ -78,7 +77,7 @@ jobs:
prepare-workflow:
name: Prepare Workflow Run
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
if: ${{ fromJSON(needs.workflow-requirements.outputs.requirements-met) }}
needs:
- workflow-requirements
@ -312,8 +311,7 @@ jobs:
prepare-release:
name: "Prepare Release: ${{ needs.prepare-workflow.outputs.salt-version }}"
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['prepare-release'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
runs-on:
- ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "medium", "x86_64"]') || 'ubuntu-latest' }}
needs:
- prepare-workflow
steps:
@ -462,7 +460,7 @@ jobs:
needs:
- prepare-workflow
- prepare-release
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "medium", "x86_64"]') || 'ubuntu-latest' }}
steps:
- uses: actions/checkout@v3
@ -509,7 +507,7 @@ jobs:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-salt-onedir:
@ -525,7 +523,7 @@ jobs:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-rpm-pkgs:
@ -537,7 +535,7 @@ jobs:
uses: ./.github/workflows/build-rpm-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-deb-pkgs:
@ -549,7 +547,7 @@ jobs:
uses: ./.github/workflows/build-deb-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-windows-pkgs:
@ -561,7 +559,7 @@ jobs:
uses: ./.github/workflows/build-windows-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
environment: nightly
sign-packages: false
@ -576,7 +574,7 @@ jobs:
uses: ./.github/workflows/build-macos-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
environment: nightly
sign-packages: true
@ -2064,7 +2062,7 @@ jobs:
# on a pull request instead of requiring all
name: Set the ${{ github.workflow }} Pipeline Exit Status
if: always()
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
environment: nightly
needs:
- workflow-requirements

12
.github/workflows/pre-commit-action.yml vendored
View file

@ -21,19 +21,21 @@ jobs:
Pre-Commit:
name: Run Pre-Commit Against Salt
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
container:
image: python:3.10-slim-buster
image: ghcr.io/saltstack/salt-ci-containers/python:3.10
steps:
- name: Install System Deps
run: |
echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
apt-get update
apt-get install -y wget curl enchant git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev
apt-get install -y git/buster-backports
apt-get install -y wget curl enchant-2 git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev
- name: Add Git Safe Directory
run: |
git config --global --add safe.directory "$(pwd)"
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-actionlint

2
.github/workflows/release-tag.yml vendored
View file

@ -31,7 +31,7 @@ jobs:
permissions:
contents: write # for dev-drprasad/delete-tag-and-release to delete tags or releases
name: Generate Tag and Github Release
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
steps:
- uses: dev-drprasad/delete-tag-and-release@v0.2.0
if: github.event.inputs.reTag == 'true'

2
.github/workflows/release-update-winrepo.yml vendored
View file

@ -19,7 +19,7 @@ permissions:
jobs:
update-winrepo:
name: Update Winrepo
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
steps:
- name: Checkout Salt

7
.github/workflows/release.yml vendored
View file

@ -35,7 +35,7 @@ jobs:
check-requirements:
name: Check Requirements
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
environment: release-check
steps:
- name: Check For Admin Permission
@ -87,6 +87,9 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
tools pkg repo confirm-unreleased --repository ${{ github.repository }} ${{ steps.setup-salt-version.outputs.salt-version }}
if [ "${{ github.event.repository.private }}" = "true" ]; then
tools pkg repo confirm-unreleased --repository saltstack/salt ${{ steps.setup-salt-version.outputs.salt-version }}
fi
- name: Check Release Staged
env:
@ -1057,7 +1060,7 @@ jobs:
# on a pull request instead of requiring all
name: Set the ${{ github.workflow }} Pipeline Exit Status
if: always()
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
needs:
- check-requirements
- prepare-workflow

26
.github/workflows/scheduled.yml vendored
View file

@ -28,7 +28,7 @@ jobs:
workflow-requirements:
name: Check Workflow Requirements
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
outputs:
requirements-met: ${{ steps.check-requirements.outputs.requirements-met }}
steps:
@ -55,8 +55,7 @@ jobs:
trigger-branch-scheduled-builds:
name: Trigger Branch Workflows
if: ${{ github.event_name == 'schedule' && fromJSON(needs.workflow-requirements.outputs.requirements-met) }}
runs-on:
- ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
needs:
- workflow-requirements
steps:
@ -68,7 +67,7 @@ jobs:
prepare-workflow:
name: Prepare Workflow Run
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
if: ${{ fromJSON(needs.workflow-requirements.outputs.requirements-met) }}
needs:
- workflow-requirements
@ -302,8 +301,7 @@ jobs:
prepare-release:
name: "Prepare Release: ${{ needs.prepare-workflow.outputs.salt-version }}"
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['prepare-release'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
runs-on:
- ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "medium", "x86_64"]') || 'ubuntu-latest' }}
needs:
- prepare-workflow
steps:
@ -452,7 +450,7 @@ jobs:
needs:
- prepare-workflow
- prepare-release
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "medium", "x86_64"]') || 'ubuntu-latest' }}
steps:
- uses: actions/checkout@v3
@ -499,7 +497,7 @@ jobs:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-salt-onedir:
@ -515,7 +513,7 @@ jobs:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-rpm-pkgs:
@ -527,7 +525,7 @@ jobs:
uses: ./.github/workflows/build-rpm-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-deb-pkgs:
@ -539,7 +537,7 @@ jobs:
uses: ./.github/workflows/build-deb-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-windows-pkgs:
@ -551,7 +549,7 @@ jobs:
uses: ./.github/workflows/build-windows-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-macos-pkgs:
@ -563,7 +561,7 @@ jobs:
uses: ./.github/workflows/build-macos-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
amazonlinux-2-pkg-tests:
@ -1345,7 +1343,7 @@ jobs:
# on a pull request instead of requiring all
name: Set the ${{ github.workflow }} Pipeline Exit Status
if: always()
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
needs:
- workflow-requirements
- trigger-branch-scheduled-builds

30
.github/workflows/staging.yml vendored
View file

@ -18,6 +18,10 @@ on:
type: boolean
default: false
description: Sign Windows Packages
skip-test-pypi-publish:
type: boolean
default: false
description: Skip publishing the source package to Test PyPi(For example, CVE releases)
skip-salt-test-suite:
type: boolean
default: false
@ -39,6 +43,7 @@ env:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
actions: read # for technote-space/workflow-conclusion-action to get the job statuses
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.repository }}
@ -48,7 +53,7 @@ jobs:
check-requirements:
name: Check Requirements
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
environment: staging-check
steps:
- name: Check For Admin Permission
@ -59,7 +64,7 @@ jobs:
prepare-workflow:
name: Prepare Workflow Run
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
needs:
- check-requirements
outputs:
@ -192,6 +197,9 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
tools pkg repo confirm-unreleased --repository ${{ github.repository }} ${{ steps.setup-salt-version.outputs.salt-version }}
if [ "${{ github.event.repository.private }}" = "true" ]; then
tools pkg repo confirm-unreleased --repository saltstack/salt ${{ steps.setup-salt-version.outputs.salt-version }}
fi
- name: Write Changed Files To A Local File
run:
@ -452,7 +460,7 @@ jobs:
needs:
- prepare-workflow
- prepare-release
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "medium", "x86_64"]') || 'ubuntu-latest' }}
steps:
- uses: actions/checkout@v3
@ -499,7 +507,7 @@ jobs:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-salt-onedir:
@ -515,7 +523,7 @@ jobs:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-rpm-pkgs:
@ -527,7 +535,7 @@ jobs:
uses: ./.github/workflows/build-rpm-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-deb-pkgs:
@ -539,7 +547,7 @@ jobs:
uses: ./.github/workflows/build-deb-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
build-windows-pkgs:
@ -551,7 +559,7 @@ jobs:
uses: ./.github/workflows/build-windows-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
environment: staging
sign-packages: ${{ inputs.sign-windows-packages }}
@ -566,7 +574,7 @@ jobs:
uses: ./.github/workflows/build-macos-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
relenv-version: "0.13.2"
relenv-version: "0.13.4"
python-version: "3.10.12"
environment: staging
sign-packages: true
@ -2703,7 +2711,7 @@ jobs:
publish-pypi:
name: Publish to PyPi(test)
if: ${{ github.event.repository.fork != true }}
if: ${{ inputs.skip-test-pypi-publish != true && github.event.repository.fork != true }}
needs:
- prepare-workflow
- upload-release-artifacts
@ -2834,7 +2842,7 @@ jobs:
# on a pull request instead of requiring all
name: Set the ${{ github.workflow }} Pipeline Exit Status
if: always()
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
needs:
- check-requirements
- prepare-workflow

5
.github/workflows/templates/ci.yml.jinja vendored
View file

@ -52,8 +52,7 @@
- x86_64
<%- else %>
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
runs-on:
- ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "medium", "x86_64"]') || 'ubuntu-latest' }}
<%- endif %>
needs:
- prepare-workflow
@ -219,7 +218,7 @@
needs:
- prepare-workflow
- prepare-release
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "medium", "x86_64"]') || 'ubuntu-latest' }}
steps:
- uses: actions/checkout@v3

