From cd2b974d0673496be97e9559fbf4f9576bb47477 Mon Sep 17 00:00:00 2001
From: Roshani Rathi <42164609+roshanirathi@users.noreply.github.com>
Date: Mon, 5 Aug 2024 22:02:16 +0530
Subject: [PATCH 1/2] PE-4749 Update Earthfile with latest k8s versions for
 4.4.b (#241)

---
 Earthfile | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Earthfile b/Earthfile
index e9e25af..54da531 100644
--- a/Earthfile
+++ b/Earthfile
@@ -151,12 +151,15 @@ build-provider-images:
            BUILD  +$TARGET --K8S_VERSION=1.27.9
            BUILD  +$TARGET --K8S_VERSION=1.27.11
            BUILD  +$TARGET --K8S_VERSION=1.27.15
+           BUILD  +$TARGET --K8S_VERSION=1.27.16
            BUILD  +$TARGET --K8S_VERSION=1.28.2
            BUILD  +$TARGET --K8S_VERSION=1.28.5
            BUILD  +$TARGET --K8S_VERSION=1.28.9
            BUILD  +$TARGET --K8S_VERSION=1.28.11
+           BUILD  +$TARGET --K8S_VERSION=1.28.12
            BUILD  +$TARGET --K8S_VERSION=1.29.0
            BUILD  +$TARGET --K8S_VERSION=1.29.6
+           BUILD  +$TARGET --K8S_VERSION=1.29.7
        ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ]
            BUILD  +$TARGET --K8S_VERSION=1.24.6
            BUILD  +$TARGET --K8S_VERSION=1.25.2
@@ -175,14 +178,17 @@ build-provider-images:
            BUILD  +$TARGET --K8S_VERSION=1.27.11
            BUILD  +$TARGET --K8S_VERSION=1.27.13
            BUILD  +$TARGET --K8S_VERSION=1.27.14
+           BUILD  +$TARGET --K8S_VERSION=1.27.15
            BUILD  +$TARGET --K8S_VERSION=1.28.2
            BUILD  +$TARGET --K8S_VERSION=1.28.5
            BUILD  +$TARGET --K8S_VERSION=1.28.7
            BUILD  +$TARGET --K8S_VERSION=1.28.9
            BUILD  +$TARGET --K8S_VERSION=1.28.10
+           BUILD  +$TARGET --K8S_VERSION=1.28.11
            BUILD  +$TARGET --K8S_VERSION=1.29.3
            BUILD  +$TARGET --K8S_VERSION=1.29.4
            BUILD  +$TARGET --K8S_VERSION=1.29.5
+           BUILD  +$TARGET --K8S_VERSION=1.29.6
        ELSE IF [ "$K8S_DISTRIBUTION" = "k3s" ]
            BUILD  +$TARGET --K8S_VERSION=1.24.6
            BUILD  +$TARGET --K8S_VERSION=1.25.2
@@ -218,12 +224,15 @@ build-provider-images-fips:
            BUILD  +provider-image --K8S_VERSION=1.27.9
            BUILD  +provider-image --K8S_VERSION=1.27.14
            BUILD  +provider-image --K8S_VERSION=1.27.15
+           BUILD  +provider-image --K8S_VERSION=1.27.16
            BUILD  +provider-image --K8S_VERSION=1.28.5
            BUILD  +provider-image --K8S_VERSION=1.28.10
            BUILD  +provider-image --K8S_VERSION=1.28.11
+           BUILD  +provider-image --K8S_VERSION=1.28.12
            BUILD  +provider-image --K8S_VERSION=1.29.0
            BUILD  +provider-image --K8S_VERSION=1.29.5
            BUILD  +provider-image --K8S_VERSION=1.29.6
+           BUILD  +provider-image --K8S_VERSION=1.29.7
         ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ]
            BUILD  +provider-image --K8S_VERSION=1.24.6
            BUILD  +provider-image --K8S_VERSION=1.25.0
@@ -235,11 +244,14 @@ build-provider-images-fips:
            BUILD  +provider-image --K8S_VERSION=1.27.9
            BUILD  +provider-image --K8S_VERSION=1.27.11
            BUILD  +provider-image --K8S_VERSION=1.27.14
+           BUILD  +provider-image --K8S_VERSION=1.27.15
            BUILD  +provider-image --K8S_VERSION=1.28.5
            BUILD  +provider-image --K8S_VERSION=1.28.7
            BUILD  +provider-image --K8S_VERSION=1.28.10
+           BUILD  +provider-image --K8S_VERSION=1.28.11
            BUILD  +provider-image --K8S_VERSION=1.29.0
            BUILD  +provider-image --K8S_VERSION=1.29.3
+           BUILD  +provider-image --K8S_VERSION=1.29.5
            BUILD  +provider-image --K8S_VERSION=1.29.6
         ELSE
            BUILD  +provider-image --K8S_VERSION=1.24.6

