From 08ed0f39888b87e3b521b4463c42c5b13fc2cf74 Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Wed, 26 Feb 2025 12:50:26 +0100 Subject: [PATCH 1/3] overlay wa-linux-agent: update to 2.12.0.4 Update to wa-linux-agent 2.12.0.4, to create a reasonable base for applying further patches on top of it. Fix the Flatcar's 3rd-party patch according to the version update. Update oem-azure to the same version accordingly. --- .../app-emulation/wa-linux-agent/Manifest | 2 +- .../files/0001-flatcar-changes.patch | 15 ++++++++------- ...2.ebuild => wa-linux-agent-2.12.0.4-r1.ebuild} | 0 ...1.1-r3.ebuild => oem-azure-2.12.0.4-r1.ebuild} | 0 4 files changed, 9 insertions(+), 8 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/{wa-linux-agent-2.9.1.1-r2.ebuild => wa-linux-agent-2.12.0.4-r1.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/{oem-azure-2.9.1.1-r3.ebuild => oem-azure-2.12.0.4-r1.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/Manifest index 278c8b97ac..909ecd6f9f 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/Manifest @@ -1 +1 @@ -DIST wa-linux-agent-2.9.1.1.tar.gz 1986486 BLAKE2B ce630830886fe9bb729cfa7d92ac40bf158d26272b83e099fa2957928761642f84af2eef28ad691a076a89af6304f6ae67d7aa37ecf8629b3b973d083e619ae7 SHA512 3f44aecc16ac545db4b550586f168dbbdef34289aad6775973517bf645e5a1d486864c01e974f03a71b3e946c14e1ca140673a75c1cd602aac28725eaa68e83d +DIST wa-linux-agent-2.12.0.4.tar.gz 2143917 BLAKE2B 4c4091569c3fc302de81c1d8467f33f8e3e817387697c339e98eb8def3100939a9cd99044fb934f7b4ce0830ae626bb5501c60f76931a614fa1392fdcd179e20 SHA512 09cfa8072f705dd4c96dda9c6a0b24b6050fcb57a0ad9bd5307ec07c7bb8270e48c17fd0fcb13cc2c8ca59472ec60af1657b536089eb9f116ca77658f6112595 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/files/0001-flatcar-changes.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/files/0001-flatcar-changes.patch index f72529dc28..c47371ef4d 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/files/0001-flatcar-changes.patch +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/files/0001-flatcar-changes.patch @@ -162,7 +162,7 @@ index 83123e3f..b9257a9b 100644 return DebianOSBaseUtil() if distro_name in ("flatcar", "coreos") or distro_code_name in ("flatcar", "coreos"): -+ if Version(distro_version) >= Version("3550"): ++ if DistroVersion(distro_version) >= DistroVersion("3550"): + return FlatcarUtil() return CoreOSUtil() @@ -251,15 +251,16 @@ index 00000000..eeaf25ce + time.sleep(wait) + else: + logger.warn("exceeded restart retries") -diff --git a/azurelinuxagent/common/persist_firewall_rules.py b/azurelinuxagent/common/persist_firewall_rules.py +diff --git a/azurelinuxagent/ga/persist_firewall_rules.py b/azurelinuxagent/ga/persist_firewall_rules.py index 74b878ce..22562c96 100644 ---- a/azurelinuxagent/common/persist_firewall_rules.py -+++ b/azurelinuxagent/common/persist_firewall_rules.py -@@ -35,6 +35,7 @@ class PersistFirewallRulesHandler(object): +--- a/azurelinuxagent/ga/persist_firewall_rules.py ++++ b/azurelinuxagent/ga/persist_firewall_rules.py +@@ -35,7 +35,7 @@ class PersistFirewallRulesHandler(object): # Do not edit. [Unit] - Description=Setup network rules for WALinuxAgent -+After=systemd-sysext.service + Description=Setup network rules for WALinuxAgent +-After=local-fs.target ++After=local-fs.target systemd-sysext.service Before=network-pre.target Wants=network-pre.target DefaultDependencies=no diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/wa-linux-agent-2.9.1.1-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/wa-linux-agent-2.12.0.4-r1.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/wa-linux-agent-2.9.1.1-r2.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/wa-linux-agent-2.12.0.4-r1.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/oem-azure-2.9.1.1-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/oem-azure-2.12.0.4-r1.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/oem-azure-2.9.1.1-r3.