From 4ec028f546794bd8a38ab7912d47a5b0038061d8 Mon Sep 17 00:00:00 2001 From: Eduardo Barretto Date: Mon, 30 Jan 2023 17:20:44 +0100 Subject: [PATCH] Import Debian changes 3.3.25+dfsg-7ubuntu0.22.04.1 etcd (3.3.25+dfsg-7ubuntu0.22.04.1) jammy-security; urgency=medium * No-change rebuild for golang-golang-x-text etcd (3.3.25+dfsg-7) unstable; urgency=medium * Team upload. [ Shengjing Zhu ] * Switch autopkgtest to the new Architecture: field [ Reinhard Tartler ] * Avoid postinst crashes, Closes: #889714 etcd (3.3.25+dfsg-6) unstable; urgency=medium * Team upload. * Use packaged library + golang-github-grpc-ecosystem-go-grpc-middleware-dev + golang-github-soheilhy-cmux-dev + golang-github-tmc-grpc-websocket-proxy-dev etcd (3.3.25+dfsg-5) unstable; urgency=medium * Team upload. * Upload to unstable * Rework goroutine leak patch * Disable parallel test to improve stability on slow arch * Adapt manpage and default config for 3.3 release etcd (3.3.25+dfsg-4) experimental; urgency=medium * Team upload. * Not exit immediately on unsupported arch (Closes: #952536) * Add back some old patches to fix flaky tests etcd (3.3.25+dfsg-3) experimental; urgency=medium * Team upload. * Backport patch to fix tls test failure etcd (3.3.25+dfsg-2) experimental; urgency=medium * Team upload. * Fix tests failed with Ctty not valid in child. Address: #971158 * Rewrite integration and functional tests in autopkgtest * Use execute_after_dh_auto_test * Update copyright * Fix file permission in golang-etcd-server-dev * Add Pre-Depends to etcd-server etcd (3.3.25+dfsg-1) experimental; urgency=medium * Team upload. * New upstream release 3.3.25 + CVE-2020-15136 (Closes: #968752) Gateway TLS authentication only applies to endpoints detected in DNS SRV records https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q + CVE-2020-15115 (Closes: #968740) No minimum password length https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh + CVE-2020-15114 Gateway can include itself as an endpoint resulting in resource exhaustion https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224 + CVE-2020-15113 Directories created via os.MkdirAll are not checked for permissions https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 + CVE-2020-15112 An entry with large index causes panic in WAL ReadAll method https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93 + CVE-2020-15106 A large slice causes panic in decodeRecord method https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 * Disable some failed tests (Closes: #971158) * Bump debhelper compat to 13 * Add Rules-Requires-Root * Bump Standards-Version to 4.5.0 (no changes) etcd (3.2.26+dfsg-8) unstable; urgency=medium * Team upload. * debian/patches/embed_tests_fix.patch: New patch, skips TestStartEtcdWrongToken test which fails if a etcd server is already running independently of the testsuite. etcd (3.2.26+dfsg-7) unstable; urgency=medium * Team upload. * debian/rules: Provide an explicit and PHONY build rule, as before `debian/rules build' was a no-op which broke autopkgtest-pkg-go integration.(Closes: #956424) * debian/patches/series: Reactivate and update skip-dev-ptmx-error.patch. * debian/patches/e2e_tests_fix.patch, debian/patches/functional_tests_fix.patch, debian/patches/integration_tests_fix.patch: New patches, fix issues in the integration tests. * debian/rules: Add new rule autopkgtest which runs the integration tests during autopkgtest, as defined by all tests which are not part of INTEGRATION_TEST_EXCLUDES. etcd (3.2.26+dfsg-6) unstable; urgency=medium * Team upload. * Rebuild using newer golang-golang-x-net-dev etcd (3.2.26+dfsg-5) unstable; urgency=medium * Team upload. * Add patch to fix FTBFS with newer prometheus version (Closes: #947939) * Build-Depends on golang-github-prometheus-client-golang-dev (>= 1.0.0~) etcd (3.2.26+dfsg-4) unstable; urgency=medium * Team upload. [ Arnaud Rebillout ] * Add upstream patch to build against golang-google-grpc-dev in sid. * Add upstream patch to fix test with go 1.12. [ Dmitry Smirnov ] * (Build-)Depends: - golang-github-dgrijalva-jwt-go-v3-dev + golang-github-dgrijalva-jwt-go-dev (>= 3.2.0~) etcd (3.2.26+dfsg-3) unstable; urgency=medium * Team upload. * Add patch to increase the latency in test to support mips * Fix override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS * Don't ship etcd2-backup-coreos, which is intended for coreos * Add spelling-error.patch * Remove obsoleted lintian-overrides * Update etcd and etcdctl manpage for 3.2.26 version etcd (3.2.26+dfsg-2) unstable; urgency=medium * Team upload. * Add missing systemd service after compat bumped to 11 * Only run unit tests when building, and don't ignore the results * Add patch to fix goroutine leak in TestDialNoTimeout etcd (3.2.26+dfsg-1) unstable; urgency=medium * Team upload. [ Arnaud Rebillout ] * {Build-,}Depends on golang-github-xiang90-probing-dev (>= 0.0.1~) * Build-Depends on golang-any (>= 2:1.10~) [ Shengjing Zhu ] * New upstream release v3.2.26 + Address CVE-2018-16886 (Closes: #923008) Disable CommonName authentication for gRPC-gateway gRPC-gateway proxy requests to etcd server use the etcd client server TLS certificate. If that certificate contains CommonName we do not want to use that for authentication as it could lead to permission escalation. * Remove pgpsigurlmangle in debian/watch. Upstream didn't sign the source tarball since v3.2.26 * Update pkg-go team address to team+pkg-go@tracker.debian.org * Update debhelper and compat to 11 * Update etcd server default env from upstream docs * Remove etcd-dump-db, etcd-dump-logs in etcd-client package upstream didn't provide these tools in v3.2.26 tarball * Add golang-go.uber-zap-dev to {Build-,}Depends * Remove socket files created during test phase etcd (3.2.18+dfsg-1) unstable; urgency=medium [ Alexandre Viau ] * Point Vcs-* urls to salsa.debian.org. [ Anthony Fok ] * New upstream release. * Bump Standards-Version to 4.1.4 (no change) * Remove match-ugorji-go-codec-native-time.Time-support.patch because github.com/ugorji/go/codec@v1.1.1 includes changes to support both time.Time and *time.Time correctly for backward compatibility. See https://github.com/coreos/etcd/issues/9447 * {Build-,}Depends on golang-github-ugorji-go-codec-dev (>= 1.1.1~) etcd (3.2.17+dfsg-1) unstable; urgency=medium * New upstream release. * Fix FTBFS: - New upstream release contains regenerated gRPC *.pb.go and *.pb.gw.po files (since etcd 3.2.10) which build correctly with the updated gPRC packages in Debian. - Add "export DH_GOLANG_GO_GENERATE := 1" to debian/rules to fix FTBFS by re-generating keys.generated.go at build time with the same version of codecgen as golang-github-ugorji-go-codec-dev. See also https://github.com/coreos/etcd/issues/8715. - Add "Depends: golang-github-ugorji-go-codec" to have codecgen available at build time. (Closes: #890939) * Depend on golang-github-coreos-bbolt-dev, replacing golang-github-boltdb-bolt-dev, to "address backend database size issue" (since etcd 3.2.10) * Revert incoming-outgoing-context.patch (commit 5e059fd from upstream) which has been backported upstream in commit d62e39d from v3.3 branch to v3.2 branch since etcd 3.2.10 * Add match-ugorji-go-codec-native-time.Time-support.patch, which updates etcd/client/keys{,_test}.go to match the latest golang-github-ugorji-go-codec-dev to prevent a new "cannot use x.Expiration (type *time.Time) as type time.Time in argument to r.encDriver.EncodeTime" error, see https://github.com/ugorji/go/issues/224 and https://github.com/ugorji/go/commit/8badb25. * Apply "cme fix dpkg" to debian/control, bumping Standards-Version to 4.1.3, setting Priority to optional, and adding Testsuite: autopkgtest-pkg-go, etc. * Add myself to the list of Uploaders etcd (3.2.9+dfsg-3) unstable; urgency=medium * Team upload. * Exclude the sockets from the MD5 sum generation. (Closes: #855876) * Use Priority optional * Update team name * Use wrap-and-sort on debian files * Remove dh_golang and golang-any from Depends of source package * Use HTTPS URL for d/copyright * Switch to XS-Go-Import-Path in d/control etcd (3.2.9+dfsg-2) unstable; urgency=medium * Team upload. * Fix package dependency typo. (Closes: #879791) etcd (3.2.9+dfsg-1) unstable; urgency=medium * Team upload. [ Tim Potter ] * New upstream release. [ Paul Tagliamonte ] * Remove Built-Using from arch:all transitional package [ Tim Potter ] * Apply commit 5e059fd from upstream * Update test fixture modification patch * Update /dev/ptmx input/output error patch * Another update to test fixture path patch [ Andrew Shadura ] * Ignore test failures. etcd (3.1.8+dfsg-2) unstable; urgency=medium * Fix upgrade problem caused by client/server package split. Thanks to Olafur St. Arnarsson for the patch. (Closes #863976) etcd (3.1.8+dfsg-1) unstable; urgency=medium * New upstream release. * Tighten B-D on golang-github-coreos-pkg-dev to build in stretch. (Closes: #858241) * Change section from "devel" to "net. (Closes: #840681) * Separate into client and server packages. (Closes: #815453) etcd (3.1.4+dfsg-1) unstable; urgency=medium * New upstream release. etcd (3.1.3+dfsg-1) unstable; urgency=medium * New upstream release. * Suppress binary-without-manpage Lintian warnings. etcd (3.1.2+dfsg-1) unstable; urgency=medium * New upstream release. etcd (3.1.1+dfsg-2) unstable; urgency=medium * Upload to unstable. (Closes: #846542) * Fix test suite failures in Debian build environment and ensure no test junk is accidentally mispackaged. (Closes: #855876) * Fix various Lintian problems. etcd (3.1.1+dfsg-1) experimental; urgency=medium * New upstream release. etcd (3.1.0-1) experimental; urgency=medium * New upstream release. * Change to use upstream source generated by dh-make-golang, and remove antiquated package build system. * Update debian/copyright file for new major release. * Build-Depends: + golang-github-karlseguin-ccache-dev + golang-github-cockroachdb-cmux-dev + golang-github-urfave-cli-dev + golang-github-grpc-ecosystem-grpc-gateway-dev + golang-github-grpc-ecosystem-go-grpc-prometheus-dev * Add lsb-base as install dependency for binary package. * Remove bogus Build-Depends from -dev binary package. etcd (2.3.7+dfsg-5) unstable; urgency=medium [ Team upload ] * Regenerate pb.go files with gogo-protobuf v0.3 (Closes: #835750) * Patch to fix SdNotify() API change in coreos-go-systemd package. etcd (2.3.7+dfsg-4) unstable; urgency=medium * New patch to disable TestTransportErrorc (Closes: #831789). etcd (2.3.7+dfsg-3) unstable; urgency=medium * New patch to disable "TestLessorRevoke" test. etcd (2.3.7+dfsg-2) unstable; urgency=medium * Tests: disabled "TestWaitTime" test due to failure on [ppc64el]. * Renamed "cheggaaa-pb-dev" to "cheggaaa-pb.v1-dev" (Closes: #829048). Also commented currently unused package. Thanks, Peter Colberg. * (Build-)Depends: removed obsolete -clockwork-dev alternative (Closes: #830388). etcd (2.3.7+dfsg-1) unstable; urgency=medium * New upstream release [June 2016]. * Build-Depends += "curl". * Disabled failing tests; don't ignore test failures any more. etcd (2.3.6+dfsg-1) unstable; urgency=medium * New upstream release [May 2016]. etcd (2.3.5+dfsg-1) unstable; urgency=medium * New upstream release [May 2016]. * Fixed Vcs-Git URL. etcd (2.3.3+dfsg-1) unstable; urgency=medium * New upstream release [April 2016]. * Standards-Version: 3.9.8. etcd (2.3.2+dfsg-1) unstable; urgency=medium * New upstream release [April 2016]. * control: drop Built-Using from -dev package. * Build-Depends: = golang-github-boltdb-bolt-dev (>= 1.2.0~) etcd (2.3.1+dfsg-1) unstable; urgency=medium * New upstream release [April 2016]. * Removed obsolete "rakyll2cheggaaa.patch". * Standards-Version: 3.9.7. * Fix "readlink" invocation in the init.d script. * rules: correction to build with gogoprotobuf 0.2. * Build-Depends: - golang-etcd-dev | golang-github-coreos-go-etcd-dev + golang-github-bgentry-speakeasy-dev + golang-github-codegangsta-cli-dev (>= 0.0~git20151221~) + golang-github-coreos-gexpect-dev + golang-github-gogo-protobuf-dev (>= 0.2~) + gogoprotobuf + golang-github-mattn-go-runewidth-dev + golang-github-olekukonko-tablewriter-dev + golang-github-xiang90-probing-dev etcd (2.2.5+dfsg-1) unstable; urgency=medium * New upstream release [February 2016] (Closes: #814404). * Build-Depends: - golang-github-bradfitz-http2-dev - golang-golang-x-oauth2-dev - golang-google-cloud-compute-metadata-dev - golang-google-grpc-dev + golang-google-grpc-dev (>= 0.0~git20151002~) + golang-github-akrennmair-gopcap-dev + golang-pb-dev | golang-github-cheggaaa-pb-dev + golang-github-coreos-pkg-dev + golang-github-cpuguy83-go-md2man-dev + golang-github-kballard-go-shellquote-dev + golang-pty-dev + golang-github-russross-blackfriday-dev + golang-github-shurcool-sanitized-anchor-name-dev + golang-github-spacejam-loghisto-dev + golang-github-spf13-cobra-dev + golang-github-spf13-pflag-dev * Updated Vcs URLs (vcs-field-uses-insecure-uri). * Switch to bundled "github.com/gogo/protobuf". etcd (2.2.3+dfsg-1) unstable; urgency=medium * New upstream release [December 2015]. * etcd.service: add "Alias=etcd2.service". etcd (2.2.2+dfsg-2) unstable; urgency=medium * Added goland dependencies to -dev package Depends. etcd (2.2.2+dfsg-1) unstable; urgency=medium * New upstream release [November 2015]. * Build-Depends: + golang-github-ugorji-go-codec-dev (>= 0.0~git20151112~). + golang-github-beorn7-perks-dev * init.d: log to syslog. + Depends += "pipexec". etcd (2.2.1+dfsg-1) unstable; urgency=medium * New upstream release [October 2015]. - switch to bundled "github.com/ugorji/go" due to FTBFS. * Un-bundled "golang-google-grpc-dev". * Allow Etcd to notify systemd for readiness through service "Type=notify" (Closes: #800646). Thanks, Matthias Urlichs. * Dropped obsolete lintian-overrides. * Corrected "duplicate-short-description". etcd (2.2.0+dfsg-2) unstable; urgency=medium * Build-Depends: swap alternatives to put non-existent packages last. * .service: less aggressive restart (on-failure --> on-abnormal). etcd (2.2.0+dfsg-1) unstable; urgency=medium [ Tianon Gravi ] * Update a few old-style "golang-" Build-Depends values to use "|" with their new proper names to help with transitioning the dependencies. See https://bugs.debian.org/797903#10, for example. [ Dmitry Smirnov ] * New upstream release [September 2015]. * Added etcd(1) man page. * Sorted list of packages in Build-Depends. * Build-Depends: + golang-github-coreos-go-systemd-dev + golang-golang-x-sys-dev - golang-mreiferson-httpclient-dev (unused). + golang-google-cloud-compute-metadata-dev * Provides: - golang-github-coreos-go-etcd-dev + golang-github-coreos-etcd-dev * rules: --parallel. * New annotated .default file "/etc/default/etcd". * Re-written init scripts. etcd (2.1.3+dfsg2-1) unstable; urgency=medium * New upstream release [September 2015]. * Build-Depends: + golang-golang-x-net-dev + golang-protobuf-extensions-dev * Provides: "golang-github-coreos-go-etcd-dev" (policy-compliant package). * Copyright: more Files-Excluded. * Added "etcdctl.1" man page. etcd (2.1.2+dfsg1-1) unstable; urgency=medium * Upload to unstable (Closes: #788762). [ Jelmer Vernooij ] * Drop dependency on golang-raft, which is no longer used. [ Dmitry Smirnov ] * New upstream Release [August 2015]. * Re-build .pb.go files. * control: updated Vcs-Browser URL. * postinst: check if user exist. * systemd/init.d/default: + use hostname as default instance name. + consistently load ETCD_NAME and DATA_DIR. * init.d: + added LSB descriptions. + added "status" support. + replaced "echo" with LSB functions. + stop daemon with "--retry=TERM/30/KILL/5" to fix restart. * rules: + always run tests but ignore failures. + invoke DH --with systemd. * rules/override_dh_clean: remove Files-Excluded. * cleanup_third_party: limit find scope for a little speed-up. * Build-Depends: - golang-gogoprotobuf-dev + golang-gogoprotobuf-dev (>= 0.0~git20150828~) + libprotobuf-dev + protobuf-compiler + golang-clockwork-dev + golang-procfs-dev + golang-github-bradfitz-http2-dev + golang-github-boltdb-bolt-dev + golang-github-google-btree-dev + golang-github-ugorji-go-codec-dev + golang-glog-dev + golang-go-semver-dev + golang-prometheus-client-dev + golang-go.crypto-dev + golang-golang-x-oauth2-dev * Added myself to Uploaders. etcd (2.0.8-2) experimental; urgency=medium * Add support for setting up SSL in default config. * Fix service stop. * debian/rules: run tests on amd64. etcd (2.0.8-1) experimental; urgency=medium * New upstream release. * Bump standards version to 3.9.6 (no changes). * Add patch 01_race_amd64: only specify --race to test on amd64. etcd (2.0.0-1) experimental; urgency=medium * Initial release. (Closes: #741065) --- debian/TODO | 3 + debian/changelog | 618 ++++++++++++++++++ debian/control | 167 +++++ debian/copyright | 66 ++ debian/etcd-client.install | 1 + debian/etcd-client.manpages | 1 + debian/etcd-server.docs | 1 + debian/etcd-server.etcd.default | 392 +++++++++++ debian/etcd-server.etcd.init | 79 +++ debian/etcd-server.etcd.service | 24 + debian/etcd-server.install | 1 + debian/etcd-server.manpages | 1 + debian/etcd-server.postinst | 21 + debian/etcd-server.postrm | 10 + debian/gbp.conf | 2 + debian/gitlab-ci.yml | 6 + debian/golang-etcd-server-dev.install | 1 + debian/man/etcd.1 | 290 ++++++++ debian/man/etcdctl.1 | 316 +++++++++ debian/not-installed | 7 + debian/patches/0004-grpc-1.27.x.patch | 58 ++ debian/patches/0005-go1.14-cipher.patch | 23 + ...re-bind-error-in-embed-serve_test.go.patch | 36 + .../patches/0007-switch-to-creack-pty.patch | 22 + ...use-TLS.Config.MaxVersion-to-TLS-1.2.patch | 38 ++ .../0009-only-warn-on-unsupported-arch.patch | 25 + ...0-Increase-the-given-latency-in-test.patch | 24 + ...-Fix-goroutine-leak-in-clientv3-test.patch | 36 + debian/patches/series | 8 + debian/rules | 37 ++ debian/source/format | 1 + debian/tests/control | 19 + debian/tests/functional | 58 ++ debian/tests/integration | 26 + debian/watch | 7 + 35 files changed, 2425 insertions(+) create mode 100644 debian/TODO create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/etcd-client.install create mode 100644 debian/etcd-client.manpages create mode 100644 debian/etcd-server.docs create mode 100644 debian/etcd-server.etcd.default create mode 100644 debian/etcd-server.etcd.init create mode 100644 debian/etcd-server.etcd.service create mode 100644 debian/etcd-server.install create mode 100644 debian/etcd-server.manpages create mode 100644 debian/etcd-server.postinst create mode 100644 debian/etcd-server.postrm create mode 100644 debian/gbp.conf create mode 100644 debian/gitlab-ci.yml create mode 100644 debian/golang-etcd-server-dev.install create mode 100644 debian/man/etcd.1 create mode 100644 debian/man/etcdctl.1 create mode 100644 debian/not-installed create mode 100644 debian/patches/0004-grpc-1.27.x.patch create mode 100644 debian/patches/0005-go1.14-cipher.patch create mode 100644 debian/patches/0006-ignore-bind-error-in-embed-serve_test.go.patch create mode 100644 debian/patches/0007-switch-to-creack-pty.patch create mode 100644 debian/patches/0008-use-TLS.Config.MaxVersion-to-TLS-1.2.patch create mode 100644 debian/patches/0009-only-warn-on-unsupported-arch.patch create mode 100644 debian/patches/0010-Increase-the-given-latency-in-test.patch create mode 100644 debian/patches/0011-Fix-goroutine-leak-in-clientv3-test.patch create mode 100644 debian/patches/series create mode 100755 debian/rules create mode 100644 debian/source/format create mode 100644 debian/tests/control create mode 100755 debian/tests/functional create mode 100755 debian/tests/integration create mode 100644 debian/watch diff --git a/debian/TODO b/debian/TODO new file mode 100644 index 0000000..49b73b3 --- /dev/null +++ b/debian/TODO @@ -0,0 +1,3 @@ +- simple debconf integration + - first question: proxy / master +- SSL certificate initialization diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..47989fd --- /dev/null +++ b/debian/changelog @@ -0,0 +1,618 @@ +etcd (3.3.25+dfsg-7ubuntu0.22.04.1) jammy-security; urgency=medium + + * No-change rebuild for golang-golang-x-text + + -- Eduardo Barretto Mon, 30 Jan 2023 17:20:44 +0100 + +etcd (3.3.25+dfsg-7) unstable; urgency=medium + + * Team upload. + + [ Shengjing Zhu ] + * Switch autopkgtest to the new Architecture: field + + [ Reinhard Tartler ] + * Avoid postinst crashes, Closes: #889714 + + -- Reinhard Tartler Thu, 24 Feb 2022 22:18:53 -0500 + +etcd (3.3.25+dfsg-6) unstable; urgency=medium + + * Team upload. + * Use packaged library + + golang-github-grpc-ecosystem-go-grpc-middleware-dev + + golang-github-soheilhy-cmux-dev + + golang-github-tmc-grpc-websocket-proxy-dev + + -- Shengjing Zhu Sat, 24 Oct 2020 16:01:47 +0800 + +etcd (3.3.25+dfsg-5) unstable; urgency=medium + + * Team upload. + * Upload to unstable + * Rework goroutine leak patch + * Disable parallel test to improve stability on slow arch + * Adapt manpage and default config for 3.3 release + + -- Shengjing Zhu Sat, 10 Oct 2020 03:12:37 +0800 + +etcd (3.3.25+dfsg-4) experimental; urgency=medium + + * Team upload. + * Not exit immediately on unsupported arch (Closes: #952536) + * Add back some old patches to fix flaky tests + + -- Shengjing Zhu Thu, 08 Oct 2020 02:58:49 +0800 + +etcd (3.3.25+dfsg-3) experimental; urgency=medium + + * Team upload. + * Backport patch to fix tls test failure + + -- Shengjing Zhu Thu, 08 Oct 2020 00:03:52 +0800 + +etcd (3.3.25+dfsg-2) experimental; urgency=medium + + * Team upload. + * Fix tests failed with Ctty not valid in child. + Address: #971158 + * Rewrite integration and functional tests in autopkgtest + * Use execute_after_dh_auto_test + * Update copyright + * Fix file permission in golang-etcd-server-dev + * Add Pre-Depends to etcd-server + + -- Shengjing Zhu Wed, 07 Oct 2020 23:23:47 +0800 + +etcd (3.3.25+dfsg-1) experimental; urgency=medium + + * Team upload. + * New upstream release 3.3.25 + + CVE-2020-15136 (Closes: #968752) + Gateway TLS authentication only applies to endpoints detected in DNS SRV + records + https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q + + CVE-2020-15115 (Closes: #968740) + No minimum password length + https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh + + CVE-2020-15114 + Gateway can include itself as an endpoint resulting in resource + exhaustion + https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224 + + CVE-2020-15113 + Directories created via os.MkdirAll are not checked for permissions + https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 + + CVE-2020-15112 + An entry with large index causes panic in WAL ReadAll method + https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93 + + CVE-2020-15106 + A large slice causes panic in decodeRecord method + https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 + * Disable some failed tests (Closes: #971158) + * Bump debhelper compat to 13 + * Add Rules-Requires-Root + * Bump Standards-Version to 4.5.0 (no changes) + + -- Shengjing Zhu Tue, 06 Oct 2020 22:58:53 +0800 + +etcd (3.2.26+dfsg-8) unstable; urgency=medium + + * Team upload. + * debian/patches/embed_tests_fix.patch: New patch, skips + TestStartEtcdWrongToken test which fails if a etcd server is already + running independently of the testsuite. + + -- Michael Banck Sun, 31 May 2020 10:34:10 +0200 + +etcd (3.2.26+dfsg-7) unstable; urgency=medium + + * Team upload. + * debian/rules: Provide an explicit and PHONY build rule, as before + `debian/rules build' was a no-op which broke autopkgtest-pkg-go + integration.