From patchwork Thu Dec 5 13:15:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8295 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Y3vz331FGz3wxg for ; Thu, 5 Dec 2024 13:15:59 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Y3vyy4C3Bz7Pg; Thu, 5 Dec 2024 13:15:54 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Y3vyy28lfz346d; Thu, 5 Dec 2024 13:15:54 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Y3vyv382Rz2ybf for ; Thu, 5 Dec 2024 13:15:51 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Y3vyv0zCqz6DQ; Thu, 5 Dec 2024 13:15:51 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1733404551; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xYuvIVe7PBvNH/qUl9Yg2A/0Rgpzt1R0tTa3UqxxpxY=; b=L1mRjuheOJyylFzTjHitEjJlYs2hD1V38yyUVnEWErf0DetgkCPCCUx8AVSGpwIE1V0gGx aY2L/h0EaslZO4CQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1733404551; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xYuvIVe7PBvNH/qUl9Yg2A/0Rgpzt1R0tTa3UqxxpxY=; b=WPCDjvuGYs8gSwQHj19HA5biHXViCrnPvwZkfWF98poObAfkbNe0s632Umk4wDXSexwnIs cPlAwn8vfgX0GJJNScvR3t1oWIcIQYwpwHtbZpuv+447ctUw8YauiboTwYHCZ67YbB0J5i vtQOofIZRmdYwzuwRsJ3eawDjt3uNZ9CWcfdFFwMVSop555aRLmzzFD2+T7ySEgqk9Rvxe zRQeh9Q5h7pyW+AUvWqmsrjS82mQUetRs/D17W4Qdpw73jIalzI+LZx90N/7Jmf8zwA9h1 c1JaFjycjIYCcvSeB+tuxwX/2QYb2Mw+BNIynAp9eYRwJalIWDJ1uayWqklwhg== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] amazon-ssm-agent: Update to version 3.3.1345.0 Date: Thu, 5 Dec 2024 14:15:44 +0100 Message-ID: <20241205131546.3390092-2-adolf.belka@ipfire.org> In-Reply-To: <20241205131546.3390092-1-adolf.belka@ipfire.org> References: <20241205131546.3390092-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: DFPMU7RERHXGDFTN6IHYRMIJS3OC6ELW X-Message-ID-Hash: DFPMU7RERHXGDFTN6IHYRMIJS3OC6ELW X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 3.2.582.0 to 3.3.1345.0 - Update of rootfile not required - Changelog 3.3.1345.0 Revert "Update configurePackage to use fixed download method" Revert "Use a single syscall for route table for health check IP" 3.3.13110.0 Add alternative to wmic to support Windows 2025 Add armv7 architecture support for greengrass component Add support in ssm-setup-cli for standalone installation in on-premises environments Fail ssm-setup-cli install command if agent config is not loadable Implement S3 ownership verification as an optional parameter for plugins Mark Session task as cancelled when MGS indicates that session is over Update configurePackage to use fixed download method Update Docker Engine version and use system environment variables in installation path Update GreenGrass component minor version to 1.3.1 3.3.1230.0 Revert compatibility hook for future Windows versions as it increased CPU consumption for document execution on Windows. Revert Increase RunCommand timeout during the registration process for the on-prem instances 3.3.1142.0 Fail windows update when installed version does not match Reduced length of IMDS errors to shorter format Increase the RunCommand timeout during the registration process for the on-prem instances Add nil check when calling GetRepository content in aws:downloadContent Worker process to exit if they are not successfully started and became idle Fix bug where unforeseen failures cause time to be incorrectly displayed in RunCommand Update GreenGrass component minor version to 1.3.0 Ensure agent thread always exit after the corresponding worker process exits Fix IPC file filtering bug where usernames or session names containing tmp causes agent worker to not correctly receive IPC Load directly from appconfig file when calling UpdateInstanceInformation during credential refresher Use a single syscall for route table for health check IP 3.3.987.0 Update default session logging destination to none Specify a minimum of TLS v1.2 in http client calls Add web-socket heartbeat to detect connection drops in the web-socket for control and data channels sooner Use exponential retry for document worker, increase retry interval and attempt count when reading IPC files Add wait for cloud-init in the agent updater Fix timeouts for update without yum endpoint connectivity Change in orchestration directory removal process to reduce disk space usage Fix Inventory detailed information invalid value check Fix parsing issue with DomainJoin Plugin Modify DomainJoin Plugin to use Kerberos REALM in username for RHEL and variants Change the SUSE linux zypper commands to quiet mode for the DomainJoin Plugin Move high volume info logs to debug level Remove deprecated go coverage library (golang.org/x/tools/cmd/cover) Add lock on session orchestration cleanup to prevent quadratic file system lookup for large volume session users Upgrade GoLang to version 1.22.7 3.3.859.0 