概要
- 今回は、Red Hat Enterprise Linux、Cent OS などAmazon Linux 以外のLinux OS において、amazon-efs-utils パッケージのバージョンを 1.x→2.x にアップデートする方法を紹介します。
- amazon-efs-utils パッケージは、Amazon EFS のクライアントにインストールするEFS マウントヘルパーと呼ばれるソフトウェアであり、Amazon EFS のファイルシステムをマウントする際に使用します。
- アップデートの理由は、これまでamazon-efs-utils 1.x をインストールしていましたが、SSRF (Server Side Request Forgery) の脆弱性に対応するため、脆弱性を対策した IMDSv2 をサポートするバージョンのamazon-efs-utils 2.x へ更新を行うためです。
- 今回の記事で紹介するポイントは、Linux OS のディストリビューションから rust パッケージが提供されないケースにおいて、rustプロジェクト(https://rustup.rs/) のrustをインストールし使用することができますが、その際にデフォルトのMakefile では RPMのビルドがエラーとなるため、Makefile のカスタマイズでエラーを回避することを紹介しています。
(参考) インストールガイド
- Amazon Linux ではyumコマンドを使用してインストールを行いますが、Red Hat Enterprise Linux、Cent OS などAmazon Linux 以外のLinux OS では、以下に記載されている手順を使用してamazon-efs-utilsを行います。
amazon-efs-utils 2.x インストール方法
- 今回、Red Hat Enterprise Linux 7.9 にamazon-efs-utils のインストールを試みましたが、このディストリビューションには、rust、cargo のパッケージが提供されておらず、インストールガイドに記載の手順だけではインストールができませんでした..。以下に、インストール方法を記載します。※Red Hat Enterprise Linux 7、CentOS 7 はサポートが終了になっているため、前提となるパッケージがインストールできない場合や本記事の手順とは異なる結果になる可能性があります。
- 先ず、インストールガイドに記載の通り、以下のコマンドを実行します。
- sudo yum -y install git rpm-build make rust cargo openssl-devel
sh-4.2$ sudo yum -y install git rpm-build make rust cargo openssl-devel Loaded plugins: amazon-id, search-disabled-repos rhel-7-server-rhui-rh-common-rpms | 3.8 kB 00:00:00 rhel-7-server-rhui-rpms | 3.5 kB 00:00:00 rhui-client-config-server-7 | 1.5 kB 00:00:00 (1/2): rhel-7-server-rhui-rpms/7Server/x86_64/updateinfo | 4.3 MB 00:00:00 (2/2): rhel-7-server-rhui-rpms/7Server/x86_64/primary_db | 96 MB 00:00:01 Package rpm-build-4.11.3-48.el7_9.x86_64 already installed and latest version Package 1:make-3.82-24.el7.x86_64 already installed and latest version No package rust available. No package cargo available. Resolving Dependencies --> Running transaction check ---> Package git.x86_64 0:1.8.3.1-23.el7_8 will be updated --> Processing Dependency: git = 1.8.3.1-23.el7_8 for package: perl-Git-1.8.3.1-23.el7_8.noarch ---> Package git.x86_64 0:1.8.3.1-25.el7_9 will be an update ---> Package openssl-devel.x86_64 1:1.0.2k-25.el7_9 will be updated ---> Package openssl-devel.x86_64 1:1.0.2k-26.el7_9 will be an update --> Processing Dependency: openssl-libs(x86-64) = 1:1.0.2k-26.el7_9 for package: 1:openssl-devel-1.0.2k-26.el7_9.x86_64 --> Running transaction check ---> Package openssl-libs.x86_64 1:1.0.2k-25.el7_9 will be updated --> Processing Dependency: openssl-libs(x86-64) = 1:1.0.2k-25.el7_9 for package: 1:openssl-1.0.2k-25.el7_9.x86_64 ---> Package openssl-libs.x86_64 1:1.0.2k-26.el7_9 will be an update ---> Package perl-Git.noarch 0:1.8.3.1-23.el7_8 will be updated ---> Package perl-Git.noarch 0:1.8.3.1-25.el7_9 will be an update --> Running transaction check ---> Package openssl.x86_64 1:1.0.2k-25.el7_9 will be updated ---> Package openssl.x86_64 1:1.0.2k-26.el7_9 will be an update --> Finished Dependency Resolution Dependencies Resolved =============================================================================================================================================================================================================================================================================== Package Arch Version Repository Size =============================================================================================================================================================================================================================================================================== Updating: git x86_64 1.8.3.1-25.el7_9 rhel-7-server-rhui-rpms 4.4 M openssl-devel x86_64 1:1.0.2k-26.el7_9 rhel-7-server-rhui-rpms 1.5 M Updating for dependencies: openssl x86_64 1:1.0.2k-26.el7_9 rhel-7-server-rhui-rpms 494 k openssl-libs x86_64 1:1.0.2k-26.el7_9 rhel-7-server-rhui-rpms 1.2 M perl-Git noarch 1.8.3.1-25.el7_9 rhel-7-server-rhui-rpms 56 k Transaction Summary =============================================================================================================================================================================================================================================================================== Upgrade 2 Packages (+3 Dependent packages) Total download size: 7.6 M Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/5): git-1.8.3.1-25.el7_9.x86_64.rpm | 4.4 MB 00:00:00 (2/5): openssl-1.0.2k-26.el7_9.x86_64.rpm | 494 kB 00:00:00 (3/5): openssl-libs-1.0.2k-26.el7_9.x86_64.rpm | 1.2 MB 00:00:00 (4/5): openssl-devel-1.0.2k-26.el7_9.x86_64.rpm | 1.5 MB 00:00:00 (5/5): perl-Git-1.8.3.1-25.el7_9.noarch.rpm | 56 kB 00:00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 15 MB/s | 7.6 MB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Warning: RPMDB altered outside of yum. Updating : 1:openssl-libs-1.0.2k-26.el7_9.x86_64 1/10 Updating : perl-Git-1.8.3.1-25.el7_9.noarch 2/10 Updating : git-1.8.3.1-25.el7_9.x86_64 3/10 Updating : 1:openssl-devel-1.0.2k-26.el7_9.x86_64 4/10 Updating : 1:openssl-1.0.2k-26.el7_9.x86_64 5/10 Cleanup : git-1.8.3.1-23.el7_8.x86_64 6/10 Cleanup : perl-Git-1.8.3.1-23.el7_8.noarch 7/10 Cleanup : 1:openssl-devel-1.0.2k-25.el7_9.x86_64 8/10 Cleanup : 1:openssl-1.0.2k-25.el7_9.x86_64 9/10 Cleanup : 1:openssl-libs-1.0.2k-25.el7_9.x86_64 10/10 Verifying : 1:openssl-devel-1.0.2k-26.el7_9.x86_64 1/10 Verifying : 1:openssl-libs-1.0.2k-26.el7_9.x86_64 2/10 Verifying : perl-Git-1.8.3.1-25.el7_9.noarch 3/10 Verifying : 1:openssl-1.0.2k-26.el7_9.x86_64 4/10 Verifying : git-1.8.3.1-25.el7_9.x86_64 5/10 Verifying : git-1.8.3.1-23.el7_8.x86_64 6/10 Verifying : 1:openssl-libs-1.0.2k-25.el7_9.x86_64 7/10 Verifying : 1:openssl-devel-1.0.2k-25.el7_9.x86_64 8/10 Verifying : 1:openssl-1.0.2k-25.el7_9.x86_64 9/10 Verifying : perl-Git-1.8.3.1-23.el7_8.noarch 10/10 Updated: git.x86_64 0:1.8.3.1-25.el7_9 openssl-devel.x86_64 1:1.0.2k-26.el7_9 Dependency Updated: openssl.x86_64 1:1.0.2k-26.el7_9 openssl-libs.x86_64 1:1.0.2k-26.el7_9 perl-Git.noarch 0:1.8.3.1-25.el7_9 Complete!
- rust、cargo のパッケージはインストトールされなかったため、インストールガイドに記載の通り、次のコマンドを実行します。
- curl –proto ‘=https’ –tlsv1.2 -sSf https://sh.rustup.rs | sh
. “$HOME/.cargo/env”
- curl –proto ‘=https’ –tlsv1.2 -sSf https://sh.rustup.rs | sh
sh-4.2$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
info: downloading installer
Warning: Not enforcing strong cipher suites for TLS, this is potentially less secure
Welcome to Rust!
This will download and install the official compiler for the Rust
programming language, and its package manager, Cargo.
Rustup metadata and toolchains will be installed into the Rustup
home directory, located at:
/home/ssm-user/.rustup
This can be modified with the RUSTUP_HOME environment variable.
The Cargo home directory is located at:
/home/ssm-user/.cargo
This can be modified with the CARGO_HOME environment variable.
