diff -Nru gce-compute-image-packages-20171006+dfsg1/debian/changelog gce-compute-image-packages-20171019+dfsg1/debian/changelog --- gce-compute-image-packages-20171006+dfsg1/debian/changelog 2017-10-09 19:16:04.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/debian/changelog 2017-10-24 16:35:46.000000000 +0200 @@ -1,3 +1,22 @@ +gce-compute-image-packages (20171019+dfsg1-0ubuntu1) bionic; urgency=medium + + [ Balint Reczey ] + * New upstream version 20171019+dfsg1 (LP: #1726810) + - Add status option for google_oslogin_control + - OS Login activation via the accounts daemon + * Tidy up d/control with the help of cme fix dpkg-control + * Update symlink to shared library with updated minor version + * Change package priority to optional from extra + * Add debhelper token to prerm + + [ Zach Marano from Google Cloud Team ] + * Depend on chrony | ntp | time-daemon instead of just ntp + * Move all service activation handling to + gce-compute-image-packages.{postinst|prerm} + * Make google-compute-engine depend on google-compute-engine-oslogin + + -- Balint Reczey Tue, 24 Oct 2017 16:35:46 +0200 + gce-compute-image-packages (20171006+dfsg1-0ubuntu1) artful; urgency=medium * List current packaging repository in debian/control diff -Nru gce-compute-image-packages-20171006+dfsg1/debian/control gce-compute-image-packages-20171019+dfsg1/debian/control --- gce-compute-image-packages-20171006+dfsg1/debian/control 2017-10-09 19:16:04.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/debian/control 2017-10-24 16:35:46.000000000 +0200 @@ -1,8 +1,7 @@ Source: gce-compute-image-packages -Section: admin -Priority: extra Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Daniel Watkins +Section: admin +Priority: optional Build-Depends: cmake, debhelper (>= 9), dh-python, @@ -21,23 +20,25 @@ python-boto, python3-boto Standards-Version: 3.9.8 -Homepage: https://github.com/GoogleCloudPlatform/compute-image-packages -Vcs-Git: git://git.launchpad.net/~rbalint/ubuntu/+source/gce-compute-image-packages Vcs-Browser: https://git.launchpad.net/~rbalint/ubuntu/+source/gce-compute-image-packages +Vcs-Git: git://git.launchpad.net/~rbalint/ubuntu/+source/gce-compute-image-packages +Homepage: https://github.com/GoogleCloudPlatform/compute-image-packages +XSBC-Original-Maintainer: Daniel Watkins Package: gce-compute-image-packages Architecture: all Depends: python3:any, ${python3:Depends}, ${misc:Depends}, + google-compute-engine-oslogin, python3-google-compute-engine (= ${source:Version}), - ntp, + chrony | ntp | time-daemon, cloud-init Recommends: google-cloud-sdk, libpam-cracklib Conflicts: gce-cloud-config, - gce-daemon, - gce-startup-scripts + gce-daemon, + gce-startup-scripts Replaces: gce-cloud-config, gce-daemon, gce-startup-scripts @@ -47,19 +48,19 @@ to the cloud. Package: python-google-compute-engine -Section: python Architecture: all +Section: python Depends: ${python:Depends}, - ${misc:Depends}, + ${misc:Depends} Description: Python library for Google Compute Engine interaction Python libraries used for interacting with Google Compute Engine's APIs and functionality. This package contains the modules for Python 2.x. Package: python3-google-compute-engine -Section: python Architecture: all +Section: python Depends: ${python3:Depends}, - ${misc:Depends}, + ${misc:Depends} Description: Python library for Google Compute Engine interaction (Python 3) Python libraries used for interacting with Google Compute Engine's APIs and functionality. This package contains the modules for Python 3.x. diff -Nru gce-compute-image-packages-20171006+dfsg1/debian/copyright gce-compute-image-packages-20171019+dfsg1/debian/copyright --- gce-compute-image-packages-20171006+dfsg1/debian/copyright 2017-10-09 19:16:04.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/debian/copyright 2017-10-24 16:35:46.000000000 +0200 @@ -12,8 +12,8 @@ Copyright: 2017, Canonical Group, Ltd. License: Apache-2.0 -Files: debian/google-compute-engine-oslogin.postinst - debian/google-compute-engine-oslogin.prerm +Files: debian/gce-compute-image-packages.postinst + debian/gce-compute-image-packages.prerm Copyright: 2017, Google Inc. License: Apache-2.0 diff -Nru gce-compute-image-packages-20171006+dfsg1/debian/gce-compute-image-packages.postinst gce-compute-image-packages-20171019+dfsg1/debian/gce-compute-image-packages.postinst --- gce-compute-image-packages-20171006+dfsg1/debian/gce-compute-image-packages.postinst 1970-01-01 01:00:00.000000000 +0100 +++ gce-compute-image-packages-20171019+dfsg1/debian/gce-compute-image-packages.postinst 2017-10-24 16:35:46.000000000 +0200 @@ -0,0 +1,34 @@ +#!/bin/sh +# Copyright 2017 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#DEBHELPER# + +# Manually added service start or restart. We do not start or restart +# google-shutdown-scripts.service google-startup-scripts.service. +set -e +if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true + if [ -n "$2" ]; then + _dh_action=try-restart + else + _dh_action=start + fi + deb-systemd-invoke $_dh_action \ + google-instance-setup.service \ + google-network-setup.service \ + google-accounts-daemon.service \ + google-clock-skew-daemon.service \ + google-ip-forwarding-daemon.service >/dev/null || true +fi diff -Nru gce-compute-image-packages-20171006+dfsg1/debian/gce-compute-image-packages.prerm gce-compute-image-packages-20171019+dfsg1/debian/gce-compute-image-packages.prerm --- gce-compute-image-packages-20171006+dfsg1/debian/gce-compute-image-packages.prerm 1970-01-01 01:00:00.000000000 +0100 +++ gce-compute-image-packages-20171019+dfsg1/debian/gce-compute-image-packages.prerm 2017-10-24 16:35:46.000000000 +0200 @@ -0,0 +1,29 @@ +#!