Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: google-compute-engine-oslogin | Distribution: openSUSE Leap 15.2 |
Version: 20190801 | Vendor: openSUSE |
Release: lp152.5.4.1 | Build date: Thu Jul 16 18:05:39 2020 |
Group: System/Daemons | Build host: obs-power9-06 |
Size: 4759111 | Source RPM: google-compute-engine-20190801-lp152.5.4.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://github.com/GoogleCloudPlatform/compute-image-packages | |
Summary: OS Login Functionality for Google Compute Engine |
Libraries and scripts to enable OS Login functionality for Google Compute Engine. Modifies sshd, nsswitch, and sshd_pam configurations.
Apache-2.0
* Sat Jun 20 2020 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com> - Don't enable and start google-network-daemon.service when it's already installed (bsc#1169978) * Tue Apr 28 2020 Robert Schweikert <rjschwei@suse.com> - Add gceosl-no-def-sysgrps.patch (bsc#1170719, bsc#1170720) + Do not add the created user to the adm (CVE-2020-8903), docker (CVE-2020-8907), or lxd (CVE-2020-8933) groups if they exist (bsc#1173258) * Wed Apr 08 2020 Robert Schweikert <rjschwei@suse.com> - Rename the sysctl file that applies the GCE network settings (bsc#1167810) + The file 11-gce-network-security.conf applies network configuration settings. Specifically the value for net.ipv4.conf.all.rp_filter is also part of the system defaults in /usr/lib/sysctl.d/50-default.conf and thus the default setting was applied, instead of the desired setting. As 50-default is processed after 11-gce-network-security. * Tue Oct 22 2019 Robert Schweikert <rjschwei@suse.com> - Add gcei-waitlimit-dns.patch (bsc#1151398) + Add a wait limit to retrying DNS resolution to avoid a forever loop * Tue Sep 17 2019 Robert Schweikert <rjschwei@suse.com> - Fix file list + On i586 Python code is also under _libdir thus creating a conflict between the packages. * Wed Sep 11 2019 Robert Schweikert <rjschwei@suse.com> - Add gcei_disableipv6.patch (bsc#1150058) + Upstream introduced an interface named "DisableIpv6" but the implementation was incomplete and the interface was missing for SUSE distros * Tue Aug 20 2019 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com> - Fix install location of NSS and PAM shared libraries (bsc#1146172) - Switch RPM group for oslogin package from Hardware to System/Daemons * Tue Aug 06 2019 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com> - Add patch to normalize setup version of Python code + gcei-normalize-python-version.patch - Fix file matching patterns in %files section for oslogin package * Mon Aug 05 2019 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com> - Update to version 20190801 (bsc#1144092, bsc#1144170) + Google Compute Engine * Re-enable boto config without plugin. * Fix metadata script retrieval for python 2 and 3. + Google Compute Engine OS Login * Fix for 2FA on RHEL 8. - from version 20190730 + Google Compute Engine * Support for Debian 10. * New package versioning. * Support for Google Private Access over IPv6. * Support root disk expansion in RHEL 8 and Debian 10. + Google Compute Engine OS Login * Bug fixes for sudoers. * Initial groups support (not yet enabled). - Add patch to explicitly link NSS and PAM shared libraries against libboost_regex on SLE-12 + gcei-link-boost_regex.patch - Refresh patches for new version + gcei-scripts-after-reg.patch - Set StandardOutput=journal+console in custom systemd service files + google-optimize-local-ssd.service + google-set-multiqueue.service - Stop installing configuration file for systemd-journald + Logging is now configured through systemd service files - Update file matching patterns in %files section for new version * Mon May 27 2019 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com> - Update to version 20190522 (bsc#1136266, bsc#1136267) + Google Compute Engine * Fix guest attributes flow in Python 3. + Google Compute Engine OS Login * Update OS Login control file for FreeBSD support. - from version 20190521 + Google Compute Engine * Retry download for metadata scripts. * Fix script retrieval in Python 3. * Disable boto config in Python 3. * Update SSH host