17 changed files with 767 additions and 596 deletions
--- a/.WALinuxAgent.metadata
+++ b/.WALinuxAgent.metadata
@ -1 +1 @@
-9d9b8fcd872d8782b96d312fb13f47a41658dd04 SOURCES/v2.7.0.6.tar.gz
+3511edebc20381fc108c92e41218cbfc4ed78fa8 SOURCES/v2.13.1.1.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/v2.7.0.6.tar.gz
+SOURCES/v2.13.1.1.tar.gz
--- a/SOURCES/0001-Add-inital-redhat-build-support.patch
+++ b/SOURCES/0001-Add-inital-redhat-build-support.patch
@ -1,131 +0,0 @@
-From ee6172c4d57103ac857bbd69c46f247cee5394c3 Mon Sep 17 00:00:00 2001
-From: Miroslav Rezanina <mrezanin@redhat.com>
-Date: Thu, 6 Oct 2016 12:25:35 +0200
-Subject: Add inital redhat build support
-
-Rebase notes (2.2.32):
- Fix license text
-
-Rebase notes (2.2.26):
- update to RHEL 8 build
- Do not use INSTALED_FILES for %files
-
-Rebase notes (2.2.10):
- switched to sha256
- added .gitpublish profile
-
-Rebase notes (2.2.46):
- added waagent-extn.logrotate
-
-Rebase notes (2.7.0.6):
- new files - azure.slice and azure-vmextensions.slice
- removed changes in not shipped scripts
-
-Merged patches (2.2.45):
- df29beb Switch from platform-python to python36
- 6749108 Stop packaging legacy waagent2.0
-
-Merged patches (2.2.32):
- ce36fd9 Use Python3
- 952c830 Remove FIPS setting from the default config
- cc9df73 Switch hardcoded python3 shebangs into the %%{__python3} macro
- 66b6f8c Use correct macro for waagent.service
- 1b15ada Switch to platform-python in systemd unit file
- 59f682b Use sys.executable to find system python
-
-Merged patches (2.2.49):
- 3a23336 Mark logrotate configs with %config(noreplace)
-
-Merged patches (2.3.0.2):
- 30bb06f9 Provide udev rules as a separate subpackage.
-
-Merged patches (2.7.0.6):
- a790fb5c Require iptables for setting up persistent firewall rules
---
- .gitignore                                |   1 +
- .gitpublish                               |   8 +
- makepkg.py                                |   2 +-
- redhat/.gitignore                         |   1 +
- redhat/Makefile                           |  72 +++++
- redhat/Makefile.common                    |  37 +++
- redhat/WALinuxAgent.spec.template         | 243 ++++++++++++++++
- redhat/rpmbuild/BUILD/.gitignore          |   2 +
- redhat/rpmbuild/RPMS/.gitignore           |   2 +
- redhat/rpmbuild/SOURCES/.gitignore        |   2 +
- redhat/rpmbuild/SPECS/.gitignore          |   2 +
- redhat/rpmbuild/SRPMS/.gitignore          |   2 +
- redhat/scripts/frh.py                     |  27 ++
- redhat/scripts/git-backport-diff          | 327 ++++++++++++++++++++++
- redhat/scripts/git-compile-check          | 215 ++++++++++++++
- redhat/scripts/process-patches.sh         |  93 ++++++
- redhat/scripts/tarball_checksum.sh        |   3 +
- setup.py                                  |   6 +-
- tests/data/ext/sample_ext-1.3.0/sample.py |   2 +-
- 19 files changed, 1042 insertions(+), 5 deletions(-)
- create mode 100644 .gitpublish
- create mode 100644 redhat/.gitignore
- create mode 100644 redhat/Makefile
- create mode 100644 redhat/Makefile.common
- create mode 100644 redhat/WALinuxAgent.spec.template
- create mode 100644 redhat/rpmbuild/BUILD/.gitignore
- create mode 100644 redhat/rpmbuild/RPMS/.gitignore
- create mode 100644 redhat/rpmbuild/SOURCES/.gitignore
- create mode 100644 redhat/rpmbuild/SPECS/.gitignore
- create mode 100644 redhat/rpmbuild/SRPMS/.gitignore
- create mode 100755 redhat/scripts/frh.py
- create mode 100755 redhat/scripts/git-backport-diff
- create mode 100755 redhat/scripts/git-compile-check
- create mode 100755 redhat/scripts/process-patches.sh
- create mode 100755 redhat/scripts/tarball_checksum.sh
-
-diff --git a/makepkg.py b/makepkg.py
-index 11e90b95..1b6b4351 100755
--- a/makepkg.py
-+++ b/makepkg.py
-@@ -1,4 +1,4 @@
-#!/usr/bin/env python
-+#!/usr/bin/env python3
- 
- import glob
- import os
-diff --git a/setup.py b/setup.py
-index 12c9e1d6..586bb5ca 100755
--- a/setup.py
-+++ b/setup.py
-@@ -1,4 +1,4 @@
-#!/usr/bin/env python
-+#!/usr/bin/env python3
- #
- # Microsoft Azure Linux Agent setup.py
- #
-@@ -97,7 +97,7 @@ def get_data_files(name, version, fullname):  # pylint: disable=R0912
-     agent_bin_path = osutil.get_agent_bin_path()
- 
-     if name in ('redhat', 'centos', 'almalinux', 'cloudlinux'):  # pylint: disable=R1714
-        if version.startswith("8.2"):
-+        if version.startswith("8"):
-             # redhat8+ default to py3
-             set_bin_files(data_files, dest=agent_bin_path,
-                           src=["bin/py3/waagent", "bin/waagent2.0"])
-@@ -106,7 +106,7 @@ def get_data_files(name, version, fullname):  # pylint: disable=R0912
-         set_conf_files(data_files)
-         set_logrotate_files(data_files)
-         set_udev_files(data_files)
-        if version.startswith("8.2"):
-+        if version.startswith("8"):
-             # redhat 8+ uses systemd and python3
-             set_systemd_files(data_files, dest=systemd_dir_path,
-                               src=["init/redhat/waagent.service",
-diff --git a/tests/data/ext/sample_ext-1.3.0/sample.py b/tests/data/ext/sample_ext-1.3.0/sample.py
-index 47f86af8..92585ed3 100755
--- a/tests/data/ext/sample_ext-1.3.0/sample.py
-+++ b/tests/data/ext/sample_ext-1.3.0/sample.py
-@@ -1,4 +1,4 @@
-#!/usr/bin/env python
-+#!/usr/bin/env python3
- import json
- import os
- import re
-- 
-2.31.1
-
--- a/SOURCES/0002-Implement-restart_if-for-RedHat-OS.patch
+++ b/SOURCES/0002-Implement-restart_if-for-RedHat-OS.patch
@ -1,40 +0,0 @@
-From 0a9c628d9edd67af7b6f20d034be85c1c552a512 Mon Sep 17 00:00:00 2001
-From: Miroslav Rezanina <mrezanin@redhat.com>
-Date: Tue, 24 May 2022 04:10:46 -0400
-Subject: Implement restart_if for RedHat OS
-
-Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
- azurelinuxagent/common/osutil/redhat.py | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/azurelinuxagent/common/osutil/redhat.py b/azurelinuxagent/common/osutil/redhat.py
-index 9759d113..a02647cd 100644
--- a/azurelinuxagent/common/osutil/redhat.py
-+++ b/azurelinuxagent/common/osutil/redhat.py
-@@ -142,3 +142,21 @@ class RedhatOSUtil(Redhat6xOSUtil):
-             endpoint = self.get_endpoint_from_leases_path('/var/lib/NetworkManager/dhclient-*.lease')
- 
-         return endpoint
-+
-+    def restart_if(self, ifname, retries=3, wait=5):
-+        """
-+        Restart an interface by bouncing the link.
-+        """
-+        retry_limit=retries+1
-+        for attempt in range(1, retry_limit):
-+            try:
-+                shellutil.run_command(["ip", "link", "set", ifname, "down"])
-+                shellutil.run_command(["ip", "link", "set", ifname, "up"])
-+
-+            except shellutil.CommandError as cmd_err:
-+                logger.warn("failed to restart {0}: return code {1}".format(ifname, cmd_err.returncode))
-+                if attempt < retry_limit:
-+                    logger.info("retrying in {0} seconds".format(wait))
-+                    time.sleep(wait)
-+                else:
-+                    logger.warn("exceeded restart retries")
-- 
-2.31.1
-
--- a/SOURCES/90-tpm2-import.rules
+++ b/SOURCES/90-tpm2-import.rules
@ -0,0 +1 @@
+SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/usr/sbin/tpm2-luks-import.sh /dev/$name"
--- a/SOURCES/module-setup-cvm.sh
+++ b/SOURCES/module-setup-cvm.sh
@ -0,0 +1,18 @@
+#!/usr/bin/bash
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+check() {
+    return 0
+}
+
+depends() {
+    echo tpm2-tss
+    return 0
+}
+
+install() {
+    inst_multiple -o \
+        cryptsetup cut mktemp base64 uname hexdump \
+        tpm2_flushcontext tpm2_import tpm2_load tpm2_unseal tpm2_create tpm2_createprimary \
+        /usr/sbin/tpm2-luks-import.sh /lib/udev/rules.d/90-tpm2-import.rules
+}
--- a/SOURCES/module-setup-udev.sh
+++ b/SOURCES/module-setup-udev.sh
@ -0,0 +1,17 @@
+#!/usr/bin/bash
+
+# called by dracut
+check() {
+    return 0
+}
+
+# called by dracut
+depends() {
+    return 0
+}
+
+# called by dracut
+install() {
+    inst_multiple cut readlink chmod
+    inst_rules 10-azure-unmanaged-sriov.rules 66-azure-storage.rules 99-azure-product-uuid.rules
+}
--- a/SOURCES/tpm2-luks-import.sh
+++ b/SOURCES/tpm2-luks-import.sh
@ -0,0 +1,74 @@
+#! /bin/bash -e
+#
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# This script goes through all 'tpm2-import' tokens and converts them
+# to 'systemd-tpm2' ones.