(Closes: #956424) + * debian/patches/series: Reactivate and update skip-dev-ptmx-error.patch. + * debian/patches/e2e_tests_fix.patch, + debian/patches/functional_tests_fix.patch, + debian/patches/integration_tests_fix.patch: New patches, fix issues in the + integration tests. + * debian/rules: Add new rule autopkgtest which runs the integration tests + during autopkgtest, as defined by all tests which are not part of + INTEGRATION_TEST_EXCLUDES. + + -- Michael Banck Fri, 29 May 2020 19:01:18 +0200 + +etcd (3.2.26+dfsg-6) unstable; urgency=medium + + * Team upload. + * Rebuild using newer golang-golang-x-net-dev + + -- Stephen Gelman Fri, 10 Jan 2020 09:29:10 -0600 + +etcd (3.2.26+dfsg-5) unstable; urgency=medium + + * Team upload. + * Add patch to fix FTBFS with newer prometheus version (Closes: #947939) + * Build-Depends on golang-github-prometheus-client-golang-dev (>= 1.0.0~) + + -- Stephen Gelman Fri, 10 Jan 2020 01:15:15 -0600 + +etcd (3.2.26+dfsg-4) unstable; urgency=medium + + * Team upload. + + [ Arnaud Rebillout ] + * Add upstream patch to build against golang-google-grpc-dev in sid. + * Add upstream patch to fix test with go 1.12. + + [ Dmitry Smirnov ] + * (Build-)Depends: + - golang-github-dgrijalva-jwt-go-v3-dev + + golang-github-dgrijalva-jwt-go-dev (>= 3.2.0~) + + -- Arnaud Rebillout Fri, 25 Oct 2019 16:51:45 +1100 + +etcd (3.2.26+dfsg-3) unstable; urgency=medium + + * Team upload. + * Add patch to increase the latency in test to support mips + * Fix override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS + * Don't ship etcd2-backup-coreos, which is intended for coreos + * Add spelling-error.patch + * Remove obsoleted lintian-overrides + * Update etcd and etcdctl manpage for 3.2.26 version + + -- Shengjing Zhu Mon, 25 Feb 2019 02:25:00 +0800 + +etcd (3.2.26+dfsg-2) unstable; urgency=medium + + * Team upload. + * Add missing systemd service after compat bumped to 11 + * Only run unit tests when building, and don't ignore the results + * Add patch to fix goroutine leak in TestDialNoTimeout + + -- Shengjing Zhu Sun, 24 Feb 2019 23:57:42 +0800 + +etcd (3.2.26+dfsg-1) unstable; urgency=medium + + * Team upload. + + [ Arnaud Rebillout ] + * {Build-,}Depends on golang-github-xiang90-probing-dev (>= 0.0.1~) + * Build-Depends on golang-any (>= 2:1.10~) + + [ Shengjing Zhu ] + * New upstream release v3.2.26 + + Address CVE-2018-16886 (Closes: #923008) + Disable CommonName authentication for gRPC-gateway + gRPC-gateway proxy requests to etcd server use the etcd + client server TLS certificate. If that certificate contains + CommonName we do not want to use that for authentication as + it could lead to permission escalation. + * Remove pgpsigurlmangle in debian/watch. + Upstream didn't sign the source tarball since v3.2.26 + * Update pkg-go team address to team+pkg-go@tracker.debian.org + * Update debhelper and compat to 11 + * Update etcd server default env from upstream docs + * Remove etcd-dump-db, etcd-dump-logs in etcd-client package + upstream didn't provide these tools in v3.2.26 tarball + * Add golang-go.uber-zap-dev to {Build-,}Depends + * Remove socket files created during test phase + + -- Shengjing Zhu Sun, 24 Feb 2019 02:26:48 +0800 + +etcd (3.2.18+dfsg-1) unstable; urgency=medium + + [ Alexandre Viau ] + * Point Vcs-* urls to salsa.debian.org. + + [ Anthony Fok ] + * New upstream release. + * Bump Standards-Version to 4.1.4 (no change) + * Remove match-ugorji-go-codec-native-time.Time-support.patch + because github.com/ugorji/go/codec@v1.1.1 includes changes to support + both time.Time and *time.Time correctly for backward compatibility. + See https://github.com/coreos/etcd/issues/9447 + * {Build-,}Depends on golang-github-ugorji-go-codec-dev (>= 1.1.1~) + + -- Anthony Fok Tue, 10 Apr 2018 05:02:04 -0600 + +etcd (3.2.17+dfsg-1) unstable; urgency=medium + + * New upstream release. + * Fix FTBFS: + - New upstream release contains regenerated gRPC *.pb.go and *.pb.gw.po + files (since etcd 3.2.10) which build correctly with the updated gPRC + packages in Debian. + - Add "export DH_GOLANG_GO_GENERATE := 1" to debian/rules + to fix FTBFS by re-generating keys.generated.go at build time + with the same version of codecgen as golang-github-ugorji-go-codec-dev. + See also https://github.com/coreos/etcd/issues/8715. + - Add "Depends: golang-github-ugorji-go-codec" to have codecgen available + at build time. + (Closes: #890939) + * Depend on golang-github-coreos-bbolt-dev, replacing + golang-github-boltdb-bolt-dev, to "address backend database size + issue" (since etcd 3.2.10) + * Revert incoming-outgoing-context.patch (commit 5e059fd from upstream) + which has been backported upstream in commit d62e39d from v3.3 branch + to v3.2 branch since etcd 3.2.10 + * Add match-ugorji-go-codec-native-time.Time-support.patch, which updates + etcd/client/keys{,_test}.go to match the latest + golang-github-ugorji-go-codec-dev to prevent a new "cannot use + x.Expiration (type *time.Time) as type time.Time in argument to + r.encDriver.EncodeTime" error, see https://github.com/ugorji/go/issues/224 + and https://github.com/ugorji/go/commit/8badb25. + * Apply "cme fix dpkg" to debian/control, + bumping Standards-Version to 4.1.3, setting Priority to optional, + and adding Testsuite: autopkgtest-pkg-go, etc. + * Add myself to the list of Uploaders + + -- Anthony Fok Fri, 16 Mar 2018 18:20:05 -0600 + +etcd (3.2.9+dfsg-3) unstable; urgency=medium + + * Team upload. + * Exclude the sockets from the MD5 sum generation. (Closes: #855876) + * Use Priority optional + * Update team name + * Use wrap-and-sort on debian files + * Remove dh_golang and golang-any from Depends of source package + * Use HTTPS URL for d/copyright + * Switch to XS-Go-Import-Path in d/control + + -- Dr. Tobias Quathamer Mon, 20 Nov 2017 23:16:35 +0100 + +etcd (3.2.9+dfsg-2) unstable; urgency=medium + + * Team upload. + * Fix package dependency typo. (Closes: #879791) + + -- Michael Lustfield Wed, 25 Oct 2017 17:48:26 -0500 + +etcd (3.2.9+dfsg-1) unstable; urgency=medium + + * Team upload. + + [ Tim Potter ] + * New upstream release. + + [ Paul Tagliamonte ] + * Remove Built-Using from arch:all transitional package + + [ Tim Potter ] + * Apply commit 5e059fd from upstream + * Update test fixture modification patch + * Update /dev/ptmx input/output error patch + * Another update to test fixture path patch + + [ Andrew Shadura ] + * Ignore test failures. + + -- Andrew Shadura Tue, 24 Oct 2017 14:33:51 +0100 + +etcd (3.1.8+dfsg-2) unstable; urgency=medium + + * Fix upgrade problem caused by client/server package split. Thanks + to Olafur St. Arnarsson for the patch. (Closes #863976) + + -- Tim Potter Mon, 05 Jun 2017 09:03:52 +1000 + +etcd (3.1.8+dfsg-1) unstable; urgency=medium + + * New upstream release. + * Tighten B-D on golang-github-coreos-pkg-dev to build in stretch. + (Closes: #858241) + * Change section from "devel" to "net. (Closes: #840681) + * Separate into client and server packages. (Closes: #815453) + + -- Tim Potter Wed, 24 May 2017 10:59:25 +1000 + +etcd (3.1.4+dfsg-1) unstable; urgency=medium + + * New upstream release. + + -- Tim Potter Fri, 24 Mar 2017 11:52:26 +1100 + +etcd (3.1.3+dfsg-1) unstable; urgency=medium + + * New upstream release. + * Suppress binary-without-manpage Lintian warnings. + + -- Tim Potter Tue, 21 Mar 2017 09:43:07 +1100 + +etcd (3.1.2+dfsg-1) unstable; urgency=medium + + * New upstream release. + + -- Tim Potter Wed, 08 Mar 2017 15:06:16 +1100 + +etcd (3.1.1+dfsg-2) unstable; urgency=medium + + * Upload to unstable. (Closes: #846542) + * Fix test suite failures in Debian build environment and + ensure no test junk is accidentally mispackaged. (Closes: #855876) + * Fix various Lintian problems. + + -- Tim Potter Fri, 03 Mar 2017 07:11:16 +1100 + +etcd (3.1.1+dfsg-1) experimental; urgency=medium + + * New upstream release. + + -- Tim Potter Mon, 20 Feb 2017 15:27:52 +1100 + +etcd (3.1.0-1) experimental; urgency=medium + + * New upstream release. + * Change to use upstream source generated by dh-make-golang, and + remove antiquated package build system. + * Update debian/copyright file for new major release. + * Build-Depends: + + golang-github-karlseguin-ccache-dev + + golang-github-cockroachdb-cmux-dev + + golang-github-urfave-cli-dev + + golang-github-grpc-ecosystem-grpc-gateway-dev + + golang-github-grpc-ecosystem-go-grpc-prometheus-dev + * Add lsb-base as install dependency for binary package. + * Remove bogus Build-Depends from -dev binary package. + + -- Tim Potter Thu, 09 Feb 2017 13:48:12 +1100 + +etcd (2.3.7+dfsg-5) unstable; urgency=medium + + [ Team upload ] + * Regenerate pb.go files with gogo-protobuf v0.3 (Closes: #835750) + * Patch to fix SdNotify() API change in coreos-go-systemd package. + + -- Tim Potter Wed, 05 Oct 2016 17:18:46 +1100 + +etcd (2.3.7+dfsg-4) unstable; urgency=medium + + * New patch to disable TestTransportErrorc (Closes: #831789). + + -- Dmitry Smirnov Wed, 20 Jul 2016 09:51:34 +1000 + +etcd (2.3.7+dfsg-3) unstable; urgency=medium + + * New patch to disable "TestLessorRevoke" test. + + -- Dmitry Smirnov Thu, 14 Jul 2016 23:25:09 +1000 + +etcd (2.3.7+dfsg-2) unstable; urgency=medium + + * Tests: disabled "TestWaitTime" test due to failure on [ppc64el]. + * Renamed "cheggaaa-pb-dev" to "cheggaaa-pb.v1-dev" (Closes: #829048). + Also commented currently unused package. Thanks, Peter Colberg. + * (Build-)Depends: removed obsolete -clockwork-dev alternative + (Closes: #830388). + + -- Dmitry Smirnov Sun, 10 Jul 2016 08:52:59 +1000 + +etcd (2.3.7+dfsg-1) unstable; urgency=medium + + * New upstream release [June 2016]. + * Build-Depends += "curl". + * Disabled failing tests; don't ignore test failures any more. + + -- Dmitry Smirnov Mon, 27 Jun 2016 14:19:51 +1000 + +etcd (2.3.6+dfsg-1) unstable; urgency=medium + + * New upstream release [May 2016]. + + -- Dmitry Smirnov Mon, 06 Jun 2016 00:05:45 +1000 + +etcd (2.3.5+dfsg-1) unstable; urgency=medium + + * New upstream release [May 2016]. + * Fixed Vcs-Git URL. + + -- Dmitry Smirnov Sat, 21 May 2016 16:19:43 +1000 + +etcd (2.3.3+dfsg-1) unstable; urgency=medium + + * New upstream release [April 2016]. + * Standards-Version: 3.9.8. + + -- Dmitry Smirnov Sat, 07 May 2016 20:33:55 +1000 + +etcd (2.3.2+dfsg-1) unstable; urgency=medium + + * New upstream release [April 2016]. + * control: drop Built-Using from -dev package. + * Build-Depends: + = golang-github-boltdb-bolt-dev (>= 1.2.0~) + + -- Dmitry Smirnov Mon, 25 Apr 2016 14:46:05 +1000 + +etcd (2.3.1+dfsg-1) unstable; urgency=medium + + * New upstream release [April 2016]. + * Removed obsolete "rakyll2cheggaaa.patch". + * Standards-Version: 3.9.7. + * Fix "readlink" invocation in the init.d script. + * rules: correction to build with gogoprotobuf 0.2. + * Build-Depends: + - golang-etcd-dev | golang-github-coreos-go-etcd-dev + + golang-github-bgentry-speakeasy-dev + + golang-github-codegangsta-cli-dev (>= 0.0~git20151221~) + + golang-github-coreos-gexpect-dev + + golang-github-gogo-protobuf-dev (>= 0.2~) + + gogoprotobuf + + golang-github-mattn-go-runewidth-dev + + golang-github-olekukonko-tablewriter-dev + + golang-github-xiang90-probing-dev + + -- Dmitry Smirnov Wed, 06 Apr 2016 12:40:12 +1000 + +etcd (2.2.5+dfsg-1) unstable; urgency=medium + + * New upstream release [February 2016] (Closes: #814404). + * Build-Depends: + - golang-github-bradfitz-http2-dev + - golang-golang-x-oauth2-dev + - golang-google-cloud-compute-metadata-dev + - golang-google-grpc-dev + + golang-google-grpc-dev (>= 0.0~git20151002~) + + golang-github-akrennmair-gopcap-dev + + golang-pb-dev | golang-github-cheggaaa-pb-dev + + golang-github-coreos-pkg-dev + + golang-github-cpuguy83-go-md2man-dev + + golang-github-kballard-go-shellquote-dev + + golang-pty-dev + + golang-github-russross-blackfriday-dev + + golang-github-shurcool-sanitized-anchor-name-dev + + golang-github-spacejam-loghisto-dev + + golang-github-spf13-cobra-dev + + golang-github-spf13-pflag-dev + * Updated Vcs URLs (vcs-field-uses-insecure-uri). + * Switch to bundled "github.com/gogo/protobuf". + + -- Dmitry Smirnov Fri, 12 Feb 2016 11:23:57 +1100 + +etcd (2.2.3+dfsg-1) unstable; urgency=medium + + * New upstream release [December 2015]. + * etcd.service: add "Alias=etcd2.service". + + -- Dmitry Smirnov Mon, 04 Jan 2016 17:32:15 +1100 + +etcd (2.2.2+dfsg-2) unstable; urgency=medium + + * Added goland dependencies to -dev package Depends. + + -- Dmitry Smirnov Wed, 16 Dec 2015 09:37:23 +1100 + +etcd (2.2.2+dfsg-1) unstable; urgency=medium + + * New upstream release [November 2015]. + * Build-Depends: + + golang-github-ugorji-go-codec-dev (>= 0.0~git20151112~). + + golang-github-beorn7-perks-dev + * init.d: log to syslog. + + Depends += "pipexec". + + -- Dmitry Smirnov Tue, 24 Nov 2015 09:58:16 +1100 + +etcd (2.2.1+dfsg-1) unstable; urgency=medium + + * New upstream release [October 2015]. + - switch to bundled "github.com/ugorji/go" due to FTBFS. + * Un-bundled "golang-google-grpc-dev". + * Allow Etcd to notify systemd for readiness through service "Type=notify" + (Closes: #800646). Thanks, Matthias Urlichs. + * Dropped obsolete lintian-overrides. + * Corrected "duplicate-short-description". + + -- Dmitry Smirnov Wed, 28 Oct 2015 08:16:14 +1100 + +etcd (2.2.0+dfsg-2) unstable; urgency=medium + + * Build-Depends: swap alternatives to put non-existent packages last. + * .service: less aggressive restart (on-failure --> on-abnormal). + + -- Dmitry Smirnov Sun, 13 Sep 2015 14:44:36 +1000 + +etcd (2.2.0+dfsg-1) unstable; urgency=medium + + [ Tianon Gravi ] + * Update