Compare commits
4 Commits
a8-elevate
...
c8
Author | SHA1 | Date |
---|---|---|
Andrew Lukoshko | 7f3492f658 | |
CentOS Sources | 7418c7fbb3 | |
CentOS Sources | 205e8ee942 | |
CentOS Sources | 091a7af850 |
|
@ -1,2 +1,2 @@
|
|||
SOURCES/deps-pkgs-6.tar.gz
|
||||
SOURCES/leapp-repository-0.16.0.tar.gz
|
||||
SOURCES/deps-pkgs-9.tar.gz
|
||||
SOURCES/leapp-repository-0.19.0.tar.gz
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
a5100971d63814c213c5245181891329578baf8d SOURCES/deps-pkgs-6.tar.gz
|
||||
2bcc851f1344107581096a6b564375c440a4df4a SOURCES/leapp-repository-0.16.0.tar.gz
|
||||
02499ccd70d4a8e6ce9ad29bd286a317d5e0b57b SOURCES/deps-pkgs-9.tar.gz
|
||||
79402ad1aa427e43bdce143f4c0641dda383eb5d SOURCES/leapp-repository-0.19.0.tar.gz
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
From b6e409e1055b5d8b7f27e5df9eae096eb592a9c7 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Stodulka <pstodulk@redhat.com>
|
||||
Date: Fri, 27 Oct 2023 13:34:38 +0200
|
||||
Subject: [PATCH] RHSM: Adjust the switch to container mode for new RHSM
|
||||
|
||||
RHSM in RHEL 8.9+ & RHEL 9.3+ requires newly for the switch to the
|
||||
container mode existence and content under /etc/pki/entitlement-host,
|
||||
which in our case should by symlink to /etc/pki/entitlement.
|
||||
|
||||
So currently we need for the correct switch 2 symlinks:
|
||||
* /etc/pki/rhsm-host -> /etc/pki/rhsm
|
||||
* /etc/pki/entitlement-host -> /etc/pki/entitlement
|
||||
|
||||
Technically we need that only for RHEL 8.9+ but discussing it with
|
||||
RHSM SST, we can do this change unconditionally for any RHEL system
|
||||
as older versions of RHSM do not check /etc/pki/entitlement-host.
|
||||
|
||||
jira: RHEL-14839
|
||||
---
|
||||
repos/system_upgrade/common/libraries/rhsm.py | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/repos/system_upgrade/common/libraries/rhsm.py b/repos/system_upgrade/common/libraries/rhsm.py
|
||||
index 4a5b0eb0..18842021 100644
|
||||
--- a/repos/system_upgrade/common/libraries/rhsm.py
|
||||
+++ b/repos/system_upgrade/common/libraries/rhsm.py
|
||||
@@ -334,6 +334,7 @@ def set_container_mode(context):
|
||||
return
|
||||
try:
|
||||
context.call(['ln', '-s', '/etc/rhsm', '/etc/rhsm-host'])
|
||||
+ context.call(['ln', '-s', '/etc/pki/entitlement', '/etc/pki/entitlement-host'])
|
||||
except CalledProcessError:
|
||||
raise StopActorExecutionError(
|
||||
message='Cannot set the container mode for the subscription-manager.')
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -1,70 +0,0 @@
|
|||
From b4fc2e0ae62e68dd246ed2eedda0df2a3ba90633 Mon Sep 17 00:00:00 2001
|
||||
From: Vinzenz Feenstra <vfeenstr@redhat.com>
|
||||
Date: Fri, 1 Apr 2022 15:13:51 +0200
|
||||
Subject: [PATCH] pcidevicesscanner: Also match deprecation data against kernel
|
||||
modules
|
||||
|
||||
Previously when the deprecation data got introduced the kernel drivers
|
||||
reported to be used by lspci have not been checked.
|
||||
This patch fixes this regression.
|
||||
|
||||
Signed-off-by: Vinzenz Feenstra <vfeenstr@redhat.com>
|
||||
---
|
||||
.../libraries/pcidevicesscanner.py | 29 ++++++++++++++++++-
|
||||
1 file changed, 28 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
|
||||
index 146f1a33..0f02bd02 100644
|
||||
--- a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
|
||||
+++ b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
|
||||
@@ -1,7 +1,13 @@
|
||||
import re
|
||||
|
||||
from leapp.libraries.stdlib import api, run
|
||||
-from leapp.models import DetectedDeviceOrDriver, DeviceDriverDeprecationData, PCIDevice, PCIDevices
|
||||
+from leapp.models import (
|
||||
+ ActiveKernelModulesFacts,
|
||||
+ DetectedDeviceOrDriver,
|
||||
+ DeviceDriverDeprecationData,
|
||||
+ PCIDevice,
|
||||
+ PCIDevices
|
||||
+)
|
||||
|
||||
# Regex to capture Vendor, Device and SVendor and SDevice values
|
||||
PCI_ID_REG = re.compile(r"(?<=Vendor:\t|Device:\t)\w+")
|
||||
@@ -82,6 +88,26 @@ def produce_detected_devices(devices):
|
||||
])
|
||||
|
||||
|
||||
+def produce_detected_drivers(devices):
|
||||
+ active_modules = {
|
||||
+ module.file_name
|
||||
+ for message in api.consume(ActiveKernelModulesFacts) for module in message.kernel_modules
|
||||
+ }
|
||||
+
|
||||
+ # Create a lookup by driver_name and filter out the kernel that are active
|
||||
+ entry_lookup = {
|
||||
+ entry.driver_name: entry
|
||||
+ for message in api.consume(DeviceDriverDeprecationData) for entry in message.entries
|
||||
+ if entry.driver_name and entry.driver_name not in active_modules
|
||||
+ }
|
||||
+
|
||||
+ drivers = {device.driver for device in devices if device.driver in entry_lookup}
|
||||
+ api.produce(*[
|
||||
+ DetectedDeviceOrDriver(**entry_lookup[driver].dump())
|
||||
+ for driver in drivers
|
||||
+ ])
|
||||
+
|
||||
+
|
||||
def produce_pci_devices(producer, devices):
|
||||
""" Produce a Leapp message with all PCI devices """
|
||||
producer(PCIDevices(devices=devices))
|
||||
@@ -93,4 +119,5 @@ def scan_pci_devices(producer):
|
||||
pci_numeric = run(['lspci', '-vmmkn'], checked=False)['stdout']
|
||||
devices = parse_pci_devices(pci_textual, pci_numeric)
|
||||
produce_detected_devices(devices)
|
||||
+ produce_detected_drivers(devices)
|
||||
produce_pci_devices(producer, devices)
|
||||
--
|
||||
2.35.1
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
From d1f28cbd143f2dce85f7f175308437954847aba8 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Stodulka <pstodulk@redhat.com>
|
||||
Date: Thu, 2 Nov 2023 14:20:11 +0100
|
||||
Subject: [PATCH] Do not create dangling symlinks for containerized RHSM
|
||||
|
||||
When setting RHSM into the container mode, we are creating symlinks
|
||||
to /etc/rhsm and /etc/pki/entitlement directories. However, this
|
||||
creates dangling symlinks if RHSM is not installed or user manually
|
||||
removes one of these dirs.
