nixpkgs/pkgs/tools/admin/ansible/default.nix

{ python3Packages, fetchurl }:

{
  ansible = with python3Packages; toPythonApplication ansible;

  ansible_2_8 = with python3Packages; toPythonApplication ansible;

  ansible_2_7 = with python3Packages; toPythonApplication (ansible.overridePythonAttrs(old: rec {
    pname = "ansible";
    version = "2.7.15";

    src = fetchurl {
      url = "https://releases.ansible.com/ansible/${pname}-${version}.tar.gz";
      sha256 = "1kjqr35c11njyi3f2rjab6821bhqcrdykv4285q76gwv0qynigwr";
    };
  }));

  ansible_2_6 = with python3Packages; toPythonApplication (ansible.overridePythonAttrs(old: rec {
    pname = "ansible";
    version = "2.6.17";

    src = fetchurl {
      url = "https://releases.ansible.com/ansible/${pname}-${version}.tar.gz";
      sha256 = "0ixr3g1nb02xblqyk87bzag8sj8phy37m24xflabfl1k2zfh0313";
    };
  }));
}
pythonPackages.ansible: refactor move to python-modules 2019-02-24 21:52:48 +00:00			`{ python3Packages, fetchurl }:`
ansible: update point releases and unify build 1) We had lots of copy paste - instead use a generic builder for the various reasons. 2) Default version changed to latest (2.5 instead of 2.4) 3) Point release updates to all 2018-05-10 07:09:15 +01:00
pythonPackages.ansible: refactor move to python-modules 2019-02-24 21:52:48 +00:00			`{`
			`ansible = with python3Packages; toPythonApplication ansible;`

ansible: 2.7.6 -> 2.8.1 2019-05-18 09:59:35 +01:00			`ansible_2_8 = with python3Packages; toPythonApplication ansible;`

			`ansible_2_7 = with python3Packages; toPythonApplication (ansible.overridePythonAttrs(old: rec {`
			`pname = "ansible";`
ansible_2_7: 2.7.11 -> 2.7.15 This fixes the following security issues: * Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs (CVE-2019-14864) * CVE-2019-14846 - Several Ansible plugins could disclose aws credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py, lookup/aws_account_attribute.py, and lookup/aws_secret.py, lookup/aws_ssm.py use the boto3 library from the Ansible process. The boto3 library logs credentials at log level DEBUG. If Ansible's logging was enabled (by setting LOG_PATH to a value) Ansible would set the global log level to DEBUG. This was inherited by boto and would then log boto credentials to the file specified by LOG_PATH. This did not affect aws ansible modules as those are executed in a separate process. This has been fixed by switching to log level INFO * Convert CLI provided passwords to text initially, to prevent unsafe context being lost when converting from bytes->text during post processing of PlayContext. This prevents CLI provided passwords from being incorrectly templated (CVE-2019-14856) * properly hide parameters marked with no_log in suboptions when invalid parameters are passed to the module (CVE-2019-14858) * resolves CVE-2019-10206, by avoiding templating passwords from prompt as it is probable they have special characters. * Handle improper variable substitution that was happening in safe_eval, it was always meant to just do 'type enforcement' and have Jinja2 deal with all variable interpolation. Also see CVE-2019-10156 Changelog: https://github.com/ansible/ansible/blob/0623dedf2d9c4afc09e5be30d3ef249f9d1ebece/changelogs/CHANGELOG-v2.7.rst#v2-7-15 2019-12-15 20:12:20 +00:00			`version = "2.7.15";`
ansible: 2.7.6 -> 2.8.1 2019-05-18 09:59:35 +01:00
			`src = fetchurl {`
			`url = "https://releases.ansible.com/ansible/${pname}-${version}.tar.gz";`
ansible_2_7: 2.7.11 -> 2.7.15 This fixes the following security issues: * Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs (CVE-2019-14864) * CVE-2019-14846 - Several Ansible plugins could disclose aws credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py, lookup/aws_account_attribute.py, and lookup/aws_secret.py, lookup/aws_ssm.py use the boto3 library from the Ansible process. The boto3 library logs credentials at log level DEBUG. If Ansible's logging was enabled (by setting LOG_PATH to a value) Ansible would set the global log level to DEBUG. This was inherited by boto and would then log boto credentials to the file specified by LOG_PATH. This did not affect aws ansible modules as those are executed in a separate process. This has been fixed by switching to log level INFO * Convert CLI provided passwords to text initially, to prevent unsafe context being lost when converting from bytes->text during post processing of PlayContext. This prevents CLI provided passwords from being incorrectly templated (CVE-2019-14856) * properly hide parameters marked with no_log in suboptions when invalid parameters are passed to the module (CVE-2019-14858) * resolves CVE-2019-10206, by avoiding templating passwords from prompt as it is probable they have special characters. * Handle improper variable substitution that was happening in safe_eval, it was always meant to just do 'type enforcement' and have Jinja2 deal with all variable interpolation. Also see CVE-2019-10156 Changelog: https://github.com/ansible/ansible/blob/0623dedf2d9c4afc09e5be30d3ef249f9d1ebece/changelogs/CHANGELOG-v2.7.rst#v2-7-15 2019-12-15 20:12:20 +00:00			`sha256 = "1kjqr35c11njyi3f2rjab6821bhqcrdykv4285q76gwv0qynigwr";`
ansible: 2.7.6 -> 2.8.1 2019-05-18 09:59:35 +01:00			`};`
			`}));`
ansible: update point releases and unify build 1) We had lots of copy paste - instead use a generic builder for the various reasons. 2) Default version changed to latest (2.5 instead of 2.4) 3) Point release updates to all 2018-05-10 07:09:15 +01:00
pythonPackages.ansible: refactor move to python-modules 2019-02-24 21:52:48 +00:00			`ansible_2_6 = with python3Packages; toPythonApplication (ansible.overridePythonAttrs(old: rec {`
			`pname = "ansible";`
ansible_2_6: 2.6.15 -> 2.6.17 2019-06-09 03:02:30 +01:00			`version = "2.6.17";`
ansible: install man pages (#44980) 2018-08-13 14:30:41 +01:00
ansible: update point releases and unify build 1) We had lots of copy paste - instead use a generic builder for the various reasons. 2) Default version changed to latest (2.5 instead of 2.4) 3) Point release updates to all 2018-05-10 07:09:15 +01:00			`src = fetchurl {`
treewide: http -> https sources (#42676) * treewide: http -> https sources This updates the source urls of all top-level packages from http to https where possible. * buildtorrent: fix url and tab -> spaces 2018-06-28 19:43:35 +01:00			`url = "https://releases.ansible.com/ansible/${pname}-${version}.tar.gz";`
ansible_2_6: 2.6.15 -> 2.6.17 2019-06-09 03:02:30 +01:00			`sha256 = "0ixr3g1nb02xblqyk87bzag8sj8phy37m24xflabfl1k2zfh0313";`
ansible: update point releases and unify build 1) We had lots of copy paste - instead use a generic builder for the various reasons. 2) Default version changed to latest (2.5 instead of 2.4) 3) Point release updates to all 2018-05-10 07:09:15 +01:00			`};`
pythonPackages.ansible: refactor move to python-modules 2019-02-24 21:52:48 +00:00			`}));`
ansible: update point releases and unify build 1) We had lots of copy paste - instead use a generic builder for the various reasons. 2) Default version changed to latest (2.5 instead of 2.4) 3) Point release updates to all 2018-05-10 07:09:15 +01:00			`}`