keys in guest attributes. * Fix XPS settings with more than 64 vCPUs. * Thu May 16 2019 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com> - Update to version 20190416 (bsc#1128392, bsc#1134179) + Google Compute Engine * FreeBSD fixes: syslog socket location and OS detection. * Upstart systems: only run startup scripts at boot. + Google Compute Engine OS Login * Fix pam_group ordering detection. * Restart cron from the OS Login control file. * Add PAM entry to su:account stack. - from version 20190315 + Google Compute Engine OS Login * Fix alternate challenge section for two factor authentication. * Fix FreeBSD compatibility issues in the control file. - from version 20190304 + Google Compute Engine * Set oom_score_adjust for google_accounts_daemon. + Google Compute Engine OS Login * Use pam_group to provide users with default groups. * Add compat.h to support FreeBSD. * Exit immediately after a two factor authentication failure. * Add support for Google phone prompt challenges. - Adjust paths for new upstream directory layout in %build and %install - Include systemd service file to run google_optimize_local_ssd command + google-optimize-local-ssd.service - Include systemd service file to run google_set_multiqueue command + google-set-multiqueue.service - Install journald configuration files into /usr/lib/systemd/journald.conf.d - Refresh patches for new version + gcei-hide-py-deps.patch + gcei-scripts-after-reg.patch + gcei-set-run_dir.patch * Wed Jan 30 2019 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com> - Update to version 20190124 (bsc#1123671, bsc#1123672) + Google Compute Engine * Fix metadata script retrieval to support Python 3. * Mon Jan 21 2019 Robert Schweikert <rjschwei@suse.com> - Remove dropped service from systemd setup macros (bsc#1122172) - Drop use of restart_on_update, force service restart with -f option on service_del_preun and service_del_postun - Detect and handle removed services in pre rather than post * Tue Dec 11 2018 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com> - Update to version 20181206 (bsc#1119029, bsc#1119110) + Google Compute Engine * Support enabling OS Login two factor authentication. * Improve accounts support for FreeBSD. + Google Compute Engine OS Login * Support OS Login two factor authentication (Alpha). * Improve SELinux support. - from version 20181023 + Google Compute Engine * Fix: Update sudoer group membership without overriding local groups. - from version 20181018 + Google Compute Engine * Fix: Remove users from sudoers group on account removal. * Sun Nov 25 2018 Robert Schweikert <rjschwei@suse.com> - Remove conditions for distributions older than Leap 42.3 and SLE 12 + Delete init scripts google-accounts-daemon.suse, google-clock-skew-daemon.suse, google-instance-setup.suse, google-network-daemon.suse, google-shutdown-scripts.suse, google-startup-scripts.suse - Fix build for distributions with gcc version less than 4.9 + Add new dependency on boost * Fri Oct 12 2018 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com> - Update to version 20181011 + Google Compute Engine * Revert: Remove users from sudoers group on account removal. - from version 20181008 + Google Compute Engine * Remove users from sudoers group on account removal. * Remove gsutil dependency for metadata scripts. - from version 20180905 + Google Compute Engine * Remove ntp package dependency. * Support Debian 10 Buster. * Restart the network daemon if networking is restarted. * Prevent setup of the default ethernet interface. * Accounts daemon verifies username is 32 characters or less. + Google Compute Engine OS Login * Add user name validation to pam modules. * Return false on failed final load. * Support FreeBSD. * Support Debian 10 Buster. - from version 20180611 + Google Compute Engine * Prevent IP forwarding daemon log spam. * Make default shell configurable when executing metadata scripts. * Rename distro directory to distro_lib. - Refresh patches for new version + gcei-set-run_dir.patch * Mon Jun 18 2018 adrian.glaubitz@suse.com - Ensure that google-ip-forwarding-daemon service and google-network-setup are stopped and disabled