import CS leapp-repository-0.19.0-4.el8

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/deps-pkgs-6.tar.gz
-SOURCES/leapp-repository-0.16.0.tar.gz
+SOURCES/deps-pkgs-9.tar.gz
+SOURCES/leapp-repository-0.19.0.tar.gz

.leapp-repository.metadata

@@ -1,2 +1,2 @@
-a5100971d63814c213c5245181891329578baf8d SOURCES/deps-pkgs-6.tar.gz
-2bcc851f1344107581096a6b564375c440a4df4a SOURCES/leapp-repository-0.16.0.tar.gz
+02499ccd70d4a8e6ce9ad29bd286a317d5e0b57b SOURCES/deps-pkgs-9.tar.gz
+79402ad1aa427e43bdce143f4c0641dda383eb5d SOURCES/leapp-repository-0.19.0.tar.gz

SOURCES/0001-RHSM-Adjust-the-switch-to-container-mode-for-new-RHS.patch

@@ -0,0 +1,37 @@
+From b6e409e1055b5d8b7f27e5df9eae096eb592a9c7 Mon Sep 17 00:00:00 2001
+From: Petr Stodulka <pstodulk@redhat.com>
+Date: Fri, 27 Oct 2023 13:34:38 +0200
+Subject: [PATCH] RHSM: Adjust the switch to container mode for new RHSM
+
+RHSM in RHEL 8.9+ & RHEL 9.3+ requires newly for the switch to the
+container mode existence and content under /etc/pki/entitlement-host,
+which in our case should by symlink to /etc/pki/entitlement.
+
+So currently we need for the correct switch 2 symlinks:
+  * /etc/pki/rhsm-host        -> /etc/pki/rhsm
+  * /etc/pki/entitlement-host -> /etc/pki/entitlement
+
+Technically we need that only for RHEL 8.9+ but discussing it with
+RHSM SST, we can do this change unconditionally for any RHEL system
+as older versions of RHSM do not check /etc/pki/entitlement-host.
+
+jira: RHEL-14839
+---
+ repos/system_upgrade/common/libraries/rhsm.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/repos/system_upgrade/common/libraries/rhsm.py b/repos/system_upgrade/common/libraries/rhsm.py
+index 4a5b0eb0..18842021 100644
+--- a/repos/system_upgrade/common/libraries/rhsm.py
++++ b/repos/system_upgrade/common/libraries/rhsm.py
+@@ -334,6 +334,7 @@ def set_container_mode(context):
+         return
+     try:
+         context.call(['ln', '-s', '/etc/rhsm', '/etc/rhsm-host'])
++        context.call(['ln', '-s', '/etc/pki/entitlement', '/etc/pki/entitlement-host'])
+     except CalledProcessError:
+         raise StopActorExecutionError(
+                 message='Cannot set the container mode for the subscription-manager.')
+-- 
+2.41.0
+