Updated snapcraft.yml specification 3.3.808.0 Add enhancements related to KMS sessions Add support for RHEL 8.10 & 9.4 Allow in-place upgrade for hybrid distributor packages Fix idempotency not found error during agent startup Fix bug that could cause unexpected behavior during parameter replacement in document Gather metrics during agent version validation in Windows agent update Make long sleep for onprem same as long sleep for EC2, and cap sleep time at 30 minutes for OnPrem instances Migrated snap package builder from core18 to core22 Parse version from OS release file correctly when contains special chars Suppress logs from the go-routine that checks the session manager's orchestration directory Update go git dependency to v5.12.0 Update seelog config to have default time format with Milliseconds Update TMP/TEMP env variable during windows installer launch in Updater Upgrade GoLang to version 1.21.12 3.3.551.0 Agent updater attempts yum install/uninstall before falling back to attempt with rpm Updated golang.org/x/net from v0.19.0 to v0.26.0 Upgrade GoLang to version 1.21.11 Add IPv6 addresses for NTP and EC2Config to default DenyList Update Distributor to only use Systems Manager APIs to fetch package contents 3.3.484.0 Update SSM-Setup-CLI logs related to checksum validation of latest version 3.3.418.0 Upgrade go-github version from v8 to v61 Increase timeouts in SSM-Setup-CLI Fix darwin build issue in SSM-Setup-CLI Fix the command builder bug to handle space char in input value Fix an inaccurate log when validating allowDowngrade parameter during Agent update Signing SSM Agent vended Windows executables 3.3.380.0 Update AWS GO SDK to v1.51.20 3.3.337.0 Remove yum as package manager in linux install/uninstall script Verify TrustedInstaller status before posting WindowsUpdate information in aws:softwareInventory plugin 3.3.217.0 Add alternative outputs for agent package generation scripts Add support for Oracle 8.8 & 8.9, Rocky 8.8 & 8.9, AlmaLinux 8.8 & 8.9, and RHEL 8.9 & 9.3 Fix flaky integration test Fix setup-cli error code for non English systems Set IPR creds expiry to 30 mins for ssm agent worker Switch installer package manager from rpm to yum on OSes that support yum Upgrade GoLang to version 1.21.8 3.3.131.0 Add integration tests for control channel and data channel module Remove data channel and control channel acknowledgement functionality in MGS Interactor 3.3.40.0 Fix issue to execute aws:updateSSMAgent plugin through aws:rundocument plugin Update Messaging module to switch off ec2messages when ssmmessages connected successfully Update SSM Agent Minor version from 3.2 to 3.3 3.2.2303.0 Add integration tests for control channel module Revert data channel and control channel acknowledgement functionality in MGS Interactor Update Greengrass component minor version to 1.2.4 3.2.2222.0 Upgrade minimum go version in go.mod file to go 1.19 Upgrade go-git package to v5.11.0 Fix for bad default manifest url when updating EC2Config 3.2.2143.0 Fixed plugin path traversal logic Updated aws:application plugin default param Fixed default param in psmodule Upgraded GoLang to version 1.21.5 3.2.2086.0 Added Agent config to configure session logs destination Added data channel acknowledgement functionalities Added redirect handler and timeout for HTTP client Added steps to verify aws-cli installation for domainJoin plugin Added support for Ubuntu 23.04, Debian 11.7 & 12, and SUSE 15.5 Adjusted random number generator logic used to get filename in downloadContent plugin Fixed Agent to gather application inventory from both rpm and dpkg package managers if present in Unix instances Bump golang.org/x/crypto/ssh from 0.14.0 to 0.17.0 3.2.2016.0 Added telemetry for agent core in-proc executor usage Added retries for Agent installation with snap on Greengrass Added code to update Agent config to use only Onprem Identity in Greengrass Added support for macOS 14 (Sonoma) Added Onprem registration support using ssm-setup-cli Fixed docker installation issues in aws:configureDocker plugin Fix for document worker and session worker not logging when custom seelog configuration missing parameters Updated allowed regex pattern in S3 URI Update Agent IoT Greengrass component minor version Updated SUSE version in Seamless Domain Join script Updated Greengrass component workflow to get installed Agent version and update Agent only when the installed Agent version doesn't match with Greengrass component Agent version Upgraded GoLang version that builds agent binaries with to 1.20.11 3.2.1798.0 Bump golang.org/x/net from 0.15.0 to 0.17.0 Upgraded GoLang to version 1.20.10 Fixing race condition in session datachannel unit test 3.2.1705.0 Updated MGS Interactor to send 'Failed' status