proj/gentoo: Initial commit

This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.

This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.

Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed

10 files changed, 162 insertions, 0 deletions

diff --git a/sys-cluster/neutron/files/cve-2015-3221_2015.1.0.patch b/sys-cluster/neutron/files/cve-2015-3221_2015.1.0.patch
new file mode 100644
index 000000000000..c6c2230c9bd3
--- /dev/null
+++ b/sys-cluster/neutron/files/cve-2015-3221_2015.1.0.patch
@@ -0,0 +1,127 @@
+From e0c8cbc5dd610b4c580935ea56436495a6d4eb26 Mon Sep 17 00:00:00 2001
+From: Aaron Rosen <aaronorosen@gmail.com>
+Date: Wed, 3 Jun 2015 16:19:39 -0700
+Subject: [PATCH] Provide work around for 0.0.0.0/0 ::/0 for ipset
+
+Previously, the ipset_manager would pass in 0.0.0.0/0 or ::/0 if
+these addresses were inputted as allowed address pairs. This causes
+ipset to raise an error as it does not work with zero prefix sizes.
+To solve this problem we use two ipset rules to represent this:
+
+Ipv4: 0.0.0.0/1 and 128.0.0.1/1
+IPv6: ::/1' and '8000::/1
+
+All of this logic is handled via _sanitize_addresses() in the ipset_manager
+which is called to convert the input.
+
+Closes-bug: 1461054
+
+Conflicts:
+	neutron/agent/linux/ipset_manager.py
+	neutron/tests/unit/agent/linux/test_ipset_manager.py
+
+(cherry picked from commit 80a0fc3ba063e036b76e05e89b0cc54fc2d47c81)
+---
+ neutron/agent/linux/ipset_manager.py               | 23 ++++++++++++++++++++++
+ .../tests/unit/agent/linux/test_ipset_manager.py   | 19 +++++++++++++++---
+ 2 files changed, 39 insertions(+), 3 deletions(-)
+
+diff --git a/neutron/agent/linux/ipset_manager.py b/neutron/agent/linux/ipset_manager.py
+index 0f76418..af59f1f 100644
+--- a/neutron/agent/linux/ipset_manager.py
++++ b/neutron/agent/linux/ipset_manager.py
+@@ -11,6 +11,8 @@
+ #    See the License for the specific language governing permissions and
+ #    limitations under the License.
+ 
++import netaddr
++
+ from neutron.agent.linux import utils as linux_utils
+ from neutron.common import utils
+ 
+@@ -31,6 +33,26 @@ class IpsetManager(object):
+         self.namespace = namespace
+         self.ipset_sets = {}
+ 
++    def _sanitize_addresses(self, addresses):
++        """This method converts any address to ipset format.
++
++        If an address has a mask of /0 we need to cover to it to a mask of
++        /1 as ipset does not support /0 length addresses. Instead we use two
++        /1's to represent the /0.
++        """
++        sanitized_addresses = []
++        for ip in addresses:
++            if (netaddr.IPNetwork(ip).prefixlen == 0):
++                if(netaddr.IPNetwork(ip).version == 4):
++                    sanitized_addresses.append('0.0.0.0/1')
++                    sanitized_addresses.append('128.0.0.0/1')
++                elif (netaddr.IPNetwork(ip).version == 6):
++                    sanitized_addresses.append('::/1')
++                    sanitized_addresses.append('8000::/1')
++            else:
++                sanitized_addresses.append(ip)
++        return sanitized_addresses
++
+     @staticmethod
+     def get_name(id, ethertype):
+         """Returns the given ipset name for an id+ethertype pair.
+@@ -51,6 +73,7 @@ class IpsetManager(object):
+         add / remove new members, or swapped atomically if
+         that's faster.
+         """
++        member_ips = self._sanitize_addresses(member_ips)
+         set_name = self.get_name(id, ethertype)
+         if not self.set_exists(id, ethertype):
+             # The initial creation is handled with create/refresh to
+diff --git a/neutron/tests/unit/agent/linux/test_ipset_manager.py b/neutron/tests/unit/agent/linux/test_ipset_manager.py
+index 4484008..a1c6dc5 100644
+--- a/neutron/tests/unit/agent/linux/test_ipset_manager.py
++++ b/neutron/tests/unit/agent/linux/test_ipset_manager.py
+@@ -38,7 +38,7 @@ class BaseIpsetManagerTest(base.BaseTestCase):
+     def expect_set(self, addresses):
+         temp_input = ['create NETIPv4fake_sgid-new hash:net family inet']
+         temp_input.extend('add NETIPv4fake_sgid-new %s' % ip
+-                          for ip in addresses)
++                          for ip in self.ipset._sanitize_addresses(addresses))
+         input = '\n'.join(temp_input)
+         self.expected_calls.extend([
+             mock.call(['ipset', 'restore', '-exist'],
+@@ -55,13 +55,16 @@ class BaseIpsetManagerTest(base.BaseTestCase):
+         self.expected_calls.extend(
+             mock.call(['ipset', 'add', '-exist', TEST_SET_NAME, ip],
+                       process_input=None,
+-                      run_as_root=True) for ip in addresses)
++                      run_as_root=True)
++            for ip in self.ipset._sanitize_addresses(addresses))
+ 
+     def expect_del(self, addresses):