a few old-style "golang-" Build-Depends values to use "|" with + their new proper names to help with transitioning the dependencies. + See https://bugs.debian.org/797903#10, for example. + + [ Dmitry Smirnov ] + * New upstream release [September 2015]. + * Added etcd(1) man page. + * Sorted list of packages in Build-Depends. + * Build-Depends: + + golang-github-coreos-go-systemd-dev + + golang-golang-x-sys-dev + - golang-mreiferson-httpclient-dev (unused). + + golang-google-cloud-compute-metadata-dev + * Provides: + - golang-github-coreos-go-etcd-dev + + golang-github-coreos-etcd-dev + * rules: --parallel. + * New annotated .default file "/etc/default/etcd". + * Re-written init scripts. + + -- Dmitry Smirnov Sat, 12 Sep 2015 03:12:52 +1000 + +etcd (2.1.3+dfsg2-1) unstable; urgency=medium + + * New upstream release [September 2015]. + * Build-Depends: + + golang-golang-x-net-dev + + golang-protobuf-extensions-dev + * Provides: "golang-github-coreos-go-etcd-dev" (policy-compliant package). + * Copyright: more Files-Excluded. + * Added "etcdctl.1" man page. + + -- Dmitry Smirnov Tue, 08 Sep 2015 15:47:20 +1000 + +etcd (2.1.2+dfsg1-1) unstable; urgency=medium + + * Upload to unstable (Closes: #788762). + + [ Jelmer Vernooij ] + * Drop dependency on golang-raft, which is no longer used. + + [ Dmitry Smirnov ] + * New upstream Release [August 2015]. + * Re-build .pb.go files. + * control: updated Vcs-Browser URL. + * postinst: check if user exist. + * systemd/init.d/default: + + use hostname as default instance name. + + consistently load ETCD_NAME and DATA_DIR. + * init.d: + + added LSB descriptions. + + added "status" support. + + replaced "echo" with LSB functions. + + stop daemon with "--retry=TERM/30/KILL/5" to fix restart. + * rules: + + always run tests but ignore failures. + + invoke DH --with systemd. + * rules/override_dh_clean: remove Files-Excluded. + * cleanup_third_party: limit find scope for a little speed-up. + * Build-Depends: + - golang-gogoprotobuf-dev + + golang-gogoprotobuf-dev (>= 0.0~git20150828~) + + libprotobuf-dev + + protobuf-compiler + + golang-clockwork-dev + + golang-procfs-dev + + golang-github-bradfitz-http2-dev + + golang-github-boltdb-bolt-dev + + golang-github-google-btree-dev + + golang-github-ugorji-go-codec-dev + + golang-glog-dev + + golang-go-semver-dev + + golang-prometheus-client-dev + + golang-go.crypto-dev + + golang-golang-x-oauth2-dev + * Added myself to Uploaders. + + -- Dmitry Smirnov Wed, 02 Sep 2015 11:50:46 +1000 + +etcd (2.0.8-2) experimental; urgency=medium + + * Add support for setting up SSL in default config. + * Fix service stop. + * debian/rules: run tests on amd64. + + -- Jelmer Vernooij Mon, 06 Apr 2015 21:22:41 +0000 + +etcd (2.0.8-1) experimental; urgency=medium + + * New upstream release. + * Bump standards version to 3.9.6 (no changes). + * Add patch 01_race_amd64: only specify --race to test on amd64. + + -- Jelmer Vernooij Tue, 17 Feb 2015 21:36:36 +0100 + +etcd (2.0.0-1) experimental; urgency=medium + + * Initial release. (Closes: #741065) + + -- Jelmer Vernooij Sat, 08 Mar 2014 15:45:59 +0000 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..69208a7 --- /dev/null +++ b/debian/control @@ -0,0 +1,167 @@ +Source: etcd +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Go Packaging Team +Uploaders: Jelmer Vernooij , + Tim Potter , + Anthony Fok , +Section: net +Priority: optional +Build-Depends: debhelper-compat (= 13), + dh-golang, + golang-any (>= 2:1.10~), + golang-github-bgentry-speakeasy-dev (>= 0.1.0~), + golang-github-coreos-bbolt-dev, + golang-github-coreos-go-semver-dev (>= 0.2.0~), + golang-github-coreos-go-systemd-dev, + golang-github-coreos-pkg-dev (>= 3~), + golang-github-creack-pty-dev (>= 1.1.11~), + golang-github-dgrijalva-jwt-go-dev (>= 3.2.0~), + golang-github-dustin-go-humanize-dev, + golang-github-gogo-protobuf-dev, + golang-github-golang-groupcache-dev (>= 0.0~git20160516.0.02826c3~), + golang-github-google-btree-dev, + golang-github-google-uuid-dev, + golang-github-gorilla-websocket-dev, + golang-github-grpc-ecosystem-go-grpc-middleware-dev, + golang-github-grpc-ecosystem-go-grpc-prometheus-dev, + golang-github-grpc-ecosystem-grpc-gateway-dev (>= 1.2.0~), + golang-github-jonboulle-clockwork-dev, + golang-github-json-iterator-go-dev, + golang-github-modern-go-reflect2-dev, + golang-github-olekukonko-tablewriter-dev (>= 0.0~git20170122.0.a0225b3~), + golang-github-prometheus-client-golang-dev (>= 1.0.0~), + golang-github-prometheus-client-model-dev, + golang-github-soheilhy-cmux-dev, + golang-github-spf13-cobra-dev, + golang-github-spf13-pflag-dev, + golang-github-tmc-grpc-websocket-proxy-dev, + golang-github-urfave-cli-dev, + golang-github-xiang90-probing-dev (>= 0.0.1~), + golang-go.uber-zap-dev, + golang-golang-x-crypto-dev, + golang-golang-x-net-dev, + golang-golang-x-sys-dev, + golang-golang-x-time-dev, + golang-google-genproto-dev, + golang-google-grpc-dev, + golang-gopkg-cheggaaa-pb.v1-dev, + golang-gopkg-yaml.v2-dev, + golang-goprotobuf-dev, + golang-k8s-sigs-yaml-dev, +Standards-Version: 4.5.0 +Vcs-Browser: https://salsa.debian.org/go-team/packages/etcd +Vcs-Git: https://salsa.debian.org/go-team/packages/etcd.git +Homepage: https://etcd.io +Rules-Requires-Root: no +XS-Go-Import-Path: github.com/coreos/etcd + +Package: etcd +Architecture: all +Section: oldlibs +Depends: etcd-client, + etcd-server, + ${misc:Depends}, +Description: Transitional package for etcd-client and etcd-server + This is a transitional package to ease upgrades for splitting the + etcd package into a separate client and server piece. It can be + safely removed. + +Package: etcd-server +Architecture: any +Pre-Depends: ${misc:Pre-Depends}, +Depends: adduser, + lsb-base, + pipexec, + ${misc:Depends}, + ${shlibs:Depends}, +Suggests: etcd-client, +Built-Using: ${misc:Built-Using}, +Description: highly-available key value store -- daemon + A highly-available key value store for shared configuration and service + discovery. etcd is inspired by zookeeper and doozer, with a focus on: + . + * Simple: curl'able user facing API (HTTP+JSON) + * Secure: optional SSL client cert authentication + * Fast: benchmarked 1000s of writes/s per instance + * Reliable: Properly distributed using Raft + . + Etcd uses the Raft consensus algorithm to manage a highly-available replicated + log. + . + This package contains the server binaries. + +Package: etcd-client +Architecture: any +Depends: ${misc:Depends}, + ${shlibs:Depends}, +Built-Using: ${misc:Built-Using}, +Description: highly-available key value store -- client + A highly-available key value store for shared configuration and service + discovery. etcd is inspired by zookeeper and doozer, with a focus on: + . + * Simple: curl'able user facing API (HTTP+JSON) + * Secure: optional SSL client cert authentication + * Fast: benchmarked 1000s of writes/s per instance + * Reliable: Properly distributed using Raft + . + Etcd uses the Raft consensus algorithm to manage a highly-available replicated + log. + . + This package contains the client binaries. + +Package: golang-etcd-server-dev +Architecture: all +Depends: golang-github-bgentry-speakeasy-dev (>= 0.1.0~), + golang-github-coreos-bbolt-dev, + golang-github-coreos-go-semver-dev (>= 0.2.0~), + golang-github-coreos-go-systemd-dev, + golang-github-coreos-pkg-dev (>= 3~), + golang-github-creack-pty-dev (>= 1.1.11~), + golang-github-dgrijalva-jwt-go-dev (>= 3.2.0~), + golang-github-dustin-go-humanize-dev, + golang-github-gogo-protobuf-dev, + golang-github-golang-groupcache-dev (>= 0.0~git20160516.0.02826c3~), + golang-github-google-btree-dev, + golang-github-google-uuid-dev, + golang-github-gorilla-websocket-dev, + golang-github-grpc-ecosystem-go-grpc-middleware-dev, + golang-github-grpc-ecosystem-go-grpc-prometheus-dev, + golang-github-grpc-ecosystem-grpc-gateway-dev (>= 1.2.0~), + golang-github-jonboulle-clockwork-dev, + golang-github-json-iterator-go-dev, + golang-github-modern-go-reflect2-dev, + golang-github-olekukonko-tablewriter-dev (>= 0.0~git20170122.0.a0225b3~), + golang-github-prometheus-client-golang-dev (>= 1.0.0~), + golang-github-prometheus-client-model-dev, + golang-github-soheilhy-cmux-dev, + golang-github-spf13-cobra-dev, + golang-github-spf13-pflag-dev, + golang-github-tmc-grpc-websocket-proxy-dev, + golang-github-urfave-cli-dev, + golang-github-xiang90-probing-dev (>= 0.0.1~), + golang-go.uber-zap-dev, + golang-golang-x-crypto-dev, + golang-golang-x-net-dev, + golang-golang-x-sys-dev, + golang-golang-x-time-dev, + golang-google-genproto-dev, + golang-google-grpc-dev, + golang-gopkg-cheggaaa-pb.v1-dev, + golang-gopkg-yaml.v2-dev, + golang-goprotobuf-dev, + golang-k8s-sigs-yaml-dev, + ${misc:Depends}, +Provides: golang-github-coreos-etcd-dev, +Description: highly-available key value store -- source + A highly-available key value store for shared configuration and service + discovery. etcd is inspired by zookeeper and doozer, with a focus on: + . + * Simple: curl'able user facing API (HTTP+JSON) + * Secure: optional SSL client cert authentication + * Fast: benchmarked 1000s of writes/s per instance + * Reliable: Properly distributed using Raft + . + Etcd uses the Raft consensus algorithm to manage a highly-available replicated + log. + . + This package contains the source. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..b76b9c1 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,66 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: etcd +Source: https://github.com/etcd-io/etcd +Files-Excluded: vendor + +Files: * +Copyright: 2014-2015 CoreOS, Inc + 2013-2017 The etcd Authors +License: Apache-2.0 + +Files: + client/cancelreq.go + client/integration/main_test.go + clientv3/integration/main_test.go + integration/main_test.go + pkg/crc/crc.go + pkg/crc/crc_test.go + pkg/httputil/httputil.go + pkg/pathutil/path.go + pkg/testutil/leak.go + tests/e2e/main_test.go +Copyright: 2013-2015 The Go Authors. +License: BSD-3-clause + +Files: debian/* +Copyright: + 2014 Jelmer Vernooij + 2015-2016 Dmitry Smirnov +License: Apache-2.0 + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + On Debian systems, the complete text of the Apache 2.0 + License can be found in `/usr/share/common-licenses/Apache-2.0`. + +License: BSD-3-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the + distribution. + * The name of the author may not be used to endorse or promote + products derived from this software without specific prior written + permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/debian/etcd-client.install b/debian/etcd-client.install new file mode 100644 index 0000000..457d7b1 --- /dev/null +++ b/debian/etcd-client.install @@ -0,0 +1 @@ +usr/bin/etcdctl diff --git a/debian/etcd-client.manpages b/debian/etcd-client.manpages new file mode 100644 index 0000000..5441ee7 --- /dev/null +++ b/debian/etcd-client.manpages @@ -0,0 +1 @@ +debian/man/etcdctl.1 diff --git a/debian/etcd-server.docs b/debian/etcd-server.docs new file mode 100644 index 0000000..98d4901 --- /dev/null +++ b/debian/etcd-server.docs @@ -0,0 +1 @@ +Documentation/* diff --git a/debian/etcd-server.etcd.default b/debian/etcd-server.etcd.default new file mode 100644 index 0000000..cf1262c --- /dev/null +++ b/debian/etcd-server.etcd.default @@ -0,0 +1,392 @@ +## etcd(1) daemon options +## See "/usr/share/doc/etcd-server/op-guide/configuration.md.gz" + +### Member flags + +##### --name +## Human-readable name for this member. +## This value is referenced as this node's own entries listed in the +## `--initial-cluster` flag (e.g., `default=http://localhost:2380`). This +## needs to match the key used in the flag if using static bootstrapping. When +## using discovery, each member must have a unique name. `Hostname` or +## `machine-id` can be a good choice. +## default: "default" +# ETCD_NAME="default" + +##### --data-dir +## Path to the data directory. +## default: "${name}.etcd" +# ETCD_DATA_DIR="/var/lib/etcd/default" + +##### --wal-dir +## Path to the dedicated wal directory. If this flag is set, etcd will write +## the WAL files to the walDir rather than the dataDir. This allows a +## dedicated disk to be used, and helps avoid io competition between logging +## and other IO operations. +## default: "" +# ETCD_WAL_DIR + +##### --snapshot-count +## Number of committed transactions to trigger a snapshot to disk. +## default: "100000" +# ETCD_SNAPSHOT_COUNT="100000" + +##### --heartbeat-interval +## Time (in milliseconds) of a heartbeat interval. +## default: "100" +# ETCD_HEARTBEAT_INTERVAL="100" + +##### --election-timeout +## Time (in milliseconds) for an election to timeout. See +## /usr/share/doc/etcd-server/tuning.md.gz for details. +## default: "1000" +# ETCD_ELECTION_TIMEOUT="1000" + +##### --listen-peer-urls +## List of URLs to listen on for peer traffic. This flag tells the etcd to +## accept incoming requests from its peers on the specified scheme://IP:port +## combinations. Scheme can be either http or https.If 0.0.0.0 is specified as +## the IP, etcd listens to the given port on all interfaces. If an IP address is +## given as well as a port, etcd will listen on the given port and interface. +## Multiple URLs may be used to specify a number of addresses and ports to listen +## on. The etcd will respond to requests from any of the listed addresses and +## ports. +## default: "http://localhost:2380" +## example: "http://10.0.0.1:2380" +## invalid example: "http://example.com:2380" (domain name is invalid for binding) +# ETCD_LISTEN_PEER_URLS="http://localhost:2380" + +##### --listen-client-urls +## List of URLs to listen on for client traffic. This flag tells the etcd to +## accept incoming requests from the clients on the specified scheme://IP:port +## combinations. Scheme can be either http or https. If 0.0.0.0 is specified as +## the IP, etcd listens to the given port on all interfaces. If an IP address is +## given as well as a port, etcd will listen on the given port and interface. +## Multiple URLs may be used to specify a number of addresses and ports to listen +## on. The etcd will respond to requests from any of the listed addresses and +## ports. +## default: "http://localhost:2379" +## example: "http://10.0.0.1:2379" +## invalid example: "http://example.com:2379" (domain name is invalid for binding) +# ETCD_LISTEN_CLIENT_URLS="http://localhost:2379" + +##### --max-snapshots +## Maximum number of snapshot files to retain (0 is unlimited) +## The default for users on Windows is unlimited, and manual purging down to 5 +## (or some preference for safety) is recommended. +## default: 5 +# ETCD_MAX_SNAPSHOTS="5" + +##### --max-wals +## Maximum number of wal files to retain (0 is unlimited) +## The default for users on Windows is unlimited, and manual purging down to 5 +## (or some preference for safety) is recommended. +## default: 5 +# ETCD_MAX_WALS="5" + +##### --cors +## Comma-separated white list of origins for CORS (cross-origin resource +## sharing). +## default: none +# ETCD_CORS + +#### --quota-backend-bytes +## Raise alarms when backend size exceeds the given quota (0 defaults to low +## space quota). +## default: 0 +# ETCD_QUOTA_BACKEND_BYTES="0" + +#### --backend-batch-limit +## BackendBatchLimit is the maximum operations before commit the backend +## transaction. +## default: 0 +# ETCD_BACKEND_BATCH_LIMIT="0" + +#### --backend-batch-interval +## BackendBatchInterval is the maximum time before commit the backend +## transaction. +## default: 0 +# ETCD_BACKEND_BATCH_INTERVAL="0" + +#### --max-txn-ops +## Maximum number of operations permitted in a transaction. +## default: 128 +# ETCD_MAX_TXN_OPS="128" + +#### --max-request-bytes +## Maximum client request size in bytes the server will accept. +## default: 1572864 +# ETCD_MAX_REQUEST_BYTES="1572864" + +#### --grpc-keepalive-min-time +## Minimum duration interval that a client should wait before pinging server. +## default: 5s +# ETCD_GRPC_KEEPALIVE_MIN_TIME="5" + +#### --grpc-keepalive-interval +## Frequency duration of server-to-client ping to check if a connection is +## alive (0 to disable). +## default: 2h +# ETCD_GRPC_KEEPALIVE_INTERVAL="2h" + +#### --grpc-keepalive-timeout +## Additional duration of wait before closing a non-responsive connection +## (0 to disable). +## default: 20s +# ETCD_GRPC_KEEPALIVE_TIMEOUT="20s" + + +### Clustering flags + +# `--initial` prefix flags are used in bootstrapping (static bootstrap, +# discovery-service bootstrap or runtime reconfiguration) a new member, and +# ignored when restarting an existing member. + +# `--discovery` prefix flags need to be set when using discovery service. + +##### --initial-advertise-peer-urls + +## List of this member's peer URLs to advertise to the rest of the cluster. +## These addresses are used for communicating etcd data around the cluster. At +## least one must be routable to all cluster members. These URLs can contain +## domain names. +## default: "http://localhost:2380" +## example: "http://example.com:2380, http://10.0.0.1:2380" +# ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380" + +##### --initial-cluster +## Initial cluster configuration for bootstrapping. +## The key is the value of the `--name` flag for each node provided. The +## default uses `default` for the key because this is the default for the +## `--name` flag. +## default: "default=http://localhost:2380" +# ETCD_INITIAL_CLUSTER="default=http://localhost:2380" + +##### --initial-cluster-state +## Initial cluster state ("new" or "existing"). Set to `new` for all members +## present during initial static or DNS bootstrapping. If this option is set to +## `existing`, etcd will attempt to join the existing cluster. If the wrong value +## is set, etcd will attempt to start but fail safely. +## default: "new" +# ETCD_INITIAL_CLUSTER_STATE="new" + +##### --initial-cluster-token +## Initial cluster token for the etcd cluster during bootstrap. +## default: "etcd-cluster" +# ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" + +##### --advertise-client-urls +## List of this member's client URLs to advertise to the rest of the cluster. +## These URLs can contain domain names. +## Be careful if advertising URLs such as http://localhost:2379 from a cluster +## member and are using the proxy feature of etcd. This will cause loops, because +## the proxy will be forwarding requests to itself until its resources (memory, +## file descriptors) are eventually depleted. +## default: "http://localhost:2379" +## example: "http://example.com:2379, http://10.0.0.1:2379" +# ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379" + +##### --discovery +## Discovery URL used to bootstrap the cluster. +## default: none +# ETCD_DISCOVERY + +##### --discovery-srv +## DNS srv domain used to bootstrap the cluster. +## default: none +# ETCD_DISCOVERY_SRV + +##### --discovery-fallback +## Expected behavior ("exit" or "proxy") when discovery services fails. "proxy" +## supports v2 API only. +## default: "proxy" +# ETCD_DISCOVERY_FALLBACK="proxy" + +##### --discovery-proxy +## HTTP proxy to use for traffic to discovery service. +## default: none +# ETCD_DISCOVERY_PROXY + +##### --strict-reconfig-check +## Reject reconfiguration requests that would cause quorum loss. +## default: false +# ETCD_STRICT_RECONFIG_CHECK + +##### --auto-compaction-retention +## Auto compaction retention for mvcc key value store in hour. 0 means disable +## auto compaction. +## default: 0 +# ETCD_AUTO_COMPACTION_RETENTION="0" + +##### --enable-v2 +## Accept etcd V2 client requests +## default: true +# ETCD_ENABLE_V2="true" + + +### Proxy flags + +# `--proxy` prefix flags configures etcd to run in proxy mode. "proxy" supports +# v2 API only. + +##### --proxy +## Proxy mode setting ("off", "readonly" or "on"). +## default: "off" +# ETCD_PROXY="off" + +##### --proxy-failure-wait +## Time (in milliseconds) an endpoint will be held in a failed state before +## being reconsidered for proxied requests. +## default: 5000 +# ETCD_PROXY_FAILURE_WAIT="5000" + +##### --proxy-refresh-interval +## Time (in milliseconds) of the endpoints refresh interval. +## default: 30000 +# ETCD_PROXY_REFRESH_INTERVAL="30000" + +##### --proxy-dial-timeout +## Time (in milliseconds) for a dial to timeout or 0 to disable the timeout +## default: 1000 +# ETCD_PROXY_DIAL_TIMEOUT="1000" + +##### --proxy-write-timeout +## Time (in milliseconds) for a write to timeout or 0 to disable the timeout. +## default: 5000 +# ETCD_PROXY_WRITE_TIMEOUT="5000" + +##### --proxy-read-timeout +## Time (in milliseconds) for a read to timeout or 0 to disable the timeout. +## Don't change this value if using watches because use long polling requests. +## default: 0 +# ETCD_PROXY_READ_TIMEOUT="0" + + +### Security flags + +# The security flags help to build a secure etcd cluster. + +##### --ca-file (**DEPRECATED**) +## Path to the client server TLS CA file. `--ca-file ca.crt` could be replaced +## by `--trusted-ca-file ca.crt --client-cert-auth` and etcd will perform the +## same. +## default: none +# ETCD_CA_FILE + +##### --cert-file +## Path to the client server TLS cert file. +## default: none +# ETCD_CERT_FILE + +##### --key-file +## Path to the client server TLS key file. +## default: none +# ETCD_KEY_FILE + +##### --client-cert-auth +## Enable client cert authentication. +## CN authentication is not supported by gRPC-gateway. +## default: false +# ETCD_CLIENT_CERT_AUTH + +#### --client-crl-file +## Path to the client certificate revocation list file. +## default: "" +# ETCD_CLIENT_CRL_FILE + +##### --trusted-ca-file +## Path to the client server TLS trusted CA key file. +## default: none +# ETCD_TRUSTED_CA_FILE + +##### --auto-tls +## Client TLS using generated certificates +## default: false +# ETCD_AUTO_TLS + +##### --peer-ca-file (**DEPRECATED**) +## Path to the peer server TLS CA file. `--peer-ca-file ca.crt` could be +## replaced by `--peer-trusted-ca-file ca.crt --peer-client-cert-auth` and etcd +## will perform the same. +## default: none +# ETCD_PEER_CA_FILE + +##### --peer-cert-file +## Path to the peer server TLS cert file. +## default: none +# ETCD_PEER_CERT_FILE + +##### --peer-key-file +## Path to the peer server TLS key file. +## default: none +# ETCD_PEER_KEY_FILE + +##### --peer-client-cert-auth +## Enable peer client cert authentication. +## default: false +# ETCD_PEER_CLIENT_CERT_AUTH + +#### --peer-crl-file +## Path to the peer certificate revocation list file. +## default: "" +# ETCD_PEER_CRL_FILE + +##### --peer-trusted-ca-file +## Path to the peer server TLS trusted CA file. +## default: none +# ETCD_PEER_TRUSTED_CA_FILE + +##### --peer-auto-tls +## Peer TLS using generated certificates +## default: false +# ETCD_PEER_AUTO_TLS + +#### --peer-cert-allowed-cn +## Allowed CommonName for inter peer authentication. +## default: none +# ETCD_PEER_CERT_ALLOWED_CN + +#### --cipher-suites +## Comma-separated list of supported TLS cipher suites between server/client and +## peers. +## default: "" +# ETCD_CIPHER_SUITES + +#### --experimental-peer-skip-client-san-verification +## Skip verification of SAN field in client certificate for peer connections. +## default: false +#+ ETCD_EXPERIMENTAL_PEER_SKIP_CLIENT_SAN_VERIFICATION + + +### Logging flags + +#### --log-outputs +## Specify 'stdout' or 'stderr' to skip journald logging even when running +## under systemd, or list of comma separated output targets. +## default: default +# ETCD_LOG_OUTPUTS + +##### --debug +## Drop the default log level to DEBUG for all subpackages. +## default: false (INFO for all packages) +# ETCD_DEBUG + +##### --log-package-levels +## Set individual etcd subpackages to specific log levels. An example being +## `etcdserver=WARNING,security=DEBUG` +## default: none (INFO for all packages) +# ETCD_LOG_PACKAGE_LEVELS + + +### Unsafe flags + +# Please be CAUTIOUS when using unsafe flags because it will break the guarantees given by the consensus protocol. +# For example, it may panic if other members in the cluster are still alive. +# Follow the instructions when using these flags. + +##### --force-new-cluster +## Force to create a new one-member cluster. It commits configuration changes +## forcing to remove all existing members in the cluster and add itself. It needs +## to be set to restore a backup. +## default: false +# ETCD_FORCE_NEW_CLUSTER diff --git a/debian/etcd-server.etcd.init b/debian/etcd-server.etcd.init new file mode 100644 index 0000000..347dd53 --- /dev/null +++ b/debian/etcd-server.etcd.init @@ -0,0 +1,79 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: etcd +# Required-Start: $local_fs $remote_fs $network +# Required-Stop: $local_fs $remote_fs $network +# Should-Start: $syslog +# Should-Stop: $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: etcd