/bin/sh +# Copyright 2017 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#DEBHELPER# + +# Manually stop all services. +set -e +if [ -d /run/systemd/system ] && [ "$1" = remove ]; then + deb-systemd-invoke stop \ + google-instance-setup.service \ + google-network-setup.service \ + google-accounts-daemon.service \ + google-clock-skew-daemon.service \ + google-ip-forwarding-daemon.service \ + google-shutdown-scripts.service \ + google-startup-scripts.service >/dev/null +fi diff -Nru gce-compute-image-packages-20171006+dfsg1/debian/google-compute-engine-oslogin.links gce-compute-image-packages-20171019+dfsg1/debian/google-compute-engine-oslogin.links --- gce-compute-image-packages-20171006+dfsg1/debian/google-compute-engine-oslogin.links 2017-10-09 19:16:04.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/debian/google-compute-engine-oslogin.links 2017-10-24 16:35:46.000000000 +0200 @@ -1 +1 @@ -lib/libnss_google-compute-engine-oslogin-1.0.5.so lib/libnss_oslogin.so.2 +lib/libnss_google-compute-engine-oslogin-1.1.0.so lib/libnss_oslogin.so.2 diff -Nru gce-compute-image-packages-20171006+dfsg1/debian/google-compute-engine-oslogin.postinst gce-compute-image-packages-20171019+dfsg1/debian/google-compute-engine-oslogin.postinst --- gce-compute-image-packages-20171006+dfsg1/debian/google-compute-engine-oslogin.postinst 2017-10-09 19:16:04.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/debian/google-compute-engine-oslogin.postinst 1970-01-01 01:00:00.000000000 +0100 @@ -1,19 +0,0 @@ -#!/bin/sh -# Copyright 2017 Google Inc. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -set -e - -google_oslogin_control activate - -#DEBHELPER# diff -Nru gce-compute-image-packages-20171006+dfsg1/debian/google-compute-engine-oslogin.prerm gce-compute-image-packages-20171019+dfsg1/debian/google-compute-engine-oslogin.prerm --- gce-compute-image-packages-20171006+dfsg1/debian/google-compute-engine-oslogin.prerm 2017-10-09 19:16:04.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/debian/google-compute-engine-oslogin.prerm 1970-01-01 01:00:00.000000000 +0100 @@ -1,19 +0,0 @@ -#!/bin/sh -# Copyright 2017 Google Inc. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -set -e - -command -v google_oslogin_control > /dev/null && google_oslogin_control deactivate - -#DEBHELPER# diff -Nru gce-compute-image-packages-20171006+dfsg1/debian/rules gce-compute-image-packages-20171019+dfsg1/debian/rules --- gce-compute-image-packages-20171006+dfsg1/debian/rules 2017-10-09 19:16:04.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/debian/rules 2017-10-24 16:35:46.000000000 +0200 @@ -31,8 +31,7 @@ $(MAKE) -C $(OSLOGIN_DIR) DESTDIR=$(CURDIR)/debian/tmp PAM_INSTALL_PATH=/lib/$(DEB_HOST_MULTIARCH)/security BIN_INSTALL_PATH=/usr/bin install override_dh_systemd_start: - dh_systemd_start --no-restart-on-upgrade --no-start --name=google-startup-scripts - dh_systemd_start --no-restart-on-upgrade --no-start --name=google-shutdown-scripts + # Configured in gce-compute-image-packages.postinst instead. override_dh_python3: dh_python3 diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine/accounts/accounts_daemon.py gce-compute-image-packages-20171019+dfsg1/google_compute_engine/accounts/accounts_daemon.py --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine/accounts/accounts_daemon.py 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine/accounts/accounts_daemon.py 2017-10-18 23:56:59.000000000 +0200 @@ -27,6 +27,7 @@ from google_compute_engine import logger from google_compute_engine import metadata_watcher from google_compute_engine.accounts import accounts_utils +from google_compute_engine.accounts import oslogin_utils LOCKFILE = constants.LOCALSTATEDIR + '/lock/google_accounts.lock' @@ -59,6 +60,8 @@ logger=self.logger, groups=groups, remove=remove, useradd_cmd=useradd_cmd, userdel_cmd=userdel_cmd, usermod_cmd=usermod_cmd, groupadd_cmd=groupadd_cmd) + self.oslogin = oslogin_utils.OsLoginUtils(logger=self.logger) + try: with file_utils.LockFile(LOCKFILE): self.logger.info('Starting Google Accounts daemon.') @@ -151,14 +154,14 @@ logging.debug('User accounts: %s.', user_map) return user_map - def _GetAccountsData(self, metadata_dict): - """Get the user accounts specified in metadata server contents. + def _GetInstanceAndProjectAttributes(self, metadata_dict): + """Get dictionaries for instance and project attributes. Args: metadata_dict: json, the deserialized contents of the metadata server. Returns: - dict, a mapping of the form: {'username': ['sshkey1, 'sshkey2', ...]}. + tuple, two dictionaries for instance and project attributes. """ metadata_dict = metadata_dict or {} @@ -173,6 +176,20 @@ except KeyError: project_data = {} self.logger.warning('Project attributes were not found.') + + return instance_data, project_data + + def _GetAccountsData(self, metadata_dict): + """Get the user accounts specified in metadata server contents. + + Args: + metadata_dict: json, the deserialized contents of the metadata server. + + Returns: + dict, a mapping of the form: {'username': ['sshkey1, 'sshkey2', ...]