11
.github/workflows/templates/layout.yml.jinja vendored
View file

@ -43,6 +43,9 @@ env:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
<%- if workflow_slug not in ("nightly", "scheduled") %>
actions: read # for technote-space/workflow-conclusion-action to get the job statuses
<%- endif %>
<%- endblock permissions %>
@ -71,7 +74,7 @@ jobs:
prepare-workflow:
name: Prepare Workflow Run
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
<%- if prepare_workflow_if_check %>
if: <{ prepare_workflow_if_check }>
<%- endif %>
@ -213,6 +216,10 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
tools pkg repo confirm-unreleased --repository ${{ github.repository }} ${{ steps.setup-salt-version.outputs.salt-version }}
if [ "${{ github.event.repository.private }}" = "true" ]; then
tools pkg repo confirm-unreleased --repository saltstack/salt ${{ steps.setup-salt-version.outputs.salt-version }}
fi
<%- endif %>
@ -311,7 +318,7 @@ jobs:
# on a pull request instead of requiring all
name: Set the ${{ github.workflow }} Pipeline Exit Status
if: always()
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
<%- if workflow_slug == "nightly" %>
environment: <{ workflow_slug }>
<%- endif %>

2
.github/workflows/templates/nightly.yml.jinja vendored
View file

@ -58,7 +58,7 @@ concurrency:
<%- do conclusion_needs.append('notify-slack') %>
notify-slack:
name: Notify Slack
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
environment: <{ gh_environment }>
needs:
<%- for need in prepare_workflow_needs.iter(consume=False) %>

5
.github/workflows/templates/release.yml.jinja vendored
View file

@ -52,7 +52,7 @@ permissions:
<{ job_name }>:
<%- do prepare_workflow_needs.append(job_name) %>
name: Check Requirements
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
environment: <{ gh_environment }>-check
steps:
- name: Check For Admin Permission
@ -115,6 +115,9 @@ permissions:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
tools pkg repo confirm-unreleased --repository ${{ github.repository }} ${{ steps.setup-salt-version.outputs.salt-version }}
if [ "${{ github.event.repository.private }}" = "true" ]; then
tools pkg repo confirm-unreleased --repository saltstack/salt ${{ steps.setup-salt-version.outputs.salt-version }}
fi
- name: Check Release Staged
env:

8
.github/workflows/templates/staging.yml.jinja vendored
View file

@ -31,6 +31,10 @@ on:
type: boolean
default: false
description: Sign Windows Packages
skip-test-pypi-publish:
type: boolean
default: false
description: Skip publishing the source package to Test PyPi(For example, CVE releases)
skip-salt-test-suite:
type: boolean
default: false
@ -62,7 +66,7 @@ concurrency:
<{ job_name }>:
<%- do prepare_workflow_needs.append(job_name) %>
name: Check Requirements
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
environment: <{ gh_environment }>-check
steps:
- name: Check For Admin Permission
@ -160,7 +164,7 @@ concurrency:
publish-pypi:
<%- do conclusion_needs.append('publish-pypi') %>
name: Publish to PyPi(test)
if: ${{ github.event.repository.fork != true }}
if: ${{ inputs.skip-test-pypi-publish != true && github.event.repository.fork != true }}
needs:
- prepare-workflow
- upload-release-artifacts

3
.github/workflows/templates/trigger-branch-workflows.yml.jinja vendored
View file

@ -7,8 +7,7 @@
<%- do conclusion_needs.append(job_name) %>
name: Trigger Branch Workflows
if: ${{ github.event_name == 'schedule' && fromJSON(needs.workflow-requirements.outputs.requirements-met) }}
runs-on:
- ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
needs:
- workflow-requirements
steps:

2
.github/workflows/templates/workflow-requirements-check.yml.jinja vendored
View file

@ -4,7 +4,7 @@
<{ job_name }>:
<%- do prepare_workflow_needs.append(job_name) %>
name: Check Workflow Requirements
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
outputs:
requirements-met: ${{ steps.check-requirements.outputs.requirements-met }}
steps:

4
.github/workflows/test-action-macos.yml vendored
View file

@ -64,7 +64,7 @@ jobs:
generate-matrix:
name: Generate Test Matrix
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
outputs:
matrix-include: ${{ steps.generate-matrix.outputs.matrix }}
transport-matrix-include: ${{ steps.generate-transport-matrix.outputs.matrix }}
@ -445,7 +445,7 @@ jobs:
report:
name: Reports for ${{ inputs.distro-slug }}(${{ matrix.transport }})
if: always() && (inputs.skip-code-coverage == false || inputs.skip-junit-reports == false) && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
needs:
- generate-matrix
- test

2
.github/workflows/test-package-downloads-action-macos.yml vendored
View file

@ -259,7 +259,7 @@ jobs:
report:
name: Reports for ${{ inputs.distro-slug }}(${{ inputs.arch }})
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
environment: ${{ inputs.environment }}
if: always() && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
needs:

4
.github/workflows/test-packages-action-macos.yml vendored
View file

@ -70,7 +70,7 @@ jobs:
generate-matrix:
name: Generate Package Test Matrix
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
outputs:
pkg-matrix-include: ${{ steps.generate-pkg-matrix.outputs.matrix }}
steps:
@ -275,7 +275,7 @@ jobs:
report:
name: Reports for ${{ inputs.distro-slug }}(${{ matrix.test-chunk }})
runs-on: ubuntu-latest
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
if: always() && (inputs.skip-code-coverage == false || inputs.skip-junit-reports == false) && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
needs:
- test

83
CHANGELOG.md
View file

@ -7,6 +7,74 @@ Versions are `MAJOR.PATCH`.
# Changelog
## 3006.2 (2023-08-09)
### Fixed
- In scenarios where PythonNet fails to load, Salt will now fall back to WMI for
gathering grains information [#64897](https://github.com/saltstack/salt/issues/64897)
### Security
- fix CVE-2023-20897 by catching exception instead of letting exception disrupt connection [#cve-2023-20897](https://github.com/saltstack/salt/issues/cve-2023-20897)
- Fixed gitfs cachedir_basename to avoid hash collisions. Added MP Lock to gitfs. These changes should stop race conditions. [#cve-2023-20898](https://github.com/saltstack/salt/issues/cve-2023-20898)
- Upgrade to `requests==2.31.0`
Due to:
* https://github.com/advisories/GHSA-j8r2-6x86-q33q [#64336](https://github.com/saltstack/salt/issues/64336)
- Upgrade to `cryptography==41.0.3`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)
This only really impacts pip installs of Salt and the windows onedir since the linux and macos onedir build every package dependency from source, not from pre-existing wheels.
Also resolves the following cryptography advisories:
Due to:
* https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
* https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
* https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
There is no security upgrade available for Py3.5 [#64595](https://github.com/saltstack/salt/issues/64595)
- Bump to `certifi==2023.07.22` due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7 [#64718](https://github.com/saltstack/salt/issues/64718)
- Upgrade `relenv` to `0.13.2` and Python to `3.10.12`
Addresses multiple CVEs in Python's dependencies: https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-12 [#64719](https://github.com/saltstack/salt/issues/64719)
## Salt v3005.2 (2023-07-31)
### Changed
- Additional required package upgrades
* It's now `pyzmq>=20.0.0` on all platforms, and `<=22.0.3` just for windows.
* Upgrade to `pyopenssl==23.0.0` due to the cryptography upgrade. (#63757)
### Security
- fix CVE-2023-20897 by catching exception instead of letting exception disrupt connection (cve-2023-20897)
- Fixed gitfs cachedir_basename to avoid hash collisions. Added MP Lock to gitfs. These changes should stop race conditions. (cve-2023-20898)
- Upgrade to `requests==2.31.0`
Due to:
* https://github.com/advisories/GHSA-j8r2-6x86-q33q (#64336)
- Upgrade to `cryptography==41.0.3`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)
Also resolves the following cryptography advisories:
Due to:
* https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
* https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
* https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
There is no security upgrade available for Py3.5 (#64595)
- Bump to `certifi==2023.07.22` due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7
Python 3.5 cannot get the updated requirements since certifi no longer supports this python version (#64720)
## 3006.1 (2023-05-05)
@ -42,7 +110,6 @@ Versions are `MAJOR.PATCH`.
- Cloud deployment directories are owned by salt user and group [#64204](https://github.com/saltstack/salt/issues/64204)
- ``lgpo_reg`` state now enforces and reports changes to the registry [#64222](https://github.com/saltstack/salt/issues/64222)
## 3006.0 (2023-04-18)
@ -1425,6 +1492,20 @@ Versions are `MAJOR.PATCH`.
- Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606)
## Salt v3005.1-2 (2022-11-04)
Note: This release is only impacting the packages not the Salt code base.
### Fixed
- Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang (#62937)
- Onedir Package Fix: Fix "No such file or directory" error on Rhel installs. (#62948)
### Security
- Update the onedir packages Python version to 3.8.15 for Windows and 3.9.15 for Linux and Mac
## Salt 3005.1 (2022-09-26)
### Fixed

1
changelog/62590.fixed.md Normal file
View file

@ -0,0 +1 @@
Preserve test=True condition while running sub states.