|
||||
|
||||
If any of these directories is missing, skip other actions and
|
||||
log the warning. Usually it means that RHSM is not actually used
|
||||
or installed at all, so in these cases we can do the skip. The
|
||||
only corner case when system could use RHSM without
|
||||
/etc/pki/entitlement is when RHSM is configured to put these
|
||||
certificate on a different path, and we do not support nor cover
|
||||
such a scenario as we are not scanning the RHSM configuration at
|
||||
all.
|
||||
|
||||
This also solves the problems on systems that does not have RHSM
|
||||
available at all.
|
||||
---
|
||||
repos/system_upgrade/common/libraries/rhsm.py | 16 ++++++++++++++++
|
||||
1 file changed, 16 insertions(+)
|
||||
|
||||
diff --git a/repos/system_upgrade/common/libraries/rhsm.py b/repos/system_upgrade/common/libraries/rhsm.py
|
||||
index 18842021..eb388829 100644
|
||||
--- a/repos/system_upgrade/common/libraries/rhsm.py
|
||||
+++ b/repos/system_upgrade/common/libraries/rhsm.py
|
||||
@@ -325,6 +325,11 @@ def set_container_mode(context):
|
||||
could be affected and the generated repo file in the container could be
|
||||
affected as well (e.g. when the release is set, using rhsm, on the host).
|
||||
|
||||
+ We want to put RHSM into the container mode always when /etc/rhsm and
|
||||
+ /etc/pki/entitlement directories exists, even when leapp is executed with
|
||||
+ --no-rhsm option. If any of these directories are missing, skip other
|
||||
+ actions - most likely RHSM is not installed in such a case.
|
||||
+
|
||||
:param context: An instance of a mounting.IsolatedActions class
|
||||
:type context: mounting.IsolatedActions class
|
||||
"""
|
||||
@@ -332,6 +337,17 @@ def set_container_mode(context):
|
||||
api.current_logger().error('Trying to set RHSM into the container mode'
|
||||
'on host. Skipping the action.')
|
||||
return
|
||||
+ # TODO(pstodulk): check "rhsm identity" whether system is registered
|
||||
+ # and the container mode should be required
|
||||
+ if (not os.path.exists(context.full_path('/etc/rhsm'))
|
||||
+ or not os.path.exists(context.full_path('/etc/pki/entitlement'))):
|
||||
+ api.current_logger().warning(
|
||||
+ 'Cannot set the container mode for the subscription-manager as'
|
||||
+ ' one of required directories is missing. Most likely RHSM is not'
|
||||
+ ' installed. Skipping other actions.'
|
||||
+ )
|
||||
+ return
|
||||
+
|
||||
try:
|
||||
context.call(['ln', '-s', '/etc/rhsm', '/etc/rhsm-host'])
|
||||
context.call(['ln', '-s', '/etc/pki/entitlement', '/etc/pki/entitlement-host'])
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -1,44 +0,0 @@
|
|||
From 53ceded213ae17ca5d27268bc496e736dfea7e64 Mon Sep 17 00:00:00 2001
|
||||
From: Vinzenz Feenstra <vfeenstr@redhat.com>
|
||||
Date: Thu, 14 Apr 2022 14:50:07 +0200
|
||||
Subject: [PATCH 2/3] pciscanner: Fix 2 issues in regards to pci address
|
||||
handling
|
||||
|
||||
In a previous patch, the introduction of the new handling of deprecation
|
||||
data, 2 problems slipped through.
|
||||
|
||||
1. The regex replacement for pci ids errornous adds an empty space
|
||||
instead of empty string
|
||||
2. Drivers should be matched on lspci output against the driver
|
||||
deprecation data only if the pci_id is empty
|
||||
|
||||
Signed-off-by: Vinzenz Feenstra <vfeenstr@redhat.com>
|
||||
---
|
||||
.../actors/pcidevicesscanner/libraries/pcidevicesscanner.py | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
|
||||
index 0f02bd02..eb063abb 100644
|
||||
--- a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
|
||||
+++ b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
|
||||
@@ -78,7 +78,7 @@ def parse_pci_devices(pci_textual, pci_numeric):
|
||||
def produce_detected_devices(devices):
|
||||
prefix_re = re.compile('0x')
|
||||
entry_lookup = {
|
||||
- prefix_re.sub(' ', entry.device_id): entry
|
||||
+ prefix_re.sub('', entry.device_id): entry
|
||||
for message in api.consume(DeviceDriverDeprecationData) for entry in message.entries
|
||||
}
|
||||
api.produce(*[
|
||||
@@ -98,7 +98,7 @@ def produce_detected_drivers(devices):
|
||||
entry_lookup = {
|
||||
entry.driver_name: entry
|
||||
for message in api.consume(DeviceDriverDeprecationData) for entry in message.entries
|
||||
- if entry.driver_name and entry.driver_name not in active_modules
|
||||
+ if not entry.device_id and entry.driver_name and entry.driver_name not in active_modules
|
||||
}
|
||||
|
||||
drivers = {device.driver for device in devices if device.driver in entry_lookup}
|
||||
--
|
||||
2.35.1
|
||||
|
|
@ -1,78 +0,0 @@
|
|||
From a1fdabea9c00a96ffc1504577f12733e1c1830ee Mon Sep 17 00:00:00 2001
|
||||
From: Evgeni Golov <evgeni@golov.de>
|
||||
Date: Thu, 7 Apr 2022 14:56:18 +0200
|
||||
Subject: [PATCH 3/3] Ensure the right repositories are enabled on Satellite
|
||||
Capsules
|
||||
|
||||
---
|
||||
.../actors/satellite_upgrade_facts/actor.py | 6 +++-
|
||||
.../unit_test_satellite_upgrade_facts.py | 34 ++++++++++++++++++-
|
||||
2 files changed, 38 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py
|
||||
index eb87cd68..fb83107e 100644
|
||||
--- a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py
|
||||
+++ b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py
|
||||
@@ -129,6 +129,10 @@ class SatelliteUpgradeFacts(Actor):
|
||||
modules_to_enable=modules_to_enable
|
||||
)
|
||||
)
|
||||
- repositories_to_enable = ['ansible-2.9-for-rhel-8-x86_64-rpms', 'satellite-6.11-for-rhel-8-x86_64-rpms',
|
||||