}. + """ + instance_data, project_data = self._GetInstanceAndProjectAttributes( + metadata_dict) valid_keys = [instance_data.get('sshKeys'), instance_data.get('ssh-keys')] block_project = instance_data.get('block-project-ssh-keys', '').lower() if block_project != 'true' and not instance_data.get('sshKeys'): @@ -208,6 +225,23 @@ self.user_ssh_keys.pop(username, None) self.invalid_users -= set(remove_users) + def _GetEnableOsLoginValue(self, metadata_dict): + """Get the value of the enable-oslogin metadata key. + + Args: + metadata_dict: json, the deserialized contents of the metadata server. + + Returns: + bool, True if OS Login is enabled for VM access. + """ + instance_data, project_data = self._GetInstanceAndProjectAttributes( + metadata_dict) + instance_value = instance_data.get('enable-oslogin') + project_value = project_data.get('enable-oslogin') + value = instance_value or project_value or '' + + return value.lower() == 'true' + def HandleAccounts(self, result): """Called when there are changes to the contents of the metadata server. @@ -216,7 +250,13 @@ """ self.logger.debug('Checking for changes to user accounts.') configured_users = self.utils.GetConfiguredUsers() - desired_users = self._GetAccountsData(result) + enable_oslogin = self._GetEnableOsLoginValue(result) + if enable_oslogin: + desired_users = {} + self.oslogin.UpdateOsLogin(enable=True) + else: + desired_users = self._GetAccountsData(result) + self.oslogin.UpdateOsLogin(enable=False) remove_users = sorted(set(configured_users) - set(desired_users.keys())) self._UpdateUsers(desired_users) self._RemoveUsers(remove_users) diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine/accounts/oslogin_utils.py gce-compute-image-packages-20171019+dfsg1/google_compute_engine/accounts/oslogin_utils.py --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine/accounts/oslogin_utils.py 1970-01-01 01:00:00.000000000 +0100 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine/accounts/oslogin_utils.py 2017-10-18 23:56:59.000000000 +0200 @@ -0,0 +1,90 @@ +#!/usr/bin/python +# Copyright 2017 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Utilities for provisioning or deprovisioning a Linux user account.""" + +import os +import subprocess + +from google_compute_engine import constants + + +class OsLoginUtils(object): + """Utilities for OS Login activation.""" + + def __init__(self, logger): + """Constructor. + + Args: + logger: logger object, used to write to SysLog and serial port. + """ + self.logger = logger + self.oslogin_installed = True + + def _RunOsLoginControl(self, action): + """Run the OS Login control script. + + Args: + action: str, the action to pass to the script + (activate, deactivate, or status). + + Returns: + int, the return code from the call, or None if the script is not found. + """ + try: + return subprocess.call([constants.OSLOGIN_CONTROL_SCRIPT, action]) + except OSError as e: + if e.errno == os.errno.ENOENT: + return None + else: + raise + + def _GetStatus(self): + """Check whether OS Login is installed. + + Returns: + bool, True if OS Login is installed. + """ + retcode = self._RunOsLoginControl('status') + if retcode is None: + if self.oslogin_installed: + self.logger.warning('OS Login not installed.') + self.oslogin_installed = False + return None + + self.oslogin_installed = True + return not retcode + + def UpdateOsLogin(self, enable): + """Check to see if OS Login is enabled, and switch if necessary. + + Args: + enable: bool, enable OS Login if True, disable if False. + + Returns: + int, the return code from updating OS Login, or None if not present. + """ + status = self._GetStatus() + if status is None or status == enable: + return None + + if enable: + action = 'activate' + self.logger.warning('Activating OS Login.') + else: + action = 'deactivate' + self.logger.warning('Deactivating OS Login.') + + return self._RunOsLoginControl(action) diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine/accounts/tests/accounts_daemon_test.py gce-compute-image-packages-20171019+dfsg1/google_compute_engine/accounts/tests/accounts_daemon_test.py --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine/accounts/tests/accounts_daemon_test.py 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine/accounts/tests/accounts_daemon_test.py 2017-10-18 23:56:59.000000000 +0200 @@ -28,11 +28,13 @@ self.mock_logger = mock.Mock() self.mock_watcher = mock.Mock() self.mock_utils = mock.Mock() + self.mock_oslogin = mock.Mock() self.mock_setup = mock.create_autospec(accounts_daemon.AccountsDaemon) self.mock_setup.logger = self.mock_logger self.mock_setup.watcher = self.mock_watcher self.mock_setup.utils = self.mock_utils + self.mock_setup.oslogin = self.mock_oslogin @mock.patch('google_compute_engine.accounts.accounts_daemon.accounts_utils') @mock.patch('google_compute_engine.accounts.accounts_daemon.metadata_watcher') @@ -164,44 +166,45 @@ self.assertEqual(accounts_daemon.AccountsDaemon._ParseAccountsData( self.mock_setup, accounts_data), expected_users) - def testGetAccountsData(self): + def testGetInstanceAndProjectAttributes(self): - def _AssertAccountsData(data, expected): + def _AssertAttributeDict(data, expected): """Test the correct accounts data is returned. Args: data: dictionary, the faux metadata server contents. expected: list, the faux SSH keys expected to be set. """ - accounts_daemon.AccountsDaemon._GetAccountsData(self.mock_setup, data) - if expected: - call_args, _ = self.mock_setup._ParseAccountsData.call_args - actual = call_args[0] - self.assertEqual(set(actual.split()), set(expected)) - else: - self.mock_setup._ParseAccountsData.assert_called_once_with(expected) - self.mock_setup._ParseAccountsData.reset_mock() + self.assertEqual( + accounts_daemon.AccountsDaemon._GetInstanceAndProjectAttributes( + self.mock_setup, data), expected) data = None - _AssertAccountsData(data, '') + _AssertAttributeDict(data, ({}, {})) data = {'test': 'data'} - _AssertAccountsData(data, '') + expected = ({}, {}) + _AssertAttributeDict(data, expected) data = {'instance': {'attributes': {}}} - _AssertAccountsData(data, '') + expected = ({}, {}) + _AssertAttributeDict(data, expected) data = {'instance': {'attributes': {'ssh-keys': '1'}}} - _AssertAccountsData(data, ['1']) + expected = ({'ssh-keys': '1'}, {}) + _AssertAttributeDict(data, expected) data = {'instance': {'attributes': {'ssh-keys': '1', 'sshKeys': '2'}}} - _AssertAccountsData(data, ['1', '2']) + expected = ({'ssh-keys': '1', 'sshKeys': '2'}, {}) + _AssertAttributeDict(data, expected) data = {'project': {'attributes': {'ssh-keys': '1'}}} - _AssertAccountsData(data, ['1']) + expected = ({}, {'ssh-keys': '1'}) + _AssertAttributeDict(data, expected) data = {'project': {'attributes': {'ssh-keys': '1', 'sshKeys': '2'}}} - _AssertAccountsData(data, ['1', '2']) + expected = ({}, {'ssh-keys': '1', 'sshKeys': '2'}) + _AssertAttributeDict(data, expected) data = { 'instance': { @@ -216,7 +219,8 @@ }, }, } - _AssertAccountsData(data, ['1', '2']) + expected = ({'ssh-keys': '1', 'sshKeys': '2'}, {'ssh-keys': '3'}) + _AssertAttributeDict(data, expected) data = { 'instance': { @@ -231,7 +235,9 @@ }, }, } - _AssertAccountsData(data, ['1', '2']) + expected = ({'block-project-ssh-keys': 'false', 'ssh-keys': '1'}, + {'ssh-keys': '2'}) + _AssertAttributeDict(data, expected) data = { 'instance': { @@ -246,7 +252,9 @@ }, }, } - _AssertAccountsData(data, ['1']) + expected = ({'block-project-ssh-keys': 'true', 'ssh-keys': '1'}, + {'ssh-keys': '2'}) + _AssertAttributeDict(data, expected) data = { 'instance': { @@ -262,8 +270,117 @@ }, }, } + expected = ({'block-project-ssh-keys': 'false', 'ssh-keys': '1'}, + {'sshKeys': '3', 'ssh-keys': '2'}) + _AssertAttributeDict(data, expected) + + def testGetAccountsData(self): + + def _AssertAccountsData(data, expected): + """Test the correct accounts data is returned. + + Args: + data: dictionary, the faux metadata server contents. + expected: list, the faux SSH keys expected to be set. + """ + self.mock_setup._GetInstanceAndProjectAttributes.return_value = data + accounts_daemon.AccountsDaemon._GetAccountsData(self.mock_setup, data) + if expected: + call_args, _ = self.mock_setup._ParseAccountsData.call_args + actual = call_args[0] + self.assertEqual(set(actual.split()), set(expected)) + else: + self.mock_setup._ParseAccountsData.assert_called_once_with(expected) + self.mock_setup._ParseAccountsData.reset_mock() + + data = ({}, {}) + _AssertAccountsData(data, '') + + data = ({'ssh-keys': '1'}, {}) + _AssertAccountsData(data, ['1']) + + data = ({'ssh-keys': '1', 'sshKeys': '2'}, {}) + _AssertAccountsData(data, ['1', '2']) + + data = ({}, {'ssh-keys': '1'}) + _AssertAccountsData(data, ['1']) + + data = ({}, {'ssh-keys': '1', 'sshKeys': '2'}) + _AssertAccountsData(data, ['1', '2']) + + data = ({'ssh-keys': '1', 'sshKeys': '2'}, {'ssh-keys': '3'}) + _AssertAccountsData(data, ['1', '2']) + + data = ({'block-project-ssh-keys': 'false', 'ssh-keys': '1'}, + {'ssh-keys': '2'}) + _AssertAccountsData(data, ['1', '2']) + + data = ({'block-project-ssh-keys': 'true', 'ssh-keys': '1'}, + {'ssh-keys': '2'}) + _AssertAccountsData(data, ['1']) + + data = ({'block-project-ssh-keys': 'false', 'ssh-keys': '1'}, + {'sshKeys': '3', 'ssh-keys': '2'}) _AssertAccountsData(data, ['1', '2', '3']) + def testGetEnableOsLoginValue(self): + + def _AssertEnableOsLogin(data, expected): + """Test the correct value for enable-oslogin is returned. + + Args: + data: dictionary, the faux metadata server contents. + expected: bool, if True, OS Login is enabled. + """ + self.mock_setup._GetInstanceAndProjectAttributes.return_value = data + actual = accounts_daemon.AccountsDaemon._GetEnableOsLoginValue( + self.mock_setup, data) + self.assertEqual(actual, expected) + + data = ({}, {}) + _AssertEnableOsLogin(data, False) + + data = ({'enable-oslogin': 'true'}, {}) + _AssertEnableOsLogin(data, True) + + data = ({'enable-oslogin': 'false'}, {}) + _AssertEnableOsLogin(data, False) + + data = ({'enable-oslogin': 'yep'}, {}) + _AssertEnableOsLogin(data, False) + + data = ({'enable-oslogin': 'True'}, {}) + _AssertEnableOsLogin(data, True) + + data = ({'enable-oslogin': 'TRUE'}, {}) + _AssertEnableOsLogin(data, True) + + data = ({'enable-oslogin': ''}, {}) + _AssertEnableOsLogin(data, False) + + data = ({'enable-oslogin': 'true'}, {'enable-oslogin': 'true'}) + _AssertEnableOsLogin(data, True) + + data = ({'enable-oslogin': 'false'}, {'enable-oslogin': 'true'}) + _AssertEnableOsLogin(data, False) + + data = ({'enable-oslogin': ''}, {'enable-oslogin': 'true'}) + _AssertEnableOsLogin(data, True) + + data = ({}, {'enable-oslogin': 