1
changelog/63336.fixed.md Normal file
View file

@ -0,0 +1 @@
Fix SELinux get policy with trailing whitespace

1
changelog/64249.fixed.md Normal file
View file

@ -0,0 +1 @@
`salt-pip` now properly errors out when being called from a non `onedir` environment.

1
changelog/64572.fixed.md Normal file
View file

@ -0,0 +1 @@
Added salt.ufw to salt-master install on Debian and Ubuntu

2
changelog/64914.fixed.md Normal file
View file

@ -0,0 +1,2 @@
Preserve credentials on spawning platforms, minions no longer re-authenticate
with every job when using `multiprocessing=True`.

2
cicd/shared-gh-workflows-context.yml
View file

@ -1,4 +1,4 @@
python_version: "3.10.12"
relenv_version: "0.13.2"
relenv_version: "0.13.4"
release-branches:
- "3006.x"

2
doc/man/salt-api.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-API" "1" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SALT-API" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
salt-api \- salt-api Command
.sp

2
doc/man/salt-call.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-CALL" "1" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SALT-CALL" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
salt-call \- salt-call Documentation
.SH SYNOPSIS

2
doc/man/salt-cloud.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-CLOUD" "1" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SALT-CLOUD" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
salt-cloud \- Salt Cloud Command
.sp

2
doc/man/salt-cp.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-CP" "1" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SALT-CP" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
salt-cp \- salt-cp Documentation
.sp

2
doc/man/salt-key.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-KEY" "1" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SALT-KEY" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
salt-key \- salt-key Documentation
.SH SYNOPSIS

2
doc/man/salt-master.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-MASTER" "1" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SALT-MASTER" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
salt-master \- salt-master Documentation
.sp

2
doc/man/salt-minion.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-MINION" "1" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SALT-MINION" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
salt-minion \- salt-minion Documentation
.sp

2
doc/man/salt-proxy.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-PROXY" "1" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SALT-PROXY" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
salt-proxy \- salt-proxy Documentation
.sp

2
doc/man/salt-run.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-RUN" "1" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SALT-RUN" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
salt-run \- salt-run Documentation
.sp

2
doc/man/salt-ssh.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-SSH" "1" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SALT-SSH" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
salt-ssh \- salt-ssh Documentation
.SH SYNOPSIS

2
doc/man/salt-syndic.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-SYNDIC" "1" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SALT-SYNDIC" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
salt-syndic \- salt-syndic Documentation
.sp

2
doc/man/salt.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT" "1" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SALT" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
salt \- salt
.SH SYNOPSIS

60
doc/man/salt.7
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT" "7" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SALT" "7" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
salt \- Salt Documentation
.SH SALT PROJECT
@ -193937,7 +193937,7 @@ Passes through all the parameters described in the
\fI\%utils.http.query function\fP:
.INDENT 7.0
.TP
.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.1\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.2\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
Query a resource, and decode the return data
.UNINDENT
.INDENT 7.0
@ -380698,12 +380698,12 @@ It also use C bindings if they are available.
.INDENT 0.0
.TP
.B salt.serializers.yaml.BaseDumper
alias of \fBSafeDumper\fP
alias of \fBCSafeDumper\fP
.UNINDENT
.INDENT 0.0
.TP
.B salt.serializers.yaml.BaseLoader
alias of \fBSafeLoader\fP
alias of \fBCSafeLoader\fP
.UNINDENT
.INDENT 0.0
.TP
@ -380976,7 +380976,7 @@ alias of \fBSafeDumper\fP
.INDENT 0.0
.TP
.B salt.serializers.yamlex.BaseLoader
alias of \fBSafeLoader\fP
alias of \fBCSafeLoader\fP
.UNINDENT
.INDENT 0.0
.TP
@ -457275,7 +457275,7 @@ installed2
.UNINDENT
.INDENT 0.0
.TP
.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt/salt/.tools\-venvs/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs)
.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt\-priv/salt\-priv/.tools\-venvs/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs)
Install buildout in a specific directory
.sp
It is a thin wrapper to modules.buildout.buildout
@ -476693,6 +476693,54 @@ Cloud deployment directories are owned by salt user and group \fI\%#64204\fP
.IP \(bu 2
\fBlgpo_reg\fP state now enforces and reports changes to the registry \fI\%#64222\fP
.UNINDENT
(release\-3006.2)=
.SS Salt 3006.2 release notes
.SS Changelog
.SS Fixed
.INDENT 0.0
.IP \(bu 2
In scenarios where PythonNet fails to load, Salt will now fall back to WMI for
gathering grains information \fI\%#64897\fP
.UNINDENT
.SS Security
.INDENT 0.0
.IP \(bu 2
fix CVE\-2023\-20897 by catching exception instead of letting exception disrupt connection \fI\%#cve\-2023\-20897\fP
.IP \(bu 2
Fixed gitfs cachedir_basename to avoid hash collisions. Added MP Lock to gitfs. These changes should stop race conditions. \fI\%#cve\-2023\-20898\fP
.IP \(bu 2
Upgrade to \fBrequests==2.31.0\fP
.sp
Due to:
.INDENT 2.0
.IP \(bu 2
\fI\%https://github.com/advisories/GHSA\-j8r2\-6x86\-q33q\fP \fI\%#64336\fP
.UNINDENT
.IP \(bu 2
Upgrade to \fBcryptography==41.0.3\fP(and therefor \fBpyopenssl==23.2.0\fP due to \fI\%https://github.com/advisories/GHSA\-jm77\-qphf\-c4w8\fP)
.sp
This only really impacts pip installs of Salt and the windows onedir since the linux and macos onedir build every package dependency from source, not from pre\-existing wheels.
.sp
Also resolves the following cryptography advisories:
.sp
Due to:
.INDENT 2.0
.IP \(bu 2
\fI\%https://github.com/advisories/GHSA\-5cpq\-8wj7\-hf2v\fP
.IP \(bu 2
\fI\%https://github.com/advisories/GHSA\-x4qr\-2fvf\-3mr5\fP
.IP \(bu 2
\fI\%https://github.com/advisories/GHSA\-w7pp\-m8wf\-vj6r\fP
.UNINDENT
.sp
There is no security upgrade available for Py3.5 \fI\%#64595\fP
.IP \(bu 2
Bump to \fBcertifi==2023.07.22\fP due to \fI\%https://github.com/advisories/GHSA\-xqr8\-7jwr\-rhp7\fP \fI\%#64718\fP
.IP \(bu 2
Upgrade \fBrelenv\fP to \fB0.13.2\fP and Python to \fB3.10.12\fP
.sp
Addresses multiple CVEs in Python\(aqs dependencies: \fI\%https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python\-3\-10\-12\fP \fI\%#64719\fP
.UNINDENT
.sp
See \fI\%Install a release candidate\fP
for more information about installing an RC when one is available.

2
doc/man/spm.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SPM" "1" "Generated on May 05, 2023 at 05:45:04 PM UTC." "3006.1" "Salt"
.TH "SPM" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.SH NAME
spm \- Salt Package Manager Command
.sp

40
doc/topics/releases/3005.2.rst Normal file
View file

@ -0,0 +1,40 @@
.. _release-3005-2:
=========================
Salt 3005.2 Release Notes
=========================
Version 3005.2 is a CVE security fix release for :ref:`3005 <release-3005>`.
Changed
-------
- Additional required package upgrades
* It's now `pyzmq>=20.0.0` on all platforms, and `<=22.0.3` just for windows.
* Upgrade to `pyopenssl==23.0.0` due to the cryptography upgrade. (#63757)
Security
--------
- fix CVE-2023-20897 by catching exception instead of letting exception disrupt connection (cve-2023-20897)
- Fixed gitfs cachedir_basename to avoid hash collisions. Added MP Lock to gitfs. These changes should stop race conditions. (cve-2023-20898)
- Upgrade to `requests==2.31.0`
Due to:
* https://github.com/advisories/GHSA-j8r2-6x86-q33q (#64336)
- Upgrade to `cryptography==41.0.3`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)
Also resolves the following cryptography advisories:
Due to:
* https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
* https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
* https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
There is no security upgrade available for Py3.5 (#64595)
- Bump to `certifi==2023.07.22` due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7
Python 3.5 cannot get the updated requirements since certifi no longer supports this python version (#64720)

50
doc/topics/releases/3006.2.md Normal file
View file

@ -0,0 +1,50 @@
(release-3006.2)=
# Salt 3006.2 release notes
<!---
Do not edit this file. This is auto generated.
Edit the templates in doc/topics/releases/templates/
for a given release.
-->
<!--
Add release specific details below
-->
<!--
Do not edit the changelog below.
This is auto generated.
-->
## Changelog
### Fixed
- In scenarios where PythonNet fails to load, Salt will now fall back to WMI for
gathering grains information [#64897](https://github.com/saltstack/salt/issues/64897)
### Security
- fix CVE-2023-20897 by catching exception instead of letting exception disrupt connection [#cve-2023-20897](https://github.com/saltstack/salt/issues/cve-2023-20897)
- Fixed gitfs cachedir_basename to avoid hash collisions. Added MP Lock to gitfs. These changes should stop race conditions. [#cve-2023-20898](https://github.com/saltstack/salt/issues/cve-2023-20898)
- Upgrade to `requests==2.31.0`
Due to:
* https://github.com/advisories/GHSA-j8r2-6x86-q33q [#64336](https://github.com/saltstack/salt/issues/64336)
- Upgrade to `cryptography==41.0.3`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)
This only really impacts pip installs of Salt and the windows onedir since the linux and macos onedir build every package dependency from source, not from pre-existing wheels.
Also resolves the following cryptography advisories:
Due to:
* https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
* https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
* https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
There is no security upgrade available for Py3.5 [#64595](https://github.com/saltstack/salt/issues/64595)
- Bump to `certifi==2023.07.22` due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7 [#64718](https://github.com/saltstack/salt/issues/64718)
- Upgrade `relenv` to `0.13.2` and Python to `3.10.12`
Addresses multiple CVEs in Python's dependencies: https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-12 [#64719](https://github.com/saltstack/salt/issues/64719)