+ repositories_to_enable = ['ansible-2.9-for-rhel-8-x86_64-rpms',
|
||||
'satellite-maintenance-6.11-for-rhel-8-x86_64-rpms']
|
||||
+ if has_package(InstalledRPM, 'foreman'):
|
||||
+ repositories_to_enable.append('satellite-6.11-for-rhel-8-x86_64-rpms')
|
||||
+ else:
|
||||
+ repositories_to_enable.append('satellite-capsule-6.11-for-rhel-8-x86_64-rpms')
|
||||
self.produce(RepositoriesSetupTasks(to_enable=repositories_to_enable))
|
||||
diff --git a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
|
||||
index 5c8e79ff..e77b7b58 100644
|
||||
--- a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
|
||||
+++ b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
|
||||
@@ -1,6 +1,14 @@
|
||||
import os
|
||||
|
||||
-from leapp.models import DNFWorkaround, InstalledRPM, Module, RPM, RpmTransactionTasks, SatelliteFacts
|
||||
+from leapp.models import (
|
||||
+ DNFWorkaround,
|
||||
+ InstalledRPM,
|
||||
+ Module,
|
||||
+ RepositoriesSetupTasks,
|
||||
+ RPM,
|
||||
+ RpmTransactionTasks,
|
||||
+ SatelliteFacts
|
||||
+)
|
||||
from leapp.snactor.fixture import current_actor_context
|
||||
|
||||
RH_PACKAGER = 'Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>'
|
||||
@@ -87,3 +95,27 @@ def test_detects_remote_postgresql(current_actor_context):
|
||||
assert not satellitemsg.postgresql.local_postgresql
|
||||
|
||||
assert not current_actor_context.consume(DNFWorkaround)
|
||||
+
|
||||
+
|
||||
+def test_enables_right_repositories_on_satellite(current_actor_context):
|
||||
+ current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM]))
|
||||
+ current_actor_context.run()
|
||||
+
|
||||
+ rpmmessage = current_actor_context.consume(RepositoriesSetupTasks)[0]
|
||||
+
|
||||
+ assert 'ansible-2.9-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
|
||||
+ assert 'satellite-maintenance-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
|
||||
+ assert 'satellite-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
|
||||
+ assert 'satellite-capsule-6.11-for-rhel-8-x86_64-rpms' not in rpmmessage.to_enable
|
||||
+
|
||||
+
|
||||
+def test_enables_right_repositories_on_capsule(current_actor_context):
|
||||
+ current_actor_context.feed(InstalledRPM(items=[FOREMAN_PROXY_RPM]))
|
||||
+ current_actor_context.run()
|
||||
+
|
||||
+ rpmmessage = current_actor_context.consume(RepositoriesSetupTasks)[0]
|
||||
+
|
||||
+ assert 'ansible-2.9-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
|
||||
+ assert 'satellite-maintenance-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
|
||||
+ assert 'satellite-6.11-for-rhel-8-x86_64-rpms' not in rpmmessage.to_enable
|
||||
+ assert 'satellite-capsule-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
|
||||
--
|
||||
2.35.1
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
From 496abd1775779054377c5e35ae96fa4d390bab42 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Stodulka <pstodulk@redhat.com>
|
||||
Date: Tue, 19 Apr 2022 21:51:03 +0200
|
||||
Subject: [PATCH] Enforce the removal of rubygem-irb (do not install it)
|
||||
|
||||
---
|
||||
etc/leapp/transaction/to_remove | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/etc/leapp/transaction/to_remove b/etc/leapp/transaction/to_remove
|
||||
index 0feb782..07c6864 100644
|
||||
--- a/etc/leapp/transaction/to_remove
|
||||
+++ b/etc/leapp/transaction/to_remove
|
||||
@@ -1,3 +1,6 @@
|
||||
### List of packages (each on new line) to be removed from the upgrade transaction
|
||||
# Removing initial-setup package to avoid it asking for EULA acceptance during upgrade - OAMG-1531
|
||||
initial-setup
|
||||
+
|
||||
+# temporary workaround for the file conflict symlink <-> dir (#2030627)
|
||||
+rubygem-irb
|
||||
--
|
||||
2.35.1
|
||||
|
|
@ -1,209 +0,0 @@
|
|||
From eeb4f99f57c67937ea562fce11fd5607470ae0a6 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Stodulka <pstodulk@redhat.com>
|
||||
Date: Fri, 22 Apr 2022 00:20:15 +0200
|
||||
Subject: [PATCH] [IPU 8 -> 9] Migrate blacklisted CAs (hotfix)
|
||||
|
||||
Preserve blacklisted certificates during the IPU 8 -> 9
|
||||
|
||||
Path for the blacklisted certificates has been changed on RHEL 9.
|
||||
The original paths on RHEL 8 and older systems have been:
|
||||
/etc/pki/ca-trust/source/blacklist/
|
||||
/usr/share/pki/ca-trust-source/blacklist/
|
||||
However on RHEL 9 the blacklist directory has been renamed to 'blocklist'.
|
||||
So the paths are:
|
||||
/etc/pki/ca-trust/source/blocklist/
|
||||
/usr/share/pki/ca-trust-source/blocklist/
|
||||
This actor moves all blacklisted certificates into the expected directories
|
||||
and fix symlinks if to point to the new dirs if they originally pointed
|
||||
to one of obsoleted dirs.
|
||||
|
||||
Covered cases:
|
||||
- covered situations with missing dirs
|
||||
- covered both mentioned blacklist directories
|
||||
- update symlinks in case they point to one of obsoleted directories
|
||||
- remove obsoleted directories when all files migrated successfully
|
||||
- execute /usr/bin/update-ca-trust in the end
|
||||
- remove original a blacklist directory in case all discovered files
|
||||
inside are migrated successfully
|
||||
- print error logs in case of any issues so the upgrade does not
|
||||
crash in case of troubles and users could deal with problems
|
||||
manually after the upgrade
|
||||
|
||||
The actor is not covered by unit-tests as it's just a hotfix. Follow
|
||||
up works are expected to extend the problem with reports during
|
||||
preupgrade phases, improve the test coverage, ....
