From 328a6928c0d64686c5fabea981bae532f90b1144 Mon Sep 17 00:00:00 2001
From: Matthew Thode <prometheanfire@gentoo.org>
Date: Thu, 7 Jan 2016 14:23:21 -0600
Subject: sys-cluster/nova: fixing bug 571184 and bug 571198

Package-Manager: portage-2.2.26
---
 .../files/cve-2015-7548-stable-liberty-0004.patch  | 132 +++++++++
 sys-cluster/nova/nova-12.0.0-r1.ebuild             | 295 --------------------
 sys-cluster/nova/nova-12.0.0-r2.ebuild             | 296 +++++++++++++++++++++
 3 files changed, 428 insertions(+), 295 deletions(-)
 create mode 100644 sys-cluster/nova/files/cve-2015-7548-stable-liberty-0004.patch
 delete mode 100644 sys-cluster/nova/nova-12.0.0-r1.ebuild
 create mode 100644 sys-cluster/nova/nova-12.0.0-r2.ebuild

(limited to 'sys-cluster')

diff --git a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0004.patch b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0004.patch
new file mode 100644
index 000000000000..113e9f4736b1
--- /dev/null
+++ b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0004.patch
@@ -0,0 +1,132 @@
+From cf197ec2d682fb4da777df2291ca7ef101f73b77 Mon Sep 17 00:00:00 2001
+From: Matt Riedemann <mriedem@us.ibm.com>
+Date: Mon, 16 Nov 2015 13:11:09 -0800
+Subject: xen: mask passwords in volume connection_data dict
+
+The connection_data dict can have credentials in it, so we need to scrub
+those before putting the stringified dict into the StorageError message
+and raising that up and when logging the dict.
+
+Note that strutils.mask_password converts the dict to a string using
+six.text_type so we don't have to do that conversion first.
+
+SecurityImpact
+
+Change-Id: Ic5f4d4c26794550a92481bf2b725ef5eafa581b2
+Closes-Bug: #1516765
+(cherry picked from commit 8b289237ed6d53738c22878decf0c429301cf3d0)
+---
+ nova/tests/unit/virt/xenapi/test_volume_utils.py | 16 ++++++++++++++--
+ nova/tests/unit/virt/xenapi/test_volumeops.py    | 16 ++++++++++++++++
+ nova/virt/xenapi/volume_utils.py                 |  3 ++-
+ nova/virt/xenapi/volumeops.py                    |  6 +++++-
+ 4 files changed, 37 insertions(+), 4 deletions(-)
+
+diff --git a/nova/tests/unit/virt/xenapi/test_volume_utils.py b/nova/tests/unit/virt/xenapi/test_volume_utils.py
+index 6bd80b0..d08eede 100644
+--- a/nova/tests/unit/virt/xenapi/test_volume_utils.py
++++ b/nova/tests/unit/virt/xenapi/test_volume_utils.py
+@@ -165,14 +165,26 @@ class ParseVolumeInfoTestCase(stubs.XenAPITestBaseNoDB):
+                          'target_lun': None,
+                          'auth_method': 'CHAP',
+                          'auth_username': 'username',
+-                         'auth_password': 'password'}}
++                         'auth_password': 'verybadpass'}}
+ 
+     def test_parse_volume_info_parsing_auth_details(self):
+         conn_info = self._make_connection_info()
+         result = volume_utils._parse_volume_info(conn_info['data'])
+ 
+         self.assertEqual('username', result['chapuser'])
+-        self.assertEqual('password', result['chappassword'])
++        self.assertEqual('verybadpass', result['chappassword'])
++
++    def test_parse_volume_info_missing_details(self):
++        # Tests that a StorageError is raised if volume_id, target_host, or
++        # target_ign is missing from connection_data. Also ensures that the
++        # auth_password value is not present in the StorageError message.
++        for data_key_to_null in ('volume_id', 'target_portal', 'target_iqn'):
++            conn_info = self._make_connection_info()
++            conn_info['data'][data_key_to_null] = None
++            ex = self.assertRaises(exception.StorageError,
++                                   volume_utils._parse_volume_info,
++                                   conn_info['data'])
++            self.assertNotIn('verybadpass', six.text_type(ex))
+ 
+     def test_get_device_number_raise_exception_on_wrong_mountpoint(self):
+         self.assertRaises(
+diff --git a/nova/tests/unit/virt/xenapi/test_volumeops.py b/nova/tests/unit/virt/xenapi/test_volumeops.py
+index 0e840bb..58c3fa5 100644
+--- a/nova/tests/unit/virt/xenapi/test_volumeops.py
++++ b/nova/tests/unit/virt/xenapi/test_volumeops.py
+@@ -381,6 +381,22 @@ class AttachVolumeTestCase(VolumeOpsTestBase):
+         mock_intro.assert_called_once_with(self.session, "sr",
+                                            target_lun="lun")
+ 
++    @mock.patch.object(volume_utils, "introduce_vdi")
++    @mock.patch.object(volumeops.LOG, 'debug')
++    def test_connect_hypervisor_to_volume_mask_password(self, mock_debug,
++                                                        mock_intro):
++        # Tests that the connection_data is scrubbed before logging.