'true'}) + _AssertEnableOsLogin(data, True) + + data = ({}, {'enable-oslogin': 'false'}) + _AssertEnableOsLogin(data, False) + + data = ({'block-project-ssh-keys': 'false', 'ssh-keys': '1'}, + {'sshKeys': '3', 'ssh-keys': '2'}) + _AssertEnableOsLogin(data, False) + + data = ({'block-project-ssh-keys': 'false', 'ssh-keys': '1'}, + {'sshKeys': '3', 'ssh-keys': '2', 'enable-oslogin': 'true'}) + _AssertEnableOsLogin(data, True) + def testUpdateUsers(self): update_users = { 'a': '1', @@ -315,14 +432,17 @@ self.assertEqual(self.mock_setup.invalid_users, set(['invalid'])) self.assertEqual(self.mock_setup.user_ssh_keys, {'invalid': ['key']}) - def testHandleAccounts(self): + def testHandleAccountsNoOsLogin(self): configured = ['c', 'c', 'b', 'b', 'a', 'a'] desired = {'d': '1', 'c': '2'} mocks = mock.Mock() mocks.attach_mock(self.mock_utils, 'utils') mocks.attach_mock(self.mock_setup, 'setup') + mocks.attach_mock(self.mock_oslogin, 'oslogin') self.mock_utils.GetConfiguredUsers.return_value = configured self.mock_setup._GetAccountsData.return_value = desired + self.mock_setup._GetEnableOsLoginValue.return_value = False + self.mock_oslogin.UpdateOsLogin.return_value = 0 result = 'result' expected_add = ['c', 'd'] expected_remove = ['a', 'b'] @@ -331,7 +451,40 @@ expected_calls = [ mock.call.setup.logger.debug(mock.ANY), mock.call.utils.GetConfiguredUsers(), + mock.call.setup._GetEnableOsLoginValue(result), mock.call.setup._GetAccountsData(result), + mock.call.oslogin.UpdateOsLogin(enable=False), + mock.call.setup._UpdateUsers(desired), + mock.call.setup._RemoveUsers(mock.ANY), + mock.call.utils.SetConfiguredUsers(mock.ANY), + ] + self.assertEqual(mocks.mock_calls, expected_calls) + call_args, _ = self.mock_utils.SetConfiguredUsers.call_args + self.assertEqual(set(call_args[0]), set(expected_add)) + call_args, _ = self.mock_setup._RemoveUsers.call_args + self.assertEqual(set(call_args[0]), set(expected_remove)) + + def testHandleAccountsOsLogin(self): + configured = ['c', 'c', 'b', 'b', 'a', 'a'] + desired = {} + mocks = mock.Mock() + mocks.attach_mock(self.mock_utils, 'utils') + mocks.attach_mock(self.mock_setup, 'setup') + mocks.attach_mock(self.mock_oslogin, 'oslogin') + self.mock_utils.GetConfiguredUsers.return_value = configured + self.mock_setup._GetAccountsData.return_value = desired + self.mock_setup._GetEnableOsLoginValue.return_value = True + self.mock_oslogin.UpdateOsLogin.return_value = 0 + result = 'result' + expected_add = [] + expected_remove = ['a', 'b', 'c'] + + accounts_daemon.AccountsDaemon.HandleAccounts(self.mock_setup, result) + expected_calls = [ + mock.call.setup.logger.debug(mock.ANY), + mock.call.utils.GetConfiguredUsers(), + mock.call.setup._GetEnableOsLoginValue(result), + mock.call.oslogin.UpdateOsLogin(enable=True), mock.call.setup._UpdateUsers(desired), mock.call.setup._RemoveUsers(mock.ANY), mock.call.utils.SetConfiguredUsers(mock.ANY), diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine/accounts/tests/oslogin_utils_test.py gce-compute-image-packages-20171019+dfsg1/google_compute_engine/accounts/tests/oslogin_utils_test.py --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine/accounts/tests/oslogin_utils_test.py 1970-01-01 01:00:00.000000000 +0100 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine/accounts/tests/oslogin_utils_test.py 2017-10-18 23:56:59.000000000 +0200 @@ -0,0 +1,189 @@ +#!/usr/bin/python +# Copyright 2017 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Unittest for oslogin_utils.py module.""" + +from google_compute_engine.accounts import oslogin_utils +from google_compute_engine.test_compat import mock +from google_compute_engine.test_compat import unittest + + +class OsLoginUtilsTest(unittest.TestCase): + + def setUp(self): + self.mock_logger = mock.Mock() + self.oslogin_control_script = 'google_oslogin_control' + + self.mock_oslogin = mock.create_autospec(oslogin_utils.OsLoginUtils) + self.mock_oslogin.logger = self.mock_logger + self.mock_oslogin.oslogin_installed = True + + @mock.patch('google_compute_engine.accounts.oslogin_utils.subprocess.call') + def testRunOsLoginControl(self, mock_call): + expected_return_value = 0 + mocks = mock.Mock() + mocks.attach_mock(mock_call, 'call') + mock_call.return_value = expected_return_value + + self.assertEqual( + oslogin_utils.OsLoginUtils._RunOsLoginControl( + self.mock_oslogin, 'activate'), expected_return_value) + expected_calls = [ + mock.call.call([self.oslogin_control_script, 'activate']), + ] + self.assertEqual(mocks.mock_calls, expected_calls) + + @mock.patch('google_compute_engine.accounts.oslogin_utils.subprocess.call') + def testRunOsLoginControlStatus(self, mock_call): + expected_return_value = 3 + mocks = mock.Mock() + mocks.attach_mock(mock_call, 'call') + mock_call.return_value = expected_return_value + + self.assertEqual( + oslogin_utils.OsLoginUtils._RunOsLoginControl( + self.mock_oslogin, 'status'), expected_return_value) + expected_calls = [ + mock.call.call([self.oslogin_control_script, 'status']), + ] + self.assertEqual(mocks.mock_calls, expected_calls) + + @mock.patch('google_compute_engine.accounts.oslogin_utils.subprocess.call') + def testOsLoginNotInstalled(self, mock_call): + mocks = mock.Mock() + mocks.attach_mock(mock_call, 'call') + mock_call.side_effect = OSError(2, 'Not Found') + + self.assertIsNone( + oslogin_utils.OsLoginUtils._RunOsLoginControl( + self.mock_oslogin, 