daemon +# Description: etcd - highly-available key value store +### END INIT INFO + +NAME=$(basename $(readlink -f "$0")) +DAEMON=/usr/bin/$NAME +DAEMON_USER=$NAME +PIDFILE=/var/run/$NAME.pid +DAEMON_ARGS="" + +# Exit if executable is not installed +[ -x "$DAEMON" ] || exit 0 + +set -a +ETCD_NAME="$(hostname)" +ETCD_DATA_DIR="/var/lib/etcd/default" +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME +set +a + +RETRY=TERM/30/KILL/5 + +# Load the VERBOSE setting and other rcS variables +[ -f /etc/default/rcS ] && . /etc/default/rcS + +[ -f /lib/lsb/init-functions ] || exit 1 +# Define LSB log_* functions. +. /lib/lsb/init-functions + +_ev_ () { + local rv_=$? + [ "$VERBOSE" = "no" ] || eval $@ + return $rv_ +} + +case "$1" in + start) + _ev_ log_action_begin_msg \"Starting $NAME\" + if R=$($0 status); then + _ev_ log_action_end_msg 0 \"$R\" + else + R=$(start-stop-daemon --start --pidfile $PIDFILE --make-pidfile --background \ + --chuid $DAEMON_USER --startas /usr/bin/pipexec -- -k \ + -- [ D $DAEMON $DAEMON_ARGS ] [ L /usr/bin/logger --tag $NAME ] '{D:1>L:0}' '{D:2>L:0}') + sleep 0.1 + $0 status >>/dev/null + _ev_ log_action_end_msg $? \"$R\" + fi + ;; + debug) + start-stop-daemon --start --exec $DAEMON --chuid $DAEMON_USER -- $DAEMON_ARGS + ;; + stop) + _ev_ log_action_begin_msg \"Stopping $NAME\" + R=$(start-stop-daemon --stop --oknodo --user $DAEMON_USER --pidfile $PIDFILE --remove-pidfile --retry=$RETRY 2>&1) + _ev_ log_action_end_msg $? \"$R\" + ;; + status) + ## return status 0 if process is running. + status_of_proc -p $PIDFILE "$DAEMON" "$NAME" + ;; + restart|force-reload) + $0 stop + $0 start + ;; + *) + echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac diff --git a/debian/etcd-server.etcd.service b/debian/etcd-server.etcd.service new file mode 100644 index 0000000..f4854be --- /dev/null +++ b/debian/etcd-server.etcd.service @@ -0,0 +1,24 @@ +[Unit] +Description=etcd - highly-available key value store +Documentation=https://etcd.io/docs +Documentation=man:etcd +After=network.target +Wants=network-online.target + +[Service] +Environment=DAEMON_ARGS= +Environment=ETCD_NAME=%H +Environment=ETCD_DATA_DIR=/var/lib/etcd/default +EnvironmentFile=-/etc/default/%p +Type=notify +User=etcd +PermissionsStartOnly=true +#ExecStart=/bin/sh -c "GOMAXPROCS=$(nproc) /usr/bin/etcd $DAEMON_ARGS" +ExecStart=/usr/bin/etcd $DAEMON_ARGS +Restart=on-abnormal +#RestartSec=10s +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target +Alias=etcd2.service diff --git a/debian/etcd-server.install b/debian/etcd-server.install new file mode 100644 index 0000000..007f820 --- /dev/null +++ b/debian/etcd-server.install @@ -0,0 +1 @@ +usr/bin/etcd diff --git a/debian/etcd-server.manpages b/debian/etcd-server.manpages new file mode 100644 index 0000000..f311a42 --- /dev/null +++ b/debian/etcd-server.manpages @@ -0,0 +1 @@ +debian/man/etcd.1 diff --git a/debian/etcd-server.postinst b/debian/etcd-server.postinst new file mode 100644 index 0000000..dbb88ca --- /dev/null +++ b/debian/etcd-server.postinst @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +case $1 in + configure) + if ! getent passwd etcd > /dev/null 2>&1 ; then + adduser --system --group --disabled-login --disabled-password --home /var/lib/etcd/ etcd + fi + mkdir -p -m 700 /var/lib/etcd + chmod 700 /var/lib/etcd/ + ;; + abort-upgrade|abort-remove|abort-deconfigure) + ;; + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# diff --git a/debian/etcd-server.postrm b/debian/etcd-server.postrm new file mode 100644 index 0000000..6e91eb2 --- /dev/null +++ b/debian/etcd-server.postrm @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" = "purge" ]; then + deluser --system etcd || true + rm -rf /var/lib/etcd || true +fi diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..cec628c --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,2 @@ +[DEFAULT] +pristine-tar = True diff --git a/debian/gitlab-ci.yml b/debian/gitlab-ci.yml new file mode 100644 index 0000000..594e14e --- /dev/null +++ b/debian/gitlab-ci.yml @@ -0,0 +1,6 @@ +# auto-generated, DO NOT MODIFY. +# The authoritative copy of this file lives at: +# https://salsa.debian.org/go-team/infra/pkg-go-tools/blob/master/config/gitlabciyml.go +--- +include: + - https://salsa.debian.org/go-team/infra/pkg-go-tools/-/raw/master/pipeline/test-archive.yml diff --git a/debian/golang-etcd-server-dev.install b/debian/golang-etcd-server-dev.install new file mode 100644 index 0000000..653271b --- /dev/null +++ b/debian/golang-etcd-server-dev.install @@ -0,0 +1 @@ +/usr/share/gocode/src diff --git a/debian/man/etcd.1 b/debian/man/etcd.1 new file mode 100644 index 0000000..02ffceb --- /dev/null +++ b/debian/man/etcd.1 @@ -0,0 +1,290 @@ +.\" This file was generated by help2man 1.47.16, with human revise +.TH ETCD "1" "October 2020" "3.3.25" "User Commands" +.SH NAME +etcd \- highly-available key value store +.SH SYNOPSIS +etcd [flags] +.SH FLAGS +.SS member flags +.HP +\fB\-\-name\fR 'default' +.IP +human\-readable name for this member. +.HP +\fB\-\-data\-dir\fR '${name}.etcd' +.IP +path to the data directory. +.HP +\fB\-\-wal\-dir\fR '' +.IP +path to the dedicated wal directory. +.HP +\fB\-\-snapshot\-count\fR '100000' +.IP +number of committed transactions to trigger a snapshot to disk. +.HP +\fB\-\-heartbeat\-interval\fR '100' +.IP +time (in milliseconds) of a heartbeat interval. +.HP +\fB\-\-election\-timeout\fR '1000' +.IP +time (in milliseconds) for an election to timeout. See tuning documentation for details. +.HP +\fB\-\-initial\-election\-tick\-advance\fR 'true' +.IP +whether to fast\-forward initial election ticks on boot for faster election. +.HP +\fB\-\-listen\-peer\-urls\fR 'http://localhost:2380' +.IP +list of URLs to listen on for peer traffic. +.HP +\fB\-\-listen\-client\-urls\fR 'http://localhost:2379' +.IP +list of URLs to listen on for client traffic. +.HP +\fB\-\-max\-snapshots\fR '5' +.IP +maximum number of snapshot files to retain (0 is unlimited). +.HP +\fB\-\-max\-wals\fR '5' +.IP +maximum number of wal files to retain (0 is unlimited). +.HP +\fB\-\-cors\fR '' +.IP +comma\-separated whitelist of origins for CORS (cross\-origin resource sharing). +.HP +\fB\-\-quota\-backend\-bytes\fR '0' +.IP +raise alarms when backend size exceeds the given quota (0 defaults to low space quota). +.HP +\fB\-\-max\-txn\-ops\fR '128' +.IP +maximum number of operations permitted in a transaction. +.HP +\fB\-\-max\-request\-bytes\fR '1572864' +.IP +maximum client request size in bytes the server will accept. +.HP +\fB\-\-grpc\-keepalive\-min\-time\fR '5s' +.IP +minimum duration interval that a client should wait before pinging server. +.HP +\fB\-\-grpc\-keepalive\-interval\fR '2h' +.IP +frequency duration of server\-to\-client ping to check if a connection is alive (0 to disable). +.HP +\fB\-\-grpc\-keepalive\-timeout\fR '20s' +.IP +additional duration of wait before closing a non\-responsive connection (0 to disable). +.SS clustering flags +.HP +\fB\-\-initial\-advertise\-peer\-urls\fR 'http://localhost:2380' +.IP +list of this member's peer URLs to advertise to the rest of the cluster. +.HP +\fB\-\-initial\-cluster\fR 'default=http://localhost:2380' +.IP +initial cluster configuration for bootstrapping. +.HP +\fB\-\-initial\-cluster\-state\fR 'new' +.IP +initial cluster state ('new' or 'existing'). +.HP +\fB\-\-initial\-cluster\-token\fR 'etcd\-cluster' +.IP +initial cluster token for the etcd cluster during bootstrap. +Specifying this can protect you from unintended cross\-cluster interaction when running multiple clusters. +.HP +\fB\-\-advertise\-client\-urls\fR 'http://localhost:2379' +.IP +list of this member's client URLs to advertise to the public. +The client URLs advertised should be accessible to machines that talk to etcd cluster. etcd client libraries parse these URLs to connect to the cluster. +.HP +\fB\-\-discovery\fR '' +.IP +discovery URL used to bootstrap the cluster. +.HP +\fB\-\-discovery\-fallback\fR 'proxy' +.IP +expected behavior ('exit' or 'proxy') when discovery services fails. +"proxy" supports v2 API only. +.HP +\fB\-\-discovery\-proxy\fR '' +.IP +HTTP proxy to use for traffic to discovery service. +.HP +\fB\-\-discovery\-srv\fR '' +.IP +dns srv domain used to bootstrap the cluster. +.HP +\fB\-\-strict\-reconfig\-check\fR 'true' +.IP +reject reconfiguration requests that would cause quorum loss. +.HP +\fB\-\-auto\-compaction\-retention\fR '0' +.IP +auto compaction retention length. 0 means disable auto compaction. +.HP +\fB\-\-auto\-compaction\-mode\fR 'periodic' +.IP +interpret 'auto\-compaction\-retention' one of: periodic|revision. 'periodic' for duration based retention, defaulting to hours if no time unit is provided (e.g. '5m'). 'revision' for revision number based retention. +.HP +\fB\-\-enable\-v2\fR 'true' +.IP +Accept etcd V2 client requests. +.SS proxy flags +"proxy" supports v2 API only. +.HP +\fB\-\-proxy\fR 'off' +.IP +proxy mode setting ('off', 'readonly' or 'on'). +.HP +\fB\-\-proxy\-failure\-wait\fR 5000 +.IP +time (in milliseconds) an endpoint will be held in a failed state. +.HP +\fB\-\-proxy\-refresh\-interval\fR 30000 +.IP +time (in milliseconds) of the endpoints refresh interval. +.HP +\fB\-\-proxy\-dial\-timeout\fR 1000 +.IP +time (in milliseconds) for a dial to timeout. +.HP +\fB\-\-proxy\-write\-timeout\fR 5000 +.IP +time (in milliseconds) for a write to timeout. +.HP +\fB\-\-proxy\-read\-timeout\fR 0 +.IP +time (in milliseconds) for a read to timeout. +.SS security flags +.HP +\fB\-\-ca\-file\fR '' [DEPRECATED] +.IP +path to the client server TLS CA file. '\-ca\-file ca.crt' could be replaced by '\-trusted\-ca\-file ca.crt \fB\-client\-cert\-auth\fR' and etcd will perform the same. +.HP +\fB\-\-cert\-file\fR '' +.IP +path to the client server TLS cert file. +.HP +\fB\-\-key\-file\fR '' +.IP +path to the client server TLS key file. +.HP +\fB\-\-client\-cert\-auth\fR 'false' +.IP +enable client cert authentication. +.HP +\fB\-\-client\-crl\-file\fR '' +.IP +path to the client certificate revocation list file. +.HP +\fB\-\-trusted\-ca\-file\fR '' +.IP +path to the client server TLS trusted CA cert file. +.HP +\fB\-\-auto\-tls\fR 'false' +.IP +client TLS using generated certificates. +.HP +\fB\-\-peer\-ca\-file\fR '' [DEPRECATED] +.IP +path to the peer server TLS CA file. '\-peer\-ca\-file ca.crt' could be replaced by '\-peer\-trusted\-ca\-file ca.crt \fB\-peer\-client\-cert\-auth\fR' and etcd will perform the same. +.HP +\fB\-\-peer\-cert\-file\fR '' +.IP +path to the peer server TLS cert file. +.HP +\fB\-\-peer\-key\-file\fR '' +.IP +path to the peer server TLS key file. +.HP +\fB\-\-peer\-client\-cert\-auth\fR 'false' +.IP +enable peer client cert authentication. +.HP +\fB\-\-peer\-trusted\-ca\-file\fR '' +.IP +path to the peer server TLS trusted CA file. +.HP +\fB\-\-peer\-cert\-allowed\-cn\fR '' +.IP +Required CN for client certs connecting to the peer endpoint. +.HP +\fB\-\-peer\-auto\-tls\fR 'false' +.IP +peer TLS using self\-generated certificates if \fB\-\-peer\-key\-file\fR and \fB\-\-peer\-cert\-file\fR are not provided. +.HP +\fB\-\-peer\-crl\-file\fR '' +.IP +path to the peer certificate revocation list file. +.HP +\fB\-\-cipher\-suites\fR '' +.IP +comma\-separated list of supported TLS cipher suites between client/server and peers (empty will be auto\-populated by Go). +.HP +\fB\-\-experimental\-peer\-skip\-client\-san\-verification\fR 'false' +.IP +Skip verification of SAN field in client certificate for peer connections. +.SS logging flags +.HP +\fB\-\-debug\fR 'false' +.IP +enable debug\-level logging for etcd. +.HP +\fB\-\-log\-package\-levels\fR '' +.IP +specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'). +.HP +\fB\-\-log\-output\fR 'default' +.IP +specify 'stdout' or 'stderr' to skip journald logging even when running under systemd. +.SS unsafe flags +Please be CAUTIOUS when using unsafe flags because it will break the guarantees +given by the consensus protocol. +.HP +\fB\-\-force\-new\-cluster\fR 'false' +.IP +force to create a new one\-member cluster. +.SS profiling flags +.HP +\fB\-\-enable\-pprof\fR 'false' +.IP +Enable runtime profiling data via HTTP server. Address is at client URL + "/debug/pprof/" +.HP +\fB\-\-metrics\fR 'basic' +.IP +Set level of detail for exported metrics, specify 'extensive' to include histogram metrics. +.HP +\fB\-\-listen\-metrics\-urls\fR '' +.IP +List of URLs to listen on for metrics. +.SS auth flags +.HP +\fB\-\-auth\-token\fR 'simple' +.IP +Specify a v3 authentication token type and its options ('simple' or 'jwt'). +.HP +\fB\-\-auth\-token\-ttl\fR 300 +.IP +Time (in seconds) of the auth\-token\-ttl. +.SS "experimental flags:" +.HP +\fB\-\-experimental\-initial\-corrupt\-check\fR 'false' +.IP +enable to check data corruption before serving any client/peer traffic. +.HP +\fB\-\-experimental\-corrupt\-check\-time\fR '0s' +.IP +duration of time between cluster corruption check passes. +.HP +\fB\-\-experimental\-enable\-v2v3\fR '' +.IP +serve v2 requests through the v3 backend under a given prefix. + +.SH "SEE ALSO" +\fBectdctl\fR(1), +.B /usr/share/doc/etcd-server/op-guide/configuration.md.gz diff --git a/debian/man/etcdctl.1 b/debian/man/etcdctl.1 new file mode 100644 index 0000000..965ea61 --- /dev/null +++ b/debian/man/etcdctl.1 @@ -0,0 +1,316 @@ +.