14
doc/topics/releases/templates/3006.2.md.template Normal file
View file

@ -0,0 +1,14 @@
(release-3006.2)=
# Salt 3006.2 release notes{{ unreleased }}
{{ warning }}
<!--
Add release specific details below
-->
<!--
Do not edit the changelog below.
This is auto generated.
-->
## Changelog
{{ changelog }}

15
pkg/common/salt-master.upstart.rhel6
View file

@ -1,15 +0,0 @@
description "Salt Master"
start on runlevel [2345]
stop on runlevel [!2345]
limit nofile 100000 100000
script
# Read configuration variable file if it is present
[ -f /etc/default/$UPSTART_JOB ] && . /etc/default/$UPSTART_JOB
# Activate the virtualenv if defined
[ -f $SALT_USE_VIRTUALENV/bin/activate ] && . $SALT_USE_VIRTUALENV/bin/activate
exec salt-master
end script

21
pkg/common/salt-minion.upstart.rhel6
View file

@ -1,21 +0,0 @@
description "Salt Minion"
start on runlevel [2345]
stop on runlevel [!2345]
# The respawn in the minion is known to cause problems
# because if the main minion process dies it has done
# so most likely for a good reason. Uncomment these
# two lines to enable respawn
#respawn
#respawn limit 10 5
script
# Read configuration variable file if it is present
[ -f /etc/default/$UPSTART_JOB ] && . /etc/default/$UPSTART_JOB
# Activate the virtualenv if defined
[ -f $SALT_USE_VIRTUALENV/bin/activate ] && . $SALT_USE_VIRTUALENV/bin/activate
exec salt-minion
end script

14
pkg/common/salt-syndic.upstart.rhel6
View file

@ -1,14 +0,0 @@
description "salt-syndic"
start on runlevel [2345]
stop on runlevel [!2345]
script
# Read configuration variable file if it is present
[ -f /etc/default/$UPSTART_JOB ] && . /etc/default/$UPSTART_JOB
# Activate the virtualenv if defined
[ -f $SALT_USE_VIRTUALENV/bin/activate ] && . $SALT_USE_VIRTUALENV/bin/activate
exec salt-syndic
end script

36
pkg/debian/changelog
View file

@ -1,3 +1,39 @@
salt (3006.2) stable; urgency=medium
# Fixed
* In scenarios where PythonNet fails to load, Salt will now fall back to WMI for
gathering grains information [#64897](https://github.com/saltstack/salt/issues/64897)
# Security
* fix CVE-2023-20897 by catching exception instead of letting exception disrupt connection [#cve-2023-20897](https://github.com/saltstack/salt/issues/cve-2023-20897)
* Fixed gitfs cachedir_basename to avoid hash collisions. Added MP Lock to gitfs. These changes should stop race conditions. [#cve-2023-20898](https://github.com/saltstack/salt/issues/cve-2023-20898)
* Upgrade to `requests==2.31.0`
Due to:
* https://github.com/advisories/GHSA*j8r2-6x86-q33q [#64336](https://github.com/saltstack/salt/issues/64336)
* Upgrade to `cryptography==41.0.3`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)
This only really impacts pip installs of Salt and the windows onedir since the linux and macos onedir build every package dependency from source, not from pre*existing wheels.
Also resolves the following cryptography advisories:
Due to:
* https://github.com/advisories/GHSA*5cpq-8wj7-hf2v
* https://github.com/advisories/GHSA*x4qr-2fvf-3mr5
* https://github.com/advisories/GHSA*w7pp-m8wf-vj6r
There is no security upgrade available for Py3.5 [#64595](https://github.com/saltstack/salt/issues/64595)
* Bump to `certifi==2023.07.22` due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7 [#64718](https://github.com/saltstack/salt/issues/64718)
* Upgrade `relenv` to `0.13.2` and Python to `3.10.12`
Addresses multiple CVEs in Python's dependencies: https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python*3-10-12 [#64719](https://github.com/saltstack/salt/issues/64719)
-- Salt Project Packaging <saltproject-packaging@vmware.com> Wed, 09 Aug 2023 12:01:52 +0000
salt (3006.1) stable; urgency=medium

5
pkg/debian/control
View file

@ -17,6 +17,7 @@ Vcs-Git: git://github.com/saltstack/salt.git
Package: salt-common
Architecture: amd64 arm64
Depends: ${misc:Depends}
Breaks: salt-minion (<= 3006.1)
Suggests: ifupdown
Recommends: lsb-release
Description: shared libraries that salt requires for all packages
@ -42,8 +43,8 @@ Description: shared libraries that salt requires for all packages
Package: salt-master
Architecture: amd64 arm64
Replaces: salt-common (<= 3005.1+ds-4)
Breaks: salt-common (<= 3005.1+ds-4)
Replaces: salt-common (<= 3006.1)
Breaks: salt-common (<= 3006.1)
Depends: salt-common (= ${source:Version}),
${misc:Depends}
Description: remote manager to administer servers via salt

1
pkg/debian/salt-master.dirs
View file

@ -1,4 +1,5 @@
/etc/salt/master.d
/etc/ufw/applications.d/salt-master
/etc/salt/pki/master/minions
/etc/salt/pki/master/minions_autosign
/etc/salt/pki/master/minions_denied

1
pkg/debian/salt-master.install
View file

@ -1 +1,2 @@
pkg/common/salt-master.service /lib/systemd/system
pkg/common/salt.ufw /etc/ufw/applications.d/salt-master

35
pkg/rpm/salt.spec
View file

@ -25,7 +25,7 @@
%define fish_dir %{_datadir}/fish/vendor_functions.d
Name: salt
Version: 3006.1
Version: 3006.2
Release: 0
Summary: A parallel remote execution system
Group: System Environment/Daemons
@ -512,6 +512,39 @@ fi
%changelog
* Wed Aug 09 2023 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.2
# Fixed
- In scenarios where PythonNet fails to load, Salt will now fall back to WMI for
gathering grains information [#64897](https://github.com/saltstack/salt/issues/64897)
# Security
- fix CVE-2023-20897 by catching exception instead of letting exception disrupt connection [#cve-2023-20897](https://github.com/saltstack/salt/issues/cve-2023-20897)
- Fixed gitfs cachedir_basename to avoid hash collisions. Added MP Lock to gitfs. These changes should stop race conditions. [#cve-2023-20898](https://github.com/saltstack/salt/issues/cve-2023-20898)
- Upgrade to `requests==2.31.0`
Due to:
* https://github.com/advisories/GHSA-j8r2-6x86-q33q [#64336](https://github.com/saltstack/salt/issues/64336)
- Upgrade to `cryptography==41.0.3`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)
This only really impacts pip installs of Salt and the windows onedir since the linux and macos onedir build every package dependency from source, not from pre-existing wheels.
Also resolves the following cryptography advisories:
Due to:
* https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
* https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
* https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
There is no security upgrade available for Py3.5 [#64595](https://github.com/saltstack/salt/issues/64595)
- Bump to `certifi==2023.07.22` due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7 [#64718](https://github.com/saltstack/salt/issues/64718)
- Upgrade `relenv` to `0.13.2` and Python to `3.10.12`
Addresses multiple CVEs in Python's dependencies: https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-12 [#64719](https://github.com/saltstack/salt/issues/64719)
* Fri May 05 2023 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.1
# Fixed

2
requirements/darwin.txt
View file

@ -10,7 +10,7 @@ cryptography>=41.0.3
idna>=2.8
linode-python>=1.1.1
pyasn1>=0.4.8
pyopenssl>=19.0.0
pyopenssl>=23.2.0
python-dateutil>=2.8.0
python-gnupg>=0.4.4
setproctitle>=1.2.3

2
requirements/static/ci/py3.10/cloud.txt
View file

@ -16,7 +16,7 @@ cffi==1.15.1
# via
# -c requirements/static/ci/py3.10/linux.txt
# cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/py3.10/linux.txt
# requests

2
requirements/static/ci/py3.10/darwin.txt
View file

@ -67,7 +67,7 @@ cffi==1.15.1
# napalm
# pygit2
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.10/darwin.txt
# aiohttp

2
requirements/static/ci/py3.10/docs.txt
View file

@ -16,7 +16,7 @@ certifi==2023.07.22
# via
# -c requirements/static/ci/py3.10/linux.txt
# requests
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/py3.10/linux.txt
# requests

