From 0365e37c2d2d26d60b270cc3d5eb260de27fd11d Mon Sep 17 00:00:00 2001 From: Max Illfelder Date: Thu, 26 Oct 2017 10:21:39 -0700 Subject: Activating OS Login should log as informational. (#509) --- google_compute_engine/accounts/oslogin_utils.py | 4 ++-- google_compute_engine/accounts/tests/oslogin_utils_test.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/google_compute_engine/accounts/oslogin_utils.py b/google_compute_engine/accounts/oslogin_utils.py index ccfdbcb..0fe915a 100644 --- a/google_compute_engine/accounts/oslogin_utils.py +++ b/google_compute_engine/accounts/oslogin_utils.py @@ -82,9 +82,9 @@ class OsLoginUtils(object): if enable: action = 'activate' - self.logger.warning('Activating OS Login.') + self.logger.info('Activating OS Login.') else: action = 'deactivate' - self.logger.warning('Deactivating OS Login.') + self.logger.info('Deactivating OS Login.') return self._RunOsLoginControl(action) diff --git a/google_compute_engine/accounts/tests/oslogin_utils_test.py b/google_compute_engine/accounts/tests/oslogin_utils_test.py index 2a2cc4b..73adbb9 100644 --- a/google_compute_engine/accounts/tests/oslogin_utils_test.py +++ b/google_compute_engine/accounts/tests/oslogin_utils_test.py @@ -128,7 +128,7 @@ class OsLoginUtilsTest(unittest.TestCase): oslogin_utils.OsLoginUtils.UpdateOsLogin(self.mock_oslogin, True) expected_calls = [ mock.call.oslogin._GetStatus(), - mock.call.logger.warning(mock.ANY), + mock.call.logger.info(mock.ANY), mock.call.oslogin._RunOsLoginControl('activate'), ] self.assertEqual(mocks.mock_calls, expected_calls) @@ -143,7 +143,7 @@ class OsLoginUtilsTest(unittest.TestCase): oslogin_utils.OsLoginUtils.UpdateOsLogin(self.mock_oslogin, False) expected_calls = [ mock.call.oslogin._GetStatus(), - mock.call.logger.warning(mock.ANY), + mock.call.logger.info(mock.ANY), mock.call.oslogin._RunOsLoginControl('deactivate'), ] self.assertEqual(mocks.mock_calls, expected_calls) -- cgit v1.2.1 From 1e2667072e7f72e3f146683eff5d2dc3c9408e34 Mon Sep 17 00:00:00 2001 From: Max Illfelder Date: Fri, 27 Oct 2017 15:10:10 -0700 Subject: Generate SSH host keys when none are present. (#510) Provide an instance config option for specifying which host key types to generate. --- README.md | 35 +++++++++++----------- .../instance_setup/instance_config.py | 1 + .../instance_setup/instance_setup.py | 13 ++++++-- .../instance_setup/tests/instance_setup_test.py | 15 ++++++---- 4 files changed, 39 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index fa0805b..3c3c3cc 100644 --- a/README.md +++ b/README.md @@ -236,30 +236,31 @@ that do not override user configuration during package update. The following are valid user configuration options. -Section | Option | Value ------------------ | -------------------- | ----- -Accounts | deprovision\_remove | `true` makes deprovisioning a user destructive. -Accounts | groups | Comma separated list of groups for newly provisioned users. -Accounts | useradd\_cmd | Command string to create a new user. -Accounts | userdel\_cmd | Command string to delete a user. -Accounts | usermod\_cmd | Command string to modify a user's groups. -Accounts | groupadd\_cmd | Command string to create a new group. -Daemons | accounts\_daemon | `false` disables the accounts daemon. +Section | Option | Value +----------------- | ---------------------- | ----- +Accounts | deprovision\_remove | `true` makes deprovisioning a user destructive. +Accounts | groups | Comma separated list of groups for newly provisioned users. +Accounts | useradd\_cmd | Command string to create a new user. +Accounts | userdel\_cmd | Command string to delete a user. +Accounts | usermod\_cmd | Command string to modify a user's groups. +Accounts | groupadd\_cmd | Command string to create a new group. +Daemons | accounts\_daemon | `false` disables the accounts daemon. Daemons | clock\_skew\_daemon | `false` disables the clock skew daemon. Daemons | ip\_forwarding\_daemon | `false` disables the IP forwarding daemon. +InstanceSetup | host\_key\_types | Comma separated list of host key types to generate. InstanceSetup | optimize\_local\_ssd | `false` prevents optimizing for local SSD. -InstanceSetup | network\_enabled | `false` skips instance setup functions that require metadata. +InstanceSetup | network\_enabled | `false` skips instance setup functions that require metadata. InstanceSetup | set\_boto\_config | `false` skips setting up a `boto` config. InstanceSetup | set\_host\_keys | `false` skips generating host keys on first boot. -InstanceSetup | set\_multiqueue | `false` skips multiqueue driver support. +InstanceSetup | set\_multiqueue | `false` skips multiqueue driver support. IpForwarding | ethernet\_proto\_id | Protocol ID string for daemon added routes. -IpForwarding | ip\_aliases | `false` disables setting up alias IP routes. +IpForwarding | ip\_aliases | `false` disables setting up alias IP routes. IpForwarding | target\_instance\_ips | `false` disables internal IP address load balancing. -MetadataScripts | run\_dir | String base directory where metadata scripts are executed. -MetadataScripts | startup | `false` disables startup script execution. -MetadataScripts | shutdown | `false` disables shutdown script execution. -NetworkInterfaces | dhcp\_command | String to execute to enable network interfaces. -NetworkInterfaces | setup | `false` disables network interface setup. +MetadataScripts | run\_dir | String base directory where metadata scripts are executed. +MetadataScripts | startup | `false` disables startup script execution. +MetadataScripts | shutdown | `false` disables shutdown script execution. +NetworkInterfaces | dhcp\_command | String to execute to enable network interfaces. +NetworkInterfaces | setup | `false` disables network interface setup. Setting `network_enabled` to `false` will skip setting up host keys and the `boto` config in the guest. The setting may also prevent startup and shutdown diff --git a/google_compute_engine/instance_setup/instance_config.py b/google_compute_engine/instance_setup/instance_config.py index 56c1109..9827137 100644 --- a/google_compute_engine/instance_setup/instance_config.py +++ b/google_compute_engine/instance_setup/instance_config.py @@ -72,6 +72,7 @@ class InstanceConfig(config_manager.ConfigManager): 'instance_id': '0', }, 'InstanceSetup': { + 'host_key_types': 'ecdsa,ed25519,rsa', 'optimize_local_ssd': 'true', 'network_enabled': 'true', 'set_boto_config': 'true', diff --git a/google_compute_engine/instance_setup/instance_setup.py b/google_compute_engine/instance_setup/instance_setup.py index 2c6e3d4..e4791c4 100755 --- a/google_compute_engine/instance_setup/instance_setup.py +++ b/google_compute_engine/instance_setup/instance_setup.py @@ -55,7 +55,9 @@ class InstanceSetup(object): self.instance_config = instance_config.InstanceConfig( logger=self.logger, instance_config_metadata=instance_config_metadata) if self.instance_config.GetOptionBool('InstanceSetup', 'set_host_keys'): - self._SetSshHostKeys() + host_key_types = self.instance_config.GetOptionString( + 'InstanceSetup', 'host_key_types') + self._SetSshHostKeys(host_key_types=host_key_types) if self.instance_config.GetOptionBool('InstanceSetup', 'set_boto_config'): self._SetupBotoConfig() if self.instance_config.GetOptionBool( @@ -155,13 +157,16 @@ class