++        data = {'auth_password': 'verybadpass'}
++        self.ops._connect_hypervisor_to_volume("sr", data)
++        self.assertTrue(mock_debug.called, 'LOG.debug was not called')
++        password_logged = False
++        for call in mock_debug.call_args_list:
++            # The call object is a tuple of (args, kwargs)
++            if 'verybadpass' in call[0]:
++                password_logged = True
++                break
++        self.assertFalse(password_logged, 'connection_data was not scrubbed')
++
+     @mock.patch.object(vm_utils, "is_vm_shutdown")
+     @mock.patch.object(vm_utils, "create_vbd")
+     def test_attach_volume_to_vm_plug(self, mock_vbd, mock_shutdown):
+diff --git a/nova/virt/xenapi/volume_utils.py b/nova/virt/xenapi/volume_utils.py
+index c7bfe32..af47e26 100644
+--- a/nova/virt/xenapi/volume_utils.py
++++ b/nova/virt/xenapi/volume_utils.py
+@@ -24,6 +24,7 @@ import string
+ from eventlet import greenthread
+ from oslo_config import cfg
+ from oslo_log import log as logging
++from oslo_utils import strutils
+ 
+ from nova import exception
+ from nova.i18n import _, _LE, _LW
+@@ -84,7 +85,7 @@ def _parse_volume_info(connection_data):
+             target_iqn is None):
+         raise exception.StorageError(
+                 reason=_('Unable to obtain target information %s') %
+-                        connection_data)
++                        strutils.mask_password(connection_data))
+     volume_info = {}
+     volume_info['id'] = volume_id
+     volume_info['target'] = target_host
+diff --git a/nova/virt/xenapi/volumeops.py b/nova/virt/xenapi/volumeops.py
+index f816853..b9e73e2 100644
+--- a/nova/virt/xenapi/volumeops.py
++++ b/nova/virt/xenapi/volumeops.py
+@@ -19,6 +19,7 @@ Management class for Storage-related functions (attach, detach, etc).
+ 
+ from oslo_log import log as logging
+ from oslo_utils import excutils
++from oslo_utils import strutils
+ 
+ from nova import exception
+ from nova.i18n import _LI, _LW
+@@ -91,7 +92,10 @@ class VolumeOps(object):
+         return (sr_ref, sr_uuid)
+ 
+     def _connect_hypervisor_to_volume(self, sr_ref, connection_data):
+-        LOG.debug("Connect volume to hypervisor: %s", connection_data)
++        # connection_data can have credentials in it so make sure to scrub
++        # those before logging.
++        LOG.debug("Connect volume to hypervisor: %s",
++                  strutils.mask_password(connection_data))
+         if 'vdi_uuid' in connection_data:
+             vdi_ref = volume_utils.introduce_vdi(
+                     self._session, sr_ref,
+-- 
+cgit v0.11.2
+
diff --git a/sys-cluster/nova/nova-12.0.0-r1.ebuild b/sys-cluster/nova/nova-12.0.0-r1.ebuild
deleted file mode 100644
index 2ad958e3ff2d..000000000000
--- a/sys-cluster/nova/nova-12.0.0-r1.ebuild
+++ /dev/null
@@ -1,295 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 python3_4 )
-
-inherit distutils-r1 eutils linux-info multilib user
-
-DESCRIPTION="Cloud computing fabric controller (main part of an IaaS system) in Python"
-HOMEPAGE="https://launchpad.net/nova"
-SRC_URI="
-	https://launchpad.net/${PN}/liberty/${PV}/+download/${P}.tar.gz
-	https://dev.gentoo.org/~prometheanfire/dist/nova/liberty/nova.conf.sample -> liberty-nova.conf.sample"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="+compute compute-only iscsi +kvm +memcached mysql +novncproxy openvswitch postgres +rabbitmq sqlite test xen"
-REQUIRED_USE="
-	!compute-only? ( || ( mysql postgres sqlite ) )
-	compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite )
-	compute? ( ^^ ( kvm xen ) )"
-
-CDEPEND=">=dev-python/pbr-1.8[${PYTHON_USEDEP}]"
-# need to package dev-python/sphinxcontrib-seqdiag
-DEPEND="
-	>=dev-python/setuptools-16.0[${PYTHON_USEDEP}]
-	${CDEPEND}
-	app-admin/sudo
-	test? (
-		${RDEPEND}
-		>=dev-python/coverage-3.6[${PYTHON_USEDEP}]