|
||||
|
||||
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2077432
|
||||
Followup ticket: CRYPTO-7097
|
||||
---
|
||||
.../actors/migrateblacklistca/actor.py | 28 ++++++
|
||||
.../libraries/migrateblacklistca.py | 89 +++++++++++++++++++
|
||||
.../tests/unit_test_migrateblacklistca.py | 25 ++++++
|
||||
3 files changed, 142 insertions(+)
|
||||
create mode 100644 repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py
|
||||
create mode 100644 repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py
|
||||
create mode 100644 repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py
|
||||
|
||||
diff --git a/repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py
|
||||
new file mode 100644
|
||||
index 00000000..863a0063
|
||||
--- /dev/null
|
||||
+++ b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py
|
||||
@@ -0,0 +1,28 @@
|
||||
+from leapp.actors import Actor
|
||||
+from leapp.libraries.actor import migrateblacklistca
|
||||
+from leapp.tags import ApplicationsPhaseTag, IPUWorkflowTag
|
||||
+
|
||||
+
|
||||
+class MigrateBlacklistCA(Actor):
|
||||
+ """
|
||||
+ Preserve blacklisted certificates during the upgrade
|
||||
+
|
||||
+ Path for the blacklisted certificates has been changed on RHEL 9.
|
||||
+ The original paths on RHEL 8 and older systems have been:
|
||||
+ /etc/pki/ca-trust/source/blacklist/
|
||||
+ /usr/share/pki/ca-trust-source/blacklist/
|
||||
+ However on RHEL 9 the blacklist directory has been renamed to 'blocklist'.
|
||||
+ So the new paths are:
|
||||
+ /etc/pki/ca-trust/source/blocklist/
|
||||
+ /usr/share/pki/ca-trust-source/blocklist/
|
||||
+ This actor moves all blacklisted certificates into the expected directories
|
||||
+ and fix symlinks if needed.
|
||||
+ """
|
||||
+
|
||||
+ name = 'migrate_blacklist_ca'
|
||||
+ consumes = ()
|
||||
+ produces = ()
|
||||
+ tags = (ApplicationsPhaseTag, IPUWorkflowTag)
|
||||
+
|
||||
+ def process(self):
|
||||
+ migrateblacklistca.process()
|
||||
diff --git a/repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py
|
||||
new file mode 100644
|
||||
index 00000000..73c9d565
|
||||
--- /dev/null
|
||||
+++ b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py
|
||||
@@ -0,0 +1,89 @@
|
||||
+import os
|
||||
+import shutil
|
||||
+
|
||||
+from leapp.libraries.stdlib import api, CalledProcessError, run
|
||||
+
|
||||
+# dict(orig_dir: new_dir)
|
||||
+DIRS_CHANGE = {
|
||||
+ '/etc/pki/ca-trust/source/blacklist/': '/etc/pki/ca-trust/source/blocklist/',
|
||||
+ '/usr/share/pki/ca-trust-source/blacklist/': '/usr/share/pki/ca-trust-source/blocklist/'
|
||||
+}
|
||||
+
|
||||
+
|
||||
+def _link_src_path(filepath):
|
||||
+ """
|
||||
+ Return expected target path for the symlink.
|
||||
+
|
||||
+ In case the symlink points to one of dirs supposed to be migrated in this
|
||||
+ actor, we need to point to the new directory instead.
|
||||
+
|
||||
+ In case the link points anywhere else, keep the target path as it is.
|
||||
+ """
|
||||
+ realpath = os.path.realpath(filepath)
|
||||
+ for dirname in DIRS_CHANGE:
|
||||
+ if realpath.startswith(dirname):
|
||||
+ return realpath.replace(dirname, DIRS_CHANGE[dirname])
|
||||
+
|
||||
+ # it seems we can keep this path
|
||||
+ return realpath
|
||||
+
|
||||
+
|
||||
+def _migrate_file(filename, src_basedir):
|
||||
+ dst_path = filename.replace(src_basedir, DIRS_CHANGE[src_basedir])
|
||||
+ if os.path.exists(dst_path):
|
||||
+ api.current_logger().info(
|
||||
+ 'Skipping migration of the {} certificate. The target file already exists'
|
||||
+ .format(filename)
|
||||
+ )
|
||||
+ return
|
||||
+ os.makedirs(os.path.dirname(dst_path), mode=0o755, exist_ok=True)
|
||||
+ if os.path.islink(filename):
|
||||
+ # create the new symlink instead of the moving the file
|
||||
+ # as the target path could be different as well
|
||||
+ link_src_path = _link_src_path(filename)
|
||||
+ # TODO: is the broken symlink ok?
|
||||
+ os.symlink(link_src_path, dst_path)
|
||||
+ os.unlink(filename)
|
||||
+ else:
|
||||
+ # normal file, just move it
|
||||
+ shutil.move(filename, dst_path)
|
||||
+
|
||||
+
|
||||
+def _get_files(dirname):
|
||||
+ return run(['find', dirname, '-type', 'f,l'], split=True)['stdout']
|
||||
+
|
||||
+
|
||||
+def process():
|
||||
+ for dirname in DIRS_CHANGE:
|
||||
+ if not os.path.exists(dirname):
|
||||
+ # The directory does not exist; nothing to do here
|
||||
+ continue
|
||||
+ try:
|
||||
+ blacklisted_certs = _get_files(dirname)
|
||||
+ except (CalledProcessError, OSError) as e:
|
||||
+ # TODO: create post-upgrade report
|
||||
+ api.current_logger().error('Cannot get list of files in {}: {}.'.format(dirname, e))
|
||||
+ api.current_logger().error('Certificates under {} must be migrated manually.'.format(dirname))
|
||||
+ continue
|
||||
+ failed_files = []
|
||||
+ for filename in blacklisted_certs:
|
||||
+ try:
|
||||
+ _migrate_file(filename, dirname)
|
||||
+ except OSError as e:
|
||||
+ api.current_logger().error(
|
||||
+ 'Failed migration of blacklisted certificate {}: {}'
|
||||
+ .format(filename, e)
|
||||
+ )
|
||||
+ failed_files.append(filename)
|
||||
+ if not failed_files:
|
||||
+ # the failed removal is not such a big issue here
|
||||
+ # clean the dir if all files have been migrated successfully
|
||||
+ shutil.rmtree(dirname, ignore_errors=True)
|
||||
+ try:
|
||||
+ run(['/usr/bin/update-ca-trust'])
|
||||
+ except (CalledProcessError, OSError) as e:
|
||||
+ api.current_logger().error(
|
||||
+ 'Cannot update CA trust on the system.'
|
||||
+ ' It needs to be done manually after the in-place upgrade.'