+#
+
+getval () {
+    grep ^\"$2\" $1 | cut -f 2 -d ':' | sed 's/\"//g'
+}
+
+if [[ ! -b "$1" ]]; then
+    echo "Device $1 does not exist!" 1>&2
+    exit 1
+fi
+
+/usr/sbin/cryptsetup luksDump "$1" | sed -n '/^Tokens:/,/^Digests:/p' | grep ' tpm2-import' | cut -d ':' -f 1 | while read tokenid; do
+    echo "Importing token $tokenid from $1"
+    token=`mktemp`
+    /usr/sbin/cryptsetup token export --token-id "$tokenid" "$1" | sed -e 's/[{}]/''/g' -e 's/\[//g' -e 's/\]//g' -e 's/,\"/\n"/g' > "$token"
+    tempdir=`mktemp -d`
+    pushd "$tempdir" > /dev/null
+    # Save token data to inidividual files to process them with tpm2-tools
+    getval "$token" "parent_pub" | base64 -d > parent.pub
+    getval "$token" "parent_prv" | base64 -d > parent.prv
+    getval "$token" "parent_seed" | base64 -d > parent.seed
+    getval "$token" "seal_pub" | base64 -d > seal.pub
+    getval "$token" "seal_prv" | base64 -d > seal.prv
+    getval "$token" "pcrpolicy_dat" | base64 -d > pcrpolicy.dat
+    if [ ! -z `getval "$token" "unique_dat"` ]; then
+        getval "$token" "unique_dat" | base64 -d > unique.dat
+    fi
+    echo "Unsealing volume key"
+    # Import sealed object
+    tpm2_flushcontext -t
+    if [ ! -f "unique.dat" ]; then
+        tpm2_createprimary -Q -C o -a 'restricted|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda' -g sha256 -G rsa -c primary.ctx
+    else
+        tpm2_createprimary -Q -C o -a 'restricted|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda' -g sha256 -G rsa -u unique.dat -c primary.ctx
+    fi
+    tpm2_flushcontext -t
+    tpm2_import -Q -C primary.ctx -u parent.pub -i parent.prv -r parent_imported.prv -s parent.seed
+    tpm2_flushcontext -t
+    tpm2_load -Q -C primary.ctx -u parent.pub -r parent_imported.prv -c parent.ctx
+    tpm2_flushcontext -t
+    tpm2_load -Q -C parent.ctx -u seal.pub -r seal.prv -c seal.ctx
+    tpm2_flushcontext -t
+    tpm2_unseal -Q -c seal.ctx -p pcr:`getval "$token" tpm2-pcr-bank`:`getval "$token" tpm2-pcrs` > volume_key
+    tpm2_flushcontext -t
+    echo "Sealing new volume key"
+    # Create a new sealed object under primary ECC key
+    tpm2_createprimary -Q -C o -g sha256 -G ecc:null:aes128cfb -c primary_ecc.ctx
+    tpm2_flushcontext -t
+    tpm2_create -Q -u seal_local.pub -r seal_local.prv -C primary_ecc.ctx -L pcrpolicy.dat -i volume_key
+    # Create a new systemd-tpm2 compatible token
+    echo "Adding new LUKS token to $1"
+    echo '{"type":"systemd-tpm2","keyslots":["'`getval "$token" keyslots`'"],
+           "tpm2-blob":"'`cat seal_local.prv seal_local.pub | base64 -w0`'",
+	   "tpm2-pcrs":['`getval "$token" tpm2-pcrs`'],
+           "tpm2-pcr-bank":"'`getval "$token" tpm2-pcr-bank`'",
+	   "tpm2-primary-alg":"ecc",
+	   "tpm2-policy-hash":"'`hexdump -ve '1/1 "%.2x"' pcrpolicy.dat`'",
+	   "tpm2-pin": false,
+	   "kversion": "'`uname -r`'"}' | /usr/sbin/cryptsetup token import "$1"
+    # Remove tpm2-import token now
+    echo "Removing now-unneeded token $tokenid from $1"
+    /usr/sbin/cryptsetup token remove --token-id "$tokenid" "$1"
+    echo "Importing token $tokenid from $1 finished successfully"
+    popd > /dev/null
+    # Cleanup
+    rm -rf "$tempdir"
+    rm -f "$token"
+done
--- a/SOURCES/wla-Disable-automatic-log-collector.patch
+++ b/SOURCES/wla-Disable-automatic-log-collector.patch
@ -0,0 +1,43 @@
+From 92baa5663a0baa45e37243936221b0c1795ff324 Mon Sep 17 00:00:00 2001
+From: Ani Sinha <anisinha@redhat.com>
+Date: Mon, 6 May 2024 11:50:49 +0530
+Subject: Disable automatic log collector
+
+RH-Author: Ani Sinha <anisinha@redhat.com>
+RH-MergeRequest: 11: Disable automatic log collector
+RH-Jira: RHEL-7273
+RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [1/1] 7a8002c626b45eb5e90fa0fe82694639d1e5b93d (anisinha/centos-wa-linux-agent)
+
+Log collector is enabled by default. Due to security concerns from our customers
+disable it.
+
+Jira: https://issues.redhat.com/browse/RHEL-7273
+Upstream: RHEL only.
+
+Signed-off-by: Ani Sinha <anisinha@redhat.com>
+
+Patch-name: wla-Disable-automatic-log-collector.patch
+Patch-id:
+Patch-present-in-specfile: True
+---
+ config/waagent.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/waagent.conf b/config/waagent.conf
+index 3c9ad5d4..62d8148e 100644
+--- a/config/waagent.conf
+++ b/config/waagent.conf
+@@ -70,7 +70,7 @@ Logs.Verbose=n
+ # Logs.Console=y
+ 
+ # Enable periodic log collection, default is y
+-Logs.Collect=y
+Logs.Collect=n
+ 
+ # How frequently to collect logs, default is each hour
+ Logs.CollectPeriod=3600
+-- 
+2.39.3
+
--- a/SOURCES/wla-Update-Log-Collector-default-in-Comments-and-Readme-.patch
+++ b/SOURCES/wla-Update-Log-Collector-default-in-Comments-and-Readme-.patch
@ -1,108 +0,0 @@
-From 97728b1371d39f5ddd31004db0ba87b268308c5d Mon Sep 17 00:00:00 2001
-From: Mohammed Gamal <mgamal@redhat.com>
-Date: Wed, 3 Aug 2022 13:39:56 +0200
-Subject: [PATCH 2/2] Update Log Collector default in Comments and Readme
- (#2608)
-
-RH-Author: Mohamed Gamal Morsy <mmorsy@redhat.com>
-RH-MergeRequest: 9: Update Log Collector default in Comments and Readme
-RH-Commit: [1/1] ff82c0e933649ccd06d3cc48753324cddef2c56a
-RH-Bugzilla: 2114824
-RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114824
-
-(cherry picked from commit a560872bec103523e73ddcb5fb5705896545ffce)
-
-Signed-off-by: Mohammed Gamal <mgamal@redhat.com>
---
- README.md                    | 2 +-
- config/debian/waagent.conf   | 2 +-
- config/suse/waagent.conf     | 2 +-
- config/ubuntu/waagent.conf   | 2 +-
- config/waagent.conf          | 2 +-
- tests/data/test_waagent.conf | 2 +-
- 6 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/README.md b/README.md
-index c69f43e6..f2f3db46 100644
--- a/README.md
-+++ b/README.md
-@@ -465,7 +465,7 @@ _Default: y_
- 
- If set, agent logs will be periodically collected and uploaded to a secure location for improved supportability.
- 
-NOTE: This feature is only supported ubuntu 16.04+; this flag will not take effect on any other distro.
-+NOTE: This feature relies on the agent's resource usage features (cgroups); this flag will not take effect on any distro not supported.
- 
- #### __Logs.CollectPeriod__
- 
-diff --git a/config/debian/waagent.conf b/config/debian/waagent.conf
-index 6bc36604..dfd7afcd 100644
--- a/config/debian/waagent.conf
-+++ b/config/debian/waagent.conf
-@@ -63,7 +63,7 @@ Logs.Verbose=n
- # Enable Console logging, default is y
- # Logs.Console=y
- 
-# Enable periodic log collection, default is n
-+# Enable periodic log collection, default is y
- Logs.Collect=y
- 
- # How frequently to collect logs, default is each hour
-diff --git a/config/suse/waagent.conf b/config/suse/waagent.conf
-index ac9f11a2..c617f9af 100644
--- a/config/suse/waagent.conf
-+++ b/config/suse/waagent.conf
-@@ -66,7 +66,7 @@ Logs.Verbose=n
- # Enable Console logging, default is y
- # Logs.Console=y
- 
-# Enable periodic log collection, default is n
-+# Enable periodic log collection, default is y
- Logs.Collect=y
- 
- # How frequently to collect logs, default is each hour
-diff --git a/config/ubuntu/waagent.conf b/config/ubuntu/waagent.conf
-index 63635a81..19b56bae 100644
--- a/config/ubuntu/waagent.conf
-+++ b/config/ubuntu/waagent.conf
-@@ -66,7 +66,7 @@ Logs.Verbose=n
- # Enable Console logging, default is y
- # Logs.Console=y
- 
-# Enable periodic log collection, default is n
-+# Enable periodic log collection, default is y
- Logs.Collect=y
- 
- # How frequently to collect logs, default is each hour
-diff --git a/config/waagent.conf b/config/waagent.conf
-index c7d10e2f..14cd01c8 100644
--- a/config/waagent.conf
-+++ b/config/waagent.conf
-@@ -72,7 +72,7 @@ Logs.Verbose=n
- # Enable Console logging, default is y
- # Logs.Console=y
- 
-# Enable periodic log collection, default is n
-+# Enable periodic log collection, default is y
- Logs.Collect=y
- 
- # How frequently to collect logs, default is each hour
-diff --git a/tests/data/test_waagent.conf b/tests/data/test_waagent.conf
-index a386228a..cc60886e 100644
--- a/tests/data/test_waagent.conf
-+++ b/tests/data/test_waagent.conf
-@@ -67,7 +67,7 @@ ResourceDisk.MountOptions=None
- # Enable verbose logging (y|n)
- Logs.Verbose=n
- 
-# Enable periodic log collection, default is n
-+# Enable periodic log collection, default is y
- Logs.Collect=y
- 
- # How frequently to collect logs, default is each hour
-- 
-2.31.1