-		<=dev-python/coverage-4.0[${PYTHON_USEDEP}]
-		~dev-python/fixtures-1.3.1[${PYTHON_USEDEP}]
-		>=dev-python/mock-1.2[${PYTHON_USEDEP}]
-		<=dev-python/mock-1.3.0[${PYTHON_USEDEP}]
-		>=dev-python/mox3-0.7.0[${PYTHON_USEDEP}]
-		<=dev-python/mox3-0.10.0[${PYTHON_USEDEP}]
-		>=dev-python/psycopg-2.5[${PYTHON_USEDEP}]
-		<=dev-python/psycopg-2.6.1[${PYTHON_USEDEP}]
-		>=dev-python/pymysql-0.6.2[${PYTHON_USEDEP}]
-		<=dev-python/pymysql-0.6.6[${PYTHON_USEDEP}]
-		~dev-python/python-barbicanclient-3.3.0[${PYTHON_USEDEP}]
-		>=dev-python/python-ironicclient-0.8.0[${PYTHON_USEDEP}]
-		<=dev-python/python-ironicclient-0.8.1[${PYTHON_USEDEP}]
-		>=dev-python/subunit-0.0.18[${PYTHON_USEDEP}]
-		<=dev-python/subunit-1.1.0[${PYTHON_USEDEP}]
-		~dev-python/requests-mock-0.6.0[${PYTHON_USEDEP}]
-		>=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
-		!~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
-		<dev-python/sphinx-1.3[${PYTHON_USEDEP}]
-		>=dev-python/pillow-2.4.0[${PYTHON_USEDEP}]
-		<dev-python/pillow-3.0.0[${PYTHON_USEDEP}]
-		>=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
-		<=dev-python/oslo-sphinx-3.2.0[${PYTHON_USEDEP}]
-		>=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}]
-		<=dev-python/oslotest-1.11.0[${PYTHON_USEDEP}]
-		>=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
-		<=dev-python/testrepository-0.0.20[${PYTHON_USEDEP}]
-		>=dev-python/testresources-0.2.4[${PYTHON_USEDEP}]
-		<=dev-python/testresources-0.2.7-r9999[${PYTHON_USEDEP}]
-		>=dev-python/testtools-1.4.0[${PYTHON_USEDEP}]
-		<=dev-python/testtools-1.8.0[${PYTHON_USEDEP}]
-		>=dev-python/tempest-lib-0.8.0[${PYTHON_USEDEP}]
-		<=dev-python/tempest-lib-0.9.0[${PYTHON_USEDEP}]
-		~dev-python/bandit-0.13.2[${PYTHON_USEDEP}]
-		>=dev-python/oslo-vmware-0.16.0[${PYTHON_USEDEP}]
-		<=dev-python/oslo-vmware-1.21.0[${PYTHON_USEDEP}]
-	)"
-
-# barbicanclient is in here for doc generation
-RDEPEND="
-	${CDEPEND}
-	compute-only? (
-		>=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}]
-		<dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
-	)
-	sqlite? (
-		>=dev-python/sqlalchemy-0.9.9[sqlite,${PYTHON_USEDEP}]
-		<dev-python/sqlalchemy-1.1.0[sqlite,${PYTHON_USEDEP}]
-	)
-	mysql? (
-		dev-python/mysql-python
-		>=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}]
-		<dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
-	)
-	postgres? (
-		dev-python/psycopg:2
-		>=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}]
-		<dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
-	)
-	>=dev-python/boto-2.32.1[${PYTHON_USEDEP}]
-	<=dev-python/boto-2.38.0[${PYTHON_USEDEP}]
-	>=dev-python/decorator-3.4.0[${PYTHON_USEDEP}]
-	<=dev-python/decorator-4.0.2[${PYTHON_USEDEP}]
-	~dev-python/eventlet-0.17.4[${PYTHON_USEDEP}]
-	>=dev-python/jinja-2.6[${PYTHON_USEDEP}]
-	<=dev-python/jinja-2.8[${PYTHON_USEDEP}]
-	>=dev-python/keystonemiddleware-2.0.0[${PYTHON_USEDEP}]
-	<=dev-python/keystonemiddleware-2.3.1[${PYTHON_USEDEP}]
-	>=dev-python/lxml-2.3[${PYTHON_USEDEP}]
-	<=dev-python/lxml-3.4.4[${PYTHON_USEDEP}]
-	>=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
-	!~dev-python/routes-2.0[${PYTHON_USEDEP}]
-	!~dev-python/routes-2.1[$(python_gen_usedep 'python2_7')]
-	<=dev-python/routes-2.2[${PYTHON_USEDEP}]
-	>=dev-python/cryptography-1.0[${PYTHON_USEDEP}]
-	<=dev-python/cryptography-1.1-r9999[${PYTHON_USEDEP}]
-	>=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
-	<=dev-python/webob-1.4.1[${PYTHON_USEDEP}]
-	>=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
-	<=dev-python/greenlet-0.4.9[${PYTHON_USEDEP}]
-	>=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
-	<=dev-python/pastedeploy-1.5.2[${PYTHON_USEDEP}]
-	<=dev-python/paste-2.0.2[${PYTHON_USEDEP}]
-	>=dev-python/prettytable-0.7[${PYTHON_USEDEP}]