\" This file was generated by help2man 1.47.16, with human revise +.TH ETCDCTL "1" "October 2020" "3.3.25" "User Commands" +.SH "NAME" +etcdctl \- A simple command line client for etcd. +.SH "WARNING" +Set environment variable ETCDCTL_API=3 to use v3 API or ETCDCTL_API=2 to use v2 API. + +.SH "USAGE" +etcdctl [options] command [command options] [arguments...] + +.SH "COMMANDS V3" +.TP +alarm disarm +Disarms all alarms +.TP +alarm list +Lists all alarms +.TP +auth disable +Disables authentication +.TP +auth enable +Enables authentication +.TP +check perf +Check the performance of the etcd cluster +.TP +compaction +Compacts the event history in etcd +.TP +defrag +Defragments the storage of the etcd members with given endpoints +.TP +del +Removes the specified key or range of keys [key, range_end) +.TP +elect +Observes and participates in leader election +.TP +endpoint hashkv +Prints the KV history hash for each endpoint in \fB\-\-endpoints\fR +.TP +endpoint health +Checks the healthiness of endpoints specified in `\-\-endpoints` flag +.TP +endpoint status +Prints out the status of endpoints specified in `\-\-endpoints` flag +.TP +get +Gets the key or a range of keys +.TP +help +Help about any command +.TP +lease grant +Creates leases +.TP +lease keep\-alive +Keeps leases alive (renew) +.TP +lease list +List all active leases +.TP +lease revoke +Revokes leases +.TP +lease timetolive +Get lease information +.TP +lock +Acquires a named lock +.TP +make\-mirror +Makes a mirror at the destination etcd cluster +.TP +member add +Adds a member into the cluster +.TP +member list +Lists all members in the cluster +.TP +member remove +Removes a member from the cluster +.TP +member update +Updates a member in the cluster +.TP +migrate +Migrates keys in a v2 store to a mvcc store +.TP +move\-leader +Transfers leadership to another etcd cluster member. +.TP +put +Puts the given key into the store +.TP +role add +Adds a new role +.TP +role delete +Deletes a role +.TP +role get +Gets detailed information of a role +.TP +role grant\-permission +Grants a key to a role +.TP +role list +Lists all roles +.TP +role revoke\-permission +Revokes a key from a role +.TP +snapshot restore +Restores an etcd member snapshot to an etcd directory +.TP +snapshot save +Stores an etcd node backend snapshot to a given file +.TP +snapshot status +Gets backend snapshot status of a given file +.TP +txn +Txn processes all the requests in one transaction +.TP +user add +Adds a new user +.TP +user delete +Deletes a user +.TP +user get +Gets detailed information of a user +.TP +user grant\-role +Grants a role to a user +.TP +user list +Lists all users +.TP +user passwd +Changes password of user +.TP +user revoke\-role +Revokes a role from a user +.TP +version +Prints the version of etcdctl +.TP +watch +Watches events stream on keys or prefixes + +.SH "OPTIONS V3" +.TP +\fB\-\-cacert=\fR"" +verify certificates of TLS\-enabled secure servers using this CA bundle +.TP +\fB\-\-cert=\fR"" +identify secure client using this TLS certificate file +.TP +\fB\-\-command\-timeout\fR=\fI\,5s\/\fR +timeout for short running command (excluding dial timeout) +.TP +\fB\-\-debug\fR[=\fI\,false\/\fR] +enable client\-side debug logging +.TP +\fB\-\-dial\-timeout\fR=\fI\,2s\/\fR +dial timeout for client connections +.TP +\fB\-d\fR, \fB\-\-discovery\-srv=\fR"" +domain name to query for SRV records describing cluster endpoints +.TP +\fB\-\-endpoints\fR=\fI\,[127\/\fR.0.0.1:2379] +gRPC endpoints +.TP +\fB\-h\fR, \fB\-\-help\fR[=\fI\,false\/\fR] +help for etcdctl +.TP +\fB\-\-hex\fR[=\fI\,false\/\fR] +print byte strings as hex encoded strings +.TP +\fB\-\-insecure\-discovery\fR[=\fI\,true\/\fR] +accept insecure SRV records describing cluster endpoints +.TP +\fB\-\-insecure\-skip\-tls\-verify\fR[=\fI\,false\/\fR] +skip server certificate verification (CAUTION: this option should be enabled only for testing purposes) +.TP +\fB\-\-insecure\-transport\fR[=\fI\,true\/\fR] +disable transport security for client connections +.TP +\fB\-\-keepalive\-time\fR=\fI\,2s\/\fR +keepalive time for client connections +.TP +\fB\-\-keepalive\-timeout\fR=\fI\,6s\/\fR +keepalive timeout for client connections +.TP +\fB\-\-key=\fR"" +identify secure client using this TLS key file +.TP +\fB\-\-user=\fR"" +username[:password] for authentication (prompt if password is not supplied) +.TP +\fB\-w\fR, \fB\-\-write\-out=\fR"simple" +set the output format (fields, json, protobuf, simple, table) + +.SH "COMMANDS V2" +.TP +backup +backup an etcd directory +.TP +cluster\-health +check the health of the etcd cluster +.TP +mk +make a new key with a given value +.TP +mkdir +make a new directory +.TP +rm +remove a key or a directory +.TP +rmdir +removes the key if it is an empty directory or a key\-value pair +.TP +get +retrieve the value of a key +.TP +ls +retrieve a directory +.TP +set +set the value of a key +.TP +setdir +create a new directory or update an existing directory TTL +.TP +update +update an existing key with a given value +.TP +updatedir +update an existing directory +.TP +watch +watch a key for changes +.TP +exec\-watch +watch a key for changes and exec an executable +.TP +member +member add, remove and list subcommands +.TP +user +user add, grant and revoke subcommands +.TP +role +role add, grant and revoke subcommands +.TP +auth +overall auth controls +.TP +help, h +Shows a list of commands or help for one command + +.SH "OPTIONS V2" +.TP +\fB\-\-debug\fR +output cURL commands which can be used to reproduce the request +.TP +\fB\-\-no\-sync\fR +don't synchronize cluster information before sending request +.TP +\fB\-\-output\fR simple, \fB\-o\fR simple +output response in the given format (simple, `extended` or `json`) (default: "simple") +.TP +\fB\-\-discovery\-srv\fR value, \fB\-D\fR value +domain name to query for SRV records describing cluster endpoints +.TP +\fB\-\-insecure\-discovery\fR +accept insecure SRV records describing cluster endpoints +.TP +\fB\-\-peers\fR value, \fB\-C\fR value +DEPRECATED \- "\-\-endpoints" should be used instead +.TP +\fB\-\-endpoint\fR value +DEPRECATED \- "\-\-endpoints" should be used instead +.TP +\fB\-\-endpoints\fR value +a comma\-delimited list of machine addresses in the cluster (default: "http://127.0.0.1:2379,http://127.0.0.1:4001") +.TP +\fB\-\-cert\-file\fR value +identify HTTPS client using this SSL certificate file +.TP +\fB\-\-key\-file\fR value +identify HTTPS client using this SSL key file +.TP +\fB\-\-ca\-file\fR value +verify certificates of HTTPS\-enabled servers using this CA bundle +.TP +\fB\-\-username\fR value, \fB\-u\fR value +provide username[:password] and prompt if password is not supplied. +.TP +\fB\-\-timeout\fR value +connection timeout per request (default: 2s) +.TP +\fB\-\-total\-timeout\fR value +timeout for the command execution (except watch) (default: 5s) +.TP +\fB\-\-help\fR, \fB\-h\fR +show help +.TP +\fB\-\-version\fR, \fB\-v\fR +print the version +.SH "SEE ALSO" +\fBectd\fR(1) diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 0000000..a0f0b60 --- /dev/null +++ b/debian/not-installed @@ -0,0 +1,7 @@ +usr/bin/etcd-agent +usr/bin/etcd-proxy +usr/bin/etcd-runner +usr/bin/etcd-tester +usr/bin/etcd2-backup-coreos +usr/bin/raftexample + diff --git a/debian/patches/0004-grpc-1.27.x.patch b/debian/patches/0004-grpc-1.27.x.patch new file mode 100644 index 0000000..866f162 --- /dev/null +++ b/debian/patches/0004-grpc-1.27.x.patch @@ -0,0 +1,58 @@ +From: Shengjing Zhu +Date: Tue, 6 Oct 2020 23:24:41 +0800 +Subject: grpc 1.27.x + +Origin: backport, https://github.com/etcd-io/etcd/pull/11564 +--- + clientv3/balancer/picker/err.go | 2 +- + clientv3/balancer/picker/roundrobin_balanced.go | 2 +- + clientv3/balancer/resolver/endpoint/endpoint.go | 4 ++-- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/clientv3/balancer/picker/err.go b/clientv3/balancer/picker/err.go +index 9e04378..f4b941d 100644 +--- a/clientv3/balancer/picker/err.go ++++ b/clientv3/balancer/picker/err.go +@@ -34,6 +34,6 @@ func (ep *errPicker) String() string { + return ep.p.String() + } + +-func (ep *errPicker) Pick(context.Context, balancer.PickOptions) (balancer.SubConn, func(balancer.DoneInfo), error) { ++func (ep *errPicker) Pick(context.Context, balancer.PickInfo) (balancer.SubConn, func(balancer.DoneInfo), error) { + return nil, nil, ep.err + } +diff --git a/clientv3/balancer/picker/roundrobin_balanced.go b/clientv3/balancer/picker/roundrobin_balanced.go +index 1b8b285..e3971ec 100644 +--- a/clientv3/balancer/picker/roundrobin_balanced.go ++++ b/clientv3/balancer/picker/roundrobin_balanced.go +@@ -52,7 +52,7 @@ type rrBalanced struct { + func (rb *rrBalanced) String() string { return rb.p.String() } + + // Pick is called for every client request. +-func (rb *rrBalanced) Pick(ctx context.Context, opts balancer.PickOptions) (balancer.SubConn, func(balancer.DoneInfo), error) { ++func (rb *rrBalanced) Pick(ctx context.Context, opts balancer.PickInfo) (balancer.SubConn, func(balancer.DoneInfo), error) { + rb.mu.RLock() + n := len(rb.scs) + rb.mu.RUnlock() +diff --git a/clientv3/balancer/resolver/endpoint/endpoint.go b/clientv3/balancer/resolver/endpoint/endpoint.go +index 864b5df..2837bd4 100644 +--- a/clientv3/balancer/resolver/endpoint/endpoint.go ++++ b/clientv3/balancer/resolver/endpoint/endpoint.go +@@ -111,7 +111,7 @@ func (e *ResolverGroup) Close() { + } + + // Build creates or reuses an etcd resolver for the etcd cluster name identified by the authority part of the target. +-func (b *builder) Build(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOption) (resolver.Resolver, error) { ++func (b *builder) Build(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOptions) (resolver.Resolver, error) { + if len(target.Authority) < 1 { + return nil, fmt.Errorf("'etcd' target scheme requires non-empty authority identifying etcd cluster being routed to") + } +@@ -179,7 +179,7 @@ func epsToAddrs(eps ...string) (addrs []resolver.Address) { + return addrs + } + +-func (*Resolver) ResolveNow(o resolver.ResolveNowOption) {} ++func (*Resolver) ResolveNow(o resolver.ResolveNowOptions) {} + + func (r *Resolver) Close() { + es, err := bldr.getResolverGroup(r.endpointID) diff --git a/debian/patches/0005-go1.14-cipher.patch b/debian/patches/0005-go1.14-cipher.patch new file mode 100644 index 0000000..4a7605f --- /dev/null +++ b/debian/patches/0005-go1.14-cipher.patch @@ -0,0 +1,23 @@ +From: Shengjing Zhu +Date: Tue, 6 Oct 2020 23:48:31 +0800 +Subject: go1.14 cipher + +Origin: backport, https://github.com/etcd-io/etcd/pull/11864 +--- + pkg/tlsutil/cipher_suites.go | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/pkg/tlsutil/cipher_suites.go b/pkg/tlsutil/cipher_suites.go +index b5916bb..2150b6f 100644 +--- a/pkg/tlsutil/cipher_suites.go ++++ b/pkg/tlsutil/cipher_suites.go +@@ -41,6 +41,9 @@ var cipherSuites = map[string]uint16{ + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, ++ ++ "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ++ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + } + + // GetCipherSuite returns the corresponding cipher suite, diff --git a/debian/patches/0006-ignore-bind-error-in-embed-serve_test.go.patch b/debian/patches/0006-ignore-bind-error-in-embed-serve_test.go.patch new file mode 100644 index 0000000..6945b02 --- /dev/null +++ b/debian/patches/0006-ignore-bind-error-in-embed-serve_test.go.patch @@ -0,0 +1,36 @@ +From: Shengjing Zhu +Date: Wed, 7 Oct 2020 01:01:05 +0800 +Subject: ignore bind error in embed/serve_test.go + +In autopkgtest-go, this test will be run when etcd is running. +etcd-server is installed, then the service is started by default. + +Forwarded: not-needed +--- + embed/serve_test.go | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/embed/serve_test.go b/embed/serve_test.go +index d46631f..3a1c694 100644 +--- a/embed/serve_test.go ++++ b/embed/serve_test.go +@@ -16,6 +16,7 @@ package embed + + import ( + "io/ioutil" ++ "net" + "os" + "testing" + +@@ -33,6 +34,10 @@ func TestStartEtcdWrongToken(t *testing.T) { + cfg.Dir = tdir + cfg.AuthToken = "wrong-token" + if _, err = StartEtcd(cfg); err != auth.ErrInvalidAuthOpts { +- t.Fatalf("expected %v, got %v", auth.ErrInvalidAuthOpts, err) ++ if _, ok := err.