-
--- a/SOURCES/wla-Use-platform-python-in-waagent.service.patch
+++ b/SOURCES/wla-Use-platform-python-in-waagent.service.patch
@ -1,45 +0,0 @@
-From 85638d1238ba9ab0c77138133ab1b7c7069e3821 Mon Sep 17 00:00:00 2001
-From: Vitaly Kuznetsov <vkuznets@redhat.com>
-Date: Tue, 21 Feb 2023 10:29:52 +0100
-Subject: [PATCH 2/2] Use platform-python in waagent.service
-
-RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-MergeRequest: 16: Use platform-python in waagent.service
-RH-Bugzilla: 2170104
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
-RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-RH-Commit: [2/2] e548a4d37bd89e6e2eb471b5193b76f1f9f9529b
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2170104
-Upstream: RHEL only
-
-WALinuxAgent in RHEL8 uses platform-python, which is python3.6.
-'waagent.service', however, overrides this by calling
-'/usr/bin/python3' directly and in case this point to a newer
-AppStream Python (e.g. Python3.9) WALinuxAgent breaks as it can't
-find its files.
-
-See also: https://github.com/Azure/WALinuxAgent/issues/2728
-See also: https://github.com/Azure/WALinuxAgent/pull/2729
-
-Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
- init/redhat/waagent.service | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/init/redhat/waagent.service b/init/redhat/waagent.service
-index dc11fbb1..29056395 100644
--- a/init/redhat/waagent.service
-+++ b/init/redhat/waagent.service
-@@ -8,7 +8,7 @@ ConditionPathExists=/etc/waagent.conf
- 
- [Service]
- Type=simple
-ExecStart=/usr/bin/python3 -u /usr/sbin/waagent -daemon
-+ExecStart=/usr/sbin/waagent -daemon
- Restart=always
- RestartSec=5
- Slice=azure.slice
-- 
-2.37.3
-
--- a/SOURCES/wla-Use-systemctl-instead-of-service-to-manager-services.patch
+++ b/SOURCES/wla-Use-systemctl-instead-of-service-to-manager-services.patch
@ -0,0 +1,60 @@
+From 846d9f18e2ee331e35a7243f73de3bb3c18875df Mon Sep 17 00:00:00 2001
+From: Yuxin Sun <yuxisun@redhat.com>
+Date: Fri, 27 Jun 2025 01:34:20 +0800
+Subject: [PATCH] Use systemctl instead of service to manager services in new
+ RHEL versions (#3403)
+
+RH-Author: yuxisun <None>
+RH-MergeRequest: 19: Use systemctl instead of service to manager services in new RHEL versions (#3403)
+RH-Jira: RHEL-97572
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [1/1] bc7fe085ed52750264773c1922e8268ace741a8e (yuxisun/WALinuxAgent-src)
+
+In the RHEL bootc base image there's no initscripts-service package installed, so that there's no "service" command by default. This causes many service control commands cannot be executed inside WALA.
+From RHEL-7 on, the systemctl command replaces service and chkconfig. So we'd like to drop all the 'service' command and use systemctl instead.
+
+RH-JIRA: RHEL-97572
+Upstream PR: https://github.com/Azure/WALinuxAgent/pull/3403
+
+(cherry picked from commit a6cfdfdc3e04884a08cd6dd20fa035b687943fe9)
+Signed-off-by: Yuxin Sun <yuxisun@redhat.com>
+---
+ azurelinuxagent/common/osutil/redhat.py | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/azurelinuxagent/common/osutil/redhat.py b/azurelinuxagent/common/osutil/redhat.py
+index b85b2d42..cf2d2f78 100644
+--- a/azurelinuxagent/common/osutil/redhat.py
+++ b/azurelinuxagent/common/osutil/redhat.py
+@@ -245,6 +245,18 @@ class RedhatOSModernUtil(RedhatOSUtil):
+     def __init__(self):  # pylint: disable=W0235
+         super(RedhatOSModernUtil, self).__init__()
+ 
+    def restart_ssh_service(self):
+        return shellutil.run("systemctl condrestart sshd", chk_err=False)
+
+    def stop_agent_service(self):
+        return shellutil.run("systemctl stop {0}".format(self.service_name), chk_err=False)
+
+    def start_agent_service(self):
+        return shellutil.run("systemctl start {0}".format(self.service_name), chk_err=False)
+
+    def restart_network_manager(self):
+        shellutil.run("systemctl restart NetworkManager")
+
+     def restart_if(self, ifname, retries=3, wait=5):
+         """
+         Restart an interface by bouncing the link. systemd-networkd observes
+@@ -270,7 +282,7 @@ class RedhatOSModernUtil(RedhatOSUtil):
+         # RedhatOSUtil was updated to conditionally run NetworkManager restart in response to a race condition between
+         # NetworkManager restart and the agent restarting the network interface during publish_hostname. Keeping the
+         # NetworkManager restart in RedhatOSModernUtil because the issue was not reproduced on these versions.
+-        shellutil.run("service NetworkManager restart")
+        self.restart_network_manager()
+         DefaultOSUtil.publish_hostname(self, hostname)
+ 
+     def set_dhcp_hostname(self, hostname):
+-- 
+2.50.1
+
--- a/SOURCES/wla-docs-add-waagent-manpage-3401.patch
+++ b/SOURCES/wla-docs-add-waagent-manpage-3401.patch
@ -0,0 +1,202 @@
+From 756fe22f41c0607394a9b9ba20c15677b3389a21 Mon Sep 17 00:00:00 2001
+From: Li Tian <94442129+litian1992@users.noreply.github.com>
+Date: Tue, 5 Aug 2025 03:18:10 +0800
+Subject: [PATCH] docs: add waagent manpage (#3401)
+
+RH-Author: Li Tian <None>
+RH-MergeRequest: 22: redhat: docs: add waagent manpage (RHEL-9) (#3401)
+RH-Jira: RHEL-109496
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
+RH-Commit: [1/1] a6c0303463f4cd9362d7276119cc81ebe74490ac (litian1/WALinuxAgent)
+
+* docs: add waagent manpage
+
+Add also man page handler in setup.py
+
+---------
+
+Signed-off-by: Li Tian <litian@redhat.com>
+Co-authored-by: maddieford <93676569+maddieford@users.noreply.github.com>
+(cherry picked from commit 7f9b5568b6572745b7d0776de0ff6fb70a28dba0)
+Signed-off-by: Li Tian <litian@redhat.com>
+---
+ .distro/WALinuxAgent.spec |   1 +
+ doc/man/waagent.1         | 117 ++++++++++++++++++++++++++++++++++++++
+ setup.py                  |  14 +++++
+ 3 files changed, 132 insertions(+)
+ create mode 100644 doc/man/waagent.1
+
+diff --git a/doc/man/waagent.1 b/doc/man/waagent.1
+new file mode 100644
+index 00000000..b1d8e9eb
+--- /dev/null
+++ b/doc/man/waagent.1
+@@ -0,0 +1,117 @@
+.TH WAAGENT 1 "June 2025" "Azure Linux Agent" "System Administration"
+.SH NAME
+waagent \- Azure Linux VM Agent
+.SH SYNOPSIS
+.B waagent
+[-verbose] [-force] [-help] [\fISUBCOMMAND\fR]...
+
+.SH DESCRIPTION
+The Azure Linux Agent (waagent) manages virtual machine interaction with the Azure fabric controller.
+
+Most subcommands are not meant to be run directly by the user. However, some subcommands may be useful for debugging (such as collect-logs, version, and show-configuration) and deprovisioning.
+
+.SH SUBCOMMANDS
+.TP
+\fB-collect-logs\fR
+Runs the log collector utility that collects relevant agent logs for debugging and stores them in the agent folder on disk. Exact location will be shown when run. Use flag \fB-full\fR for more exhaustive log collection.
+
+.TP
+\fB-configuration-path FILE\fR
+Used together with \fB-start\fR or \fB-daemon\fR to specify configuration file. Default to /etc/waagent.conf.
+
+.TP
+\fB-daemon -start\fR
+Run waagent as a daemon in background.
+
+.TP
+\fB-deprovision\fR
+Attempt to clean the system and make it suitable for re-provisioning. WARNING: Deprovision does not guarantee that the image is cleared of all sensitive information and suitable for redistribution.
+
+.TP
+\fB-deprovision+user\fR
+Same as \fB-deprovision\fR, but also removes the last provisioned user account.
+
+.TP
+\fB-register-service\fR
+Register waagent as a service and enable it.
+
+.TP
+\fB-run-exthandlers\fR
+Run check for updates to waagent and extension handler. Note that outputs to /dev/console will be temporarily suspended.
+
+.TP
+\fB-setup-firewall=IP\fR
+Set up firewall rules for endpoint \fBIP\fR.
+
+.TP
+\fB-show-configuration\fR
+Print the current configuration, including values read from waagent.conf.
+
+.TP
+\fB-help\fR
+Display usage information.
+
+.TP
+\fB-version\fR
+Show the current version of the agent.
+
+.SH CONFIGURATION
+The agent is configured via this file by default:
+
+.B /etc/waagent.conf
+
+This file contains key=value settings that control agent behavior, including provisioning, disk formatting, resource limits, and certificate handling.
+
+Example entries:
+.RS
+Provisioning.Enabled=y
+ResourceDisk.Format=y
+ResourceDisk.MountPoint=/mnt/resource
+RSA.KeyLength=2048
+Logs.Verbose=y
+.RE
+
+.SH FILES AND DIRECTORIES
+.TP
+\fB/etc/waagent.conf\fR
+Main configuration file.
+
+.TP
+\fB/var/lib/waagent\fR