InstanceSetup(object): subprocess.call(['service', 'sshd', 'start']) subprocess.call(['service', 'sshd', 'reload']) - def _SetSshHostKeys(self): + def _SetSshHostKeys(self, host_key_types=None): """Regenerates SSH host keys when the VM is restarted with a new IP address. Booting a VM from an image with a known SSH key allows a number of attacks. This function will regenerating the host key whenever the IP address changes. This applies the first time the instance is booted, and each time the disk is used to boot a new instance. + + Args: + host_key_types: string, a comma separated list of host key types. """ section = 'Instance' instance_id = self._GetInstanceId() @@ -171,7 +176,9 @@ class InstanceSetup(object): file_regex = re.compile(r'ssh_host_(?P[a-z0-9]*)_key\Z') key_dir = '/etc/ssh' key_files = [f for f in os.listdir(key_dir) if file_regex.match(f)] - for key_file in key_files: + key_types = host_key_types.split(',') if host_key_types else [] + key_types_files = ['ssh_host_%s_key' % key_type for key_type in key_types] + for key_file in set(key_files) | set(key_types_files): key_type = file_regex.match(key_file).group('type') key_dest = os.path.join(key_dir, key_file) self._GenerateSshKey(key_type, key_dest) diff --git a/google_compute_engine/instance_setup/tests/instance_setup_test.py b/google_compute_engine/instance_setup/tests/instance_setup_test.py index 1de8134..bf7c18b 100644 --- a/google_compute_engine/instance_setup/tests/instance_setup_test.py +++ b/google_compute_engine/instance_setup/tests/instance_setup_test.py @@ -49,6 +49,7 @@ class InstanceSetupTest(unittest.TestCase): mock_watcher.MetadataWatcher.return_value = mock_watcher_instance mock_config_instance = mock.Mock() mock_config_instance.GetOptionBool.return_value = True + mock_config_instance.GetOptionString.return_value = 'type' mock_config.InstanceConfig.return_value = mock_config_instance mock_setup._GetInstanceConfig.return_value = 'config' @@ -70,7 +71,9 @@ class InstanceSetupTest(unittest.TestCase): # Setup for SSH host keys if necessary. mock.call.config.InstanceConfig().GetOptionBool( 'InstanceSetup', 'set_host_keys'), - mock.call.setup._SetSshHostKeys(), + mock.call.config.InstanceConfig().GetOptionString( + 'InstanceSetup', 'host_key_types'), + mock.call.setup._SetSshHostKeys(host_key_types='type'), # Setup for the boto config if necessary. mock.call.config.InstanceConfig().GetOptionBool( 'InstanceSetup', 'set_boto_config'), @@ -325,7 +328,7 @@ class InstanceSetupTest(unittest.TestCase): self.mock_setup._GenerateSshKey = mock_generate_key mock_listdir.return_value = [ 'ssh_config', - 'ssh_host_rsa_key', + 'ssh_host_dsa_key', 'ssh_host_dsa_key.pub', 'ssh_host_ed25519_key', 'ssh_host_ed25519_key.pub', @@ -333,13 +336,15 @@ class InstanceSetupTest(unittest.TestCase): 'ssh_host_rsa_key.pub', ] - instance_setup.InstanceSetup._SetSshHostKeys(self.mock_setup) + instance_setup.InstanceSetup._SetSshHostKeys( + self.mock_setup, host_key_types='rsa,dsa,abc') expected_calls = [ - mock.call('rsa', '/etc/ssh/ssh_host_rsa_key'), + mock.call('abc', '/etc/ssh/ssh_host_abc_key'), + mock.call('dsa', '/etc/ssh/ssh_host_dsa_key'), mock.call('ed25519', '/etc/ssh/ssh_host_ed25519_key'), mock.call('rsa', '/etc/ssh/ssh_host_rsa_key'), ] - self.assertEqual(mock_generate_key.mock_calls, expected_calls) + self.assertEqual(sorted(mock_generate_key.mock_calls), expected_calls) self.mock_instance_config.SetOption.assert_called_once_with( 'Instance', 'instance_id', '123') -- cgit v1.2.1 From 83b6922ea3d2555c49465ce219e3a434793eae20 Mon Sep 17 00:00:00 2001 From: Tom Lanyon Date: Wed, 1 Nov 2017 06:18:17 +1100 Subject: Specify version for Python package in RPM spec. (#512) google-compute-engine requires python-google-compute-engine, but does not specify the required version; this allows google-compute-engine to be upgraded independently from the python distribution, which results in broken scripts. Fixes #511. --- specs/google-compute-engine.