|
||||
+ ' Reason: {}'.format(e)
|
||||
+ )
|
||||
diff --git a/repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py
|
||||
new file mode 100644
|
||||
index 00000000..970dcb97
|
||||
--- /dev/null
|
||||
+++ b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py
|
||||
@@ -0,0 +1,25 @@
|
||||
+import os
|
||||
+
|
||||
+from leapp.libraries.actor import migrateblacklistca
|
||||
+from leapp.libraries.common.testutils import CurrentActorMocked
|
||||
+from leapp.libraries.stdlib import api
|
||||
+
|
||||
+
|
||||
+class MockedGetFiles():
|
||||
+ def __init__(self):
|
||||
+ self.called = 0
|
||||
+
|
||||
+ def __call__(self):
|
||||
+ self.called += 1
|
||||
+ return []
|
||||
+
|
||||
+
|
||||
+def test_no_dirs_exist(monkeypatch):
|
||||
+ mocked_files = MockedGetFiles()
|
||||
+ monkeypatch.setattr(os.path, 'exists', lambda dummy: False)
|
||||
+ monkeypatch.setattr(migrateblacklistca, '_get_files', mocked_files)
|
||||
+ monkeypatch.setattr(api, 'current_actor', CurrentActorMocked())
|
||||
+ # this is bad mock, but we want to be sure that update-ca-trust is not
|
||||
+ # called on the testing machine
|
||||
+ monkeypatch.setattr(migrateblacklistca, 'run', lambda dummy: dummy)
|
||||
+ assert not mocked_files.called
|
||||
--
|
||||
2.35.1
|
||||
|
|
@ -1,108 +0,0 @@
|
|||
From 32702c7c7d1c445b9ab95e0d1bbdfdf8f06d4303 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Stodulka <pstodulk@redhat.com>
|
||||
Date: Wed, 27 Apr 2022 11:25:40 +0200
|
||||
Subject: [PATCH] Skip comment lines when parsing grub configuration file
|
||||
|
||||
Added simple unit-test for default grub info to see the valid lines
|
||||
can be parsed as expected.
|
||||
---
|
||||
.../systemfacts/libraries/systemfacts.py | 21 ++++++++-
|
||||
.../tests/test_systemfacts_grub.py | 46 +++++++++++++++++++
|
||||
2 files changed, 65 insertions(+), 2 deletions(-)
|
||||
create mode 100644 repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py
|
||||
|
||||
diff --git a/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py b/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py
|
||||
index 0de8b383..81aea6f5 100644
|
||||
--- a/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py
|
||||
+++ b/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py
|
||||
@@ -9,6 +9,7 @@ import re
|
||||
import six
|
||||
|
||||
from leapp import reporting
|
||||
+from leapp.exceptions import StopActorExecutionError
|
||||
from leapp.libraries.common import repofileutils
|
||||
from leapp.libraries.common.config import architecture
|
||||
from leapp.libraries.stdlib import api, CalledProcessError, run
|
||||
@@ -289,9 +290,25 @@ def _default_grub_info():
|
||||
])
|
||||
else:
|
||||
for line in run(['cat', default_grb_fpath], split=True)['stdout']:
|
||||
- if not line.strip():
|
||||
+ line = line.strip()
|
||||
+ if not line or line[0] == '#':
|
||||
+ # skip comments and empty lines
|
||||
continue
|
||||
- name, value = tuple(map(type(line).strip, line.split('=', 1)))
|
||||
+ try:
|
||||
+ name, value = tuple(map(type(line).strip, line.split('=', 1)))
|
||||
+ except ValueError as e:
|
||||
+ # we do not want to really continue when we cannot parse this file
|
||||
+ # TODO(pstodulk): rewrite this in the form we produce inhibitor
|
||||
+ # with problematic lines. This is improvement just in comparison
|
||||
+ # to the original hard crash.
|
||||
+ raise StopActorExecutionError(
|
||||
+ 'Failed parsing of {}'.format(default_grb_fpath),
|
||||
+ details={
|
||||
+ 'error': str(e),
|
||||
+ 'problematic line': str(line)
|
||||
+ }
|
||||
+ )
|
||||
+
|
||||
yield DefaultGrub(
|
||||
name=name,
|
||||
value=value
|
||||
diff --git a/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py b/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py
|
||||
new file mode 100644
|
||||
index 00000000..08552771
|
||||
--- /dev/null
|
||||
+++ b/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py
|
||||
@@ -0,0 +1,46 @@
|
||||
+import os
|
||||
+
|
||||
+from leapp.libraries.actor import systemfacts
|
||||
+from leapp.models import DefaultGrub
|
||||
+
|
||||
+
|
||||
+class RunMocked(object):
|
||||
+ def __init__(self, cmd_result):
|
||||
+ self.called = 0
|
||||
+ self.cmd_result = cmd_result
|
||||
+ self.split = False
|
||||
+ self.cmd = None
|
||||
+
|
||||
+ def __call__(self, cmd, split=False):
|
||||
+ self.cmd = cmd
|
||||
+ self.split = split
|
||||
+ self.called += 1
|
||||
+ return self.cmd_result
|
||||
+
|
||||
+
|
||||
+def test_default_grub_info_valid(monkeypatch):
|
||||
+ mocked_run = RunMocked({
|
||||
+ 'stdout': [
|
||||
+ 'line="whatever else here"',
|
||||
+ 'newline="whatever"',
|
||||
+ '# comment here',
|
||||
+ 'why_not=value',
|
||||
+ ' # whitespaces around comment ',
|
||||
+ ' ',
|
||||
+ ' last=last really'
|
||||
+ ],
|
||||
+ })
|
||||
+ expected_result = [
|
||||
+ DefaultGrub(name='line', value='"whatever else here"'),
|
||||
+ DefaultGrub(name='newline', value='"whatever"'),
|
||||
+ DefaultGrub(name='why_not', value='value'),
|
||||
+ DefaultGrub(name='last', value='last really'),
|
||||
+ ]
|
||||
+ monkeypatch.setattr(systemfacts, 'run', mocked_run)
|
||||
+ monkeypatch.setattr(os.path, 'isfile', lambda dummy: True)
|
||||
+ for msg in systemfacts._default_grub_info():
|
||||
+ expected_msg = expected_result.pop(0)