+State files and provisioning artifacts.
+
+.TP
+\fB/var/log/waagent.log\fR
+Agent log file.
+
+.SH SERVICES
+On systemd systems, the agent runs as:
+.RS
+.B systemctl start <waagent.service|walinuxagent.service>
+.B systemctl enable <waagent.service|walinuxagent.service>
+.RE
+
+.SH EXIT STATUS
+Zero on success, non-zero on error.
+
+.SH EXAMPLES
+.TP
+Deprovision before capturing an image:
+.RS
+waagent -deprovision+user && rm -rf /var/lib/waagent && shutdown -h now
+.RE
+
+.SH SEE ALSO
+.BR systemctl (1),
+.BR cloud-init (1)
+
+.SH HOMEPAGE
+.B https://github.com/Azure/WALinuxAgent
+
+.B https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/agent-linux
+
+.SH COPYRIGHT
+Copyright 2018 Microsoft Corporation
+
+.SH AUTHORS
+Microsoft Azure Linux Team
+diff --git a/setup.py b/setup.py
+index cf6e90b5..9ed135fb 100755
+--- a/setup.py
+++ b/setup.py
+@@ -17,7 +17,9 @@
+ # limitations under the License.
+ #
+ 
+import gzip
+ import os
+import shutil
+ import subprocess
+ import sys
+ 
+@@ -87,6 +89,16 @@ def set_udev_files(data_files, dest="/etc/udev/rules.d/", src=None):
+                "config/99-azure-product-uuid.rules"]
+     data_files.append((dest, src))
+ 
+def set_man_files(data_files, dest="/usr/share/man/man1", src=None):
+    if src is None:
+        src = ["doc/man/waagent.1"]
+    src_gz = []
+    for file in src:
+        with open(file, 'rb') as f_in, gzip.open(file+".gz", 'wb') as f_out:
+            shutil.copyfileobj(f_in, f_out)
+        src_gz.append(file+".gz")
+    data_files.append((dest, src_gz))
+
+ 
+ def get_data_files(name, version, fullname):  # pylint: disable=R0912
+     """
+@@ -107,6 +119,7 @@ def get_data_files(name, version, fullname):  # pylint: disable=R0912
+         set_conf_files(data_files)
+         set_logrotate_files(data_files)
+         set_udev_files(data_files)
+        set_man_files(data_files)
+         if version.startswith("8") or version.startswith("9"):
+             # redhat 8+ uses systemd and python3
+             set_systemd_files(data_files, dest=systemd_dir_path,
+@@ -255,6 +268,7 @@ def get_data_files(name, version, fullname):  # pylint: disable=R0912
+         set_logrotate_files(data_files)
+         set_udev_files(data_files)
+         set_systemd_files(data_files, dest=systemd_dir_path)
+        set_man_files(data_files)
+     else:
+         # Use default setting
+         set_bin_files(data_files, dest=agent_bin_path)
+-- 
+2.50.1
+
--- a/SOURCES/wla-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch
+++ b/SOURCES/wla-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch
@ -0,0 +1,59 @@
+From c8df88fd1fedb25727fff64ecc5dde1a59d7a976 Mon Sep 17 00:00:00 2001
+From: Vitaly Kuznetsov <vkuznets@redhat.com>
+Date: Mon, 6 Jan 2025 17:13:11 +0100
+Subject: redhat: Add a udev rule to avoid managing slave NICs with
+ NetworkManager
+
+RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-MergeRequest: 16: redhat: Add a udev rule to avoid managing slave NICs with NetworkManager
+RH-Jira: RHEL-5880
+RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [1/1] 8d0a87117c847aafec5fa97d3e4e74ade531c033 (vkuznets/WALinuxAgentCentOS)
+
+This is borrowed from https://github.com/Azure/azure-vm-utils/pull/41 and
+the long term plan is to get azure-vm-utils packaged for RHEL
+eventually. For the time being, just put the required udev rule into
+WALinuxAgent package.
+
+Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+Patch-name: wla-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch
+Patch-id:
+Patch-present-in-specfile: True
+---
+ .distro/WALinuxAgent.spec             | 1 +
+ config/10-azure-unmanaged-sriov.rules | 6 ++++++
+ setup.py                              | 3 ++-
+ 3 files changed, 9 insertions(+), 1 deletion(-)
+ create mode 100644 config/10-azure-unmanaged-sriov.rules
+
+diff --git a/config/10-azure-unmanaged-sriov.rules b/config/10-azure-unmanaged-sriov.rules
+new file mode 100644
+index 00000000..7eefcb26
+--- /dev/null
+++ b/config/10-azure-unmanaged-sriov.rules
+@@ -0,0 +1,6 @@
+# Azure VMs with accelerated networking may have MANA, mlx4, or mlx5 SR-IOV devices which are transparently bonded to a synthetic
+# hv_netvsc device.  Mark devices with the IFF_SLAVE bit set as unmanaged devices:
+#   AZURE_UNMANAGED_SRIOV=1 for 10-azure-unmanaged-sriov.network
+#   ID_NET_MANAGED_BY=unmanaged for systemd-networkd >= 255
+#   NM_UNMANAGED=1 for NetworkManager
+SUBSYSTEM=="net", ACTION!="remove", DRIVERS=="mana|mlx4_core|mlx5_core", ATTR{flags}=="0x?[89ABCDEF]??", ENV{AZURE_UNMANAGED_SRIOV}="1", ENV{ID_NET_MANAGED_BY}="unmanaged", ENV{NM_UNMANAGED}="1"
+diff --git a/setup.py b/setup.py
+index e83f5989..cf6e90b5 100755
+--- a/setup.py
+++ b/setup.py
+@@ -82,7 +82,8 @@ def set_openbsd_rc_files(data_files, dest="/etc/rc.d/", src=None):
+ 
+ def set_udev_files(data_files, dest="/etc/udev/rules.d/", src=None):
+     if src is None:
+-        src = ["config/66-azure-storage.rules",
+        src = ["config/10-azure-unmanaged-sriov.rules",
+               "config/66-azure-storage.rules",
+                "config/99-azure-product-uuid.rules"]
+     data_files.append((dest, src))
+ 
+-- 
+2.39.3
+
--- a/SOURCES/wla-redhat-Fix-command-sequence-for-restarting-net-inter.patch
+++ b/SOURCES/wla-redhat-Fix-command-sequence-for-restarting-net-inter.patch
@ -1,57 +0,0 @@
-From ac21739b94266387360a7ba2b3cfeb44c3df5b01 Mon Sep 17 00:00:00 2001
-From: Mohammed Gamal <mgamal@redhat.com>
-Date: Wed, 22 Jun 2022 13:36:07 +0200
-Subject: [PATCH] redhat: Fix command sequence for restarting net interface
-
-RH-Author: Mohamed Gamal Morsy <mmorsy@redhat.com>
-RH-MergeRequest: 4: redhat: Fix command sequence for restarting net interface
-RH-Commit: [1/1] ac14220635c30b3361399ae33a5ecd4e7d8cf92b
-RH-Bugzilla: 2080826
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2080826
-
-Apparently the down and up commands need to be run in the same command, so
-connect them together with "&&" operator. Also re-implement restart_if ot handle
-warnings same wat as other distros
-
-Signed-off-by: Mohammed Gamal <mgamal@redhat.com>
---
- azurelinuxagent/common/osutil/redhat.py | 22 ++++++++++------------
- 1 file changed, 10 insertions(+), 12 deletions(-)
-
-diff --git a/azurelinuxagent/common/osutil/redhat.py b/azurelinuxagent/common/osutil/redhat.py
-index a02647cd..5c397ae8 100644
--- a/azurelinuxagent/common/osutil/redhat.py
-+++ b/azurelinuxagent/common/osutil/redhat.py
-@@ -147,16 +147,14 @@ class RedhatOSUtil(Redhat6xOSUtil):
-         """
-         Restart an interface by bouncing the link.
-         """
-        retry_limit=retries+1
-+        retry_limit = retries + 1
-         for attempt in range(1, retry_limit):
-            try:
-                shellutil.run_command(["ip", "link", "set", ifname, "down"])
-                shellutil.run_command(["ip", "link", "set", ifname, "up"])
-
-            except shellutil.CommandError as cmd_err:
-                logger.warn("failed to restart {0}: return code {1}".format(ifname, cmd_err.returncode))
-                if attempt < retry_limit:
-                    logger.info("retrying in {0} seconds".format(wait))
-                    time.sleep(wait)
-                else:
-                    logger.warn("exceeded restart retries")
-+            return_code = shellutil.run("ip link set {0} down && ip link set {0} up".format(ifname), expected_errors=[1] if attempt < retries else [])
-+            if return_code == 0:
-+                return
-+            logger.warn("failed to restart {0}: return code {1}".format(ifname, return_code))
-+            if attempt < retry_limit:
-+                logger.info("retrying in {0} seconds".format(wait))
-+                time.sleep(wait)
-+            else:
-+                logger.warn("exceeded restart retries")
-- 
-2.35.3
-
--- a/SOURCES/wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch
+++ b/SOURCES/wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch
@ -1,17 +1,17 @@
-From f45dc73365999334e680d64c90d36f710a0c7831 Mon Sep 17 00:00:00 2001
+From 8ac14e61d8067bd8b4e60c59b35b4a4227f8a242 Mon Sep 17 00:00:00 2001
 From: Mohammed Gamal <mgamal@redhat.com>
 Date: Fri, 29 Jul 2022 13:07:13 +0200
-Subject: [PATCH 1/2] redhat: Use NetworkManager to set DHCP hostnames on
- recent RHEL distros
+Subject: redhat: Use NetworkManager to set DHCP hostnames on recent RHEL
+ distros