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/google-compute-engine.spec b/specs/google-compute-engine.spec index 6f39831..13b71ac 100644 --- a/specs/google-compute-engine.spec +++ b/specs/google-compute-engine.spec @@ -34,7 +34,7 @@ BuildRequires: systemd Requires: curl Requires: google-compute-engine-oslogin Requires: ntp -Requires: python-google-compute-engine +Requires: python-google-compute-engine = %{version} Requires: python-setuptools Requires: rsyslog %if 0%{?el7} -- cgit v1.2.1 From 084d1c649e2f97992e9f1a03ac2f6d9026ab1f8a Mon Sep 17 00:00:00 2001 From: Zach Marano Date: Thu, 2 Nov 2017 14:11:50 -0700 Subject: Add dhclient_script to README. (#514) * Add dhclient_script to README. * Updated description of dhclient script. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3c3c3cc..1fe8d5d 100644 --- a/README.md +++ b/README.md @@ -259,6 +259,7 @@ IpForwarding | target\_instance\_ips | `false` disables internal IP addres MetadataScripts | run\_dir | String base directory where metadata scripts are executed. MetadataScripts | startup | `false` disables startup script execution. MetadataScripts | shutdown | `false` disables shutdown script execution. +NetworkInterfaces | dhclient\_script | String path to a dhclient script used by dhclient. NetworkInterfaces | dhcp\_command | String to execute to enable network interfaces. NetworkInterfaces | setup | `false` disables network interface setup. -- cgit v1.2.1 From 3d87a8389bcb8bbe088c000493b2fccb013f47f8 Mon Sep 17 00:00:00 2001 From: Max Illfelder Date: Fri, 17 Nov 2017 15:50:56 -0800 Subject: Fix linter errors caught by flake8. (#519) --- google_compute_engine/instance_setup/instance_setup.py | 1 - google_compute_engine/ip_forwarding/ip_forwarding_daemon.py | 1 - google_compute_engine/metadata_scripts/script_manager.py | 1 - 3 files changed, 3 deletions(-) diff --git a/google_compute_engine/instance_setup/instance_setup.py b/google_compute_engine/instance_setup/instance_setup.py index e4791c4..78f4e00 100755 --- a/google_compute_engine/instance_setup/instance_setup.py +++ b/google_compute_engine/instance_setup/instance_setup.py @@ -27,7 +27,6 @@ from google_compute_engine import constants from google_compute_engine import file_utils from google_compute_engine import logger from google_compute_engine import metadata_watcher - from google_compute_engine.boto import boto_config from google_compute_engine.instance_setup import instance_config diff --git a/google_compute_engine/ip_forwarding/ip_forwarding_daemon.py b/google_compute_engine/ip_forwarding/ip_forwarding_daemon.py index 32c2e8b..aa44098 100755 --- a/google_compute_engine/ip_forwarding/ip_forwarding_daemon.py +++ b/google_compute_engine/ip_forwarding/ip_forwarding_daemon.py @@ -36,7 +36,6 @@ from google_compute_engine import file_utils from google_compute_engine import logger from google_compute_engine import metadata_watcher from google_compute_engine import network_utils - from google_compute_engine.ip_forwarding import ip_forwarding_utils LOCKFILE = constants.LOCALSTATEDIR + '/lock/google_ip_forwarding.lock' diff --git a/google_compute_engine/metadata_scripts/script_manager.py b/google_compute_engine/metadata_scripts/script_manager.py index 5cd0ebe..641b29d 100755 --- a/google_compute_engine/metadata_scripts/script_manager.py +++ b/google_compute_engine/metadata_scripts/script_manager.py @@ -23,7 +23,6 @@ import tempfile from google_compute_engine import config_manager from google_compute_engine import logger - from google_compute_engine.metadata_scripts import script_executor from google_compute_engine.metadata_scripts import script_retriever -- cgit v1.2.1 From 2db69addc20cef8201924c82b22a0d5652da5ac8 Mon Sep 17 00:00:00 2001 From: Danny Jones Date: Fri, 17 Nov 2017 15:56:22 -0800 Subject: Fix formatting of expiration time field. (#518) --- google_compute_engine_oslogin/utils/oslogin_utils.cc | 2 +- google_compute_engine_oslogin/utils/oslogin_utils_test.cc | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/google_compute_engine_oslogin/utils/oslogin_utils.cc b/google_compute_engine_oslogin/utils/oslogin_utils.cc index 14d3f7e..856e23e 100644 --- a/google_compute_engine_oslogin/utils/oslogin_utils.cc +++ b/google_compute_engine_oslogin/utils/oslogin_utils.cc @@ -279,7 +279,7 @@ std::vector ParseJsonToSshKeys(string response) { } key_to_add = (char*)json_object_get_string(val); } - if (string_key == "expiration_time_usec") { + if (string_key == "expirationTimeUsec") { if (val_type == json_type_int || val_type == json_type_string) { uint64_t expiry_usec = (uint64_t)json_object_get_int64(val); struct timeval tp; diff --git a/google_compute_engine_oslogin/utils/oslogin_utils_test.cc b/google_compute_engine_oslogin/utils/oslogin_utils_test.cc index c19a285..84f414a 100644 --- a/google_compute_engine_oslogin/utils/oslogin_utils_test.cc +++ b/google_compute_engine_oslogin/utils/oslogin_utils_test.cc @@ -372,7 +372,7 @@ TEST(ParseJsonSshKeyTest, ParseJsonToSshKeysFiltersExpiredKeys) { string test_user = "{\"loginProfiles\":[{\"name\":\"foo@example.com\",\"sshPublicKeys\":" "{\"fingerprint\": {\"key\": \"test_key\"}, \"fingerprint2\": {\"key\": " - "\"test_key2\", \"expiration_time_usec\": 0}}}]}"; + "\"test_key2\", \"expirationTimeUsec\": 0}}}]}"; size_t buflen = 200; char* buffer = (char*)malloc(buflen * sizeof(char)); @@ -388,7 +388,7 @@ TEST(ParseJsonSshKeyTest, ParseJsonToSshKeysFiltersMalformedExpiration) { string test_user = "{\"loginProfiles\":[{\"name\":\"foo@example.com\",\"sshPublicKeys\":" "{\"fingerprint\": {\"key\": \"test_key\"}, \"fingerprint2\": {\"key\": " - "\"test_key2\", \"expiration_time_usec\": \"bad_stuff\"}}}]}"; + "\"test_key2\", \"expirationTimeUsec\": \"bad_stuff\"}}}]}"; size_t buflen = 200; char* buffer = (char*)malloc(buflen * sizeof(char)); -- cgit v1.2.1 From 146d2f36ecf5d74fd9d1e2c60da7cf609a62e10d Mon Sep 17 00:00:00 2001 From: Ludovic Gasc Date: Tue, 28 Nov 2017 00:34:46 +0100 Subject: Add systemd as valid ntp daemon (#523) --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index c75754f..75754cf 100644 --- a/debian/control +++ b/debian/control @@ -27,7 +27,7 @@ Depends: google-compute-engine-oslogin, ${misc:Depends}, python-google-compute-engine (= ${source:Version}), python3-google-compute-engine (= ${source:Version}), - chrony | ntp | time-daemon, + chrony | ntp | time-daemon | systemd, systemd Recommends: google-cloud-sdk Conflicts: google-compute-engine-jessie, -- cgit v1.2.1 From 69e6dfdd8541ce50ceac3a01758554a81938982f Mon Sep 17 00:00:00 2001 From: Max Illfelder Date: Tue, 28 Nov 2017 12:16:13 -0800 Subject: Latest pytest release does not support Python 2.6. (#526) The guest environment must still support Python 2.6. --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index a3dc911..8debce4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,6 @@ language: python sudo: true python: -- 2.6 - 2.7 - 3.3 - 3.4 -- cgit v1.2.1 From 33dca785cd37a7a94011b5da3a1313cd1bb6cf0e Mon Sep 17 00:00:00 2001 From: Danny Jones Date: Tue, 28 