|
||||
+ assert msg.name == expected_msg.name
|
||||
+ assert msg.value == expected_msg.value
|
||||
+ assert mocked_run.called
|
||||
+ assert not expected_result
|
||||
--
|
||||
2.35.1
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
%global repositorydir %{leapp_datadir}/repositories
|
||||
%global custom_repositorydir %{leapp_datadir}/custom-repositories
|
||||
|
||||
%define leapp_repo_deps 6
|
||||
%define leapp_repo_deps 9
|
||||
|
||||
%if 0%{?rhel} == 7
|
||||
%define leapp_python_sitelib %{python2_sitelib}
|
||||
|
@ -41,24 +41,23 @@ py2_byte_compile "%1" "%2"}
|
|||
# RHEL 8+ packages to be consistent with other leapp projects in future.
|
||||
|
||||
Name: leapp-repository
|
||||
Version: 0.16.0
|
||||
Release: 6%{?dist}
|
||||
Version: 0.19.0
|
||||
Release: 4%{?dist}
|
||||
Summary: Repositories for leapp
|
||||
|
||||
License: ASL 2.0
|
||||
URL: https://oamg.github.io/leapp/
|
||||
Source0: https://github.com/oamg/leapp-repository/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
||||
Source1: deps-pkgs-6.tar.gz
|
||||
Source0: https://github.com/oamg/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
||||
Source1: deps-pkgs-9.tar.gz
|
||||
|
||||
# NOTE: Our packages must be noarch. Do no drop this in any way.
|
||||
BuildArch: noarch
|
||||
|
||||
### PATCHES HERE
|
||||
# Patch0001: filename.patch
|
||||
Patch0001: 0001-pcidevicesscanner-Also-match-deprecation-data-agains.patch1
|
||||
Patch0002: 0002-pciscanner-Fix-2-issues-in-regards-to-pci-address-ha.patch
|
||||
Patch0003: 0003-Ensure-the-right-repositories-are-enabled-on-Satelli.patch
|
||||
Patch0004: 0004-Enforce-the-removal-of-rubygem-irb-do-not-install-it.patch
|
||||
Patch0005: 0005-IPU-8-9-Migrate-blacklisted-CAs-hotfix.patch
|
||||
Patch0006: 0006-Skip-comment-lines-when-parsing-grub-configuration-f.patch
|
||||
Patch0001: 0001-RHSM-Adjust-the-switch-to-container-mode-for-new-RHS.patch
|
||||
Patch0002: 0002-Do-not-create-dangling-symlinks-for-containerized-RH.patch
|
||||
|
||||
|
||||
%description
|
||||
%{summary}
|
||||
|
@ -77,7 +76,7 @@ Requires: python2-leapp
|
|||
Obsoletes: leapp-repository-data <= 0.6.1
|
||||
Provides: leapp-repository-data <= 0.6.1
|
||||
|
||||
# Former leapp subpackage that is part of the sos package since HEL 7.8
|
||||
# Former leapp subpackage that is part of the sos package since RHEL 7.8
|
||||
Obsoletes: leapp-repository-sos-plugin <= 0.10.0
|
||||
|
||||
# Set the conflict to be sure this RPM is not upgraded automatically to
|
||||
|
@ -97,18 +96,22 @@ Conflicts: leapp-upgrade-el7toel8
|
|||
|
||||
%endif
|
||||
|
||||
# IMPORTANT: everytime the requirements are changed, increment number by one
|
||||
# IMPORTANT: every time the requirements are changed, increment number by one
|
||||
# - same for Provides in deps subpackage
|
||||
Requires: leapp-repository-dependencies = %{leapp_repo_deps}
|
||||
|
||||
# IMPORTANT: this is capability provided by the leapp framework rpm.
|
||||
# Check that 'version' instead of the real framework rpm version.
|
||||
Requires: leapp-framework >= 2.2
|
||||
Requires: leapp-framework >= 5.0
|
||||
|
||||
# Since we provide sub-commands for the leapp utility, we expect the leapp
|
||||
# tool to be installed as well.
|
||||
Requires: leapp
|
||||
|
||||
# Used to determine RHEL version of a given target RHEL installation image -
|
||||
# uncompressing redhat-release package from the ISO.
|
||||
Requires: cpio
|
||||
|
||||
# The leapp-repository rpm is renamed to %%{lpr_name}
|
||||
Obsoletes: leapp-repository < 0.14.0-5
|
||||
Provides: leapp-repository = %{version}-%{release}
|
||||
|
@ -117,13 +120,21 @@ Provides: leapp-repository = %{version}-%{release}
|
|||
# to install "leapp-upgrade" in the official docs.
|
||||
Provides: leapp-upgrade = %{version}-%{release}
|
||||
|
||||
# Provide leapp-commands so the framework could refer to them when customers
|
||||
# do not have installed particular leapp-repositories
|
||||
Provides: leapp-command(answer)
|
||||
Provides: leapp-command(preupgrade)
|
||||
Provides: leapp-command(upgrade)
|
||||
Provides: leapp-command(rerun)
|
||||
Provides: leapp-command(list-runs)
|
||||
|
||||
|
||||
%description -n %{lpr_name}
|
||||
Leapp repositories for the in-place upgrade to the next major version
|
||||
of the Red Hat Enterprise Linux system.
|
||||
|
||||
|
||||
# This metapackage should contain all RPM dependencies exluding deps on *leapp*
|
||||
# This metapackage should contain all RPM dependencies excluding deps on *leapp*
|
||||
# RPMs. This metapackage will be automatically replaced during the upgrade
|
||||
# to satisfy dependencies with RPMs from target system.
|
||||
%package -n %{lpr_name}-deps
|
||||
|
@ -132,7 +143,7 @@ Summary: Meta-package with system dependencies of %{lpr_name} package
|
|||
# The package has been renamed, so let's obsoletes the old one
|
||||
Obsoletes: leapp-repository-deps < 0.14.0-5
|
||||
|
||||
# IMPORTANT: everytime the requirements are changed, increment number by one
|
||||
# IMPORTANT: every time the requirements are changed, increment number by one
|
||||
# - same for Requires in main package
|
||||
Provides: leapp-repository-dependencies = %{leapp_repo_deps}
|
||||
##################################################
|
||||
|
@ -160,6 +171,18 @@ Requires: python3-requests
|
|||
Requires: python3-six
|
||||
# required by SELinux actors
|
||||
Requires: policycoreutils-python-utils
|
||||
# required by systemfacts, and several other actors
|
||||
Requires: procps-ng
|
||||
Requires: kmod
|
||||
# since RHEL 8+ dracut does not have to be present on the system all the time
|
||||
# and missing dracut could be killing situation for us :)
|
||||
Requires: dracut
|
||||
|
||||
# Required to scan NetworkManagerConnection (e.g. to recognize secrets)
|
||||
# NM is requested to be used on RHEL 8+ systems
|
||||
Requires: NetworkManager-libnm
|
||||
Requires: python3-gobject-base
|
||||
|
||||
%endif
|
||||
##################################################
|
||||
# end requirement
|
||||
|
@ -178,18 +201,13 @@ Requires: policycoreutils-python-utils
|
|||
# %%patch0001 -p1
|
||||
%patch0001 -p1
|
||||
%patch0002 -p1
|
||||
%patch0003 -p1
|
||||
%patch0004 -p1
|
||||
%patch0005 -p1
|
||||