From 61ad9fd18e144801b26ed3413a4c3f8357b9156a Mon Sep 17 00:00:00 2001
From: Arun Sharma <dev.arun2302@gmail.com>
Date: Mon, 5 Aug 2024 23:16:36 +0530
Subject: [PATCH 2/2] logrotate issue fix (#242)

---
 Earthfile                                  | 15 +++++++++++++--
 overlay/files/etc/logrotate.d/stylus.conf  |  9 +++++++--
 overlay/files/etc/rsyslog.d/49-stylus.conf |  6 +++---
 3 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/Earthfile b/Earthfile
index 54da531..f1f22b1 100644
--- a/Earthfile
+++ b/Earthfile
@@ -302,7 +302,10 @@ uki-provider-image:
     RUN apt-get update && apt-get install -y rsync
 
     WORKDIR /
-    COPY overlay/files/etc/ /etc/
+    COPY --if-exists overlay/files/etc/ /etc/
+    IF [ -f /etc/logrotate.d/stylus.conf ]
+        RUN chmod 644 /etc/logrotate.d/stylus.conf
+    END
     COPY +luet/luet /usr/bin/luet
     COPY +kairos-agent/kairos-agent /usr/bin/kairos-agent
     COPY --platform=linux/${ARCH} +trust-boot-unpack/ /trusted-boot
@@ -602,7 +605,11 @@ provider-image:
         ARG BASE_K8S_VERSION=$K8S_VERSION-$K8S_DISTRIBUTION_TAG
     END
 
-    COPY overlay/files/etc/ /etc/
+    COPY --if-exists overlay/files/etc/ /etc/
+    IF [ -f /etc/logrotate.d/stylus.conf ]
+        RUN chmod 644 /etc/logrotate.d/stylus.conf
+    END
+
     COPY  --platform=linux/${ARCH} +kairos-provider-image/ /
     COPY +stylus-image/etc/kairos/branding /etc/kairos/branding
     COPY +stylus-image/oem/stylus_config.yaml /etc/kairos/branding/stylus_config.yaml
@@ -852,6 +859,10 @@ iso-image:
         RUN rm -f /usr/bin/luet
     END
     COPY overlay/files/ /
+
+    IF [ -f /etc/logrotate.d/stylus.conf ]
+        RUN chmod 644 /etc/logrotate.d/stylus.conf
+    END
     
     RUN rm -f /etc/ssh/ssh_host_* /etc/ssh/moduli
     RUN touch /etc/machine-id \
diff --git a/overlay/files/etc/logrotate.d/stylus.conf b/overlay/files/etc/logrotate.d/stylus.conf
index e45df6a..5ccdab0 100644
--- a/overlay/files/etc/logrotate.d/stylus.conf
+++ b/overlay/files/etc/logrotate.d/stylus.conf
@@ -4,9 +4,14 @@
     missingok
     notifempty
     compress
-    delaycompress
     dateext
-    dateformat -%m-%Y
+    dateformat -%d-%m-%Y
     size 100M
     create 600 root root
+    # to avoid 'writable by group or others' error
+    su root root
+    # reload or restart to point file handle to new log file
+    postrotate
+        systemctl try-reload-or-restart rsyslog 2>&1 || true
+    endscript
 }
\ No newline at end of file
diff --git a/overlay/files/etc/rsyslog.d/49-stylus.conf b/overlay/files/etc/rsyslog.d/49-stylus.conf
index a540b6b..dfaafe8 100644
--- a/overlay/files/etc/rsyslog.d/49-stylus.conf
+++ b/overlay/files/etc/rsyslog.d/49-stylus.conf
@@ -1,6 +1,6 @@
-# Running rsyslog as root. 
-# TODO: should this be done or change acceptance criteria to about audit log file permissions accordingly 
+# Running rsyslog as root.
 $PrivDropToUser root
+$PrivDropToGroup root
 # default config has $Umask 0022 set. That breaks any config related to masks and modes.
 $Umask 0000
 
@@ -8,7 +8,7 @@ $Umask 0000
 $template ForwardFormat,"<%pri%>1 %timestamp:::date-rfc3339% %HOSTNAME% %syslogtag% %procid% - - %msg%\n"
 
 # route messages with facility local7 and severity notice to /var/log/stylus-audit.log
-if ($syslogfacility-text == 'local7' and $syslogseverity-text == 'notice') then{
+if ($syslogfacility-text == 'local7' and $syslogseverity-text == 'notice' and $syslogtag contains 'stylus-audit') then{
     action(
         type="omfile" 
         file="/var/log/stylus-audit.log"