 RH-Author: Mohamed Gamal Morsy <mmorsy@redhat.com>
-RH-MergeRequest: 8: redhat: Use NetworkManager to set DHCP hostnames on recent RHEL distros
-RH-Commit: [1/1] b83612e9d88bac7117541d7f7832f65ef268bbe3
-RH-Bugzilla: 2092002
+RH-MergeRequest: 3: redhat: Use NetworkManager to set DHCP hostnames on recent RHEL distros
+RH-Commit: [1/1] 2bf51293796ba0e8567e436836adc0547f062b04
+RH-Bugzilla: 2114830
 RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
 RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>

-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2092002
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114830

 Recent versions of RHEL 8 and RHEL 9 started using NetworkManager to configure
 network intefaces instead of sysconfig files. Configurations are no longer
@ -20,18 +20,22 @@ stored in /etc/sysconfig/ifcfg-{interface}.
 Fix this for setting DHCP hostnames in those RHEL versions.

 Signed-off-by: Mohammed Gamal <mgamal@redhat.com>
+
+Patch-name: wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch
+Patch-id:
+Patch-present-in-specfile: True
 ---
 azurelinuxagent/common/osutil/redhat.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

 diff --git a/azurelinuxagent/common/osutil/redhat.py b/azurelinuxagent/common/osutil/redhat.py
-index 5c397ae8..7dd36add 100644
+index a9a10347..b85b2d42 100644
 --- a/azurelinuxagent/common/osutil/redhat.py
 +++ b/azurelinuxagent/common/osutil/redhat.py
-@@ -158,3 +158,15 @@ class RedhatOSUtil(Redhat6xOSUtil):
-                 time.sleep(wait)
-             else:
-                 logger.warn("exceeded restart retries")
+@@ -272,3 +272,15 @@ class RedhatOSModernUtil(RedhatOSUtil):
+         # NetworkManager restart in RedhatOSModernUtil because the issue was not reproduced on these versions.
+         shellutil.run("service NetworkManager restart")
+         DefaultOSUtil.publish_hostname(self, hostname)
 +
 +    def set_dhcp_hostname(self, hostname):
 +        """
@ -45,5 +49,5 @@ index 5c397ae8..7dd36add 100644
 +        if return_code != 0:
 +            logger.error("failed to set DHCP hostname for interface {0}: return code {1}".format(ifname, return_code))
 -- 
-2.31.1
+2.39.3

--- a/SPECS/WALinuxAgent.spec
+++ b/SPECS/WALinuxAgent.spec
@ -1,35 +1,45 @@
-Summary: Microsoft Azure Linux Agent
-Name: WALinuxAgent
-Version: 2.7.0.6
-Release: 8%{?dist}
+%global with_legacy 0
+%global dracut_modname_udev 97walinuxagent
+%global dracut_modname_cvm 97walinuxagentcvm

-License: ASL 2.0
-Group: Development/Libraries
-Url: https://github.com/Azure/WALinuxAgent
-Source0: v2.7.0.6.tar.gz
+Name:           WALinuxAgent
+Version:        2.13.1.1
+Release:        3%{?dist}
+Summary:        The Microsoft Azure Linux Agent