-	<dev-python/prettytable-0.8[${PYTHON_USEDEP}]
-	>=dev-python/sqlalchemy-migrate-0.9.6[${PYTHON_USEDEP}]
-	<=dev-python/sqlalchemy-migrate-0.10.0[${PYTHON_USEDEP}]
-	>=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}]
-	!~dev-python/netaddr-0.7.16[${PYTHON_USEDEP}]
-	<=dev-python/netaddr-0.7.18[${PYTHON_USEDEP}]
-	~dev-python/netifaces-0.10.4[${PYTHON_USEDEP}]
-	>=dev-python/paramiko-1.13.0[${PYTHON_USEDEP}]
-	<=dev-python/paramiko-1.15.2[${PYTHON_USEDEP}]
-	>=dev-python/Babel-1.3[${PYTHON_USEDEP}]
-	<=dev-python/Babel-2.0[${PYTHON_USEDEP}]
-	>=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
-	<=dev-python/iso8601-0.1.10[${PYTHON_USEDEP}]
-	>=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}]
-	!~dev-python/jsonschema-2.5.0[${PYTHON_USEDEP}]
-	<dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}]
-	>=dev-python/python-cinderclient-1.3.1[${PYTHON_USEDEP}]
-	<=dev-python/python-cinderclient-1.4.0[${PYTHON_USEDEP}]
-	>=dev-python/python-keystoneclient-1.6.0[${PYTHON_USEDEP}]
-	<=dev-python/python-keystoneclient-1.7.2-r9999[${PYTHON_USEDEP}]
-	>=dev-python/python-neutronclient-2.6.0[${PYTHON_USEDEP}]
-	<=dev-python/python-neutronclient-3.1.0[${PYTHON_USEDEP}]
-	>=dev-python/python-glanceclient-0.18.0[${PYTHON_USEDEP}]
-	<=dev-python/python-glanceclient-1.1.0[${PYTHON_USEDEP}]
-	>=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}]
-	<=dev-python/python-barbicanclient-3.3.0[${PYTHON_USEDEP}]
-	~dev-python/six-1.9.0[${PYTHON_USEDEP}]
-	>=dev-python/stevedore-1.5.0[${PYTHON_USEDEP}]
-	<=dev-python/stevedore-1.8.0[${PYTHON_USEDEP}]
-	>=dev-python/setuptools-16.0[${PYTHON_USEDEP}]
-	>=dev-python/websockify-0.6.1[${PYTHON_USEDEP}]
-	>=dev-python/websockify-0.6.1[${PYTHON_USEDEP}]
-	<=dev-python/websockify-0.7.0[${PYTHON_USEDEP}]
-	>=dev-python/oslo-concurrency-2.3.0[${PYTHON_USEDEP}]
-	<=dev-python/oslo-concurrency-2.6.0[${PYTHON_USEDEP}]
-	>=dev-python/oslo-config-2.3.0[${PYTHON_USEDEP}]
-	<=dev-python/oslo-config-2.4.0[${PYTHON_USEDEP}]
-	>=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}]
-	<=dev-python/oslo-context-0.6.0[${PYTHON_USEDEP}]
-	>=dev-python/oslo-log-1.8.0[${PYTHON_USEDEP}]
-	<=dev-python/oslo-log-1.11.0[${PYTHON_USEDEP}]
-	>=dev-python/oslo-reports-0.1.0[${PYTHON_USEDEP}]
-	<=dev-python/oslo-reports-0.5.0[${PYTHON_USEDEP}]
-	>=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}]
-	<=dev-python/oslo-serialization-1.9.0[${PYTHON_USEDEP}]
-	>=dev-python/oslo-utils-2.0.0[${PYTHON_USEDEP}]
-	<=dev-python/oslo-utils-2.5.0[${PYTHON_USEDEP}]
-	>=dev-python/oslo-db-2.4.1[${PYTHON_USEDEP}]
-	<=dev-python/oslo-db-2.6.0[${PYTHON_USEDEP}]
-	>=dev-python/oslo-rootwrap-2.0.0[${PYTHON_USEDEP}]
-	<=dev-python/oslo-rootwrap-2.3.0[${PYTHON_USEDEP}]
-	>=dev-python/oslo-messaging-1.16.0[${PYTHON_USEDEP}]
-	!~dev-python/oslo-messaging-1.17.0[${PYTHON_USEDEP}]
-	!~dev-python/oslo-messaging-1.17.1[${PYTHON_USEDEP}]
-	<=dev-python/oslo-messaging-2.5.0[${PYTHON_USEDEP}]
-	>=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}]
-	<=dev-python/oslo-i18n-2.6.0[${PYTHON_USEDEP}]
-	>=dev-python/oslo-service-0.7.0[${PYTHON_USEDEP}]
-	<=dev-python/oslo-service-0.9.0[${PYTHON_USEDEP}]
-	>=dev-python/rfc3986-0.2.0[${PYTHON_USEDEP}]
-	<=dev-python/rfc3986-0.2.2[${PYTHON_USEDEP}]
-	>=dev-python/oslo-middleware-2.8.0[${PYTHON_USEDEP}]
-	<=dev-python/oslo-middleware-2.8.0[${PYTHON_USEDEP}]
-	>=dev-python/psutil-1.1.1[${PYTHON_USEDEP}]
-	<dev-python/psutil-2.0.0[${PYTHON_USEDEP}]
-	>=dev-python/oslo-versionedobjects-0.9.0[${PYTHON_USEDEP}]
-	<=dev-python/oslo-versionedobjects-0.10.0[${PYTHON_USEDEP}]
-	>=dev-python/alembic-0.8.0[${PYTHON_USEDEP}]
-	<=dev-python/alembic-0.8.20[${PYTHON_USEDEP}]
-	>=dev-python/os-brick-0.4.0[${PYTHON_USEDEP}]
-	<=dev-python/os-brick-0.5.0[${PYTHON_USEDEP}]
-	<=dev-python/libvirt-python-1.3.0[${PYTHON_USEDEP}]
-	app-emulation/libvirt[iscsi?]