++
+         self.expected_calls.extend(
+             mock.call(['ipset', 'del', TEST_SET_NAME, ip],
+                       process_input=None,
+-                      run_as_root=True) for ip in addresses)
++                      run_as_root=True)
++            for ip in self.ipset._sanitize_addresses(addresses))
+ 
+     def expect_create(self):
+         self.expected_calls.append(
+@@ -113,6 +116,16 @@ class IpsetManagerTestCase(BaseIpsetManagerTest):
+         self.ipset.set_members(TEST_SET_ID, ETHERTYPE, FAKE_IPS)
+         self.verify_mock_calls()
+ 
++    def test_set_members_adding_all_zero_ipv4(self):
++        self.expect_set(['0.0.0.0/0'])
++        self.ipset.set_members(TEST_SET_ID, ETHERTYPE, ['0.0.0.0/0'])
++        self.verify_mock_calls()
++
++    def test_set_members_adding_all_zero_ipv6(self):
++        self.expect_set(['::/0'])
++        self.ipset.set_members(TEST_SET_ID, ETHERTYPE, ['::/0'])
++        self.verify_mock_calls()
++
+     def test_destroy(self):
+         self.add_first_ip()
+         self.expect_destroy()
+-- 
+1.9.1
diff --git a/sys-cluster/neutron/files/neutron-dhcp-agent.confd b/sys-cluster/neutron/files/neutron-dhcp-agent.confd
new file mode 100644
index 000000000000..75ddba5ebb7a
--- /dev/null
+++ b/sys-cluster/neutron/files/neutron-dhcp-agent.confd
@@ -0,0 +1,2 @@
+NEUTRON_CONFS=("/etc/neutron/neutron.conf" "/etc/neutron/dhcp_agent.ini")
+
diff --git a/sys-cluster/neutron/files/neutron-l3-agent.confd b/sys-cluster/neutron/files/neutron-l3-agent.confd
new file mode 100644
index 000000000000..990278682fbd
--- /dev/null
+++ b/sys-cluster/neutron/files/neutron-l3-agent.confd
@@ -0,0 +1,2 @@
+NEUTRON_CONFS=("/etc/neutron/neutron.conf" "/etc/neutron/l3_agent.ini")
+
diff --git a/sys-cluster/neutron/files/neutron-linuxbridge-agent.confd b/sys-cluster/neutron/files/neutron-linuxbridge-agent.confd
new file mode 100644
index 000000000000..fdd4ed4865b4
--- /dev/null
+++ b/sys-cluster/neutron/files/neutron-linuxbridge-agent.confd
@@ -0,0 +1 @@
+NEUTRON_CONFS=("/etc/neutron/neutron.conf" "/etc/neutron/plugins/ml2/ml2_conf.ini" "/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini")
diff --git a/sys-cluster/neutron/files/neutron-metadata-agent.confd b/sys-cluster/neutron/files/neutron-metadata-agent.confd
new file mode 100644
index 000000000000..6a78b7abe3c9
--- /dev/null
+++ b/sys-cluster/neutron/files/neutron-metadata-agent.confd
@@ -0,0 +1,2 @@
+NEUTRON_CONFS=("/etc/neutron/neutron.conf" "/etc/neutron/metadata_agent.ini")
+
diff --git a/sys-cluster/neutron/files/neutron-openvswitch-agent.confd b/sys-cluster/neutron/files/neutron-openvswitch-agent.confd
new file mode 100644
index 000000000000..30b10b69bbfb
--- /dev/null
+++ b/sys-cluster/neutron/files/neutron-openvswitch-agent.confd
@@ -0,0 +1 @@
+NEUTRON_CONFS=("/etc/neutron/neutron.conf" "/etc/neutron/plugins/ml2/ml2_conf.ini" "/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini")
diff --git a/sys-cluster/neutron/files/neutron-ovs-cleanup.confd b/sys-cluster/neutron/files/neutron-ovs-cleanup.confd
new file mode 100644
index 000000000000..eba422c2c716
--- /dev/null
+++ b/sys-cluster/neutron/files/neutron-ovs-cleanup.confd
@@ -0,0 +1 @@
+NEUTRON_CONFS=("/etc/neutron/neutron.conf" "/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini")
diff --git a/sys-cluster/neutron/files/neutron-server.confd b/sys-cluster/neutron/files/neutron-server.confd
new file mode 100644
index 000000000000..9b6b2e63f8bc
--- /dev/null
+++ b/sys-cluster/neutron/files/neutron-server.confd
@@ -0,0 +1 @@
+NEUTRON_CONFS=("/etc/neutron/neutron.conf" "/etc/neutron/plugin.ini")
diff --git a/sys-cluster/neutron/files/neutron.initd b/sys-cluster/neutron/files/neutron.initd
new file mode 100644
index 000000000000..ba666a2b506b
--- /dev/null
+++ b/sys-cluster/neutron/files/neutron.initd
@@ -0,0 +1,21 @@
+#!/sbin/runscript
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+description="Starts ${SVCNAME} service for OpenStack"
+
+command=/usr/bin/"${SVCNAME}"
+command_background=yes
+pidfile=/var/run/neutron/"${SVCNAME}".pid
+required_files=(${NEUTRON_CONFS[@]:-/etc/neutron/neutron.conf})
+command_args="${required_files[@]/#/--config-file } --log-file /var/log/neutron/${SVCNAME#*-}.log"
+start_stop_daemon_args="--quiet --user ${NEUTRON_USER:-neutron}"
+
+depend() {
+	need net
+}
+
+start_pre() {
+	checkpath --directory --owner "${NEUTRON_USER:-neutron}":"${NEUTRON_GROUP:-neutron}" --mode 0755 "${NEUTRON_RUN:-/var/run/neutron}"
+}
diff --git a/sys-cluster/neutron/files/neutron.sudoersd b/sys-cluster/neutron/files/neutron.sudoersd
new file mode 100644
index 000000000000..0b7002374538
--- /dev/null
+++ b/sys-cluster/neutron/files/neutron.sudoersd
@@ -0,0 +1,4 @@
+Defaults:neutron !requiretty
+
+neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
+