%patch0006 -p1
|
||||
|
||||
# enforce removal of packages below during the upgrade
|
||||
|
||||
%build
|
||||
%if 0%{?rhel} == 7
|
||||
cp -a leapp*deps-el8*rpm repos/system_upgrade/el7toel8/files/bundled-rpms/
|
||||
cp -a leapp*deps*el8.noarch.rpm repos/system_upgrade/el7toel8/files/bundled-rpms/
|
||||
%else
|
||||
cp -a leapp*deps-el9*rpm repos/system_upgrade/el8toel9/files/bundled-rpms/
|
||||
cp -a leapp*deps*el9.noarch.rpm repos/system_upgrade/el8toel9/files/bundled-rpms/
|
||||
%endif
|
||||
|
||||
|
||||
|
@ -201,6 +219,7 @@ install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/repos.d/
|
|||
install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/transaction/
|
||||
install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/files/
|
||||
install -m 0644 etc/leapp/transaction/* %{buildroot}%{_sysconfdir}/leapp/transaction
|
||||
install -m 0644 etc/leapp/files/* %{buildroot}%{_sysconfdir}/leapp/files
|
||||
|
||||
# install CLI commands for the leapp utility on the expected path
|
||||
install -m 0755 -d %{buildroot}%{leapp_python_sitelib}/leapp/cli/
|
||||
|
@ -220,6 +239,7 @@ rm -rf %{buildroot}%{repositorydir}/common/actors/testactor
|
|||
find %{buildroot}%{repositorydir}/common -name "test.py" -delete
|
||||
rm -rf `find %{buildroot}%{repositorydir} -name "tests" -type d`
|
||||
find %{buildroot}%{repositorydir} -name "Makefile" -delete
|
||||
find %{buildroot} -name "*.py.orig" -delete
|
||||
|
||||
for DIRECTORY in $(find %{buildroot}%{repositorydir}/ -mindepth 1 -maxdepth 1 -type d);
|
||||
do
|
||||
|
@ -247,6 +267,7 @@ done;
|
|||
%dir %{repositorydir}
|
||||
%dir %{custom_repositorydir}
|
||||
%dir %{leapp_python_sitelib}/leapp/cli/commands
|
||||
%config %{_sysconfdir}/leapp/files/*
|
||||
%{_sysconfdir}/leapp/repos.d/*
|
||||
%{_sysconfdir}/leapp/transaction/*
|
||||
%{repositorydir}/*
|
||||
|
@ -257,6 +278,164 @@ done;
|
|||
# no files here
|
||||
|
||||
%changelog
|
||||
* Thu Nov 02 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-4
|
||||
- Fix the upgrade for systems without subscription-manager package
|
||||
- Resolves: RHEL-14901
|
||||
|
||||
* Tue Oct 31 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-3
|
||||
- Fix the upgrade when the release is locked by new subscription-manager
|
||||
- Resolves: RHEL-14901
|
||||
|
||||
* Wed Aug 23 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-1
|
||||
- Rebase to v0.19.0
|
||||
- Requires leapp-framework 5.0
|
||||
- Handle correctly the installed certificates to allow upgrades with custom repositories using HTTPs with enabled SSL verification
|
||||
- Fix failing upgrades with devtmpfs file systems specified in FSTAB
|
||||
- Do not try to update GRUB core on IBM Z systems
|
||||
- Minor improvements and fixes of various reports and error messages
|
||||
- Redesign handling of information about kernel (booted and target) to reflect changes in RHEL 9.3
|
||||
- Use new leapp CLI API which provides better report summary output
|
||||
- Resolves: rhbz#2215997, rhbz#2222861, rhbz#2232618
|
||||
|
||||
* Tue Jul 18 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-5
|
||||
- Fix the calculation of the required free space on each partitions/volume for the upgrade transactions
|
||||
- Create source overlay images with dynamic sizes to optimize disk space consumption
|
||||
- Update GRUB2 when /boot resides on multiple devices aggregated in RAID
|
||||
- Use new leapp CLI API which provides better report summary output
|
||||
- Introduce possibility to add (custom) kernel drivers to initramfs
|
||||
- Detect and report use of deprecated Xorg drivers
|
||||
- Fix the generation of the report about hybrid images
|
||||
- Inhibit the upgrade when unsupported x86-64 microarchitecture is detected
|
||||
- Minor improvements and fixes of various reports
|
||||
- Requires leapp-framework 4.0
|
||||
- Update leapp data files
|
||||
- Resolves: rhbz#2140011, rhbz#2144304, rhbz#2174095, rhbz#2215997
|
||||
|
||||
* Mon Jun 19 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-4
|
||||
- Introduce new upgrade path RHEL 8.9 -> 9.3
|
||||
- Update leapp data files to reflect new changes between systems
|
||||
- Detect and report use of deprecated Xorg drivers
|
||||
- Minor improvements of generated reports
|
||||
- Fix false positive report about invalid symlinks
|
||||
- Inhibit the upgrade when unsupported x86-64 microarchitecture is detected
|
||||
- Resolves: rhbz#2215997
|
||||
|
||||
* Mon Jun 05 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-3
|
||||
- Update the repomap.json file to address planned changes on RHUI Azure
|
||||
- Resolves: rhbz#2203800
|
||||
|
||||
* Fri May 19 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-2
|
||||
- Include leap data files in the package
|
||||
- Introduce in-place upgrades for systems with enabled FIPS mode
|
||||
- Enable the upgrade path 8.8 -> 9.2 for RHEL with SAP HANA
|
||||
- Fix the upgrade of ruby-irb package
|
||||
- Resolves: rhbz#2030627, rhbz#2097003, rhbz#2203800, rhbz#2203803
|
||||
|
||||
* Tue Feb 21 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-1
|
||||
- Rebase to v0.18.0
|
||||
- Introduce new upgrade path RHEL 8.8 -> 9.2
|
||||
- Requires cpio
|
||||
- Requires python3-gobject-base, NetworkManager-libnm
|
||||
- Bump leapp-repository-dependencies to 9
|
||||
- Add breadcrumbs results to RHSM facts
|
||||
- Add leapp RHUI packages to an allowlist to drop confusing reports
|
||||
- Added checks for RHEL SAP IPU 8.6 -> 9.0
|
||||
- Check RPM signatures during the upgrade
|
||||
- Check only mounted XFS partitions
|
||||
- Check the validity and compatitibility of used leapp data
|
||||
- Detect CIFS also when upgrading from RHEL8 to RHEL9 (PR1035)
|
||||
- Detect RoCE on IBM Z machines and check the configuration is safe for the upgrade
|
||||
- Detect a proxy configuration in YUM/DNF and adjust an error msg on issues caused by the configuration
|
||||
- Detect and report systemd symlinks that are broken before the upgrade
|
||||
- Detect the kernel-core RPM instead of kernel to prevent an error during post-upgrade phases
|
||||
- Disable the amazon-id DNF plugin on AWS during the upgrade stage to omit confusing error messages
|
||||
