Merge branch 'master' into handle-keyerror-on-grp.getgrnam

changelog/62589.added.md

@@ -0,0 +1 @@
+Added new grain to detect the Salt package type: onedir, pip or system

changelog/62961.added.md

@@ -0,0 +1 @@
+Add salt package type information. Either onedir, pip or system.

changelog/63416.added.md

@@ -0,0 +1 @@
+adding new call for openscap xccdf eval supporting new parameters

changelog/63714.fixed.md

@@ -0,0 +1 @@
+This implements the vpc_uuid parameter when creating a droplet. This parameter selects the correct virtual private cloud (private network interface).

changelog/63824.fixed.md

@@ -0,0 +1 @@
+Allow long running pillar and file client requests to finish using request_channel_timeout and request_channel_tries minion config.

changelog/64372.changed.md

@@ -0,0 +1 @@
+Replace libnacl with PyNaCl

changelog/64488.fixed.md

@@ -0,0 +1 @@
+Clean up tech debt, IPC now uses tcp transport.

changelog/64595.security.md

@@ -1,3 +1,10 @@
-Upgrade to `cryptography==41.0.1`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
+Upgrade to `cryptography==41.0.3`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)
 
 This only really impacts pip installs of Salt and the windows onedir since the linux and macos onedir build every package dependency from source, not from pre-existing wheels.
+
+Also resolves the following cryptography advisories:
+
+Due to:
+  * https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
+  * https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
+  * https://github.com/advisories/GHSA-w7pp-m8wf-vj6r

changelog/64622.fixed.md

@@ -1 +1 @@
-Added support for Chocolatey 2.0.0+
+Added support for Chocolatey 2.0.0+ while maintaining support for older versions

changelog/64651.fixed.md

@@ -0,0 +1 @@
+Show user friendly message when pillars timeout

changelog/64653.fixed.md

@@ -0,0 +1 @@
+File client timeouts durring jobs show user friendly errors instead of tracbacks

changelog/64729.fixed.md

@@ -0,0 +1 @@
+SaltClientError does not log a traceback on minions, we expect these to happen so a user friendly log is shown.

changelog/64877.fixed.md

@@ -0,0 +1 @@
+Look in location salt is running from, this accounts for running from an unpacked onedir file that has not been installed.

doc/ref/configuration/minion.rst

@@ -1305,6 +1305,36 @@ restart.
 
     auth_safemode: False
 
+.. conf_minion:: request_channel_timeout
+
+``request_channel_timeout``
+---------------------------
+
+.. versionadded:: 3006.2
+
+Default: ``30``
+
+The default timeout timeout for request channel requests. This setting can be used to tune minions to better handle long running pillar and file client requests.
+
+.. code-block:: yaml
+
+    request_channel_timeout: 30
+
+``request_channel_tries``
+-------------------------
+
+.. versionadded:: 3006.2
+
+Default: ``3``
+
+The default number of times the minion will try request channel requests. This
+setting can be used to tune minions to better handle long running pillar and
+file client requests by retrying them after a timeout happens.
+
+.. code-block:: yaml
+
+    request_channel_tries: 3
+
 .. conf_minion:: ping_interval
 
 ``ping_interval``

doc/ref/grains/all/index.rst

@@ -31,6 +31,7 @@ grains modules
     nvme
     nxos
     opts
+    package
     panos
     pending_reboot
     philips_hue

doc/ref/grains/all/salt.grains.package.rst

@@ -0,0 +1,5 @@
+salt.grains.package
+===================
+
+.. automodule:: salt.grains.package
+    :members:

doc/topics/cloud/digitalocean.rst

@@ -49,7 +49,7 @@ Set up an initial profile at ``/etc/salt/cloud.profiles`` or in the
       image: 14.04 x64
       size: 512MB
       location: New York 1
-      private_networking: True
+      vpc_name: Optional
       backups_enabled: True
       ipv6: True
       create_dns_record: True

doc/topics/packaging/index.rst

@@ -16,6 +16,13 @@ Docker Containers
 The Salt Project uses docker containers to build our deb and rpm packages. If you are building your own packages you can use
 the same containers we build with in the Github piplines. These containers are documented `here <https://github.com/saltstack/salt-ci-containers/tree/main/custom/packaging>`_.
 