-	novncproxy? ( www-apps/novnc )
-	sys-apps/iproute2
-	openvswitch? ( <=net-misc/openvswitch-2.4.0 )
-	rabbitmq? ( net-misc/rabbitmq-server )
-	memcached? ( net-misc/memcached
-	<=dev-python/python-memcached-1.57 )
-	sys-fs/sysfsutils
-	sys-fs/multipath-tools
-	net-misc/bridge-utils
-	compute? (
-		app-cdr/cdrkit
-		kvm? ( app-emulation/qemu )
-		xen? ( app-emulation/xen
-			   app-emulation/xen-tools )
-	)
-	iscsi? (
-		sys-fs/lsscsi
-		>=sys-block/open-iscsi-2.0.872-r3
-	)"
-
-PATCHES=(
-	"${FILESDIR}"/cve-2015-7548-stable-liberty-0001.patch
-	"${FILESDIR}"/cve-2015-7548-stable-liberty-0002.patch
-	"${FILESDIR}"/cve-2015-7548-stable-liberty-0003.patch
-)
-
-pkg_setup() {
-	linux-info_pkg_setup
-	CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \
-	IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \
-	NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \
-	ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT"
-	if linux_config_exists; then
-		for module in ${CONFIG_CHECK_MODULES}; do
-			linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel"
-		done
-	fi
-	enewgroup nova
-	enewuser nova -1 -1 /var/lib/nova nova
-}
-
-python_prepare_all() {
-	sed -i '/^hacking/d' test-requirements.txt || die
-	distutils-r1_python_prepare_all
-}
-
-python_test() {
-	testr init
-	testr run --parallel || die "failed testsuite under python2.7"
-}
-
-python_install() {
-	distutils-r1_python_install
-
-	if use !compute-only; then
-		for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
-			newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
-		done
-	fi
-	use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
-	use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy"
-
-	diropts -m 0750 -o nova -g qemu
-	dodir /var/log/nova /var/lib/nova/instances
-	diropts -m 0750 -o nova -g nova
-
-	insinto /etc/nova
-	insopts -m 0640 -o nova -g nova
-	newins "${FILESDIR}/etc.liberty/api-paste.ini" "api-paste.ini"
-	newins "${FILESDIR}/etc.liberty/cells.json" "cells.json"
-	newins "${FILESDIR}/etc.liberty/logging_sample.conf" "logging_sample.conf"
-	newins "${DISTDIR}/liberty-nova.conf.sample" "nova.conf.sample"
-	newins "${FILESDIR}/etc.liberty/policy.json" "policy.json"
-	newins "${FILESDIR}/etc.liberty/rootwrap.conf" "rootwrap.conf"
-	#rootwrap filters
-	insinto /etc/nova/rootwrap.d
-	newins "${FILESDIR}/etc.liberty/rootwrap.d/api-metadata.filters" "api-metadata.filters"
-	newins "${FILESDIR}/etc.liberty/rootwrap.d/compute.filters" "compute.filters"
-	newins "${FILESDIR}/etc.liberty/rootwrap.d/network.filters" "network.filters"
-	#copy migration conf file (not coppied on install via setup.py script)
-	insopts -m 0644
-	insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/
-	doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg"
-	#copy the CA cert dir (not coppied on install via setup.py script)
-	cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "installing CA files failed"
-
-	#add sudoers definitions for user nova
-	insinto /etc/sudoers.d/
-	insopts -m 0600 -o root -g root
-	doins "${FILESDIR}/nova-sudoers"
-
-	if use iscsi ; then
-		# Install udev rules for handle iscsi disk with right links under /dev
-		udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules
-
-		insinto /etc/nova/
-		doins "${FILESDIR}/scsi-openscsi-link.sh"
-	fi
-}
-
-pkg_postinst() {
-	if use iscsi ; then
-		elog "iscsid needs to be running if you want cinder to connect"
-	fi
-}
diff --git a/sys-cluster/nova/nova-12.0.0-r2.ebuild b/sys-cluster/nova/nova-12.0.0-r2.ebuild
new file mode 100644
index 000000000000..19b40113c370
--- /dev/null
+++ b/sys-cluster/nova/nova-12.0.0-r2.ebuild
@@ -0,0 +1,296 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 python3_4 )
+
+inherit distutils-r1 eutils linux-info multilib user
+
+DESCRIPTION="Cloud computing fabric controller (main part of an IaaS system) in Python"
+HOMEPAGE="https://launchpad.net/nova"
+SRC_URI="
+	https://launchpad.net/${PN}/liberty/${PV}/+download/${P}.tar.gz
+	https://dev.gentoo.org/~prometheanfire/dist/nova/liberty/nova.conf.sample -> liberty-nova.conf.sample"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+compute compute-only iscsi +kvm +memcached mysql +novncproxy openvswitch postgres +rabbitmq sqlite test xen"