-BuildArch: noarch
-Patch0001: 0001-Add-inital-redhat-build-support.patch
-Patch0002: 0002-Implement-restart_if-for-RedHat-OS.patch
-# For bz#2080826 - [Azure][WALA][RHEL-8] [8.7] walinuxagent kills network during boot
-Patch0003: wla-redhat-Fix-command-sequence-for-restarting-net-inter.patch
-# For bz#2092002 - [Azure][WALA][RHEL-8.7] Provisioning failed if no ifcfg-eth0
-Patch4: wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch
-# For bz#2114824 - [Azure][WALA][RHEL-8.7] The description of "Logs.Collect" is incorrect
-Patch5: wla-Update-Log-Collector-default-in-Comments-and-Readme-.patch
-# For bz#2170104 - [Azure][WALA][RHEL-8] systemd service should not use python3
-Patch6: wla-Use-platform-python-in-waagent.service.patch
+License:        ASL 2.0
+URL:            https://github.com/Azure/%{name}
+Source0:        https://github.com/Azure/%{name}/archive/v%{version}.tar.gz
+Source1:        module-setup-udev.sh
+Source2:        module-setup-cvm.sh
+Source3:        90-tpm2-import.rules
+Source4:        tpm2-luks-import.sh
+
+# For bz#2114830 - [Azure][WALA][RHEL-9.1] Provisioning failed if no ifcfg-eth0
+Patch0001: wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch
+# For RHEL-7273 - [Azure][WALA] Consider to disable Log collector
+Patch0002: wla-Disable-automatic-log-collector.patch
+# For RHEL-5880 - [Azure][RHEL-9]68-azure-sriov-nm-unmanaged.rules cannot stop NetworkManager-wait-online.service checking SRIOV interface
+Patch0003: wla-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch
+# For RHEL-109496 - [Azure][WALA][RHEL-9] Missing man page
+Patch4: wla-docs-add-waagent-manpage-3401.patch
+# For RHEL-97572 - [Azure][RHEL-9][WALA][Image mode] Cannot find 'service' command
+Patch5: wla-Use-systemctl-instead-of-service-to-manager-services.patch
+
+BuildArch:      noarch

-# rhel requirements
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
+BuildRequires:  python3-distro
 Requires:       %name-udev = %version-%release
+%if 0%{?fedora}
+Requires:       ntfsprogs
+%endif
 Requires:       openssh
 Requires:       openssh-server
 Requires:       openssl
 Requires:       parted
 Requires:       python3-pyasn1
-Requires:       python36
 Requires:       iptables

 BuildRequires:   systemd
@ -38,9 +48,20 @@ Requires(preun): systemd
 Requires(postun): systemd

 %description
-The Azure Linux Agent supports the provisioning and running of Linux
-VMs in the Azure cloud. This package should be installed on Linux disk
-images that are built to run in the Azure environment.
+The Microsoft Azure Linux Agent supports the provisioning and running of Linux
+VMs in the Microsoft Azure cloud. This package should be installed on Linux disk
+images that are built to run in the Microsoft Azure environment.
+
+%if 0%{?with_legacy}
+%package legacy
+Summary:        The Microsoft Azure Linux Agent (legacy)
+Requires:	%name = %version-%release
+Requires:	python2
+Requires:	net-tools
+
+%description legacy
+The Microsoft Azure Linux Agent supporting old version of extensions.
+%endif

 %package udev
 Summary:        Udev rules for Microsoft Azure
@ -48,28 +69,52 @@ Summary:        Udev rules for Microsoft Azure
 %description udev
 Udev rules specific to Microsoft Azure Virtual Machines.

+%package cvm
+Summary:        Microsoft Azure CVM specific tools
+Requires: tpm2-tools
+Requires: cryptsetup
+
+%description cvm
+Scripts and udev rules specific to Microsoft Azure Confidential Virtual Machines.
+
 %prep
 %setup -q
-
-%patch0001 -p1
-%patch0002 -p1
-%patch0003 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
+%autopatch -p1

 %build
 %py3_build

 %install
-%{__python3} setup.py install --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES
-rm -f %{buildroot}%{_sbindir}/waagent2.0
+%{__python3} setup.py install -O1 --skip-build --root %{buildroot} --lnx-distro redhat
+
+mkdir -p -m 0700 %{buildroot}%{_sharedstatedir}/waagent
+mkdir -p %{buildroot}%{_localstatedir}/log
+touch %{buildroot}%{_localstatedir}/log/waagent.log

 mkdir -p %{buildroot}%{_udevrulesdir}
 mv %{buildroot}%{_sysconfdir}/udev/rules.d/*.rules %{buildroot}%{_udevrulesdir}/

-%clean
-rm -rf $RPM_BUILD_ROOT
+rm -rf %{buildroot}/%{python3_sitelib}/tests
+rm -rf %{buildroot}/%{python3_sitelib}/__main__.py
+rm -rf %{buildroot}/%{python3_sitelib}/__pycache__/__main__*.py*
+
+%if 0%{?with_legacy}
+sed -i 's,#!/usr/bin/env python,#!/usr/bin/python2,' %{buildroot}%{_sbindir}/waagent2.0
+%else
+rm -f %{buildroot}%{_sbindir}/waagent2.0
+%endif
+
+mv %{buildroot}%{_sysconfdir}/logrotate.d/waagent.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
+
+mkdir -p %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}
+cp %{SOURCE1} %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}/module-setup.sh
+chmod 0755 %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}/module-setup.sh
+
+mkdir -p %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm}
+cp %{SOURCE2} %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm}/module-setup.sh
+chmod 0755 %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm}/module-setup.sh
+install -m0644 -D -t %{buildroot}%{_udevrulesdir}/ %{SOURCE3}
+install -m0755 -D -t %{buildroot}%{_sbindir} %{SOURCE4}

 %post
 %systemd_post waagent.service
@ -81,221 +126,250 @@ rm -rf $RPM_BUILD_ROOT
 %systemd_postun_with_restart waagent.service
 rm -rf %{_unitdir}/waagent.service.d/

-%files 
-%defattr(-,root,root)
-%{python3_sitelib}/*
-%config(noreplace) %{_sysconfdir}/waagent.conf
-%config(noreplace) %{_sysconfdir}/logrotate.d/waagent.logrotate
+%files
+%doc LICENSE.txt NOTICE README.md
+%{_mandir}/man1/waagent.1.gz
+%ghost %{_localstatedir}/log/waagent.log
+%ghost %{_unitdir}/waagent-network-setup.service
+%dir %attr(0700, root, root) %{_sharedstatedir}/waagent
+%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
 %{_sbindir}/waagent
+%config(noreplace) %{_sysconfdir}/waagent.conf
 %{_unitdir}/waagent.service
 %{_unitdir}/azure.slice
 %{_unitdir}/azure-vmextensions.slice
-%ghost %{_unitdir}/waagent-network-setup.service
+%{python3_sitelib}/azurelinuxagent
+%{python3_sitelib}/*.egg-info

 %files udev
-%{_udevrulesdir}/*.rules
+%{_udevrulesdir}/10-azure-unmanaged-sriov.rules
+%{_udevrulesdir}/66-azure-storage.rules
+%{_udevrulesdir}/99-azure-product-uuid.rules
+%dir %{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}
+%{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}/*.sh
+
+%files cvm
+%{_sbindir}/tpm2-luks-import.sh
+%{_udevrulesdir}/90-tpm2-import.rules
+%dir %{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm}
+%{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm}/*.sh
+
+%if 0%{?with_legacy}
+%files legacy
+%{_sbindir}/waagent2.0
+%endif

 %changelog
-* Mon Mar 06 2023 Jon Maloy <jmaloy@redhat.com> - 2.7.0.6-8.el8_8
- wla-redhat-Fix-frh.py-to-not-skip-valid-patches-to-init-.patch [bz#2170104]
- wla-Use-platform-python-in-waagent.service.patch [bz#2170104]
- Resolves: bz#2170104
-  ([Azure][WALA][RHEL-8] systemd service should not use python3)
+* Thu Aug 21 2025 Jon Maloy <jmaloy@redhat.com> - 2.13.1.1-3
+- wla-Use-systemctl-instead-of-service-to-manager-services.patch [RHEL-97572]
+- Resolves: RHEL-97572
+  ([Azure][RHEL-9][WALA][Image mode] Cannot find 'service' command)