'status')) + expected_calls = [ + mock.call.call([self.oslogin_control_script, 'status']), + ] + self.assertEqual(mocks.mock_calls, expected_calls) + + @mock.patch('google_compute_engine.accounts.oslogin_utils.subprocess.call') + def testOsLoginControlError(self, mock_call): + mocks = mock.Mock() + mocks.attach_mock(mock_call, 'call') + mock_call.side_effect = OSError + + with self.assertRaises(OSError): + oslogin_utils.OsLoginUtils._RunOsLoginControl(self.mock_oslogin, 'status') + expected_calls = [ + mock.call.call([self.oslogin_control_script, 'status']), + ] + self.assertEqual(mocks.mock_calls, expected_calls) + + def testGetStatusActive(self): + mocks = mock.Mock() + self.mock_oslogin._RunOsLoginControl.return_value = 0 + + self.assertTrue(oslogin_utils.OsLoginUtils._GetStatus(self.mock_oslogin)) + expected_calls = [] + self.assertEqual(mocks.mock_calls, expected_calls) + + def testGetStatusNotActive(self): + mocks = mock.Mock() + self.mock_oslogin._RunOsLoginControl.return_value = 3 + + self.assertFalse(oslogin_utils.OsLoginUtils._GetStatus(self.mock_oslogin)) + expected_calls = [] + self.assertEqual(mocks.mock_calls, expected_calls) + + def testGetStatusNotInstalled(self): + mocks = mock.Mock() + self.mock_oslogin._RunOsLoginControl.return_value = None + mocks.attach_mock(self.mock_logger, 'logger') + + self.assertTrue(self.mock_oslogin.oslogin_installed) + self.assertFalse(oslogin_utils.OsLoginUtils._GetStatus(self.mock_oslogin)) + self.assertFalse(self.mock_oslogin.oslogin_installed) + self.assertFalse(oslogin_utils.OsLoginUtils._GetStatus(self.mock_oslogin)) + # Should only log once, even though called twice. + expected_calls = [ + mock.call.logger.warning(mock.ANY), + ] + self.assertEqual(mocks.mock_calls, expected_calls) + + def testUpdateOsLoginActivate(self): + mocks = mock.Mock() + mocks.attach_mock(self.mock_logger, 'logger') + mocks.attach_mock(self.mock_oslogin, 'oslogin') + self.mock_oslogin._RunOsLoginControl.return_value = 0 + self.mock_oslogin._GetStatus.return_value = False + + oslogin_utils.OsLoginUtils.UpdateOsLogin(self.mock_oslogin, True) + expected_calls = [ + mock.call.oslogin._GetStatus(), + mock.call.logger.warning(mock.ANY), + mock.call.oslogin._RunOsLoginControl('activate'), + ] + self.assertEqual(mocks.mock_calls, expected_calls) + + def testUpdateOsLoginDeactivate(self): + mocks = mock.Mock() + mocks.attach_mock(self.mock_logger, 'logger') + mocks.attach_mock(self.mock_oslogin, 'oslogin') + self.mock_oslogin._RunOsLoginControl.return_value = 0 + self.mock_oslogin._GetStatus.return_value = True + + oslogin_utils.OsLoginUtils.UpdateOsLogin(self.mock_oslogin, False) + expected_calls = [ + mock.call.oslogin._GetStatus(), + mock.call.logger.warning(mock.ANY), + mock.call.oslogin._RunOsLoginControl('deactivate'), + ] + self.assertEqual(mocks.mock_calls, expected_calls) + + def testUpdateOsLoginRedundantActivate(self): + mocks = mock.Mock() + mocks.attach_mock(self.mock_oslogin, 'oslogin') + self.mock_oslogin._RunOsLoginControl.return_value = 0 + self.mock_oslogin._GetStatus.return_value = True + + oslogin_utils.OsLoginUtils.UpdateOsLogin(self.mock_oslogin, True) + expected_calls = [ + mock.call.oslogin._GetStatus(), + ] + self.assertEqual(mocks.mock_calls, expected_calls) + + def testUpdateOsLoginRedundantDeactivate(self): + mocks = mock.Mock() + mocks.attach_mock(self.mock_oslogin, 'oslogin') + self.mock_oslogin._RunOsLoginControl.return_value = 0 + self.mock_oslogin._GetStatus.return_value = False + + oslogin_utils.OsLoginUtils.UpdateOsLogin(self.mock_oslogin, False) + expected_calls = [ + mock.call.oslogin._GetStatus(), + ] + self.assertEqual(mocks.mock_calls, expected_calls) + + def testUpdateOsLoginNotInstalled(self): + mocks = mock.Mock() + mocks.attach_mock(self.mock_oslogin, 'oslogin') + self.mock_oslogin._RunOsLoginControl.return_value = 0 + self.mock_oslogin._GetStatus.return_value = None + + oslogin_utils.OsLoginUtils.UpdateOsLogin(self.mock_oslogin, True) + expected_calls = [ + mock.call.oslogin._GetStatus(), + ] + self.assertEqual(mocks.mock_calls, expected_calls) + + +if __name__ == '__main__': + unittest.main() diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine/constants.py gce-compute-image-packages-20171019+dfsg1/google_compute_engine/constants.py --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine/constants.py 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine/constants.py 2017-10-18 23:56:59.000000000 +0200 @@ -17,6 +17,8 @@ import platform +OSLOGIN_CONTROL_SCRIPT = 'google_oslogin_control' + if platform.system() == 'FreeBSD': LOCALBASE = '/usr/local' BOTOCONFDIR = '/usr/local' diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/bin/google_oslogin_control gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/bin/google_oslogin_control --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/bin/google_oslogin_control 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/bin/google_oslogin_control 2017-10-18 23:56:59.000000000 +0200 @@ -23,7 +23,7 @@ sudoers_file="/etc/sudoers.d/google-oslogin" usage() { - echo "Usage: ${script_name} {activate|deactivate} [--norestartsshd]" + echo "Usage: ${script_name} {activate|deactivate|status} [--norestartsshd]" echo "This script will activate or deactivate the features for" echo "Google Compute Engine OS