5
requirements/static/ci/py3.10/freebsd.txt
View file

@ -63,7 +63,7 @@ cffi==1.15.1
# cryptography
# napalm
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.10/freebsd.txt
# aiohttp
@ -312,10 +312,9 @@ pyasn1==0.5.0
# via
# pyasn1-modules
# rsa
pycparser==2.21 ; python_version >= "3.9"
pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.10/freebsd.txt
# -r requirements/static/pkg/freebsd.in
# cffi
pycryptodomex==3.9.8
# via

2
requirements/static/ci/py3.10/linux.txt
View file

@ -77,7 +77,7 @@ cffi==1.15.1
# napalm
# pygit2
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.10/linux.txt
# aiohttp

2
requirements/static/ci/py3.10/windows.txt
View file

@ -56,7 +56,7 @@ cffi==1.14.6
# cryptography
# pygit2
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.10/windows.txt
# aiohttp

2
requirements/static/ci/py3.11/cloud.txt
View file

@ -16,7 +16,7 @@ cffi==1.15.1
# via
# -c requirements/static/ci/py3.11/linux.txt
# cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/py3.11/linux.txt
# requests

2
requirements/static/ci/py3.11/docs.txt
View file

@ -16,7 +16,7 @@ certifi==2023.07.22
# via
# -c requirements/static/ci/py3.11/linux.txt
# requests
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/py3.11/linux.txt
# requests

5
requirements/static/ci/py3.11/freebsd.txt
View file

@ -63,7 +63,7 @@ cffi==1.15.1
# cryptography
# napalm
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.11/freebsd.txt
# aiohttp
@ -310,10 +310,9 @@ pyasn1==0.5.0
# via
# pyasn1-modules
# rsa
pycparser==2.21 ; python_version >= "3.9"
pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.11/freebsd.txt
# -r requirements/static/pkg/freebsd.in
# cffi
pycryptodomex==3.9.8
# via

2
requirements/static/ci/py3.11/linux.txt
View file

@ -77,7 +77,7 @@ cffi==1.15.1
# napalm
# pygit2
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.11/linux.txt
# aiohttp

2
requirements/static/ci/py3.11/windows.txt
View file

@ -56,7 +56,7 @@ cffi==1.14.6
# cryptography
# pygit2
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# aiohttp

2
requirements/static/ci/py3.8/cloud.txt
View file

@ -16,7 +16,7 @@ cffi==1.15.1
# via
# -c requirements/static/ci/py3.8/linux.txt
# cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/py3.8/linux.txt
# requests

2
requirements/static/ci/py3.8/docs.txt
View file

@ -16,7 +16,7 @@ certifi==2023.07.22
# via
# -c requirements/static/ci/py3.8/linux.txt
# requests
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/py3.8/linux.txt
# requests

2
requirements/static/ci/py3.8/freebsd.txt
View file

@ -63,7 +63,7 @@ cffi==1.15.1
# cryptography
# napalm
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.8/freebsd.txt
# aiohttp

2
requirements/static/ci/py3.8/linux.txt
View file

@ -77,7 +77,7 @@ cffi==1.15.1
# napalm
# pygit2
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.8/linux.txt
# aiohttp

2
requirements/static/ci/py3.8/windows.txt
View file

@ -56,7 +56,7 @@ cffi==1.14.6
# cryptography
# pygit2
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.8/windows.txt
# aiohttp

2
requirements/static/ci/py3.9/cloud.txt
View file

@ -16,7 +16,7 @@ cffi==1.15.1
# via
# -c requirements/static/ci/py3.9/linux.txt
# cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/py3.9/linux.txt
# requests

2
requirements/static/ci/py3.9/darwin.txt
View file

@ -67,7 +67,7 @@ cffi==1.15.1
# napalm
# pygit2
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.9/darwin.txt
# aiohttp

2
requirements/static/ci/py3.9/docs.txt
View file

@ -16,7 +16,7 @@ certifi==2023.07.22
# via
# -c requirements/static/ci/py3.9/linux.txt
# requests
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/py3.9/linux.txt
# requests

5
requirements/static/ci/py3.9/freebsd.txt
View file

@ -63,7 +63,7 @@ cffi==1.15.1
# cryptography
# napalm
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.9/freebsd.txt
# aiohttp
@ -312,10 +312,9 @@ pyasn1==0.5.0
# via
# pyasn1-modules
# rsa
pycparser==2.21 ; python_version >= "3.9"
pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.9/freebsd.txt
# -r requirements/static/pkg/freebsd.in
# cffi
pycryptodomex==3.9.8
# via

2
requirements/static/ci/py3.9/linux.txt
View file

@ -77,7 +77,7 @@ cffi==1.15.1
# napalm
# pygit2
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.9/linux.txt
# aiohttp

2
requirements/static/ci/py3.9/windows.txt
View file

@ -56,7 +56,7 @@ cffi==1.14.6
# cryptography
# pygit2
# pynacl
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.9/windows.txt
# aiohttp

1
requirements/static/pkg/freebsd.in
View file

@ -3,7 +3,6 @@
cherrypy
cryptography>=41.0.3
backports.ssl_match_hostname>=3.7.0.1; python_version < '3.7'
pycparser>=2.21; python_version >= '3.9'
pyopenssl>=23.2.0
python-dateutil>=2.8.0
python-gnupg>=0.4.4

2
requirements/static/pkg/linux.in
View file

@ -2,7 +2,7 @@
# Any non hard dependencies of Salt for linux can go here
cherrypy
backports.ssl_match_hostname>=3.7.0.1; python_version < '3.7'
pyopenssl>=19.0.0
pyopenssl>=23.2.0
python-dateutil>=2.8.0
python-gnupg>=0.4.4
rpm-vercmp

2
requirements/static/pkg/py3.10/darwin.txt
View file

@ -12,7 +12,7 @@ certifi==2023.07.22
# via requests
cffi==1.15.1
# via cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy

8
requirements/static/pkg/py3.10/freebsd.txt
View file

@ -10,7 +10,7 @@ certifi==2023.07.22
# via requests
cffi==1.15.1
# via cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy
@ -70,10 +70,8 @@ portend==3.1.0
# via cherrypy
psutil==5.9.5
# via -r requirements/base.txt
pycparser==2.21 ; python_version >= "3.9"
# via
# -r requirements/static/pkg/freebsd.in
# cffi
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
# via -r requirements/crypto.txt
pydantic==1.10.8

2
requirements/static/pkg/py3.10/linux.txt
View file

@ -10,7 +10,7 @@ certifi==2023.07.22
# via requests
cffi==1.15.1
# via cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy

2
requirements/static/pkg/py3.10/windows.txt
View file

@ -15,7 +15,7 @@ cffi==1.14.6
# -r requirements/windows.txt
# clr-loader
# cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy

8
requirements/static/pkg/py3.11/freebsd.txt
View file

@ -10,7 +10,7 @@ certifi==2023.07.22
# via requests
cffi==1.15.1
# via cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy
@ -70,10 +70,8 @@ portend==3.1.0
# via cherrypy
psutil==5.9.5
# via -r requirements/base.txt
pycparser==2.21 ; python_version >= "3.9"
# via
# -r requirements/static/pkg/freebsd.in
# cffi
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
# via -r requirements/crypto.txt
pydantic==1.10.8

2
requirements/static/pkg/py3.11/linux.txt
View file

@ -10,7 +10,7 @@ certifi==2023.07.22
# via requests
cffi==1.15.1
# via cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy

2
requirements/static/pkg/py3.11/windows.txt
View file

@ -15,7 +15,7 @@ cffi==1.14.6
# -r requirements/windows.txt
# clr-loader
# cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy

2
requirements/static/pkg/py3.8/freebsd.txt
View file

@ -10,7 +10,7 @@ certifi==2023.07.22
# via requests
cffi==1.15.1
# via cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy

2
requirements/static/pkg/py3.8/linux.txt
View file

@ -10,7 +10,7 @@ certifi==2023.07.22
# via requests
cffi==1.15.1
# via cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy

2
requirements/static/pkg/py3.8/windows.txt
View file

@ -15,7 +15,7 @@ cffi==1.14.6
# -r requirements/windows.txt
# clr-loader
# cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy

2
requirements/static/pkg/py3.9/darwin.txt
View file

@ -12,7 +12,7 @@ certifi==2023.07.22
# via requests
cffi==1.15.1
# via cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy

8
requirements/static/pkg/py3.9/freebsd.txt
View file

@ -10,7 +10,7 @@ certifi==2023.07.22
# via requests
cffi==1.15.1
# via cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy
@ -70,10 +70,8 @@ portend==3.1.0
# via cherrypy
psutil==5.9.5
# via -r requirements/base.txt
pycparser==2.21 ; python_version >= "3.9"
# via
# -r requirements/static/pkg/freebsd.in
# cffi
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
# via -r requirements/crypto.txt
pydantic==1.10.8

2
requirements/static/pkg/py3.9/linux.txt
View file

@ -10,7 +10,7 @@ certifi==2023.07.22
# via requests
cffi==1.15.1
# via cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy

2
requirements/static/pkg/py3.9/windows.txt
View file

@ -15,7 +15,7 @@ cffi==1.14.6
# -r requirements/windows.txt
# clr-loader
# cryptography
charset-normalizer==3.1.0
charset-normalizer==3.2.0
# via requests
cheroot==10.0.0
# via cherrypy

2
requirements/windows.txt
View file

@ -16,7 +16,7 @@ lxml>=4.6.3
pyasn1>=0.4.8
pymssql>=2.2.1
pymysql>=1.0.2
pyopenssl>=20.0.1
pyopenssl>=23.2.0
python-dateutil>=2.8.1
python-gnupg>=0.4.7
requests>=2.25.1

42
salt/_logging/impl.py
View file

@ -109,9 +109,9 @@ DFLT_LOG_FMT_LOGFILE = "%(asctime)s,%(msecs)03d [%(name)-17s:%(lineno)-4d][%(lev
class SaltLogRecord(logging.LogRecord):
def __init__(self, *args, **kwargs):
logging.LogRecord.__init__(self, *args, **kwargs)
self.bracketname = "[{:<17}]".format(str(self.name))
self.bracketlevel = "[{:<8}]".format(str(self.levelname))
self.bracketprocess = "[{:>5}]".format(str(self.process))
self.bracketname = f"[{str(self.name):<17}]"
self.bracketlevel = f"[{str(self.levelname):<8}]"
self.bracketprocess = f"[{str(self.process):>5}]"
class SaltColorLogRecord(SaltLogRecord):
@ -125,11 +125,11 @@ class SaltColorLogRecord(SaltLogRecord):
self.colorname = "{}[{:<17}]{}".format(
LOG_COLORS["name"], str(self.name), reset
)
self.colorlevel = "{}[{:<8}]{}".format(clevel, str(self.levelname), reset)
self.colorlevel = f"{clevel}[{str(self.levelname):<8}]{reset}"
self.colorprocess = "{}[{:>5}]{}".format(
LOG_COLORS["process"], str(self.process), reset
)
self.colormsg = "{}{}{}".format(cmsg, self.getMessage(), reset)
self.colormsg = f"{cmsg}{self.getMessage()}{reset}"
def get_log_record_factory():
@ -275,17 +275,7 @@ class SaltLoggingClass(LOGGING_LOGGER_CLASS, metaclass=LoggingMixinMeta):
else:
extra["exc_info_on_loglevel"] = exc_info_on_loglevel
if sys.version_info < (3, 8):
LOGGING_LOGGER_CLASS._log(
self,
level,
msg,
args,
exc_info=exc_info,
extra=extra,
stack_info=stack_info,
)
else:
try:
LOGGING_LOGGER_CLASS._log(
self,
level,
@ -296,6 +286,18 @@ class SaltLoggingClass(LOGGING_LOGGER_CLASS, metaclass=LoggingMixinMeta):
stack_info=stack_info,
stacklevel=stacklevel,
)
except TypeError:
# Python < 3.8 - We still need this for salt-ssh since it will use
# the system python, and not out onedir.
LOGGING_LOGGER_CLASS._log(
self,
level,
msg,
args,
exc_info=exc_info,
extra=extra,
stack_info=stack_info,
)
def makeRecord(
self,
@ -738,7 +740,7 @@ def setup_logfile_handler(
syslog_opts["address"] = str(path.resolve().parent)
except OSError as exc:
raise LoggingRuntimeError(
"Failed to setup the Syslog logging handler: {}".format(exc)
f"Failed to setup the Syslog logging handler: {exc}"
) from exc
elif parsed_log_path.path:
# In case of udp or tcp with a facility specified
@ -748,7 +750,7 @@ def setup_logfile_handler(
# Logging facilities start with LOG_ if this is not the case
# fail right now!
raise LoggingRuntimeError(
"The syslog facility '{}' is not known".format(facility_name)
f"The syslog facility '{facility_name}' is not known"
)
else:
# This is the case of udp or tcp without a facility specified
@ -759,7 +761,7 @@ def setup_logfile_handler(
# This python syslog version does not know about the user provided
# facility name
raise LoggingRuntimeError(
"The syslog facility '{}' is not known".format(facility_name)
f"The syslog facility '{facility_name}' is not known"
)
syslog_opts["facility"] = facility
@ -779,7 +781,7 @@ def setup_logfile_handler(
handler = SysLogHandler(**syslog_opts)
except OSError as exc:
raise LoggingRuntimeError(
"Failed to setup the Syslog logging handler: {}".format(exc)
f"Failed to setup the Syslog logging handler: {exc}"
) from exc
else:
# make sure, the logging directory exists and attempt to create it if necessary

36
salt/beacons/__init__.py
View file

@ -74,7 +74,7 @@ class Beacon:
# Run the validate function if it's available,
# otherwise there is a warning about it being missing
validate_str = "{}.validate".format(beacon_name)
validate_str = f"{beacon_name}.validate"
if validate_str in self.beacons:
valid, vcomment = self.beacons[validate_str](b_config[mod])
@ -95,7 +95,7 @@ class Beacon:
continue
b_config[mod].append({"_beacon_name": mod})
fun_str = "{}.beacon".format(beacon_name)
fun_str = f"{beacon_name}.beacon"
if fun_str in self.beacons:
runonce = self._determine_beacon_config(
current_beacon_config, "run_once"
@ -124,7 +124,7 @@ class Beacon:
if re.match("state.*", job["fun"]):
is_running = True
if is_running:
close_str = "{}.close".format(beacon_name)
close_str = f"{beacon_name}.close"
if close_str in self.beacons:
log.info("Closing beacon %s. State run in progress.", mod)
self.beacons[close_str](b_config[mod])
@ -139,7 +139,7 @@ class Beacon:
try:
raw = self.beacons[fun_str](b_config[mod])
except: # pylint: disable=bare-except
error = "{}".format(sys.exc_info()[1])
error = f"{sys.exc_info()[1]}"
log.error("Unable to start %s beacon, %s", mod, error)
# send beacon error event
tag = "salt/beacon/{}/{}/".format(self.opts["id"], mod)
@ -308,7 +308,7 @@ class Beacon:
"""
beacon_name = next(item.get("beacon_module", name) for item in beacon_data)
validate_str = "{}.validate".format(beacon_name)
validate_str = f"{beacon_name}.validate"
# Run the validate function if it's available,
# otherwise there is a warning about it being missing
if validate_str in self.beacons:
@ -347,9 +347,9 @@ class Beacon:
complete = False
else:
if name in self.opts["beacons"]:
comment = "Updating settings for beacon item: {}".format(name)
comment = f"Updating settings for beacon item: {name}"
else:
comment = "Added new beacon item: {}".format(name)
comment = f"Added new beacon item: {name}"
complete = True
self.opts["beacons"].update(data)
@ -375,12 +375,10 @@ class Beacon:
data[name] = beacon_data
if name in self._get_beacons(include_opts=False):
comment = (
"Cannot modify beacon item {}, it is configured in pillar.".format(name)
)
comment = f"Cannot modify beacon item {name}, it is configured in pillar."
complete = False
else:
comment = "Updating settings for beacon item: {}".format(name)
comment = f"Updating settings for beacon item: {name}"
complete = True
self.opts["beacons"].update(data)
@ -402,16 +400,14 @@ class Beacon:
"""
if name in self._get_beacons(include_opts=False):
comment = (
"Cannot delete beacon item {}, it is configured in pillar.".format(name)
)
comment = f"Cannot delete beacon item {name}, it is configured in pillar."
complete = False
else:
if name in self.opts["beacons"]:
del self.opts["beacons"][name]
comment = "Deleting beacon item: {}".format(name)
comment = f"Deleting beacon item: {name}"
else:
comment = "Beacon item {} not found.".format(name)
comment = f"Beacon item {name} not found."
complete = True
# Fire the complete event back along with updated list of beacons
@ -465,13 +461,11 @@ class Beacon:
"""
if name in self._get_beacons(include_opts=False):
comment = (
"Cannot enable beacon item {}, it is configured in pillar.".format(name)
)
comment = f"Cannot enable beacon item {name}, it is configured in pillar."
complete = False
else:
self._update_enabled(name, True)
comment = "Enabling beacon item {}".format(name)
comment = f"Enabling beacon item {name}"
complete = True
# Fire the complete event back along with updated list of beacons
@ -501,7 +495,7 @@ class Beacon:
complete = False
else:
self._update_enabled(name, False)
comment = "Disabling beacon item {}".format(name)
comment = f"Disabling beacon item {name}"
complete = True
# Fire the complete event back along with updated list of beacons

2
salt/channel/server.py
View file

@ -134,7 +134,7 @@ class ReqServerChannel:
raise tornado.gen.Return("bad load: id contains a null byte")
except TypeError:
log.error("Payload contains non-string id: %s", payload)
raise tornado.gen.Return("bad load: id {} is not a string".format(id_))
raise tornado.gen.Return(f"bad load: id {id_} is not a string")
version = 0
if "version" in payload:

6
salt/crypt.py
View file

@ -122,8 +122,8 @@ def gen_keys(keydir, keyname, keysize, user=None, passphrase=None):
:return: Path on the filesystem to the RSA private key
"""
base = os.path.join(keydir, keyname)
priv = "{}.pem".format(base)
pub = "{}.pub".format(base)
priv = f"{base}.pem"
pub = f"{base}.pub"
if HAS_M2:
gen = RSA.gen_key(keysize, 65537, lambda: None)
@ -443,7 +443,7 @@ class MasterKeys(dict):
try:
key = get_rsa_key(path, passphrase)
except key_error as e:
message = "Unable to read key: {}; passphrase may be incorrect".format(path)
message = f"Unable to read key: {path}; passphrase may be incorrect"
log.error(message)
raise MasterExit(message)
log.debug("Loaded %s key: %s", name, path)

15
salt/loader/lazy.py
View file

@ -145,9 +145,22 @@ class LoadedFunc:
def __call__(self, *args, **kwargs):
run_func = self.func
mod = sys.modules[run_func.__module__]
# All modules we've imported should have __opts__ defined. There are
# cases in the test suite where mod ends up being something other than
# a module we've loaded.
set_test = False
if hasattr(mod, "__opts__"):
if not isinstance(mod.__opts__, salt.loader.context.NamedLoaderContext):
if "test" in self.loader.opts:
mod.__opts__["test"] = self.loader.opts["test"]
set_test = True
if self.loader.inject_globals:
run_func = global_injector_decorator(self.loader.inject_globals)(run_func)
return self.loader.run(run_func, *args, **kwargs)
ret = self.loader.run(run_func, *args, **kwargs)
if set_test:
self.loader.opts["test"] = mod.__opts__["test"]
return ret
def __repr__(self):
return f"<{self.__class__.__name__} name={self.name!r}>"

48
salt/metaproxy/deltaproxy.py
View file

@ -169,8 +169,8 @@ def post_master_init(self, master):
salt.engines.start_engines, self.opts, self.process_manager, proxy=self.proxy
)
proxy_init_func_name = "{}.init".format(fq_proxyname)
proxy_shutdown_func_name = "{}.shutdown".format(fq_proxyname)
proxy_init_func_name = f"{fq_proxyname}.init"
proxy_shutdown_func_name = f"{fq_proxyname}.shutdown"
if (
proxy_init_func_name not in self.proxy
or proxy_shutdown_func_name not in self.proxy
@ -184,7 +184,7 @@ def post_master_init(self, master):
raise SaltSystemExit(code=-1, msg=errmsg)
self.module_executors = self.proxy.get(
"{}.module_executors".format(fq_proxyname), lambda: []
f"{fq_proxyname}.module_executors", lambda: []
)()
proxy_init_fn = self.proxy[proxy_init_func_name]
proxy_init_fn(self.opts)
@ -581,7 +581,7 @@ def subproxy_post_master_init(minion_id, uid, opts, main_proxy, main_utils):
raise tornado.gen.Return({"proxy_minion": _proxy_minion, "proxy_opts": proxyopts})
def target(cls, minion_instance, opts, data, connected):
def target(cls, minion_instance, opts, data, connected, creds_map):
"""
Handle targeting of the minion.
@ -594,6 +594,8 @@ def target(cls, minion_instance, opts, data, connected):
minion_instance.opts["id"],
opts["id"],
)
if creds_map:
salt.crypt.AsyncAuth.creds_map = creds_map
if not hasattr(minion_instance, "proc_dir"):
uid = salt.utils.user.get_uid(user=opts.get("user", None))
@ -622,7 +624,7 @@ def thread_return(cls, minion_instance, opts, data):
# Reconfigure multiprocessing logging after daemonizing
salt._logging.setup_logging()
salt.utils.process.appendproctitle("{}._thread_return".format(cls.__name__))
salt.utils.process.appendproctitle(f"{cls.__name__}._thread_return")
sdata = {"pid": os.getpid()}
sdata.update(data)
@ -638,11 +640,9 @@ def thread_return(cls, minion_instance, opts, data):
)
allow_missing_funcs = any(
[
minion_instance.executors["{}.allow_missing_func".format(executor)](
function_name
)
minion_instance.executors[f"{executor}.allow_missing_func"](function_name)
for executor in executors
if "{}.allow_missing_func".format(executor) in minion_instance.executors
if f"{executor}.allow_missing_func" in minion_instance.executors
]
)
if function_name in minion_instance.functions or allow_missing_funcs is True:
@ -699,11 +699,9 @@ def thread_return(cls, minion_instance, opts, data):
log.debug("Executors list %s", executors)
for name in executors:
fname = "{}.execute".format(name)
fname = f"{name}.execute"
if fname not in minion_instance.executors:
raise SaltInvocationError(
"Executor '{}' is not available".format(name)
)
raise SaltInvocationError(f"Executor '{name}' is not available")
return_data = minion_instance.executors[fname](
opts, data, func, args, kwargs
@ -748,9 +746,9 @@ def thread_return(cls, minion_instance, opts, data):
ret["retcode"] = retcode
ret["success"] = retcode == salt.defaults.exitcodes.EX_OK
except CommandNotFoundError as exc:
msg = 'Command required for "{}" not found'.format(function_name)
msg = f'Command required for "{function_name}" not found'
log.debug(msg, exc_info=True)
ret["return"] = "{}: {}".format(msg, exc)
ret["return"] = f"{msg}: {exc}"
ret["out"] = "nested"
ret["retcode"] = salt.defaults.exitcodes.EX_GENERIC
except CommandExecutionError as exc:
@ -760,7 +758,7 @@ def thread_return(cls, minion_instance, opts, data):
exc,
exc_info_on_loglevel=logging.DEBUG,
)
ret["return"] = "ERROR: {}".format(exc)
ret["return"] = f"ERROR: {exc}"
ret["out"] = "nested"
ret["retcode"] = salt.defaults.exitcodes.EX_GENERIC
except SaltInvocationError as exc:
@ -770,7 +768,7 @@ def thread_return(cls, minion_instance, opts, data):
exc,
exc_info_on_loglevel=logging.DEBUG,
)
ret["return"] = 'ERROR executing "{}": {}'.format(function_name, exc)
ret["return"] = f'ERROR executing "{function_name}": {exc}'
ret["out"] = "nested"
ret["retcode"] = salt.defaults.exitcodes.EX_GENERIC
except TypeError as exc:
@ -787,11 +785,11 @@ def thread_return(cls, minion_instance, opts, data):
salt.utils.error.fire_exception(
salt.exceptions.MinionError(msg), opts, job=data
)
ret["return"] = "{}: {}".format(msg, traceback.format_exc())
ret["return"] = f"{msg}: {traceback.format_exc()}"
ret["out"] = "nested"
ret["retcode"] = salt.defaults.exitcodes.EX_GENERIC
else:
docs = minion_instance.functions["sys.doc"]("{}*".format(function_name))
docs = minion_instance.functions["sys.doc"](f"{function_name}*")
if docs:
docs[function_name] = minion_instance.functions.missing_fun_string(
function_name
@ -838,7 +836,7 @@ def thread_return(cls, minion_instance, opts, data):
ret["id"] = opts["id"]
for returner in set(data["ret"].split(",")):
try:
returner_str = "{}.returner".format(returner)
returner_str = f"{returner}.returner"
if returner_str in minion_instance.returners:
minion_instance.returners[returner_str](ret)
else:
@ -870,7 +868,7 @@ def thread_multi_return(cls, minion_instance, opts, data):
# Reconfigure multiprocessing logging after daemonizing
salt._logging.setup_logging()
salt.utils.process.appendproctitle("{}._thread_multi_return".format(cls.__name__))
salt.utils.process.appendproctitle(f"{cls.__name__}._thread_multi_return")
sdata = {"pid": os.getpid()}
sdata.update(data)
@ -968,7 +966,7 @@ def thread_multi_return(cls, minion_instance, opts, data):
for returner in set(data["ret"].split(",")):
ret["id"] = opts["id"]
try:
minion_instance.returners["{}.returner".format(returner)](ret)
minion_instance.returners[f"{returner}.returner"](ret)
except Exception as exc: # pylint: disable=broad-except
log.error("The return failed for job %s: %s", data["jid"], exc)
@ -1061,21 +1059,23 @@ def handle_decoded_payload(self, data):
instance = self
multiprocessing_enabled = self.opts.get("multiprocessing", True)
name = "ProcessPayload(jid={})".format(data["jid"])
creds_map = None
if multiprocessing_enabled:
if salt.utils.platform.spawning_platform():
# let python reconstruct the minion on the other side if we"re
# running on spawning platforms
instance = None
creds_map = salt.crypt.AsyncAuth.creds_map
with default_signals(signal.SIGINT, signal.SIGTERM):
process = SignalHandlingProcess(
target=target,
args=(self, instance, self.opts, data, self.connected),
args=(self, instance, self.opts, data, self.connected, creds_map),
name=name,
)
else:
process = threading.Thread(
target=target,
args=(self, instance, self.opts, data, self.connected),
args=(self, instance, self.opts, data, self.connected, creds_map),
name=name,
)