The cargo, rustc, rustup and other commands will be added to
Cargo's bin directory, located at:
/home/ssm-user/.cargo/bin
This path will then be added to your PATH environment variable by
modifying the profile files located at:
/home/ssm-user/.profile
/home/ssm-user/.bash_profile
/home/ssm-user/.bashrc
You can uninstall at any time with rustup self uninstall and
these changes will be reverted.
Current installation options:
default host triple: x86_64-unknown-linux-gnu
default toolchain: stable (default)
profile: default
modify PATH variable: yes
1) Proceed with standard installation (default - just press enter)
2) Customize installation
3) Cancel installation
>
info: profile set to 'default'
info: default host triple is x86_64-unknown-linux-gnu
info: syncing channel updates for 'stable-x86_64-unknown-linux-gnu'
info: latest update on 2024-10-17, rust version 1.82.0 (f6e511eec 2024-10-15)
info: downloading component 'cargo'
info: downloading component 'clippy'
info: downloading component 'rust-docs'
info: downloading component 'rust-std'
info: downloading component 'rustc'
info: downloading component 'rustfmt'
info: installing component 'cargo'
info: installing component 'clippy'
info: installing component 'rust-docs'
16.3 MiB / 16.3 MiB (100 %) 1.5 MiB/s in 10s ETA: 0s
info: installing component 'rust-std'
26.0 MiB / 26.0 MiB (100 %) 10.6 MiB/s in 2s ETA: 0s
info: installing component 'rustc'
70.8 MiB / 70.8 MiB (100 %) 10.5 MiB/s in 6s ETA: 0s
info: installing component 'rustfmt'
info: default toolchain set to 'stable-x86_64-unknown-linux-gnu'
stable-x86_64-unknown-linux-gnu installed - rustc 1.82.0 (f6e511eec 2024-10-15)
Rust is installed now. Great!
To get started you may need to restart your current shell.
This would reload your PATH environment variable to include
Cargo's bin directory ($HOME/.cargo/bin).
To configure your current shell, you need to source
the corresponding env file under $HOME/.cargo.
This is usually done by running one of the following (note the leading DOT):
. "$HOME/.cargo/env" # For sh/bash/zsh/ash/dash/pdksh
source "$HOME/.cargo/env.fish" # For fish
sh-4.2$ . "$HOME/.cargo/env"
- git clone を行います。
- git clone https://github.com/aws/efs-utils
sh-4.2$ git clone https://github.com/aws/efs-utils Cloning into 'efs-utils'... remote: Enumerating objects: 1801, done. remote: Counting objects: 100% (420/420), done. remote: Compressing objects: 100% (139/139), done. remote: Total 1801 (delta 326), reused 307 (delta 273), pack-reused 1381 (from 1) Receiving objects: 100% (1801/1801), 782.66 KiB | 0 bytes/s, done. Resolving deltas: 100% (1161/1161), done.
- ここでMakefile のカスタマイズが必要になります。デフォルトのMakefile を使用した場合、以下のエラーとなります。
error: Failed build dependencies:
cargo is needed by amazon-efs-utils-2.1.0-1.el7_9.x86_64
rust is needed by amazon-efs-utils-2.1.0-1.el7_9.x86_64
make: *** [rpm-only] Error 1
- Makefile のRPM_BUILD_FLAGS を変更します。
- cd efs-utils
- vi Makefile
sh-4.2$ cd efs-utils sh-4.2$ vi Makefile ** 変更前 ** RPM_BUILD_FLAGS ?= --with system_rust ** 変更後 ** RPM_BUILD_FLAGS ?= --without system_rust
- RPM をビルドします。
- make rpm
sh-4.2$ make rpm
rm -rf build/rpmbuild
rm -rf amazon-efs-utils
rm -f amazon-efs-utils.tar.gz
mkdir -p amazon-efs-utils
mkdir -p amazon-efs-utils/dist
cp -p dist/amazon-efs-mount-watchdog.conf amazon-efs-utils/dist
cp -p dist/amazon-efs-mount-watchdog.service amazon-efs-utils/dist
cp -p dist/efs-utils.conf amazon-efs-utils/dist
cp -p dist/efs-utils.crt amazon-efs-utils/dist
mkdir -p amazon-efs-utils/src
cp -rp src/mount_efs amazon-efs-utils/src
cp -rp src/watchdog amazon-efs-utils/src
cp -rp src/proxy amazon-efs-utils/src
mkdir -p amazon-efs-utils/man
cp -rp man/mount.efs.8 amazon-efs-utils/man
tar -czf amazon-efs-utils.tar.gz amazon-efs-utils/*
mkdir -p build/rpmbuild/{SPECS,COORD_SOURCES,DATA_SOURCES,BUILD,RPMS,SOURCES,SRPMS}
cp amazon-efs-utils.spec build/rpmbuild/SPECS
cp amazon-efs-utils.tar.gz build/rpmbuild/SOURCES
cp config.toml build/rpmbuild/SOURCES