+Package Grain
+=============
+In the 3007.0 release a new package grain was added. This detects how Salt was installed using the `_pkg.txt`
+in the root of the Salt repo. By default this is set to ``pip``, but it is set to ``onedir`` when ``tools pkg build salt-onedir``
+is run in our pipelines when building our onedir packages. If you are building your own custom packages, please ensure you set
+``_pkg.txt`` contents to be the type of package you are creating. The options are ``pip``, ``onedir`` or ``system``.
+
 
 How to build onedir only
 ========================

doc/topics/releases/templates/3007.0.md.template

@@ -16,6 +16,11 @@ Support for python 3.7 has been dropped since it reached end-of-line in 27 Jun 2
 
 Starting from Salt version 3007.0, the Azure functionality previously available in the Salt code base is fully removed. To continue using Salt's features for interacting with Azure resources, users are required to utilize the Azure Salt extension. For more information, refer to the [Azure Salt Extension GitHub repository](https://github.com/salt-extensions/saltext-azurerm).
 
+## New Package Grain
+A new ``package`` grain was added in 3007.0 This detects how Salt was installed using the ``_pkg.txt`` in the root of
+the directory. If you are building packages of Salt you need to ensure this file is set to the correct package type
+that you are building. The options are ``pip``, ``onedir``, or ``system``. By default this file is already set to ``pip``.
+
 <!--
 Do not edit the changelog below.
 This is auto generated

pkg/common/env-cleanup-rules.yml

@@ -49,6 +49,44 @@ ci:
       # Help files
       - "**/*.chm"
       - "**/Scripts/wmitest*"
+
+pkg:
+  darwin:
+    dir_patterns:
+      - *ci_darwin_dir_patterns
+      - "**/pkgconfig"
+      - "**/share"
+      - "**/artifacts/salt/opt"
+      - "**/artifacts/salt/etc"
+      - "**/artifacts/salt/Lib"
+    file_patterns:
+      - *ci_darwin_file_patterns
+  linux:
+    dir_patterns:
+      - *ci_linux_dir_patterns
+    file_patterns:
+      - *ci_linux_file_patterns
+  windows:
+    dir_patterns:
+      - *ci_windows_dir_patterns
+      - "**/salt/share"
+      - "**/site-packages/pywin32_system32"
+    file_patterns:
+      - *ci_windows_file_patterns
+      - "**/Scripts/py.exe"
+      - "**/Scripts/pyw.exe"
+      - "**/Scripts/venvlauncher.exe"
+      - "**/Scripts/venvwlauncher.exe"
+      - "**/Scripts/wheel*"
+      - "**/doc"
+      - "**/readme"
+      - "**/salt/salt-api*"
+      - "**/salt/salt-key*"
+      - "**/salt/salt-run*"
+      - "**/salt/salt-syndic*"
+      - "**/salt/salt-unity*"
+      - "**/salt/spm*"
+      - "**/salt/wheel*"
       # Non Windows execution modules
       - "**/site-packages/salt/modules/aacme.py*"
       - "**/site-packages/salt/modules/aix.py*"
@@ -231,41 +269,3 @@ ci:
       - "**/site-packages/salt/states/virt.py.py*"
       - "**/site-packages/salt/states/zfs.py*"
       - "**/site-packages/salt/states/zpool.py*"
-
-pkg:
-  darwin:
-    dir_patterns:
-      - *ci_darwin_dir_patterns
-      - "**/pkgconfig"
-      - "**/share"
-      - "**/artifacts/salt/opt"
-      - "**/artifacts/salt/etc"
-      - "**/artifacts/salt/Lib"
-    file_patterns:
-      - *ci_darwin_file_patterns
-  linux:
-    dir_patterns:
-      - *ci_linux_dir_patterns
-    file_patterns:
-      - *ci_linux_file_patterns
-  windows:
-    dir_patterns:
-      - *ci_windows_dir_patterns
-      - "**/salt/share"
-      - "**/site-packages/pywin32_system32"
-    file_patterns:
-      - *ci_windows_file_patterns
-      - "**/Scripts/py.exe"
-      - "**/Scripts/pyw.exe"
-      - "**/Scripts/venvlauncher.exe"
-      - "**/Scripts/venvwlauncher.exe"
-      - "**/Scripts/wheel*"
-      - "**/doc"
-      - "**/readme"
-      - "**/salt/salt-api*"
-      - "**/salt/salt-key*"
-      - "**/salt/salt-run*"
-      - "**/salt/salt-syndic*"
-      - "**/salt/salt-unity*"
-      - "**/salt/spm*"
-      - "**/salt/wheel*"