during upgrade - Ensure that google-network-daemon service is enabled and started during upgrade * Thu Jun 14 2018 adrian.glaubitz@suse.com - Add patch to set run_dir to /var/run (bsc#1097378, #1097616) + gcei-set-run_dir.patch - Drop deleted patch from spec file + gcei-lnx-distro-py3.patch * Tue May 29 2018 rjschwei@suse.com - Remove gcei-lnx-distro-py3.patch + Upstream intention is to depend on distro module from GitHub - Add dependency on python3-distro for SLE/Leap 15 and later * Mon May 21 2018 rjschwei@suse.com - Add patch gcei-lnx-distro-py3.patch (bsc#1094074) * Fri May 11 2018 adrian.glaubitz@suse.com - Update to version 20180510 (bsc#1092214) + Prevent delay in configuring IP forwarding routes. + Improve instance setup support for FreeBSD. - Include new google-network-daemon + Add google-network-daemon.service activation in %pre and %post sections + Add google-network-daemon.suse init script for SysV - Stop shipping deprecated google-ip-forwarding-daemon service + Remove google-ip-forwarding-daemon.service activation in %pre and %post sections + Drop google-ip-forwarding-daemon.suse from source distribution - Add missing association with "init" package for %pre, %post, %preun and %postun sections - Install google_oslogin_nss_cache binary into oslogin package * Tue May 08 2018 adrian.glaubitz@suse.com - Update to version 20180504 (bsc#1092214) + Create a new network daemon. + Refactor the IP forwarding daemon and network setup. + Improvements for using NSS cache in the accounts daemon. + Include libnss cache as part of the OS Login package. - Refresh patches for new version: + gcei-scripts-after-reg.patch * Mon Apr 16 2018 adrian.glaubitz@suse.com - Update to version 20180227 (bsc#1066273) + Add distro specific logic. + Support SLES 11 and 12 in multi-nic setup. + Fix boto config documentation. + Add modprobe blacklist for nouveau and floppy modules. + Fix irqbalance conflict in Debian package. + Fix conflict with other applications that use curl and SSL. - Install new kernel module blacklist into /etc/modprobe.d. - Refresh patches for new version: + gcei-hide-py-deps.patch * Fri Feb 02 2018 adrian.glaubitz@suse.com - Update to version 20180129 (bsc#1078349, bsc#1079077) + Improve rsyslog daemon reset when using the dhcp exit hook. + The OS Login feature is generally available. + Change the OS Login uid restriction to allow uid 1000. + Close socket connections after requesting metadata. - From version 20171213 + Force IPv4 for Debian apt configs. * Sun Dec 03 2017 adrian.glaubitz@suse.com - Update to version 20171129 (bsc#1070895, bsc#1070918) + Generate SSH host keys when none are present. + Improve logging when activating OS Login. + Fix parsing logic for expiration time on SSH public keys. + Fix home directory creation PAM config. * Fri Nov 03 2017 rjschwei@suse.com - Change dependencies -init depends on -oslogin + oslogin feature is now enabled by the initialization code when appropriate - Do not start the oslogin feature upon package install * Fri Oct 27 2017 rjschwei@suse.com - Fix build for SLES 11 * Thu Oct 26 2017 adrian.glaubitz@suse.com - Update to version 20171025 (bsc#1064356, bsc#1065308) + Add apt configuration to prevent auto-removal of Google packages. + Rename set_hostname to prevent naming conflicts. + Remove logging when checking OS Login status. - From version 20171019 + Support the enable-oslogin metadata key for activating OS Login. + Improve packaging to restart services. + OS Login is available in Beta. + Add status option to the OS Login control file. - From version 20171006 + Fix system hang during VM shutdown. + JSON parser accepts string types for int64 values. - From version 20170921 + JSON parser casts uid and gid to unsigned integers. - From version 20170914 + Remove fstab barrier options in EL 7. + Use curl to download metadata script files for SSL certificate validation. + Use netifaces for retrieving MAC address names if the import exists. * Tue Sep 19 2017 rjschwei@suse.com - Ship the udevrules with the -init package only * Tue Sep 12 2017 rjschwei@suse.com - Fix baslibs.conf, use package, not files - Include rpmlintrc and baslibc.conf as source * Mon Sep 11 2017 rjschwei@suse.com - Add gcei-scripts-after-reg.patch (bsc#1057671) * Sat Sep 09 2017 rjschwei@suse.com - Update to version 20170829 (bsc#1049242, FATE#323757) + Support oslogin feature + Add rpmlintrc ~ We ship pam and nss modules in -oslogin we do not want to name the package according to the shared library naming policy + Add baslibs.config ~ Handle the nss and pam modules provided by oslogin properly - From version 20170718 + Allow nologin paths other than /sbin/nologin. + Try to download GCS URLs with curl if gsutil is not installed. + Fix control scripts to correctly restart sshd and nscd if they exist. + Retry HTTP requests if error 500 is received. + Move oslogin sudoers directory locations. - Setup for Python 3 build oSTW and SLE 15 - Source package renamed to google-compute-engine + Binary subpackages -init -oslogin * Fri Jan 13 2017 rjschwei@suse.com - The startup script attempts a network connection, thus it must run after network setup * Thu Jan 12 2017 rjschwei@suse.com - Scripts that are one-shot should not be marked as "stop_on_removal" as there is no process running (bsc#1017395) - One-shot scripts should not run with startproc * Mon Dec 19 2016 rjschwei@suse.com - Update to version 20161213 (bsc#1015829, bsc#1016372) + Remove gcei-handle-failed-open.patch included upstream + Remove gcei-handle-missing-gsutil.patch included upstream + Forward port gcei-hide-py-deps.patch + Improved alias IP support - From 20161118 + Add support for alias IPs in the IP forwarding daemon. + IP forwarding daemon adds back local routes after network restart. + Account daemon removes expired key access without metadata change. + Account daemon ignores SSH keys with non-ascii characters. + Improved exception handling. + Fix for syslog startup on systemd. + Add a route to the metadata server to /etc/hosts. - From 20160930 + Provide a service to enable network interfaces on boot. + Create a common library for inspecting network interfaces. + Allow metadata script output that is not UTF-8. + Fixed instance config file logic. + Fixed accounts management Python 3 compatibility. + Fixed IP forwarding Python 3 compatibility. + Improved style consistency. + Run a service on boot to enable additional network interfaces. + Update dhclient-script on EL 6 to fix local routing. * Sun Oct 30 2016 jengelh@inai.de - Resolve description inaccuracy - Call %service_* just once, but with all args * Wed Oct 26 2016 rjschwei@suse.com - Include in SLE 12 and SLE 11 (FATE#321748, FATE#321890, bsc#994943) * Thu Oct 20 2016 rjschwei@suse.com - Update gcei-handle-failed-open.patch to match upstream PR * Wed Oct 19 2016 rjschwei@suse.com - Add gcei-handle-failed-open.patch * Do not exit with a traceback if the sudoers file cannot be written * Wed Oct 19 2016 rjschwei@suse.com - Package the rsyslog config unconditionally, rsyslog also available on SLE 11 * Wed Oct 19 2016 rjschwei@suse.com - Add sysvinit scripts for SUSE, upstream scripts are RHEL specific * google-accounts-daemon.suse * google-clock-skew-daemon.suse * google-instance-setup.suse * google-ip-forwarding-daemon.suse * google-shutdown-scripts.suse * google-startup-scripts.suse * Mon Oct 17 2016 rjschwei@suse.com - Own the udev directories, fixes issue with SLE 12 build * Mon Oct 17 2016 rjschwei@suse.com - Conflict with the previous generation of initialization code. * According to upstream and update path is not supported and has too many corner cases to reliably work. Thus running instances are not expected to upgrade. * Mon Oct 17 2016 rjschwei@suse.com - Initial build - Version 20160803
/lib64/security/pam_oslogin_admin.so /lib64/security/pam_oslogin_login.so /usr/bin/google_authorized_keys /usr/bin/google_oslogin_control /usr/bin/google_oslogin_nss_cache /usr/lib64/libnss_cache_oslogin-20190801.00.so /usr/lib64/libnss_cache_oslogin.so.2 /usr/lib64/libnss_oslogin-20190801.00.so /usr/lib64/libnss_oslogin.so.2 /usr/share/man/man8/libnss_cache_oslogin.so.2.8.gz /usr/share/man/man8/libnss_oslogin.so.2.8.gz /usr/share/man/man8/nss-cache-oslogin.8.gz /usr/share/man/man8/nss-oslogin.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 12:46:04 2024