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/oem-azure-2.12.0.4-r1.ebuild From a87844c13f3d96fa8c7fcc1e3d0a42f651507a66 Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Wed, 26 Feb 2025 14:52:29 +0100 Subject: [PATCH 2/3] overlay wa-linux-agent: apply patch to fix ssh public key override issue Apply patch to fix an issue when overriding ssh public key from ignition configuration. Since the fix is not available in releases of wa-linux-agent, we should apply a separate patch. See also https://github.com/Azure/WALinuxAgent/pull/3309. --- ...0002-prevent-ssh-public-key-override.patch | 26 +++++++++++++++++++ .../wa-linux-agent-2.12.0.4-r1.ebuild | 1 + 2 files changed, 27 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/files/0002-prevent-ssh-public-key-override.patch diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/files/0002-prevent-ssh-public-key-override.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/files/0002-prevent-ssh-public-key-override.patch new file mode 100644 index 0000000000..d53936e351 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/files/0002-prevent-ssh-public-key-override.patch @@ -0,0 +1,26 @@ +From 0c8db73c3567039e50ffa7447bb093ca812dedf6 Mon Sep 17 00:00:00 2001 +Message-Id: <0c8db73c3567039e50ffa7447bb093ca812dedf6.1740577844.git.dpark@linux.microsoft.com> +From: Peyton Robertson <93797227+peytonr18@users.noreply.github.com> +Date: Tue, 28 Jan 2025 14:17:43 -0800 +Subject: [PATCH] Applying patch to prevent ssh public key override (#3309) + +--- + azurelinuxagent/common/osutil/default.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/azurelinuxagent/common/osutil/default.py b/azurelinuxagent/common/osutil/default.py +index 584515dc..746c4363 100644 +--- a/azurelinuxagent/common/osutil/default.py ++++ b/azurelinuxagent/common/osutil/default.py +@@ -346,7 +346,7 @@ GEN2_DEVICE_ID = 'f8b3781a-1e82-4818-a1c3-63d806ec15bb' + raise OSUtilError("Bad public key: {0}".format(value)) + if not value.endswith("\n"): + value += "\n" +- fileutil.write_file(path, value) ++ fileutil.write_file(path, value, append=True) + elif thumbprint is not None: + lib_dir = conf.get_lib_dir() + crt_path = os.path.join(lib_dir, thumbprint + '.crt') +-- +2.39.5 + diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/wa-linux-agent-2.12.0.4-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/wa-linux-agent-2.12.0.4-r1.ebuild index ee70a04763..6e932e1563 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/wa-linux-agent-2.12.0.4-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/wa-linux-agent-2.12.0.4-r1.ebuild @@ -30,4 +30,5 @@ S="${WORKDIR}/WALinuxAgent-${PV}" PATCHES=( "${FILESDIR}/0001-flatcar-changes.patch" + "${FILESDIR}/0002-prevent-ssh-public-key-override.patch" ) From 23984d1bdf5eac57ca8768909e9dcfea5ab16f88 Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Mon, 3 Mar 2025 12:23:06 +0100 Subject: [PATCH 3/3] changelog: add changelog for bugfix in wa-linux-agent with ignition --- changelog/bugfixes/2025-02-28-walinuxagent-ignition.md | 1 + changelog/updates/2025-02-28-walinuxagent-2.12.0.4.md | 1 + 2 files changed, 2 insertions(+) create mode 100644 changelog/bugfixes/2025-02-28-walinuxagent-ignition.md create mode 100644 changelog/updates/2025-02-28-walinuxagent-2.12.0.4.md diff --git a/changelog/bugfixes/2025-02-28-walinuxagent-ignition.md b/changelog/bugfixes/2025-02-28-walinuxagent-ignition.md new file mode 100644 index 0000000000..0a34f81620 --- /dev/null +++ b/changelog/bugfixes/2025-02-28-walinuxagent-ignition.md @@ -0,0 +1 @@ +- azure: Fixed issue of wa-linux-agent overriding ssh public key from ignition configuration during provisioning ([flatcar/Flatcar#1661](https://github.com/flatcar/Flatcar/issues/1661)) diff --git a/changelog/updates/2025-02-28-walinuxagent-2.12.0.4.md b/changelog/updates/2025-02-28-walinuxagent-2.12.0.4.md new file mode 100644 index 0000000000..eae390f130 --- /dev/null +++ b/changelog/updates/2025-02-28-walinuxagent-2.12.0.4.md @@ -0,0 +1 @@ +- azure: wa-linux-agent ([2.12.0.4](https://github.com/Azure/WALinuxAgent/releases/tag/v2.12.0.4))