on agentJob parsing error Added error handling for Linux DomainJoin when service account credentials empty Fix for panic scenario in when running aws:configureDocker plugin Upgraded GoLang to version 1.20.8 Upgraded golang.org/x/net to v0.15.0 Added support for macOS 13 (Ventura) 3.2.1630.0 Fix credential retrieval retry logic in credential refresher Reducing retrieval log level to debug in the credential refresher after more than 3 retrieval retries Fix for EC2 credential retrieval errors not being propagated to the credential refresher Fixing agent version input format validation Fix downloadPlatformOverride for AlmaLinux Fixed issue where removing seelog.xml file doesn't revert minimum log level back to INFO Ignore non-audit files in audit folder 3.2.1542.0 Add aws:updateSSMAgent plugin support for Flatcar Linux Add fix to resolve manifest url during agent update when using stable keyword Fix multiple issues causing tight loops during IPC connection scenarios Sign deb and rpm installer packages for Linux instances using new key Use file based IPC by default for amazon-ssm-agent and ssm-agent-worker communication in Darwin 3.2.1478.0 Added fix to propagate exit code properly when command fails to start Added control channel acknowledgement functionalities Added flag to specify go version used for gosec and govulncheck in static analysis script Added support for RHEL 8.7, 8.8, 9.1, 9.2 Added support for Rocky Linux 8.7, 9.0, 9.1, 9.2 Added support for Oracle Linux 8.7, 9.1, 9.2 Update go version to 1.20.7 3.2.1377.0 Stopped saving instance profile credentials to disk Added static agent security scans to makefile Updated Greengrass component minor version 3.2.1297.0 Added retries to snap uninstall call in setupcli Fix for windows shutdown executable not found when compiled with golang1.19+ Fix to return correct Agent Job ID for ack after AgentJobParseError Pass golang contexts for network calls in agent core to terminate cleanly Remove credential file dependency in agent workers implemented in 3.2.x.x versions Report MGS Connection Channel status to Health table Update Dockerfile to use Golang image from ECR repository 3.2.1241.0 Get bucket region using signed HeadBucket request Updated golang.org/x/net version to 0.10.0 and golang.org/x/crypto version to 0.9.0 Update go version to 1.19.10 3.2.1041.0 Add retry to handle stream data acknowledge messages Support latest as a version in configurePackage plugin Updated AWS GO SDK to v1.44.261 and disabled IMDSv1 fallback logic Use IP address to connect to destination server in port session 3.2.985.0 Add Domain Join support for RHEL 8.7 and AL2022 Add Support to send aws:updateSSMAgent replies through MGS Retrieve and set interface name dynamically in aws:domainJoin plugin for Ubuntu 3.2.923.0 Update Dockerfile Go version to 1.19 Add reporting of MGS connection status Add support for updating to agent version marked stable Add status code to MGS ack and send on message process failure Update golangci-lint configuration Add e2e tag to session shell tests 3.2.815.0 Add EC2 credential fallback for AssumeRoleUnauthorizedAccess error Add CloudWatch log upload support for document and session worker Add set-hostname support in domainjoin plugin for windows Add wait time in Agent updater to avoid installation issues caused during reboots initiated by domainjoin plugin Add support for AlmaLinux Fix KeepHostName parameter without DNS IP address parameter in domainJoin plugin Fix issue where carriage returns cause json conversion to fail in aws:softwareInventory plugin Remove IMDS calls in Onprem during health check Remove S3 global endpoint fallback logic Update cli descriptions for registration parameters Update go version to 1.19.6 Signed-off-by: Adolf Belka --- lfs/amazon-ssm-agent | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/amazon-ssm-agent b/lfs/amazon-ssm-agent index bc19b30ee..8ff560e47 100644 --- a/lfs/amazon-ssm-agent +++ b/lfs/amazon-ssm-agent @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2019-2023 IPFire Team # +# Copyright (C) 2019-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Amazon Remote System Config Management -VER = 3.2.582.0 +VER = 3.3.1345.0 SUP_ARCH = aarch64 x86_64 THISAPP = amazon-ssm-agent-$(VER) @@ -35,7 +35,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = amazon-ssm-agent -PAK_VER = 8 +PAK_VER = 9 DEPS = @@ -51,7 +51,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = df2c6111d0c3e941773c5657b199d414435742b20187788b4b07253f67ba0c54ce42e6c62851fba26635b01226b1e1a3e8b4db1f3b3b983323fe764f12c19ddc +$(DL_FILE)_BLAKE2 = 17b4215c5ce35a980e2a00c484e9354a167efb43c2957a2cfd146665c4b9941c708752f7e3cefd87e6b62e59d61f0723184891db853b3fc8c2bba444d2ec054f install : $(TARGET)