(*net.OpError); ok { ++ t.Skipf("got %v", err) ++ } else { ++ t.Fatalf("expected %v, got %v", auth.ErrInvalidAuthOpts, err) ++ } + } + } diff --git a/debian/patches/0007-switch-to-creack-pty.patch b/debian/patches/0007-switch-to-creack-pty.patch new file mode 100644 index 0000000..c09f7dd --- /dev/null +++ b/debian/patches/0007-switch-to-creack-pty.patch @@ -0,0 +1,22 @@ +From: Shengjing Zhu +Date: Wed, 7 Oct 2020 18:00:22 +0800 +Subject: switch to creack/pty + +Origin: backport, https://github.com/etcd-io/etcd/pull/10918 +--- + pkg/expect/expect.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pkg/expect/expect.go b/pkg/expect/expect.go +index e022798..2e32eb5 100644 +--- a/pkg/expect/expect.go ++++ b/pkg/expect/expect.go +@@ -25,7 +25,7 @@ import ( + "sync" + "syscall" + +- "github.com/kr/pty" ++ "github.com/creack/pty" + ) + + type ExpectProcess struct { diff --git a/debian/patches/0008-use-TLS.Config.MaxVersion-to-TLS-1.2.patch b/debian/patches/0008-use-TLS.Config.MaxVersion-to-TLS-1.2.patch new file mode 100644 index 0000000..0e0d24c --- /dev/null +++ b/debian/patches/0008-use-TLS.Config.MaxVersion-to-TLS-1.2.patch @@ -0,0 +1,38 @@ +From: Shengjing Zhu +Date: Thu, 8 Oct 2020 00:02:21 +0800 +Subject: use TLS.Config.MaxVersion to TLS 1.2 + +Origin: backport, https://github.com/etcd-io/etcd/commit/a3f7202 +--- + pkg/transport/listener.go | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/pkg/transport/listener.go b/pkg/transport/listener.go +index 5e0d87a..ae4998f 100644 +--- a/pkg/transport/listener.go ++++ b/pkg/transport/listener.go +@@ -254,6 +254,11 @@ func (info TLSInfo) ServerConfig() (*tls.Config, error) { + // "h2" NextProtos is necessary for enabling HTTP2 for go's HTTP server + cfg.NextProtos = []string{"h2"} + ++ // go1.13 enables TLS 1.3 by default ++ // and in TLS 1.3, cipher suites are not configurable ++ // setting Max TLS version to TLS 1.2 for go 1.13 ++ cfg.MaxVersion = tls.VersionTLS12 ++ + return cfg, nil + } + +@@ -283,6 +288,12 @@ func (info TLSInfo) ClientConfig() (*tls.Config, error) { + if info.selfCert { + cfg.InsecureSkipVerify = true + } ++ ++ // go1.13 enables TLS 1.3 by default ++ // and in TLS 1.3, cipher suites are not configurable ++ // setting Max TLS version to TLS 1.2 for go 1.13 ++ cfg.MaxVersion = tls.VersionTLS12 ++ + return cfg, nil + } + diff --git a/debian/patches/0009-only-warn-on-unsupported-arch.patch b/debian/patches/0009-only-warn-on-unsupported-arch.patch new file mode 100644 index 0000000..7e28942 --- /dev/null +++ b/debian/patches/0009-only-warn-on-unsupported-arch.patch @@ -0,0 +1,25 @@ +From: Shengjing Zhu +Date: Thu, 8 Oct 2020 02:39:10 +0800 +Subject: only warn on unsupported arch + +Forwarded: not-needed +--- + etcdmain/etcd.go | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/etcdmain/etcd.go b/etcdmain/etcd.go +index fbde067..d96b30f 100644 +--- a/etcdmain/etcd.go ++++ b/etcdmain/etcd.go +@@ -390,10 +390,5 @@ func checkSupportArch() { + // unsupported arch only configured via environment variable + // so unset here to not parse through flag + defer os.Unsetenv("ETCD_UNSUPPORTED_ARCH") +- if env, ok := os.LookupEnv("ETCD_UNSUPPORTED_ARCH"); ok && env == runtime.GOARCH { +- plog.Warningf("running etcd on unsupported architecture %q since ETCD_UNSUPPORTED_ARCH is set", env) +- return +- } +- plog.Errorf("etcd on unsupported platform without ETCD_UNSUPPORTED_ARCH=%s set.", runtime.GOARCH) +- os.Exit(1) ++ plog.Warningf("running etcd on unsupported architecture %s", runtime.GOARCH) + } diff --git a/debian/patches/0010-Increase-the-given-latency-in-test.patch b/debian/patches/0010-Increase-the-given-latency-in-test.patch new file mode 100644 index 0000000..76e008c --- /dev/null +++ b/debian/patches/0010-Increase-the-given-latency-in-test.patch @@ -0,0 +1,24 @@ +From: Shengjing Zhu +Date: Mon, 25 Feb 2019 01:38:02 +0800 +Subject: Increase the given latency in test + +We have some slow architectures like mips to support. + +Forwarded: no +--- + pkg/proxy/server_test.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pkg/proxy/server_test.go b/pkg/proxy/server_test.go +index 27e2784..534c842 100644 +--- a/pkg/proxy/server_test.go ++++ b/pkg/proxy/server_test.go +@@ -508,7 +508,7 @@ func testServerHTTP(t *testing.T, secure, delayTx bool) { + t.Fatalf("got %q, expected %q", rs1, exp) + } + +- lat, rv := 100*time.Millisecond, 10*time.Millisecond ++ lat, rv := 1000*time.Millisecond, 10*time.Millisecond + if delayTx { + p.DelayTx(lat, rv) + defer p.UndelayTx() diff --git a/debian/patches/0011-Fix-goroutine-leak-in-clientv3-test.patch b/debian/patches/0011-Fix-goroutine-leak-in-clientv3-test.patch new file mode 100644 index 0000000..b619569 --- /dev/null +++ b/debian/patches/0011-Fix-goroutine-leak-in-clientv3-test.patch @@ -0,0 +1,36 @@ +From: Shengjing Zhu +Date: Sun, 24 Feb 2019 23:51:41 +0800 +Subject: Fix goroutine leak in clientv3 test + +Too many goroutines running after all test(s). +1 instances of: +google.golang.org/grpc.(*addrConn).resetTransport(...) + /<>/_build/src/google.golang.org/grpc/clientconn.go:1149 +0x3ab +created by google.golang.org/grpc.(*addrConn).connect + /<>/_build/src/google.golang.org/grpc/clientconn.go:815 +0xb2 +1 instances of: +google.golang.org/grpc.(*ccBalancerWrapper).watcher(...) + /<>/_build/src/google.golang.org/grpc/balancer_conn_wrappers.go:69 +0x97 +created by google.golang.org/grpc.newCCBalancerWrapper + /<>/_build/src/google.golang.org/grpc/balancer_conn_wrappers.go:60 +0x10f +FAIL github.com/coreos/etcd/clientv3 3.178s + +Forwarded: no +--- + clientv3/main_test.go | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/clientv3/main_test.go b/clientv3/main_test.go +index 89b3086..a1e8fea 100644 +--- a/clientv3/main_test.go ++++ b/clientv3/main_test.go +@@ -66,6 +66,9 @@ func TestMain(m *testing.M) { + v = m.Run() + } + ++ // sometime gRPC goroutine is still not closed, wait 1 more second. ++ time.Sleep(time.Second) ++ + if v == 0 && testutil.CheckLeakedGoroutine() { + os.Exit(1) + } diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..3434b75 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,8 @@ +0004-grpc-1.27.x.patch +0005-go1.14-cipher.patch +0006-ignore-bind-error-in-embed-serve_test.go.patch +0007-switch-to-creack-pty.patch +0008-use-TLS.Config.MaxVersion-to-TLS-1.2.patch +0009-only-warn-on-unsupported-arch.patch +0010-Increase-the-given-latency-in-test.patch +0011-Fix-goroutine-leak-in-clientv3-test.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..f51931e --- /dev/null +++ b/debian/rules @@ -0,0 +1,37 @@ +#!/usr/bin/make -f + +export DH_GOLANG_GO_GENERATE := 1 +export DH_GOLANG_INSTALL_EXTRA := $(shell find . -name fixtures-expired) \ + $(shell find . -name fixtures) + +# The ignored pkgs are aligned with upstream ./test file, +# see variables IGNORE_PKGS and INTEGRATION_PKGS in ./test +export TEST_EXCLUDES := cmd/ etcdserverpb rafttest gopath.proto v3lockpb v3electionpb \ + integration e2e contrib functional + +%: + dh $@ --buildsystem=golang --with=golang --builddirectory=_build + +override_dh_auto_test: + DH_GOLANG_EXCLUDES="$(TEST_EXCLUDES)" dh_auto_test -O--no-parallel -- -run=Test + +execute_after_dh_auto_test: + find _build -type s -delete + +execute_after_dh_auto_install: + find debian/tmp -executable -type f -name '*.go' -exec chmod -x {} \; + find debian/tmp -executable -type f -name '*.proto' -exec chmod -x {} \; + +# Handle package name (etcd-server) != service name (etcd) +override_dh_installinit: + dh_installinit -p etcd-server --name=etcd +override_dh_installsystemd: + dh_installsystemd -p etcd-server --name=etcd + +# autopktest-pkg-go integration runs "debian/rules build", which is a no-op due +# to a script "build" present in the upstream source. This (PHONY) target +# overrides this. +build: + dh build --buildsystem=golang --with=golang --builddirectory=_build + +.PHONY: build diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..2016b9b --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,19 @@ +Test-Command: /usr/bin/dh_golang_autopkgtest +Depends: @, + @builddeps@, +Restrictions: allow-stderr +Features: test-name=dh-golang-autopkgtest + +Tests: integration +Architecture: amd64 +Depends: curl, + etcd-client, + etcd-server, + @builddeps@, +Restrictions: allow-stderr, needs-root, breaks-testbed, isolation-container + +Tests: functional +Architecture: amd64 +Depends: netcat-openbsd, + @builddeps@, +Restrictions: allow-stderr, isolation-container diff --git a/debian/tests/functional b/debian/tests/functional new file mode 100755 index 0000000..abb4b11 --- /dev/null +++ b/debian/tests/functional @@ -0,0 +1,58 @@ +#!/bin/bash + +set -ex + +export DEB_BUILD_OPTIONS=nocheck + +./debian/rules build + +ln -sf _build/bin bin + +# copy from ../../test functional_pass + +function functional_pass { + # Clean up any data and logs from previous runs + rm -rf /tmp/etcd-functional-* /tmp/etcd-functional-*.backup + + for a in 1 2 3; do + ./bin/etcd-agent --network tcp --address 127.0.0.1:${a}9027 & + pid="$!" + agent_pids="${agent_pids} $pid" + done + + for a in 1 2 3; do + echo "Waiting for 'etcd-agent' on ${a}9027..." + while ! nc -z localhost ${a}9027; do + sleep 1 + done + done + + echo "functional test START!" + ./bin/etcd-tester --config ./functional.yaml && echo "'etcd-tester' succeeded" + ETCD_TESTER_EXIT_CODE=$? + echo "ETCD_TESTER_EXIT_CODE:" ${ETCD_TESTER_EXIT_CODE} + + # shellcheck disable=SC2206 + agent_pids=($agent_pids) + kill -s TERM "${agent_pids[@]}" || true + + if [[ "${ETCD_TESTER_EXIT_CODE}" -ne "0" ]]; then + printf "\n" + echo "FAILED! 'tail -1000 /tmp/etcd-functional-1/etcd.log'" + tail -1000 /tmp/etcd-functional-1/etcd.log + + printf "\n" + echo "FAILED! 'tail -1000 /tmp/etcd-functional-2/etcd.log'" + tail -1000 /tmp/etcd-functional-2/etcd.log + + printf "\n" + echo "FAILED! 'tail -1000 /tmp/etcd-functional-3/etcd.log'" + tail -1000 /tmp/etcd-functional-3/etcd.log + + echo "--- FAIL: exit code" ${ETCD_TESTER_EXIT_CODE} + exit ${ETCD_TESTER_EXIT_CODE} + fi + echo "functional test PASS!" +} + +functional_pass diff --git a/debian/tests/integration b/debian/tests/integration new file mode 100755 index 0000000..e063da2 --- /dev/null +++ b/debian/tests/integration @@ -0,0 +1,26 @@ +#!/bin/bash + +set -ex + +# ensure no other etcd server is running +invoke-rc.d etcd stop || true +pkill -9 etcd || true + +DH_GOLANG_INSTALL_EXTRA="$(find . -name fixtures-expired) $(find . -name fixtures)" \ + dh_auto_configure -O--buildsystem=golang -O--builddirectory=_build +BINDIR=_build/src/github.com/coreos/etcd/bin +mkdir -p $BINDIR +ln -sf /usr/bin/etcdctl $BINDIR/etcdctl +ln -sf /usr/bin/etcd $BINDIR/etcd + +# Following doesn't work, since it expects the two have same major.minor version. +# download old etcd-server for upgrading tests. +# the tests are skipped if no etcd-last-release binary. +# see tests/e2e/etcd_release_upgrade_test.go +# apt-get download etcd-server/"$(lsb_release -sc)" || true +# dpkg-deb --fsys-tarfile etcd-server_*.deb | tar -x --transform='s|.*|etcd-last-release|g' \ +# -C $BINDIR ./usr/bin/etcd || true + +INTEGRATION_TEST=(integration client/integration clientv3/integration tests/e2e) +DH_GOLANG_BUILDPKG="${INTEGRATION_TEST[*]/#/github.com/coreos/etcd/}" \ + dh_auto_test -O--buildsystem=golang -O--builddirectory=_build -- -run=Test -timeout=30m diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..287bc0e --- /dev/null +++ b/debian/watch @@ -0,0 +1,7 @@ +version=3 + +opts=\ +repacksuffix=+dfsg,\ +dversionmangle=s{\+dfsg\d*}{},\ + https://github.com/etcd-io/etcd/releases \ + .*/archive/v?(\d[-\d\.]+)\.tar\.gz