Nov 2017 13:18:20 -0800 Subject: Update build to use json-c's recommended includedir. (#524) Changes inclusion of json-c's headers to #include and updates the build to add /usr/include/json-c to the search path. --- google_compute_engine_oslogin/Makefile | 11 +++++++---- google_compute_engine_oslogin/utils/oslogin_utils.cc | 2 +- google_compute_engine_oslogin/utils/run_tests.sh | 2 +- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/google_compute_engine_oslogin/Makefile b/google_compute_engine_oslogin/Makefile index 41d2dd8..771d086 100644 --- a/google_compute_engine_oslogin/Makefile +++ b/google_compute_engine_oslogin/Makefile @@ -12,10 +12,13 @@ NSS_INSTALL_PATH = /lib PAM_INSTALL_PATH = /lib/security AUTHKEYS_INSTALL_PATH = /usr/bin +JSON_INCLUDE_PATH = /usr/include/json-c +INCLUDE_FLAGS = -I$(JSON_INCLUDE_PATH) + CXX = g++ CXXFLAGS += -fPIC# -Wall -PAMFLAGS = $(LDFLAGS) -shared -NSSFLAGS = $(LDFLAGS) -shared -Wl,-soname,$(NSS_LIBRARY_SONAME) +PAMFLAGS = $(LDFLAGS) $(INCLUDE_FLAGS) -shared +NSSFLAGS = $(LDFLAGS) $(INCLUDE_FLAGS) -shared -Wl,-soname,$(NSS_LIBRARY_SONAME) # UTILS UTILS_DIR = utils @@ -86,10 +89,10 @@ $(PAM_ADMIN_OBJ): $(PAM_ADMIN_SRC) $(CXX) $(CXXFLAGS) -c $(PAM_ADMIN_SRC) -o $(PAM_ADMIN_OBJ) $(AUTHKEYS_BIN): $(AUTHKEYS_SRC) $(UTILS_SRC) - $(CXX) $(LDFLAGS) -o $(AUTHKEYS_BIN) $(AUTHKEYS_SRC) $(UTILS_SRC) $(LIBS) + $(CXX) $(LDFLAGS) $(INCLUDE_FLAGS) -o $(AUTHKEYS_BIN) $(AUTHKEYS_SRC) $(UTILS_SRC) $(LIBS) $(UTILS): $(UTILS_SRC) - $(CXX) $(CXXFLAGS) -c $(UTILS_SRC) -o $(UTILS) + $(CXX) $(CXXFLAGS) $(INCLUDE_FLAGS) -c $(UTILS_SRC) -o $(UTILS) $(SELINUX_MOD_FILE): $(SELINUX_MODULE_SRC) checkmodule -M -m -o $(SELINUX_MOD_FILE) $(SELINUX_MODULE_SRC) diff --git a/google_compute_engine_oslogin/utils/oslogin_utils.cc b/google_compute_engine_oslogin/utils/oslogin_utils.cc index 856e23e..8269883 100644 --- a/google_compute_engine_oslogin/utils/oslogin_utils.cc +++ b/google_compute_engine_oslogin/utils/oslogin_utils.cc @@ -15,7 +15,7 @@ // Requires libcurl4-openssl-dev libjson0 and libjson0-dev #include #include -#include +#include #include #include #include diff --git a/google_compute_engine_oslogin/utils/run_tests.sh b/google_compute_engine_oslogin/utils/run_tests.sh index df03ecb..b68248f 100755 --- a/google_compute_engine_oslogin/utils/run_tests.sh +++ b/google_compute_engine_oslogin/utils/run_tests.sh @@ -14,6 +14,6 @@ # limitations under the License. # Unit tests require gtest to be installed. -g++ -o test_runner oslogin_utils_test.cc oslogin_utils.cc -lcurl -ljson -lgtest -lpthread +g++ -o test_runner oslogin_utils_test.cc oslogin_utils.cc -I/usr/include/json-c -lcurl -ljson -lgtest -lpthread ./test_runner rm ./test_runner -- cgit v1.2.1 From 6b825eccb991ba81bd22b76f4829a6b41bc1cf3e Mon Sep 17 00:00:00 2001 From: Rick Wright Date: Tue, 28 Nov 2017 13:18:34 -0800 Subject: Fix home directory creation pam module. (#525) For systems that don't have selinux, the old sed expression didn't work. In addition, the mkhomedir module wasn't removed when deactivating oslogin and under some circumstances, things could be added twice. --- google_compute_engine_oslogin/bin/google_oslogin_control | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/google_compute_engine_oslogin/bin/google_oslogin_control b/google_compute_engine_oslogin/bin/google_oslogin_control index 8a21a6a..afbefbb 100755 --- a/google_compute_engine_oslogin/bin/google_oslogin_control +++ b/google_compute_engine_oslogin/bin/google_oslogin_control @@ -85,9 +85,9 @@ add_to_nss_config() { add_to_pam_config() { remove_from_config ${pam_config} - sed -i "/pam_nologin.so/ a${added_comment}\n${pam_admin}" ${pam_config}.new - sed -i "/pam_nologin.so/ a${added_comment}\n${pam_login}" ${pam_config}.new - sed -i "/pam_selinux.so close/ a${pam_homedir}" ${pam_config}.new + sed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_admin}" ${pam_config}.new + sed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_login}" ${pam_config}.new + sed -i "/pam_loginuid.so/ a${added_comment}\n${pam_homedir}" ${pam_config}.new } restart_service() { -- cgit v1.2.1 From e89407b98f39d0f73e969ab9777c3ed3150ebace Mon Sep 17 00:00:00 2001 From: Max Illfelder Date: Wed, 29 Nov 2017 11:16:45 -0800 Subject: Version bump the OS Login and Python packages. (#527) --- debian/changelog | 7 +++++++ google_compute_engine_oslogin/Makefile | 2 +- google_compute_engine_oslogin/packaging/debian8/changelog | 7 +++++++ .../packaging/debian8/google-compute-engine-oslogin.links | 2 +- google_compute_engine_oslogin/packaging/debian9/changelog | 7 +++++++ .../packaging/debian9/google-compute-engine-oslogin.links | 2 +- .../packaging/rpmbuild/SPECS/google-compute-engine-oslogin.spec | 2 +- google_compute_engine_oslogin/packaging/setup_deb.sh | 2 +- google_compute_engine_oslogin/packaging/setup_rpm.sh | 2 +- setup.py | 2 +- specs/google-compute-engine.spec | 2 +- specs/python-google-compute-engine.spec | 2 +- 12 files changed, 30 insertions(+), 9 deletions(-) diff --git a/debian/changelog b/debian/changelog index a731af4..c4bea8b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +google-compute-image-packages (2.7.2-1) stable; urgency=low + + * Generate SSH host keys when none are present. + * Improve logging when activating OS Login. + + -- Google Cloud Team Wed, 29 Nov 2017 12:00:00 -0700 + google-compute-image-packages (2.7.1-1) stable; urgency=low * Update set_hostname file name to prevent conflict. diff --git a/google_compute_engine_oslogin/Makefile b/google_compute_engine_oslogin/Makefile index 771d086..f3c14e5 100644 --- a/google_compute_engine_oslogin/Makefile +++ b/google_compute_engine_oslogin/Makefile @@ -4,7 +4,7 @@ BASENAME = oslogin NAME = google-compute-engine-$(BASENAME) MAJOR = 1 MINOR = 1 -REVISION = 1 +REVISION = 2 NSS_LIBRARY_NAME = libnss_$(NAME)-$(MAJOR).$(MINOR).$(REVISION).so NSS_LIBRARY_SONAME = libnss_$(BASENAME).so.2 diff --git a/google_compute_engine_oslogin/packaging/debian8/changelog b/google_compute_engine_oslogin/packaging/debian8/changelog index 8ecb4e5..8532d9b 100644 --- a/google_compute_engine_oslogin/packaging/debian8/changelog +++ b/google_compute_engine_oslogin/packaging/debian8/changelog @@ -1,3 +1,10 @@ +google-compute-engine-oslogin (1.1.2-1+deb8) unstable; urgency=low + + * Fix parsing logic for expiration time on SSH public keys. + * Fix home directory creation PAM config. + + -- MAINTAINER Wed, 29 Nov 2017 12:00:00 -0700 + google-compute-engine-oslogin (1.1.1-1+deb8) unstable; urgency=low * Remove logging when checking OS Login status. diff --git a/google_compute_engine_oslogin/packaging/debian8/google-compute-engine-oslogin.links b/google_compute_engine_oslogin/packaging/debian8/google-compute-engine-oslogin.links index 80df68f..8f983d5 100644 --- a/google_compute_engine_oslogin/packaging/debian8/google-compute-engine-oslogin.links +++ b/google_compute_engine_oslogin/packaging/debian8/google-compute-engine-oslogin.links @@ -1 +1 @@ -/lib/libnss_google-compute-engine-oslogin-1.1.1.so /lib/libnss_oslogin.so.2 +/lib/libnss_google-compute-engine-oslogin-1.1.2.so /lib/libnss_oslogin.so.2 diff --git a/google_compute_engine_oslogin/packaging/debian9/changelog b/google_compute_engine_oslogin/packaging/debian9/changelog index 7c8af52..de471e8 100644 --- a/google_compute_engine_oslogin/packaging/debian9/changelog +++ b/google_compute_engine_oslogin/packaging/debian9/changelog @@ -1,3 +1,10 @@ +google-compute-engine-oslogin (1.1.2-1+deb9) unstable; urgency=low + + * Fix parsing logic for expiration time on SSH public keys. + * Fix home directory creation PAM config. + + -- MAINTAINER Wed, 29 Nov 2017 12:00:00 -0700 + google-compute-engine-oslogin (1.1.1-1+deb9) unstable; urgency=low * Remove logging when checking OS Login status. diff --git a/google_compute_engine_oslogin/packaging/debian9/google-compute-engine-oslogin.links b/google_compute_engine_oslogin/packaging/debian9/google-compute-engine-oslogin.links index 80df68f..8f983d5 100644 --- a/google_compute_engine_oslogin/packaging/debian9/google-compute-engine-oslogin.links +++ b/google_compute_engine_oslogin/packaging/debian9/google-compute-engine-oslogin.links @@ -1 +1 @@ -/lib/libnss_google-compute-engine-oslogin-1.1.1.so /lib/libnss_oslogin.so.2 +/lib/libnss_google-compute-engine-oslogin-1.1.2.so /lib/libnss_oslogin.so.2 diff --git a/google_compute_engine_oslogin/packaging/rpmbuild/SPECS/google-compute-engine-oslogin.spec b/google_compute_engine_oslogin/packaging/rpmbuild/SPECS/google-compute-engine-oslogin.spec index 991a16f..a29b728 100644 --- a/google_compute_engine_oslogin/packaging/rpmbuild/SPECS/google-compute-engine-oslogin.spec +++ b/google_compute_engine_oslogin/packaging/rpmbuild/SPECS/google-compute-engine-oslogin.spec @@ -13,7 +13,7 @@ # limitations under the License. Name: google-compute-engine-oslogin -Version: 1.1.1 +Version: 1.1.2 Release: 1%{?dist} Summary: OS Login Functionality for Google Compute Engine diff --git a/google_compute_engine_oslogin/packaging/setup_deb.sh b/google_compute_engine_oslogin/packaging/setup_deb.sh index c361c22..a79d850 100755 --- a/google_compute_engine_oslogin/packaging/setup_deb.sh +++ b/google_compute_engine_oslogin/packaging/setup_deb.sh @@ -20,7 +20,7 @@ # Run from the top of the source directory. NAME="google-compute-engine-oslogin" -VERSION="1.1.1" +VERSION="1.1.2" working_dir=${PWD} diff --git a/google_compute_engine_oslogin/packaging/setup_rpm.sh b/google_compute_engine_oslogin/packaging/setup_rpm.sh index 3d71eeb..d26427e 100755 --- a/google_compute_engine_oslogin/packaging/setup_rpm.sh +++ b/google_compute_engine_oslogin/packaging/setup_rpm.sh @@ -20,7 +20,7 @@ # Run from the top of the source directory. NAME="google-compute-engine-oslogin" -VERSION="1.1.1" +VERSION="1.1.2" working_dir=${PWD} rpm_working_dir=/tmp/rpmpackage/${NAME}-${VERSION} diff --git a/setup.py b/setup.py index 51223db..91d7a9d 100755 --- a/setup.py +++ b/setup.py @@ -32,7 +32,7 @@ setuptools.setup( packages=setuptools.find_packages(), scripts=glob.glob('scripts/*'), url='https://github.com/GoogleCloudPlatform/compute-image-packages', - version='2.7.1', + version='2.7.2', # Entry points create scripts in /usr/bin that call a function. entry_points={ 'console_scripts': [ diff --git a/specs/google-compute-engine.spec b/specs/google-compute-engine.spec index 13b71ac..5ba516c 100644 --- a/specs/google-compute-engine.spec +++ b/specs/google-compute-engine.spec @@ -18,7 +18,7 @@ %endif Name: google-compute-engine -Version: 2.7.1 +Version: 2.7.2 Release: 1%{?dist} Summary: Google Compute Engine guest environment. License: ASL 2.0 diff --git a/specs/python-google-compute-engine.spec b/specs/python-google-compute-engine.spec index 7a4e8e4..6d72fbf 100644 --- a/specs/python-google-compute-engine.spec +++ b/specs/python-google-compute-engine.spec @@ -18,7 +18,7 @@ %endif Name: python-google-compute-engine -Version: 2.7.1 +Version: 2.7.2 Release: 1%{?dist} Summary: Google Compute Engine python library License: ASL 2.0 -- cgit v1.2.1