-* Mon Mar 06 2023 Jon Maloy <jmaloy@redhat.com> - 2.7.0.6-7.el8_8
- wla-redhat-Fix-frh.py-to-not-skip-valid-patches-to-init-.patch [bz#2170104]
- wla-Use-platform-python-in-waagent.service.patch [bz#2170104]
- Resolves: bz#2170104
-  ([Azure][WALA][RHEL-8] systemd service should not use python3)
+* Thu Aug 21 2025 Jon Maloy <jmaloy@redhat.com> - 2.13.1.1-2
+- wla-docs-add-waagent-manpage-3401.patch [RHEL-109496]
+- Resolves: RHEL-109496
+  ([Azure][WALA][RHEL-9] Missing man page)
+
+* Thu May 22 2025 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.13.1.1-1
+* Rebase to 2.13.1.1 [RHEL-91090]
+- Resolves: RHEL-91090
+  (Rebase to v2.13.1.1 [rhel-9])
+
+* Fri Apr 11 2025 Jon Maloy <jmaloy@redhat.com> - 2.7.0.6-13
+- wla-redhat-Include-10-azure-unmanaged-sriov.rules-into-i.patch [RHEL-40957]
+- Resolves: RHEL-40957
+  ([Azure][ARM][RHEL-9] Kdump cannot save vmcore via ssh or nfs)
+
+* Wed Apr 02 2025 Jon Maloy <jmaloy@redhat.com> - 2.7.0.6-12
+- wla-redhat-Include-10-azure-unmanaged-sriov.rules-into-i.patch [RHEL-40957]
+- Resolves: RHEL-40957
+  ([Azure][ARM][RHEL-9] Kdump cannot save vmcore via ssh or nfs)
+
+* Fri Jan 17 2025 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-11
+- wla-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch [RHEL-5880]
+- Resolves: RHEL-5880
+  ([Azure][RHEL-9]68-azure-sriov-nm-unmanaged.rules cannot stop NetworkManager-wait-online.service checking SRIOV interface)
+
+* Thu May 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-10
+- wla-Disable-automatic-log-collector.patch [RHEL-7273]
+- Resolves: RHEL-7273
+  ([Azure][WALA] Consider to disable Log collector)
+
+* Wed Feb 08 2023 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-9
+- wla-redhat-Adjust-tpm2_createprimary-key-attributes-to-m.patch [bz#2167322]
+- Resolves: bz#2167322
+  (Adjust TPM primary key creation parameters to match Azure)
+
+* Mon Feb 06 2023 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-8
+- wla-redhat-Explicitly-list-udev-rule-requirements-in-the.patch [bz#2165042]
+- Resolves: bz#2165042
+  ([9.0.z] /dev/disk/azure/ is created as symlink to sr0 or sda and not as a directory[Azure])
+
+* Mon Jan 23 2023 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-7
+- wla-redhat-Azure-CVM-specific-udev-rules.patch [bz#2162668]
+- Resolves: bz#2162668
+  (Add support for importing remotely sealed TPM2 objects)

 * Mon Aug 29 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-6
- wla-redhat-Remove-files-inside-WALA-services-directory.patch [bz#2114742]
- Resolves: bz#2114742
-  ([Azure][WALA][RHEL-8] When remove package some files left)
+- wla-redhat-Remove-files-inside-WALA-services-directory.patch [bz#2114768]
+- Resolves: bz#2114768
+  ([Azure][WALA][RHEL-9] When remove package some files left)

 * Tue Aug 23 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-5
- wla-redhat-Mark-directories-properly-in-the-files-list.patch [bz#2114742]
- Resolves: bz#2114742
-  ([Azure][WALA][RHEL-8] When remove package some files left)
+- wla-redhat-Mark-directories-properly-in-the-files-list.patch [bz#2114768]
+- Resolves: bz#2114768
+  ([Azure][WALA][RHEL-9] When remove package some files left)

-* Wed Aug 17 2022 Jon Maloy <jmaloy@redhat.com> - 2.7.0.6-4
- wla-redhat-Remove-all-waagent-unit-files-when-uninstalli.patch [bz#2114742]
- Resolves: bz#2114742
-  ([Azure][WALA][RHEL-8] When remove package some files left)
+* Wed Aug 17 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-4
+- wla-redhat-Remove-all-waagent-unit-files-when-uninstalli.patch [bz#2114768]
+- Resolves: bz#2114768
+  ([Azure][WALA][RHEL-9] When remove package some files left)

-* Tue Aug 09 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-3
- wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch [bz#2092002]
- wla-Update-Log-Collector-default-in-Comments-and-Readme-.patch [bz#2114824]
- Resolves: bz#2092002
-  ([Azure][WALA][RHEL-8.7] Provisioning failed if no ifcfg-eth0)
- Resolves: bz#2114824
-  ([Azure][WALA][RHEL-8.7] The description of "Logs.Collect" is incorrect)
+* Mon Aug 08 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-3
+- wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch [bz#2114830]
+- wla-Update-Log-Collector-default-in-Comments-and-Readme-.patch [bz#2093965]
+- Resolves: bz#2114830
+  ([Azure][WALA][RHEL-9.1] Provisioning failed if no ifcfg-eth0)
+- Resolves: bz#2093965
+  ([Azure][WALA][RHEL-9] The description of "Logs.Collect" is incorrect)

-* Tue Jul 12 2022 Camilla Conte <cconte@redhat.com> - 2.7.0.6-2
- wla-redhat-Fix-command-sequence-for-restarting-net-inter.patch [bz#2080826]
- Resolves: bz#2080826
-  ([Azure][WALA][RHEL-8] [8.7] walinuxagent kills network during boot)
+* Fri Jul 15 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-2
+- wla-redhat-Fix-command-sequence-for-restarting-net-inter.patch [bz#2098233]
+- Resolves: bz#2098233
+  ([Azure][WALA][RHEL-9] [9.1] walinuxagent kills network during boot)

 * Wed May 25 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-1
- Rebase to 2.7.0.6 [bz#2083465]
- Adding restart_if implementation for RHEL [bz#2085578]
- Resolves: bz#2083465
-  ([Azure][RHEL-8][8.7] Rebase WALinuxAgent to v2.7.0.6)
- Resolves: bz#2085578
-  ([Azure][WALA][8.6] WALA provisions VM failed because of no "ifdown")
+- Rebase to 2.7.0.6-1 [bz#2083464]
+- Adding restart_if implementation for RHEL [bz#2081944]
+- Resolves: bz#2083464
+  ([Azure][RHEL-9]Rebase WALinuxAgent to v2.7.0.6)
+- Resolves: bz#2081944
+  ([Azure][WALA][9.0] WALA provisions VM failed because of no "ifdown")

-* Mon Aug 09 2021 Miroslav Rezanina <mrezanin@redhat.com> - 2.3.0.2-2
- wla-Require-iptables-for-setting-up-persistent-firewall-.patch [bz#1985198]
- Resolves: bz#1985198
-  ([Azure][WALA][RHEL-8] WALA needs iptables package)
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.0.2-3
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688

-* Fri Jun 25 2021 Miroslav Rezanina <mrezanin@redhat.com> - 2.3.0.2-1
- Rebase to 2.3.0.2 [bz#1972102]
- Resolves: bz#1972102
-  ([Azure][RHEL-8]Rebase WALinuxAgent to 2.3.0.2)
+* Sun Jul 25 2021 Miroslav Rezanina <mrezanin@redhat.com> - 2.3.0.2-2
+- wala-Require-iptables-package.patch [bz#1978572]
+- Resolves: bz#1978572
+  ([Azure][WALA][RHEL-9] WALA needs iptables package)

-* Tue Jan 12 2021 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.49.2-3.el8
- wla-Provide-udev-rules-as-a-separate-subpackage.patch [bz#1913074]
- Resolves: bz#1913074
-  ([Azure][RFE] please provide the WALinuxAgent-udev subpackage)
+* Thu Jun 24 2021 Miroslav Rezanina <mrezanin@redhat.com> - 2.3.0.2-1
+- Rebase to 2.3.0.2 [bz#1972101]
+- Resolves: bz#1972101
+  ([Azure][RHEL-9]Rebase WALinuxAgent to 2.3.0.2)

-* Thu Dec 17 2020 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.49.2-2.el8
- wla-Fixed-faulty-check-for-run_command-2093.patch [bz#1903074]
- Resolves: bz#1903074
-  ([Azure][WALA] Miss report "hostnamectl set-hostname --static] failed, attempting fallback")
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.2.52-6
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

-* Wed Nov 18 2020 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.49.2-1.el8
- Rebase to 2.2.49.2 [bz#1896907]
-  ([Azure] Rebase WALinuxAgent to 2.2.49)
+* Fri Feb 19 2021 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.52-5
+- Require ntfsprogs on Fedora only

-* Thu Aug 13 2020 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.46-8.el8
- wla-Fix-handling-of-gen2-disks-with-udev-rules-1954.patch [bz#1859037]
- Resolves: bz#1859037
-  ([Azure][WALA]Cannot create /dev/disk/azure/resource softlinks in Gen2 VM)
+* Tue Jan 26 2021 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.52-4
+- Fix distro resolution for RedHat