pkg/rpm/salt.spec

@@ -32,6 +32,8 @@ Group:   System Environment/Daemons
 License: ASL 2.0
 URL:     https://saltproject.io/
 
+Provides:  salt = %{version}
+Obsoletes: salt3 < 3006
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -68,6 +70,8 @@ servers, handle them quickly and through a simple and manageable interface.
 Summary:    Management component for salt, a parallel remote execution system
 Group:      System Environment/Daemons
 Requires:   %{name} = %{version}-%{release}
+Provides:   salt-master = %{version}
+Obsoletes:  salt3-master < 3006
 
 %description master
 The Salt master is the central server to which all minions connect.
@@ -77,6 +81,8 @@ The Salt master is the central server to which all minions connect.
 Summary:    Client component for Salt, a parallel remote execution system
 Group:      System Environment/Daemons
 Requires:   %{name} = %{version}-%{release}
+Provides:   salt-minion = %{version}
+Obsoletes:  salt3-minion < 3006
 
 %description minion
 The Salt minion is the agent component of Salt. It listens for instructions
@@ -87,6 +93,8 @@ from the master, runs jobs, and returns results back to the master.
 Summary:    Master-of-master component for Salt, a parallel remote execution system
 Group:      System Environment/Daemons
 Requires:   %{name}-master = %{version}-%{release}
+Provides:   salt-syndic = %{version}
+Obsoletes:  salt3-syndic < 3006
 
 %description syndic
 The Salt syndic is a master daemon which can receive instruction from a
@@ -98,6 +106,8 @@ infrastructure.
 Summary:    REST API for Salt, a parallel remote execution system
 Group:      Applications/System
 Requires:   %{name}-master = %{version}-%{release}
+Provides:   salt-api = %{version}
+Obsoletes:  salt3-api < 3006
 
 %description api
 salt-api provides a REST interface to the Salt master.
@@ -107,6 +117,8 @@ salt-api provides a REST interface to the Salt master.
 Summary:    Cloud provisioner for Salt, a parallel remote execution system
 Group:      Applications/System
 Requires:   %{name}-master = %{version}-%{release}
+Provides:   salt-cloud = %{version}
+Obsoletes:  salt3-cloud < 3006
 
 %description cloud
 The salt-cloud tool provisions new cloud VMs, installs salt-minion on them, and
@@ -117,6 +129,8 @@ adds them to the master's collection of controllable minions.
 Summary:    Agentless SSH-based version of Salt, a parallel remote execution system
 Group:      Applications/System
 Requires:   %{name} = %{version}-%{release}
+Provides:   salt-ssh = %{version}
+Obsoletes:  salt3-ssh < 3006
 
 %description ssh
 The salt-ssh tool can run remote execution functions and states without the use

pkg/tests/integration/test_salt_grains.py

@@ -39,3 +39,12 @@ def test_grains_setval_key_val(salt_cli, salt_minion):
     ret = salt_cli.run("grains.setval", "key", "val", minion_tgt=salt_minion.id)
     assert ret.data, ret
     assert "key" in ret.data
+
+
+def test_grains_package_onedir(salt_cli, salt_minion):
+    """
+    Test that the package grain returns onedir
+    """
+    ret = salt_cli.run("grains.get", "package", minion_tgt=salt_minion.id)
+    assert ret.data == "onedir"
+    assert ret.data, ret