rpmbuild -ba --define "_topdir `pwd`/build/rpmbuild" --define "include_vendor_tarball false" build/rpmbuild/SPECS/amazon-efs-utils.spec --without system_rust
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.QQ4aME
+ umask 022
+ cd /home/ssm-user/efs-utils/build/rpmbuild/BUILD
+ source /home/ssm-user/.cargo/env
++ case ":${PATH}:" in
+ command -v cargo
+ command -v rustc
+ cd /home/ssm-user/efs-utils/build/rpmbuild/BUILD
+ rm -rf amazon-efs-utils
+ /usr/bin/gzip -dc /home/ssm-user/efs-utils/build/rpmbuild/SOURCES/amazon-efs-utils.tar.gz
+ /usr/bin/tar -xvvf -
drwxr-xr-x ssm-user/ssm-user 0 2024-11-14 07:52 amazon-efs-utils/dist/
drwxr-xr-x Creating directory: amazon-efs-utils
-rw-r--r-- ssm-user/ssm-user 571 2024-11-14 07:51 amazon-efs-utils/dist/amazon-efs-mount-watchdog.conf
-rw-r--r-- ssm-user/ssm-user 481 2024-11-14 07:51 amazon-efs-utils/dist/amazon-efs-mount-watchdog.service
-rw-r--r-- ssm-user/ssm-user 3958 2024-11-14 07:51 amazon-efs-utils/dist/efs-utils.conf
-rw-r--r-- ssm-user/ssm-user 4466 2024-11-14 07:51 amazon-efs-utils/dist/efs-utils.crt
drwxr-xr-x ssm-user/ssm-user 0 2024-11-14 07:52 amazon-efs-utils/man/
-rw-r--r-- ssm-user/ssm-user 11199 2024-11-14 07:51 amazon-efs-utils/man/mount.efs.8
drwxr-xr-x ssm-user/ssm-user 0 2024-11-14 07:52 amazon-efs-utils/src/
drwxr-xr-x ssm-user/ssm-user 0 2024-11-14 07:51 amazon-efs-utils/src/mount_efs/
-rwxr-xr-x ssm-user/ssm-user 142997 2024-11-14 07:51 amazon-efs-utils/src/mount_efs/__init__.py
drwxr-xr-x ssm-user/ssm-user 0 2024-11-14 07:51 amazon-efs-utils/src/watchdog/
-rwxr-xr-x ssm-user/ssm-user 79544 2024-11-14 07:51 amazon-efs-utils/src/watchdog/__init__.py
drwxr-xr-x ssm-user/ssm-user 0 2024-11-14 07:51 amazon-efs-utils/src/proxy/
-rw-r--r-- ssm-user/ssm-user 1025 2024-11-14 07:51 amazon-efs-utils/src/proxy/Cargo.toml
-rw-r--r-- ssm-user/ssm-user 110 2024-11-14 07:51 amazon-efs-utils/src/proxy/build.rs
drwxr-xr-x ssm-user/ssm-user 0 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/
-rw-r--r-- ssm-user/ssm-user 7196 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/config_parser.rs
-rw-r--r-- ssm-user/ssm-user 27819 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/connections.rs
-rw-r--r-- ssm-user/ssm-user 61327 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/controller.rs
-rw-r--r-- ssm-user/ssm-user 1145 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/efs_prot.x
-rw-r--r-- ssm-user/ssm-user 11557 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/efs_rpc.rs
-rw-r--r-- ssm-user/ssm-user 1277 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/error.rs
-rw-r--r-- ssm-user/ssm-user 184 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/lib.rs
-rw-r--r-- ssm-user/ssm-user 2200 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/logger.rs
-rw-r--r-- ssm-user/ssm-user 5655 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/main.rs
-rw-r--r-- ssm-user/ssm-user 17069 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/proxy.rs
-rw-r--r-- ssm-user/ssm-user 1348 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/proxy_identifier.rs
-rw-r--r-- ssm-user/ssm-user 8317 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/rpc.rs
-rw-r--r-- ssm-user/ssm-user 2114 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/shutdown.rs
-rw-r--r-- ssm-user/ssm-user 3263 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/status_reporter.rs
-rw-r--r-- ssm-user/ssm-user 8227 2024-11-14 07:51 amazon-efs-utils/src/proxy/src/tls.rs
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd amazon-efs-utils
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ mkdir -p /home/ssm-user/efs-utils/build/rpmbuild/BUILD/amazon-efs-utils/src/proxy/.cargo
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.8pjnbO
+ umask 022
+ cd /home/ssm-user/efs-utils/build/rpmbuild/BUILD
+ cd amazon-efs-utils
+ cd /home/ssm-user/efs-utils/build/rpmbuild/BUILD/amazon-efs-utils/src/proxy
+ cargo build --release --manifest-path /home/ssm-user/efs-utils/build/rpmbuild/BUILD/amazon-efs-utils/src/proxy/Cargo.toml
Updating crates.io index