+REQUIRED_USE="
+	!compute-only? ( || ( mysql postgres sqlite ) )
+	compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite )
+	compute? ( ^^ ( kvm xen ) )"
+
+CDEPEND=">=dev-python/pbr-1.8[${PYTHON_USEDEP}]"
+# need to package dev-python/sphinxcontrib-seqdiag
+DEPEND="
+	>=dev-python/setuptools-16.0[${PYTHON_USEDEP}]
+	${CDEPEND}
+	app-admin/sudo
+	test? (
+		${RDEPEND}
+		>=dev-python/coverage-3.6[${PYTHON_USEDEP}]
+		<=dev-python/coverage-4.0[${PYTHON_USEDEP}]
+		~dev-python/fixtures-1.3.1[${PYTHON_USEDEP}]
+		>=dev-python/mock-1.2[${PYTHON_USEDEP}]
+		<=dev-python/mock-1.3.0[${PYTHON_USEDEP}]
+		>=dev-python/mox3-0.7.0[${PYTHON_USEDEP}]
+		<=dev-python/mox3-0.10.0[${PYTHON_USEDEP}]
+		>=dev-python/psycopg-2.5[${PYTHON_USEDEP}]
+		<=dev-python/psycopg-2.6.1[${PYTHON_USEDEP}]
+		>=dev-python/pymysql-0.6.2[${PYTHON_USEDEP}]
+		<=dev-python/pymysql-0.6.6[${PYTHON_USEDEP}]
+		~dev-python/python-barbicanclient-3.3.0[${PYTHON_USEDEP}]
+		>=dev-python/python-ironicclient-0.8.0[${PYTHON_USEDEP}]
+		<=dev-python/python-ironicclient-0.8.1[${PYTHON_USEDEP}]
+		>=dev-python/subunit-0.0.18[${PYTHON_USEDEP}]
+		<=dev-python/subunit-1.1.0[${PYTHON_USEDEP}]
+		~dev-python/requests-mock-0.6.0[${PYTHON_USEDEP}]
+		>=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
+		!~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
+		<dev-python/sphinx-1.3[${PYTHON_USEDEP}]
+		>=dev-python/pillow-2.4.0[${PYTHON_USEDEP}]
+		<dev-python/pillow-3.0.0[${PYTHON_USEDEP}]
+		>=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
+		<=dev-python/oslo-sphinx-3.2.0[${PYTHON_USEDEP}]
+		>=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}]
+		<=dev-python/oslotest-1.11.0[${PYTHON_USEDEP}]
+		>=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
+		<=dev-python/testrepository-0.0.20[${PYTHON_USEDEP}]
+		>=dev-python/testresources-0.2.4[${PYTHON_USEDEP}]
+		<=dev-python/testresources-0.2.7-r9999[${PYTHON_USEDEP}]
+		>=dev-python/testtools-1.4.0[${PYTHON_USEDEP}]
+		<=dev-python/testtools-1.8.0[${PYTHON_USEDEP}]
+		>=dev-python/tempest-lib-0.8.0[${PYTHON_USEDEP}]
+		<=dev-python/tempest-lib-0.9.0[${PYTHON_USEDEP}]
+		~dev-python/bandit-0.13.2[${PYTHON_USEDEP}]
+		>=dev-python/oslo-vmware-0.16.0[${PYTHON_USEDEP}]
+		<=dev-python/oslo-vmware-1.21.0[${PYTHON_USEDEP}]
+	)"
+
+# barbicanclient is in here for doc generation
+RDEPEND="
+	${CDEPEND}
+	compute-only? (
+		>=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}]
+		<dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
+	)
+	sqlite? (
+		>=dev-python/sqlalchemy-0.9.9[sqlite,${PYTHON_USEDEP}]
+		<dev-python/sqlalchemy-1.1.0[sqlite,${PYTHON_USEDEP}]
+	)
+	mysql? (
+		dev-python/mysql-python
+		>=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}]
+		<dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
+	)
+	postgres? (
+		dev-python/psycopg:2
+		>=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}]
+		<dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
+	)
+	>=dev-python/boto-2.32.1[${PYTHON_USEDEP}]
+	<=dev-python/boto-2.38.0[${PYTHON_USEDEP}]
+	>=dev-python/decorator-3.4.0[${PYTHON_USEDEP}]
+	<=dev-python/decorator-4.0.2[${PYTHON_USEDEP}]
+	~dev-python/eventlet-0.17.4[${PYTHON_USEDEP}]
+	>=dev-python/jinja-2.6[${PYTHON_USEDEP}]
+	<=dev-python/jinja-2.8[${PYTHON_USEDEP}]
+	>=dev-python/keystonemiddleware-2.0.0[${PYTHON_USEDEP}]
+	<=dev-python/keystonemiddleware-2.3.1[${PYTHON_USEDEP}]
+	>=dev-python/lxml-2.3[${PYTHON_USEDEP}]
+	<=dev-python/lxml-3.4.4[${PYTHON_USEDEP}]
+	>=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
+	!~dev-python/routes-2.0[${PYTHON_USEDEP}]
+	!~dev-python/routes-2.1[$(python_gen_usedep 'python2_7')]
+	<=dev-python/routes-2.2[${PYTHON_USEDEP}]
+	>=dev-python/cryptography-1.0[${PYTHON_USEDEP}]
+	<=dev-python/cryptography-1.1-r9999[${PYTHON_USEDEP}]
+	>=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
+	<=dev-python/webob-1.4.1[${PYTHON_USEDEP}]
+	>=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
+	<=dev-python/greenlet-0.4.9[${PYTHON_USEDEP}]