-* Wed Jun 10 2020 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.46-7.el8
- wla-Mark-logrotate-configs-with-config-noreplace.patch [bz#1838254]
- Resolves: bz#1838254
-  ([Azure]WALinuxAgent RPM update clobbers waagent.logrotate log rotation changes)
+* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.52-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

-* Tue May 26 2020 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.46-6.el8
- wala-Update-Provisioning-options-1853.patch [bz#1827792]
- Resolves: bz#1822882
-  ([Azure][RHEL-8]Some parameter changes are not in waagent.conf)
+* Fri Jan 15 2021 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.52-2
+- Add udev rules to initramfs (#1909287)

-* Thu Apr 09 2020 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.46-5.el8
- Rebase to 2.2.46 [bz#1791069]
- Resolves: bz#1791069
-  ([Azure][RHEL-8.3]Ask to increase the WALA version available for RHEL 8.0 to 2.2.46)
+* Wed Dec 09 2020 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.52-1
+- Update to 2.2.52 (#1849923)
+- Add not yet upstream patches supporting Python3.9 changes

-* Wed Jun 26 2019 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.32-3.el8
- wla-Switch-from-platform-python-to-python36.patch [bz#1720373]
- wla-Stop-packaging-legacy-waagent2.0.patch [bz#1720373]
- Resolves: bz#1720373
-  ([RHEL 8.1] [Azure] Change WALinuxAgent spec to depend on Python3.6 package)
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.48.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

-* Tue Apr 30 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 2.2.32-2.el8
- wla-Add-fixes-for-handling-swap-file-and-other-nit-fixes.patch [bz#1684181 bz#1688276]
- Resolves: bz#1684181
-  (CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions)
- Resolves: bz#1688276
-  (CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions [rhel-8])
+* Tue Jun 09 2020 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.48.1-1
+- Update to 2.2.48.1 (#1641605)
+- Split udev rules to a separate subpackage (#1748432)

-* Fri Dec 14 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.32-1.el8
- Rebase to 2.2.32 [bz#1639498]
- Resolves: bz#1639498]
-  (walinuxagent 2.2.32 packaging request for RHEL 8)
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 2.2.46-2
+- Rebuilt for Python 3.9

-* Tue Oct 23 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.26-6.el8
- wala-Use-sys.executable-to-find-system-python.patch [bz#1639775]
- Resolves: bz#1639775
-  (WALinuxAgent: Systemd unit file will fail to execute)
+* Wed Apr 15 2020 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.46-1
+- Update to 2.2.46

-* Mon Oct 22 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.26-5.el8
- wala-Switch-to-platform-python-in-systemd-unit-file.patch [bz#1639775]
- Resolves: bz#1639775
-  (WALinuxAgent: Systemd unit file will fail to execute)
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.40-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

-* Wed Aug 29 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.26-4.el8
- Fix unit file location [bz#1637545]
- Resolves: bz#1637545
-  (Wrong macro used for systemd unit file location)
+* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 2.2.40-6
+- Rebuilt for Python 3.8.0rc1 (#1748018)

-* Wed Jul 04 2018 Tomas Orsava <torsava@redhat.com> - 2.2.26-3
- Switch hardcoded python3 shebangs into the %%{__python3} macro
+* Wed Aug 21 2019 Miro Hrončok <mhroncok@redhat.com> - 2.2.40-5
+- Rebuilt for Python 3.8

-* Tue Jul 03 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.26-2.el8
- Include 7.6 patches
+* Wed Aug 21 2019 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.40-4
+- Disable Python2 dependent 'legacy' subpackage (#1741029)

-* Tue Jul 03 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.26-1.el7
- Rebase to 2.2.26 [bz#1571523]
- Resolves: bz#1571523
-  (Rebase WALinuxAgent in RHEL-8.0)
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 2.2.40-3
+- Rebuilt for Python 3.8

-* Thu May 03 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.18-2.el7
- wa-Add-show-configuration-option.patch [bz#1508340]
- Resolves: bz#1508340
-  ([WALA] WALA usage prompt lack of " waagent -show-configuration")
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.40-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

-* Tue Oct 10 2017 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.18-1.el7
- Rebase to 2.2.18 [bz#1491873]
- Resolves: bz#1491873
-  ([WALA]Request to package WALA 2.2.18 into RHEL 7 Repo)
+* Mon Jun 03 2019 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.40-1
+- Update to 2.2.40
+- Fix FTBFS in the preparation for Python3.8 (#1705219)

+* Thu Mar 14 2019 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.38-1
+- Update to 2.2.38 (CVE-2019-0804)

-* Tue Jul 04 2017 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.14-1.el7
- Rebase to 2.2.14 [bz#1451172]
- wla-Remove-FIPS-setting-from-the-default-config.patch [bz#1467553]
- Resolves: bz#1451172
-  ([WALA] Request to package WALA 2.2.14 into RHEL 7 Repo)
- Resolves: bz#1467553
-  ([WALA] Remove FIPS from default config in WALA-2.2.14)
+* Thu Mar 14 2019 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.37-1
+- Update to 2.2.37

-* Wed Apr 26 2017 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.10-1.el7
- Rebase to 2.2.10 [bz#1443425]
- Resolves: bz#1443425
-  ([WALA]Request to package WALA 2.2.10 into RHEL 7 Repo)
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.32-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

-* Wed Apr 19 2017 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.4-2.el7
- Enable AutoUpdate by default [bz#1434933]
- Resolves: bz#1434933
-  ([WALA][RHEL-7] Enable AutoUpdate by default)
+* Thu Sep 20 2018 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.32-1
+- Update to 2.2.32.2

-* Wed Mar 01 2017 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.4-1.el7
- Rebase to 2.2.4 [bz#1419201]
- resolves: bz#1419201
-  WALA 2.2.4
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.25-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

-* Mon Jan 16 2017 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.0-4.el7
- agent-RHEL-7-hostname-533.patch [bz#1413674]
- agent-fix-for-hostnamectl-534.patch [bz#1413674]
- Resolves: bz#1413674
-  ([WALA] Fail to send hostname to DHCP server during provisioning)
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.2.25-3
+- Rebuilt for Python 3.7

-* Fri Sep 30 2016 Dave Anderson <anderson@redhat.com> - 2.2.0-1
- Update to v2.2.0
-  Resolves: rhbz#1360492
+* Wed Apr 25 2018 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.25-2
+- Move net-tools dependency to WALinuxAgent-legacy (#1106781)

-* Wed Sep 21 2016 Dave Anderson <anderson@redhat.com> - 2.1.5-2
- Several QE updates to this file
-  Resolves: rhbz#1360492
+* Mon Apr 16 2018 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.25-1
+- Update to 2.2.25
+- Switch to Python3
+- Legacy subpackage with waagent2.0 supporting old extensions

-* Tue Sep 13 2016 Dave Anderson <anderson@redhat.com> - 2.1.5-1
- Update to v2.1.5
-  Resolves: rhbz#1360492
+* Wed Feb 28 2018 Iryna Shcherbina <ishcherb@redhat.com> - 2.0.18-5
+- Update Python 2 dependency declarations to new packaging standards
+  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)

-* Thu Jan 14 2016 Dave Anderson <anderson@redhat.com> - 2.0.16-1
- Update to 2.0.16
-  Resolves: rhbz#1296360
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.18-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

-* Mon Jun 01 2015 Dave Anderson <anderson@redhat.com> - 2.0.13-1
- Update to upstream 2.0.13 package.
- Remove global commit md5sum and fix Source0 to point to correct location.
- Fix setup to deal with "WALinuxAgent-WALinuxAgent" naming scheme
- Added files reference for /udev/rules.d/99-azure-product-uuid.rules
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.18-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

-* Thu May 07 2015 Dave Anderson <anderson@redhat.com> - 2.0.11-3
- Remove Requires: ntfsprogs for RHEL7
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.18-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Sat Apr 02 2016 Scott K Logan <logans@cottsay.net> - 2.0.18-1
+- Update to 2.0.18
+
+* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.14-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Thu Jul 02 2015 Scott K Logan <logans@cottsay.net> - 2.0.14-1
+- Update to 2.0.14
+
+* Tue Jun 16 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.13-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Mon Jun 01 2015 Scott K Logan <logans@cottsay.net> - 2.0.13-1
+- Update to 2.0.13
+
+* Thu Apr 02 2015 Scott K Logan <logans@cottsay.net> - 2.0.12-1
+- Update to 2.0.12-Oracle

 * Sat Jan 10 2015 Scott K Logan <logans@cottsay.net> - 2.0.11-2
 - Use systemd for rhel7
				`@ -0,0 +1 @@`
				`SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/usr/sbin/tpm2-luks-import.sh /dev/$name"`