Locking 191 packages to latest compatible versions
** snip **
- ようやく、amazon-efs-utils のインストールを行います。既存のパッケージ(amazon-efs-utils 1.x)をアンインストールして、新たにamazon-efs-utils 2.x をインストールします。
- sudo yum -y install build/amazon-efs-utils*rpm
- 補足として、amazon-efs-utils のconf ファイル(efs-utils.conf) が /etc/amazon/efs 配下に配置されています。アンインストールした場合も、旧パッケージのconf ファイルは残ります。conf ファイルの内容を確認し、新パッケージをインストール後、必要に応じて設定を変更ください。
sh-4.2$ rpm -qa | grep efs amazon-efs-utils-1.23-2.el7.noarch sh-4.2$ sudo yum remove amazon-efs-utils Loaded plugins: amazon-id, search-disabled-repos Resolving Dependencies --> Running transaction check ---> Package amazon-efs-utils.noarch 0:1.23-2.el7 will be erased --> Finished Dependency Resolution Dependencies Resolved =============================================================================================================================================================================================================================================================================== Package Arch Version Repository Size =============================================================================================================================================================================================================================================================================== Removing: amazon-efs-utils noarch 1.23-2.el7 @/amazon-efs-utils-1.23-2.el7.noarch 99 k Transaction Summary =============================================================================================================================================================================================================================================================================== Remove 1 Package Installed size: 99 k Is this ok [y/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Erasing : amazon-efs-utils-1.23-2.el7.noarch 1/1 warning: /etc/amazon/efs/efs-utils.conf saved as /etc/amazon/efs/efs-utils.conf.rpmsave Verifying : amazon-efs-utils-1.23-2.el7.noarch 1/1 Removed: amazon-efs-utils.noarch 0:1.23-2.el7 Complete! sh-4.2$ ls -l build/amazon-efs-utils*rpm -rw-r--r-- 1 ssm-user ssm-user 1448736 Nov 14 07:54 build/amazon-efs-utils-2.1.0-1.el7_9.x86_64.rpm sh-4.2$ sudo yum -y install build/amazon-efs-utils*rpm Loaded plugins: amazon-id, search-disabled-repos Examining build/amazon-efs-utils-2.1.0-1.el7_9.x86_64.rpm: amazon-efs-utils-2.1.0-1.el7_9.x86_64 Marking build/amazon-efs-utils-2.1.0-1.el7_9.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package amazon-efs-utils.x86_64 0:2.1.0-1.el7_9 will be installed --> Finished Dependency Resolution Dependencies Resolved =============================================================================================================================================================================================================================================================================== Package Arch Version Repository Size =============================================================================================================================================================================================================================================================================== Installing: amazon-efs-utils x86_64 2.1.0-1.el7_9 /amazon-efs-utils-2.1.0-1.el7_9.x86_64 4.9 M Transaction Summary =============================================================================================================================================================================================================================================================================== Install 1 Package Total size: 4.9 M Installed size: 4.9 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : amazon-efs-utils-2.1.0-1.el7_9.x86_64 1/1 Verifying : amazon-efs-utils-2.1.0-1.el7_9.x86_64 1/1 Installed: amazon-efs-utils.x86_64 0:2.1.0-1.el7_9 Complete!
- これで最新のamazon-efs-utils パッケージにアップデートができました!
参考資料
https://github.com/aws/efs-utils?tab=readme-ov-file#on-other-linux-distributions
https://github.com/aws/efs-utils/commit/d41437168b7e001d0b23ff2325452e9dae540256