+	>=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
+	<=dev-python/pastedeploy-1.5.2[${PYTHON_USEDEP}]
+	<=dev-python/paste-2.0.2[${PYTHON_USEDEP}]
+	>=dev-python/prettytable-0.7[${PYTHON_USEDEP}]
+	<dev-python/prettytable-0.8[${PYTHON_USEDEP}]
+	>=dev-python/sqlalchemy-migrate-0.9.6[${PYTHON_USEDEP}]
+	<=dev-python/sqlalchemy-migrate-0.10.0[${PYTHON_USEDEP}]
+	>=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}]
+	!~dev-python/netaddr-0.7.16[${PYTHON_USEDEP}]
+	<=dev-python/netaddr-0.7.18[${PYTHON_USEDEP}]
+	~dev-python/netifaces-0.10.4[${PYTHON_USEDEP}]
+	>=dev-python/paramiko-1.13.0[${PYTHON_USEDEP}]
+	<=dev-python/paramiko-1.15.2[${PYTHON_USEDEP}]
+	>=dev-python/Babel-1.3[${PYTHON_USEDEP}]
+	<=dev-python/Babel-2.0[${PYTHON_USEDEP}]
+	>=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
+	<=dev-python/iso8601-0.1.10[${PYTHON_USEDEP}]
+	>=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}]
+	!~dev-python/jsonschema-2.5.0[${PYTHON_USEDEP}]
+	<dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}]
+	>=dev-python/python-cinderclient-1.3.1[${PYTHON_USEDEP}]
+	<=dev-python/python-cinderclient-1.4.0[${PYTHON_USEDEP}]
+	>=dev-python/python-keystoneclient-1.6.0[${PYTHON_USEDEP}]
+	<=dev-python/python-keystoneclient-1.7.2-r9999[${PYTHON_USEDEP}]
+	>=dev-python/python-neutronclient-2.6.0[${PYTHON_USEDEP}]
+	<=dev-python/python-neutronclient-3.1.0[${PYTHON_USEDEP}]
+	>=dev-python/python-glanceclient-0.18.0[${PYTHON_USEDEP}]
+	<=dev-python/python-glanceclient-1.1.0[${PYTHON_USEDEP}]
+	>=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}]
+	<=dev-python/python-barbicanclient-3.3.0[${PYTHON_USEDEP}]
+	~dev-python/six-1.9.0[${PYTHON_USEDEP}]
+	>=dev-python/stevedore-1.5.0[${PYTHON_USEDEP}]
+	<=dev-python/stevedore-1.8.0[${PYTHON_USEDEP}]
+	>=dev-python/setuptools-16.0[${PYTHON_USEDEP}]
+	>=dev-python/websockify-0.6.1[${PYTHON_USEDEP}]
+	>=dev-python/websockify-0.6.1[${PYTHON_USEDEP}]
+	<=dev-python/websockify-0.7.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-concurrency-2.3.0[${PYTHON_USEDEP}]
+	<=dev-python/oslo-concurrency-2.6.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-config-2.3.0[${PYTHON_USEDEP}]
+	<=dev-python/oslo-config-2.4.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}]
+	<=dev-python/oslo-context-0.6.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-log-1.8.0[${PYTHON_USEDEP}]
+	<=dev-python/oslo-log-1.11.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-reports-0.1.0[${PYTHON_USEDEP}]
+	<=dev-python/oslo-reports-0.5.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}]
+	<=dev-python/oslo-serialization-1.9.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-utils-2.0.0[${PYTHON_USEDEP}]
+	<=dev-python/oslo-utils-2.5.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-db-2.4.1[${PYTHON_USEDEP}]
+	<=dev-python/oslo-db-2.6.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-rootwrap-2.0.0[${PYTHON_USEDEP}]
+	<=dev-python/oslo-rootwrap-2.3.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-messaging-1.16.0[${PYTHON_USEDEP}]
+	!~dev-python/oslo-messaging-1.17.0[${PYTHON_USEDEP}]
+	!~dev-python/oslo-messaging-1.17.1[${PYTHON_USEDEP}]
+	<=dev-python/oslo-messaging-2.5.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}]
+	<=dev-python/oslo-i18n-2.6.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-service-0.7.0[${PYTHON_USEDEP}]
+	<=dev-python/oslo-service-0.9.0[${PYTHON_USEDEP}]
+	>=dev-python/rfc3986-0.2.0[${PYTHON_USEDEP}]
+	<=dev-python/rfc3986-0.2.2[${PYTHON_USEDEP}]
+	>=dev-python/oslo-middleware-2.8.0[${PYTHON_USEDEP}]
+	<=dev-python/oslo-middleware-2.8.0[${PYTHON_USEDEP}]
+	>=dev-python/psutil-1.1.1[${PYTHON_USEDEP}]
+	<dev-python/psutil-2.0.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-versionedobjects-0.9.0[${PYTHON_USEDEP}]
+	<=dev-python/oslo-versionedobjects-0.10.0[${PYTHON_USEDEP}]
+	>=dev-python/alembic-0.8.0[${PYTHON_USEDEP}]
+	<=dev-python/alembic-0.8.20[${PYTHON_USEDEP}]
+	>=dev-python/os-brick-0.4.0[${PYTHON_USEDEP}]
+	<=dev-python/os-brick-0.5.0[${PYTHON_USEDEP}]
+	<=dev-python/libvirt-python-1.3.0[${PYTHON_USEDEP}]
+	app-emulation/libvirt[iscsi?]
