From 882f5a659e50eb22b304768ffaf28952970a3c08 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Thu, 20 Jul 2023 18:15:53 +0200
Subject: [PATCH] - bundled dateutil: fix tarfile CVE-2007-4559   Resolves:
 rhbz#2217902 - fence_ipmilan: fix typos in metadata   Resolves: rhbz#2224267
 - fence_kubevirt: use correct bundling path for rhel9   Resolves:
 rhbz#2224358

---
 bz2000954-2-fence_kubevirt.patch |  2 +-
 fence-agents.spec                | 18 +++++++++---------
 rpminspect.yaml                  | 15 +++++++++++++++
 3 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/bz2000954-2-fence_kubevirt.patch b/bz2000954-2-fence_kubevirt.patch
index f7de84a..44ac751 100644
--- a/bz2000954-2-fence_kubevirt.patch
+++ b/bz2000954-2-fence_kubevirt.patch
@@ -11,7 +11,7 @@
 +from fencing import fail, fail_usage, run_delay, EC_STATUS, EC_FETCH_VM_UUID
  
  try:
-+    sys.path.insert(0, '/usr/lib/fence-agents/bundled/kubevirt')
++    sys.path.insert(0, '/usr/lib/fence-agents/support/kubevirt')
      from kubernetes.client.exceptions import ApiException
  except ImportError:
      logging.error("Couldn\'t import kubernetes.client.exceptions.ApiException - not found or not accessible")
diff --git a/fence-agents.spec b/fence-agents.spec
index 02a7794..6bd204f 100644
--- a/fence-agents.spec
+++ b/fence-agents.spec
@@ -7,7 +7,6 @@
 ## global alphatag git0a6184070
 
 # bundles
-%global bundled_lib_dir    bundled
 # azure
 %global oauthlib		oauthlib
 %global oauthlib_version	3.2.2
@@ -60,7 +59,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.10.0
-Release: 52%{?alphatag:.%{alphatag}}%{?dist}
+Release: 53%{?alphatag:.%{alphatag}}%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: https://github.com/ClusterLabs/fence-agents
 Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz
@@ -436,6 +435,11 @@ pushd support
 popd
 %endif
 
+# kubevirt
+%{__python3} -m pip install --user --no-index --find-links %{_sourcedir} setuptools-scm
+%{__python3} -m pip install --target support/kubevirt --no-index --find-links %{_sourcedir} openshift
+rm -rf kubevirt/rsa*
+
 ./autogen.sh
 %{configure} --disable-libvirt-qmf-plugin PYTHONPATH="support/aliyun:support/aws:support/azure:support/google:support/common" \
 %if %{defined _tmpfilesdir}
@@ -465,11 +469,6 @@ install -m 0644 agents/virt/fence_virtd.service %{buildroot}/%{_unitdir}/
 %endif
 # XXX unsure if /usr/sbin/fence_* should be compiled as well
 
-# kubevirt
-%{__python3} -m pip install --user --no-index --find-links %{_sourcedir} setuptools-scm
-%{__python3} -m pip install --target %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt --no-index --find-links %{_sourcedir} openshift
-rm -rf %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt/rsa*
-
 ## tree fix up
 # fix libfence permissions
 chmod 0755 %{buildroot}%{_datadir}/fence/*.py
@@ -638,6 +637,7 @@ Support libraries for Fence Agents.
 %dir %{_usr}/lib/%{name}
 %{_usr}/lib/%{name}/support
 %exclude %{_usr}/lib/%{name}/support/common
+%exclude %{_usr}/lib/%{name}/support/kubevirt
 %endif
 
 %package all
@@ -1173,7 +1173,7 @@ Fence agent for KubeVirt platform.
 %{_sbindir}/fence_kubevirt
 %{_mandir}/man8/fence_kubevirt.8*
 # bundled libraries
-/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt
+%{_usr}/lib/%{name}/support/kubevirt
 
 %package lpar
 License: GPLv2+ and LGPLv2+
@@ -1472,7 +1472,7 @@ are located on corosync cluster nodes.
 %endif
 
 %changelog
-* Thu Jul 20 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-52
+* Thu Jul 20 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-53
 - bundled dateutil: fix tarfile CVE-2007-4559
   Resolves: rhbz#2217902
 - fence_ipmilan: fix typos in metadata
diff --git a/rpminspect.yaml b/rpminspect.yaml
index 3c50291..a86a6b6 100644
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@@ -1,5 +1,20 @@
 ---
+xml:
+    # Do not try to XML-validate this DTD file
+    ignore:
+        - /usr/share/cluster/relaxng/fence2wiki.xsl
+        # bundled
+        - /usr/lib/fence-agents/support/awscli/docutils/writers/pep_html/template.txt
+        - /usr/lib/fence-agents/support/google/setuptools/command/launcher manifest.xml
+        - /usr/lib/fence-agents/support/kubevirt/setuptools/command/launcher manifest.xml
+
 files:
     # These paths are explicitly used in this package
     ignore:
         - /usr/lib/fence-agents
+
+badfuncs:
+    # bundled libs
+    ignore:
+        - /usr/lib/fence-agents/support/awscli/cryptography/hazmat/bindings/_openssl.abi3.so
+        - /usr/lib/fence-agents/support/azure/cryptography/hazmat/bindings/_openssl.abi3.so