- Do not create new *pyc files when running leapp after the DNF upgrade transaction
|
||||
- Drop obsoleted upgrade paths
|
||||
- Enable upgrades of RHEL 8 for SAP HANA to RHEL 9 on ppc64le
|
||||
- Enable upgrades on s390x when /boot is part of rootfs
|
||||
- Extend the allow list of RHUI clients by azure-sap-apps to omit confusing report
|
||||
- Filter out PES events unrelated for the used upgrade path and handle overlapping event
|
||||
(fixes upgrades with quagga installed)
|
||||
- Fix scan of ceph volumes on systems without ceph-osd or when ceph-osd container is not found
|
||||
- Fix systemd symlinks that become incorrect during the IPU
|
||||
- Fix the check of memory (RAM) limits and use human readable values in the report
|
||||
- Fix the kernel detection during initramfs creation for new kernel on RHEL 9.2+
|
||||
- Fix the upgrade of IBM Z machines configured with ZFCP
|
||||
- Fix the upgrade on Azure using RHUI for SAP Apps images
|
||||
- Ignore external accounts in /etc/passwd
|
||||
- Improve remediation instructions for packages in unknown repositories
|
||||
- Improve the error message to guide users when discovered more space is needed
|
||||
- Improve the handling of blocklisted certificates
|
||||
- Inhibit the upgrade when entries in /etc/fstab cause overshadowing during the upgrade
|
||||
- Introduced an option to use an ISO file as a target RHEL version content source
|
||||
- Introduced possibility to specify what systemd services should be enabled/disabled on the upgraded system
|
||||
- Introduced the --nogpgcheck option to skip checking of RPM signatures
|
||||
- Map the target repositories also based on the installed content
|
||||
- Prevent re-run of leapp in the upgrade initramfs in case of previous failure
|
||||
- Prevent the upgrade with RHSM when Baseos and Appstream target repositories are not discovered
|
||||
- Provide common information about systemd services
|
||||
- RHUI(Azure) Handle correctly various SAP images
|
||||
- Register subscribed systems automatically to Red Hat Insights unless --no-insights-register is used
|
||||
- Remove obsoleted GPG keys provided by RH after the upgrade to prevent errors
|
||||
- Rework the network configuration handling and parse the configuration data properly
|
||||
- Set the system release lock after the upgrade also for premium channels
|
||||
- Small improvements in various reports
|
||||
- Resolves: rhbz#2088492, rhbz#2111691, rhbz#2127920, rhbz#2129716,rhbz#2139907, rhbz#2139907, rhbz#2141393, rhbz#2143372, rhbz#2155661
|
||||
|
||||
* Wed Sep 07 2022 Petr Stodulka <pstodulk@redhat.com> - 0.17.0-3
|
||||
- Adding back instruction to not install rubygem-irb during the in-place upgrade
|
||||
to prevent conflict between files
|
||||
- Resolves: rhbz#2090995
|
||||
|
||||
* Wed Sep 07 2022 Petr Stodulka <pstodulk@redhat.com> - 0.17.0-2
|
||||
- Update VDO checks to enable user to decide the system state on check failures
|
||||
and undetermined block devices
|
||||
- The VDO dialog and related VDO reports have been properly updated
|
||||
- Resolves: rhbz#2096159
|
||||
|
||||
* Wed Aug 24 2022 Petr Stodulka <pstodulk@redhat.com> - 0.17.0-1
|
||||
- Rebase to v0.17.0
|
||||
- Support upgrade path RHEL 8.7 -> 9.0 and RHEL SAP 8.6 -> 9.0
|
||||
- Provide and require leapp-repository-dependencies 7
|
||||
- Provide `leapp-command(<CMD>)` for each CLI command provided by leapp-repository
|
||||
- Require dracut, kmod, procps-ng on RHEL 8+
|
||||
- Require leapp-framework >= 3.1
|
||||
- Add actors covering removal of NIS components on RHEL 9
|
||||
- Add checks for obsolete .NET versions
|
||||
- Allow specifying the report schema v1.2.0
|
||||
- Check and handle upgrades with custom crypto policies
|
||||
- Check and migrate OpenSSH configuration
|
||||
- Check and migrate multipath configuration
|
||||
- Check minimum memory requirements
|
||||
- Do not create the upgrade bootloader entry when the dnf dry-run actor stops the upgrade
|
||||
- Enable Base and SAP in-place upgrades on Azure
|
||||
- Enable in-place upgrade in case LUKS volumes are Ceph OSDs
|
||||
- Enable in-place upgrades in Azure RHEL 8 base images using RHUI
|
||||
- Enable in-place upgrades on IBM z16 machines
|
||||
- Enable the CRB repository for the upgrade only if enabled on the source system
|
||||
- Fix cloud provider detection on AWS
|
||||
- Fix detection of the latest kernel
|
||||
- Fix issues caused by leapp artifacts from previous in-place upgrades
|
||||
- Fix issues with false positive switch to emergency console during the upgrade
|
||||
- Fix swap page size on aarch64
|
||||
- Fix the VDO scanner to skip partitions unrelated to VDO and adjust error messages
|
||||
- Fix the false positive NFS storage detection on NFS servers and improve the report msg
|
||||
- Fix the issues on systems with the LANGUAGE environment variable
|
||||
- Fix the root directory scan to deal with non-utf8 filenames
|
||||
- Handle upgrades of SAP systems on AWS
|
||||
- Inform about necessary migrations related to bacula-director when installed on the system
|
||||
- Inhibit the upgrade when /var/lib/leapp being mounted in a non-persistent fashion to prevent failures
|
||||
- Inhibit the upgrade when /var/lib/leapp mounted with the noexec option to prevent failures
|
||||
- Inhibit upgrade when NVIDIA driver is detected
|
||||
- Make the application of custom selinux rules more reliable and do not override changes done by RPM scriptlets
|
||||
- Migrate the OpenSSL configuration
|
||||
- PESEventScanner actor has been fully refactored
|
||||
- Report changes around SCP and SFTP
|
||||
- Skip comment lines when parsing the GRUB configuration file
|
||||
- Stop propagating the “debug” and ”enforcing=0” kernel cmdline options into the target kernel cmdline options
|
||||
- Mass refactoring to be compatible with leapp v0.15.0
|
||||
- Resolves: rhbz#2090995, rhbz#2040470, rhbz#2092005, rhbz#2093220, rhbz#2095704, rhbz#2096159, rhbz#2100108, rhbz#2100110, rhbz#2103282, rhbz#2106904, rhbz#2110627
|
||||
|
||||
* Wed Apr 27 2022 Petr Stodulka <pstodulk@redhat.com> - 0.16.0-6
|
||||
- Skip comments in /etc/default/grub during the parsing
|
||||
- Resolves: #1997076
|
||||
|
|
Loading…
Reference in New Issue