+	novncproxy? ( www-apps/novnc )
+	sys-apps/iproute2
+	openvswitch? ( <=net-misc/openvswitch-2.4.0 )
+	rabbitmq? ( net-misc/rabbitmq-server )
+	memcached? ( net-misc/memcached
+	<=dev-python/python-memcached-1.57 )
+	sys-fs/sysfsutils
+	sys-fs/multipath-tools
+	net-misc/bridge-utils
+	compute? (
+		app-cdr/cdrkit
+		kvm? ( app-emulation/qemu )
+		xen? ( app-emulation/xen
+			   app-emulation/xen-tools )
+	)
+	iscsi? (
+		sys-fs/lsscsi
+		>=sys-block/open-iscsi-2.0.872-r3
+	)"
+
+PATCHES=(
+	"${FILESDIR}"/cve-2015-7548-stable-liberty-0001.patch
+	"${FILESDIR}"/cve-2015-7548-stable-liberty-0002.patch
+	"${FILESDIR}"/cve-2015-7548-stable-liberty-0003.patch
+	"${FILESDIR}"/cve-2015-7548-stable-liberty-0004.patch
+)
+
+pkg_setup() {
+	linux-info_pkg_setup
+	CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \
+	IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \
+	NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \
+	ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT"
+	if linux_config_exists; then
+		for module in ${CONFIG_CHECK_MODULES}; do
+			linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel"
+		done
+	fi
+	enewgroup nova
+	enewuser nova -1 -1 /var/lib/nova nova
+}
+
+python_prepare_all() {
+	sed -i '/^hacking/d' test-requirements.txt || die
+	distutils-r1_python_prepare_all
+}
+
+python_test() {
+	testr init
+	testr run --parallel || die "failed testsuite under python2.7"
+}
+
+python_install() {
+	distutils-r1_python_install
+
+	if use !compute-only; then
+		for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
+			newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
+		done
+	fi
+	use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
+	use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy"
+
+	diropts -m 0750 -o nova -g qemu
+	dodir /var/log/nova /var/lib/nova/instances
+	diropts -m 0750 -o nova -g nova
+
+	insinto /etc/nova
+	insopts -m 0640 -o nova -g nova
+	newins "${FILESDIR}/etc.liberty/api-paste.ini" "api-paste.ini"
+	newins "${FILESDIR}/etc.liberty/cells.json" "cells.json"
+	newins "${FILESDIR}/etc.liberty/logging_sample.conf" "logging_sample.conf"
+	newins "${DISTDIR}/liberty-nova.conf.sample" "nova.conf.sample"
+	newins "${FILESDIR}/etc.liberty/policy.json" "policy.json"
+	newins "${FILESDIR}/etc.liberty/rootwrap.conf" "rootwrap.conf"
+	#rootwrap filters
+	insinto /etc/nova/rootwrap.d
+	newins "${FILESDIR}/etc.liberty/rootwrap.d/api-metadata.filters" "api-metadata.filters"
+	newins "${FILESDIR}/etc.liberty/rootwrap.d/compute.filters" "compute.filters"
+	newins "${FILESDIR}/etc.liberty/rootwrap.d/network.filters" "network.filters"
+	#copy migration conf file (not coppied on install via setup.py script)
+	insopts -m 0644
+	insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/
+	doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg"
+	#copy the CA cert dir (not coppied on install via setup.py script)
+	cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "installing CA files failed"
+
+	#add sudoers definitions for user nova
+	insinto /etc/sudoers.d/
+	insopts -m 0600 -o root -g root
+	doins "${FILESDIR}/nova-sudoers"
+
+	if use iscsi ; then
+		# Install udev rules for handle iscsi disk with right links under /dev
+		udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules
+
+		insinto /etc/nova/
+		doins "${FILESDIR}/scsi-openscsi-link.sh"
+	fi
+}
+
+pkg_postinst() {
+	if use iscsi ; then
+		elog "iscsid needs to be running if you want cinder to connect"
+	fi
+}
-- 
cgit v1.2.3-65-gdbad