Login." echo "This script must be run as root." @@ -188,6 +188,17 @@ deactivate_users() { rm -rf ${users_dir} } + +get_status() { + if grep "^passwd:" ${nss_config} | grep -q "oslogin"; then + echo "Google Compute Engine OS Login is active." + exit 0 + else + echo "Google Compute Engine OS Login is not active." + exit 3 + fi +} + case "$1" in activate) echo "Activating Google Compute Engine OS Login." @@ -205,6 +216,9 @@ deactivate_sudoers deactivate_users ;; + status) + get_status + ;; *) usage ;; diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/Makefile gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/Makefile --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/Makefile 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/Makefile 2017-10-18 23:56:59.000000000 +0200 @@ -3,8 +3,8 @@ BASENAME = oslogin NAME = google-compute-engine-$(BASENAME) MAJOR = 1 -MINOR = 0 -REVISION = 5 +MINOR = 1 +REVISION = 0 NSS_LIBRARY_NAME = libnss_$(NAME)-$(MAJOR).$(MINOR).$(REVISION).so NSS_LIBRARY_SONAME = libnss_$(BASENAME).so.2 diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian8/changelog gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian8/changelog --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian8/changelog 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian8/changelog 2017-10-18 23:56:59.000000000 +0200 @@ -1,3 +1,9 @@ +google-compute-engine-oslogin (1.1.0-1+deb8) unstable; urgency=low + + * OS Login is enabled via the google-compute-engine package. + + -- MAINTAINER Tue, 17 Oct 2017 12:00:00 -0700 + google-compute-engine-oslogin (1.0.5-1+deb8) unstable; urgency=low * JSON parser accepts string types for int64 values. @@ -8,7 +14,7 @@ * JSON parser casts uid and gid to unsigned integers. - -- MAINTAINER Tue, 20 Sept 2017 12:00:00 -0700 + -- MAINTAINER Tue, 20 Sep 2017 12:00:00 -0700 google-compute-engine-oslogin (1.0.3-1+deb8) unstable; urgency=low diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian8/google-compute-engine-oslogin.links gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian8/google-compute-engine-oslogin.links --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian8/google-compute-engine-oslogin.links 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian8/google-compute-engine-oslogin.links 2017-10-18 23:56:59.000000000 +0200 @@ -1 +1 @@ -/lib/libnss_google-compute-engine-oslogin-1.0.5.so /lib/libnss_oslogin.so.2 +/lib/libnss_google-compute-engine-oslogin-1.1.0.so /lib/libnss_oslogin.so.2 diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian8/postinst gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian8/postinst --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian8/postinst 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian8/postinst 1970-01-01 01:00:00.000000000 +0100 @@ -1,19 +0,0 @@ -#!/bin/sh -# Copyright 2017 Google Inc. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -set -e - -google_oslogin_control activate - -#DEBHELPER# diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian8/prerm gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian8/prerm --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian8/prerm 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian8/prerm 1970-01-01 01:00:00.000000000 +0100 @@ -1,19 +0,0 @@ -#!/bin/sh -# Copyright 2017 Google Inc. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -set -e - -command -v google_oslogin_control > /dev/null && google_oslogin_control deactivate - -#DEBHELPER# diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian9/changelog gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian9/changelog --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian9/changelog 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian9/changelog 2017-10-18 23:56:59.000000000 +0200 @@ -1,3 +1,9 @@ +google-compute-engine-oslogin (1.1.0-1+deb9) unstable; urgency=low + + * OS Login is enabled via the google-compute-engine package. + + -- MAINTAINER Tue, 17 Oct 2017 12:00:00 -0700 + google-compute-engine-oslogin (1.0.5-1+deb9) unstable; urgency=low * JSON parser accepts string types for int64 values. @@ -8,7 +14,7 @@ * JSON parser casts uid and gid to unsigned integers. - -- MAINTAINER Tue, 20 Sept 2017 12:00:00 -0700 + -- MAINTAINER Tue, 20 Sep 2017 12:00:00 -0700 google-compute-engine-oslogin (1.0.3-1+deb9) unstable; urgency=low diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian9/google-compute-engine-oslogin.links gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian9/google-compute-engine-oslogin.links --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian9/google-compute-engine-oslogin.links 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian9/google-compute-engine-oslogin.links 2017-10-18 23:56:59.000000000 +0200 @@ -1 +1 @@ -/lib/libnss_google-compute-engine-oslogin-1.0.5.so /lib/libnss_oslogin.so.2 +/lib/libnss_google-compute-engine-oslogin-1.1.0.so /lib/libnss_oslogin.so.2 diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian9/postinst gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian9/postinst --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian9/postinst 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian9/postinst 1970-01-01 01:00:00.000000000 +0100 @@ -1,19 +0,0 @@ -#!/bin/sh -# Copyright 2017 Google Inc. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -set -e - -google_oslogin_control activate - -#DEBHELPER# diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian9/prerm gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian9/prerm --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/debian9/prerm 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/debian9/prerm 1970-01-01 01:00:00.000000000 +0100 @@ -1,19 +0,0 @@ -#!/bin/sh -# Copyright 2017 Google Inc. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -set -e - -command -v google_oslogin_control > /dev/null && google_oslogin_control deactivate - -#DEBHELPER# diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/rpmbuild/SPECS/google-compute-engine-oslogin.spec gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/rpmbuild/SPECS/google-compute-engine-oslogin.spec --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/rpmbuild/SPECS/google-compute-engine-oslogin.spec 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/rpmbuild/SPECS/google-compute-engine-oslogin.spec 2017-10-18 23:56:59.000000000 +0200 @@ -13,7 +13,7 @@ # limitations under the License. Name: google-compute-engine-oslogin -Version: 1.0.5 +Version: 1.1.0 Release: 1%{?dist} Summary: OS Login Functionality for Google Compute Engine @@ -59,12 +59,8 @@ %post /sbin/ldconfig -/usr/bin/google_oslogin_control activate semodule -i /usr/share/selinux/packages/oslogin.pp -%preun -/usr/bin/google_oslogin_control deactivate - %postun /sbin/ldconfig diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/setup_deb.sh gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/setup_deb.sh --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/setup_deb.sh 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/setup_deb.sh 2017-10-18 23:56:59.000000000 +0200 @@ -20,7 +20,7 @@ # Run from the top of the source directory. NAME="google-compute-engine-oslogin" -VERSION="1.0.5" +VERSION="1.1.0" working_dir=${PWD} diff -Nru gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/setup_rpm.sh gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/setup_rpm.sh --- gce-compute-image-packages-20171006+dfsg1/google_compute_engine_oslogin/packaging/setup_rpm.sh 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/google_compute_engine_oslogin/packaging/setup_rpm.sh 2017-10-18 23:56:59.000000000 +0200 @@ -20,7 +20,7 @@ # Run from the top of the source directory. NAME="google-compute-engine-oslogin" -VERSION="1.0.5" +VERSION="1.1.0" working_dir=${PWD} rpm_working_dir=/tmp/rpmpackage/${NAME}-${VERSION} diff -Nru gce-compute-image-packages-20171006+dfsg1/packaging/README.md gce-compute-image-packages-20171019+dfsg1/packaging/README.md --- gce-compute-image-packages-20171006+dfsg1/packaging/README.md 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/packaging/README.md 2017-10-18 23:56:59.000000000 +0200 @@ -6,25 +6,26 @@ # Workflow invocation ```shell -# Builds Debian packages. +# Builds Debian packages from the development branch. ./daisy -project YOUR_PROJECT \ -zone ZONE \ -gcs_path YOUR_GCS_PATCH \ - -variables package_version=2.6.0 \ + -var:package_version=2.6.0 \ + -var:github_branch=development \ build_debian.wf.json # Builds EL6 packages. ./daisy -project YOUR_PROJECT \ -zone ZONE \ -gcs_path YOUR_GCS_PATCH \ - -variables package_version=2.6.0 \ + -var:package_version=2.6.0 \ build_el6.wf.json # Builds EL7 packages. ./daisy -project YOUR_PROJECT \ -zone ZONE \ -gcs_path YOUR_GCS_PATCH \ - -variables package_version=2.6.0 \ + -var:package_version=2.6.0 \ build_el7.wf.json ``` diff -Nru gce-compute-image-packages-20171006+dfsg1/setup.py gce-compute-image-packages-20171019+dfsg1/setup.py --- gce-compute-image-packages-20171006+dfsg1/setup.py 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/setup.py 2017-10-18 23:56:59.000000000 +0200 @@ -32,7 +32,7 @@ packages=setuptools.find_packages(), scripts=glob.glob('scripts/*'), url='https://github.com/GoogleCloudPlatform/compute-image-packages', - version='2.6.2', + version='2.7.0', # Entry points create scripts in /usr/bin that call a function. entry_points={ 'console_scripts': [ diff -Nru gce-compute-image-packages-20171006+dfsg1/specs/google-compute-engine.spec gce-compute-image-packages-20171019+dfsg1/specs/google-compute-engine.spec --- gce-compute-image-packages-20171006+dfsg1/specs/google-compute-engine.spec 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/specs/google-compute-engine.spec 2017-10-18 23:56:59.000000000 +0200 @@ -18,7 +18,7 @@ %endif Name: google-compute-engine -Version: 2.6.2 +Version: 2.7.0 Release: 1%{?dist} Summary: Google Compute Engine guest environment. License: ASL 2.0 @@ -32,6 +32,7 @@ %endif Requires: curl +Requires: google-compute-engine-oslogin Requires: ntp Requires: python-google-compute-engine Requires: python-setuptools diff -Nru gce-compute-image-packages-20171006+dfsg1/specs/python-google-compute-engine.spec gce-compute-image-packages-20171019+dfsg1/specs/python-google-compute-engine.spec --- gce-compute-image-packages-20171006+dfsg1/specs/python-google-compute-engine.spec 2017-10-07 02:46:46.000000000 +0200 +++ gce-compute-image-packages-20171019+dfsg1/specs/python-google-compute-engine.spec 2017-10-18 23:56:59.000000000 +0200 @@ -18,7 +18,7 @@ %endif Name: python-google-compute-engine -Version: 2.6.2 +Version: 2.7.0 Release: 1%{?dist} Summary: Google Compute Engine python library License: ASL 2.0