46
salt/metaproxy/proxy.py
View file

@ -164,8 +164,8 @@ def post_master_init(self, master):
)
if (
"{}.init".format(fq_proxyname) not in self.proxy
or "{}.shutdown".format(fq_proxyname) not in self.proxy
f"{fq_proxyname}.init" not in self.proxy
or f"{fq_proxyname}.shutdown" not in self.proxy
):
errmsg = (
"Proxymodule {} is missing an init() or a shutdown() or both. ".format(
@ -178,7 +178,7 @@ def post_master_init(self, master):
raise SaltSystemExit(code=-1, msg=errmsg)
self.module_executors = self.proxy.get(
"{}.module_executors".format(fq_proxyname), lambda: []
f"{fq_proxyname}.module_executors", lambda: []
)()
proxy_init_fn = self.proxy[fq_proxyname + ".init"]
proxy_init_fn(self.opts)
@ -311,13 +311,15 @@ def post_master_init(self, master):
self.ready = True
def target(cls, minion_instance, opts, data, connected):
def target(cls, minion_instance, opts, data, connected, creds_map):
"""
Handle targeting of the minion.
Calling _thread_multi_return or _thread_return
depending on a single or multiple commands.
"""
if creds_map:
salt.crypt.AsyncAuth.creds_map = creds_map
if not minion_instance:
minion_instance = cls(opts)
minion_instance.connected = connected
@ -371,7 +373,7 @@ def target(cls, minion_instance, opts, data, connected):
fq_proxyname = opts["proxy"]["proxytype"]
minion_instance.module_executors = minion_instance.proxy.get(
"{}.module_executors".format(fq_proxyname), lambda: []
f"{fq_proxyname}.module_executors", lambda: []
)()
proxy_init_fn = minion_instance.proxy[fq_proxyname + ".init"]
@ -413,11 +415,9 @@ def thread_return(cls, minion_instance, opts, data):
)
allow_missing_funcs = any(
[
minion_instance.executors["{}.allow_missing_func".format(executor)](
function_name
)
minion_instance.executors[f"{executor}.allow_missing_func"](function_name)
for executor in executors
if "{}.allow_missing_func".format(executor) in minion_instance.executors
if f"{executor}.allow_missing_func" in minion_instance.executors
]
)
if function_name in minion_instance.functions or allow_missing_funcs is True:
@ -472,11 +472,9 @@ def thread_return(cls, minion_instance, opts, data):
log.trace("Executors list %s", executors) # pylint: disable=no-member
for name in executors:
fname = "{}.execute".format(name)
fname = f"{name}.execute"
if fname not in minion_instance.executors:
raise SaltInvocationError(
"Executor '{}' is not available".format(name)
)
raise SaltInvocationError(f"Executor '{name}' is not available")
return_data = minion_instance.executors[fname](
opts, data, func, args, kwargs
)
@ -520,9 +518,9 @@ def thread_return(cls, minion_instance, opts, data):
ret["retcode"] = retcode
ret["success"] = retcode == salt.defaults.exitcodes.EX_OK
except CommandNotFoundError as exc:
msg = "Command required for '{}' not found".format(function_name)
msg = f"Command required for '{function_name}' not found"
log.debug(msg, exc_info=True)
ret["return"] = "{}: {}".format(msg, exc)
ret["return"] = f"{msg}: {exc}"
ret["out"] = "nested"
ret["retcode"] = salt.defaults.exitcodes.EX_GENERIC
except CommandExecutionError as exc:
@ -532,7 +530,7 @@ def thread_return(cls, minion_instance, opts, data):
exc,
exc_info_on_loglevel=logging.DEBUG,
)
ret["return"] = "ERROR: {}".format(exc)
ret["return"] = f"ERROR: {exc}"
ret["out"] = "nested"
ret["retcode"] = salt.defaults.exitcodes.EX_GENERIC
except SaltInvocationError as exc:
@ -542,7 +540,7 @@ def thread_return(cls, minion_instance, opts, data):
exc,
exc_info_on_loglevel=logging.DEBUG,
)
ret["return"] = "ERROR executing '{}': {}".format(function_name, exc)
ret["return"] = f"ERROR executing '{function_name}': {exc}"
ret["out"] = "nested"
ret["retcode"] = salt.defaults.exitcodes.EX_GENERIC
except TypeError as exc:
@ -559,11 +557,11 @@ def thread_return(cls, minion_instance, opts, data):
salt.utils.error.fire_exception(
salt.exceptions.MinionError(msg), opts, job=data
)
ret["return"] = "{}: {}".format(msg, traceback.format_exc())
ret["return"] = f"{msg}: {traceback.format_exc()}"
ret["out"] = "nested"
ret["retcode"] = salt.defaults.exitcodes.EX_GENERIC
else:
docs = minion_instance.functions["sys.doc"]("{}*".format(function_name))
docs = minion_instance.functions["sys.doc"](f"{function_name}*")
if docs:
docs[function_name] = minion_instance.functions.missing_fun_string(
function_name
@ -611,7 +609,7 @@ def thread_return(cls, minion_instance, opts, data):
ret["id"] = opts["id"]
for returner in set(data["ret"].split(",")):
try:
returner_str = "{}.returner".format(returner)
returner_str = f"{returner}.returner"
if returner_str in minion_instance.returners:
minion_instance.returners[returner_str](ret)
else:
@ -734,7 +732,7 @@ def thread_multi_return(cls, minion_instance, opts, data):
for returner in set(data["ret"].split(",")):
ret["id"] = opts["id"]
try:
minion_instance.returners["{}.returner".format(returner)](ret)
minion_instance.returners[f"{returner}.returner"](ret)
except Exception as exc: # pylint: disable=broad-except
log.error("The return failed for job %s: %s", data["jid"], exc)
@ -815,21 +813,23 @@ def handle_decoded_payload(self, data):
instance = self
multiprocessing_enabled = self.opts.get("multiprocessing", True)
name = "ProcessPayload(jid={})".format(data["jid"])
creds_map = None
if multiprocessing_enabled:
if salt.utils.platform.spawning_platform():
# let python reconstruct the minion on the other side if we're
# running on windows
instance = None
creds_map = salt.crypt.AsyncAuth.creds_map
with default_signals(signal.SIGINT, signal.SIGTERM):
process = SignalHandlingProcess(
target=self._target,
name=name,
args=(instance, self.opts, data, self.connected),
args=(instance, self.opts, data, self.connected, creds_map),
)
else:
process = threading.Thread(
target=self._target,
args=(instance, self.opts, data, self.connected),
args=(instance, self.opts, data, self.connected, creds_map),
name=name,
)

14
salt/minion.py
View file

@ -1762,6 +1762,7 @@ class Minion(MinionBase):
# python needs to be able to reconstruct the reference on the other
# side.
instance = self
creds_map = None
multiprocessing_enabled = self.opts.get("multiprocessing", True)
name = "ProcessPayload(jid={})".format(data["jid"])
if multiprocessing_enabled:
@ -1769,17 +1770,18 @@ class Minion(MinionBase):
# let python reconstruct the minion on the other side if we're
# running on windows
instance = None
creds_map = salt.crypt.AsyncAuth.creds_map
with default_signals(signal.SIGINT, signal.SIGTERM):
process = SignalHandlingProcess(
target=self._target,
name=name,
args=(instance, self.opts, data, self.connected),
args=(instance, self.opts, data, self.connected, creds_map),
)
process.register_after_fork_method(salt.utils.crypt.reinit_crypto)
else:
process = threading.Thread(
target=self._target,
args=(instance, self.opts, data, self.connected),
args=(instance, self.opts, data, self.connected, creds_map),
name=name,
)
@ -1803,7 +1805,9 @@ class Minion(MinionBase):
return exitstack
@classmethod
def _target(cls, minion_instance, opts, data, connected):
def _target(cls, minion_instance, opts, data, connected, creds_map):
if creds_map:
salt.crypt.AsyncAuth.creds_map = creds_map
if not minion_instance:
minion_instance = cls(opts, load_grains=False)
minion_instance.connected = connected
@ -3877,10 +3881,10 @@ class ProxyMinion(Minion):
return mp_call(self, data)
@classmethod
def _target(cls, minion_instance, opts, data, connected):
def _target(cls, minion_instance, opts, data, connected, creds_map):
mp_call = _metaproxy_call(opts, "target")
return mp_call(cls, minion_instance, opts, data, connected)
return mp_call(cls, minion_instance, opts, data, connected, creds_map)
@classmethod
def _thread_return(cls, minion_instance, opts, data):

4
salt/modules/selinux.py
View file

@ -477,8 +477,10 @@ def fcontext_get_policy(
if filetype:
_validate_filetype(filetype)
re_spacer = "[ ]+"
re_optional_spacer = "[ |\t]*"
cmd_kwargs = {
"spacer": re_spacer,
"ospacer": re_optional_spacer,
"filespec": re.escape(name),
"sel_user": sel_user or "[^:]+",
"sel_role": "[^:]+", # se_role for file context is always object_r
@ -490,7 +492,7 @@ def fcontext_get_policy(
)
cmd = (
"semanage fcontext -l | egrep "
+ "'^{filespec}{spacer}{filetype}{spacer}{sel_user}:{sel_role}:{sel_type}:{sel_level}$'".format(
+ "'^{filespec}{spacer}{filetype}{spacer}{sel_user}:{sel_role}:{sel_type}:{sel_level}{ospacer}$'".format(
**cmd_kwargs
)
)

Some files were not shown because too many files have changed in this diff Show more