SOURCES/0001-pcidevicesscanner-Also-match-deprecation-data-agains.patch1

@@ -1,70 +0,0 @@
-From b4fc2e0ae62e68dd246ed2eedda0df2a3ba90633 Mon Sep 17 00:00:00 2001
-From: Vinzenz Feenstra <vfeenstr@redhat.com>
-Date: Fri, 1 Apr 2022 15:13:51 +0200
-Subject: [PATCH] pcidevicesscanner: Also match deprecation data against kernel
- modules
-
-Previously when the deprecation data got introduced the kernel drivers
-reported to be used by lspci have not been checked.
-This patch fixes this regression.
-
-Signed-off-by: Vinzenz Feenstra <vfeenstr@redhat.com>
----
- .../libraries/pcidevicesscanner.py            | 29 ++++++++++++++++++-
- 1 file changed, 28 insertions(+), 1 deletion(-)
-
-diff --git a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
-index 146f1a33..0f02bd02 100644
---- a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
-+++ b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
-@@ -1,7 +1,13 @@
- import re
- 
- from leapp.libraries.stdlib import api, run
--from leapp.models import DetectedDeviceOrDriver, DeviceDriverDeprecationData, PCIDevice, PCIDevices
-+from leapp.models import (
-+    ActiveKernelModulesFacts,
-+    DetectedDeviceOrDriver,
-+    DeviceDriverDeprecationData,
-+    PCIDevice,
-+    PCIDevices
-+)
- 
- # Regex to capture Vendor, Device and SVendor and SDevice values
- PCI_ID_REG = re.compile(r"(?<=Vendor:\t|Device:\t)\w+")
-@@ -82,6 +88,26 @@ def produce_detected_devices(devices):
-     ])
- 
- 
-+def produce_detected_drivers(devices):
-+    active_modules = {
-+        module.file_name
-+        for message in api.consume(ActiveKernelModulesFacts) for module in message.kernel_modules
-+    }
-+
-+    # Create a lookup by driver_name and filter out the kernel that are active
-+    entry_lookup = {
-+        entry.driver_name: entry
-+        for message in api.consume(DeviceDriverDeprecationData) for entry in message.entries
-+        if entry.driver_name and entry.driver_name not in active_modules
-+    }
-+
-+    drivers = {device.driver for device in devices if device.driver in entry_lookup}
-+    api.produce(*[
-+        DetectedDeviceOrDriver(**entry_lookup[driver].dump())
-+        for driver in drivers
-+    ])
-+
-+
- def produce_pci_devices(producer, devices):
-     """ Produce a Leapp message with all PCI devices """
-     producer(PCIDevices(devices=devices))
-@@ -93,4 +119,5 @@ def scan_pci_devices(producer):
-     pci_numeric = run(['lspci', '-vmmkn'], checked=False)['stdout']
-     devices = parse_pci_devices(pci_textual, pci_numeric)
-     produce_detected_devices(devices)
-+    produce_detected_drivers(devices)
-     produce_pci_devices(producer, devices)
--- 
-2.35.1
-

SOURCES/0002-Do-not-create-dangling-symlinks-for-containerized-RH.patch

@@ -0,0 +1,62 @@
+From d1f28cbd143f2dce85f7f175308437954847aba8 Mon Sep 17 00:00:00 2001
+From: Petr Stodulka <pstodulk@redhat.com>
+Date: Thu, 2 Nov 2023 14:20:11 +0100
+Subject: [PATCH] Do not create dangling symlinks for containerized RHSM
+
+When setting RHSM into the container mode, we are creating symlinks
+to /etc/rhsm and /etc/pki/entitlement directories. However, this
+creates dangling symlinks if RHSM is not installed or user manually
+removes one of these dirs.
+
+If any of these directories is missing, skip other actions and
+log the warning. Usually it means that RHSM is not actually used
+or installed at all, so in these cases we can do the skip. The
+only corner case when system could use RHSM without
+/etc/pki/entitlement is when RHSM is configured to put these
+certificate on a different path, and we do not support nor cover
+such a scenario as we are not scanning the RHSM configuration at
+all.
+
+This also solves the problems on systems that does not have RHSM
+available at all.
+---
+ repos/system_upgrade/common/libraries/rhsm.py | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/repos/system_upgrade/common/libraries/rhsm.py b/repos/system_upgrade/common/libraries/rhsm.py
+index 18842021..eb388829 100644
+--- a/repos/system_upgrade/common/libraries/rhsm.py
++++ b/repos/system_upgrade/common/libraries/rhsm.py
+@@ -325,6 +325,11 @@ def set_container_mode(context):
+     could be affected and the generated repo file in the container could be
+     affected as well (e.g. when the release is set, using rhsm, on the host).
+ 
++    We want to put RHSM into the container mode always when /etc/rhsm and
++    /etc/pki/entitlement directories exists, even when leapp is executed with
++    --no-rhsm option. If any of these directories are missing, skip other
++    actions - most likely RHSM is not installed in such a case.
++
+     :param context: An instance of a mounting.IsolatedActions class
+     :type context: mounting.IsolatedActions class
+     """
+@@ -332,6 +337,17 @@ def set_container_mode(context):
+         api.current_logger().error('Trying to set RHSM into the container mode'
+                                    'on host. Skipping the action.')
+         return
++    # TODO(pstodulk): check "rhsm identity" whether system is registered
++    # and the container mode should be required
++    if (not os.path.exists(context.full_path('/etc/rhsm'))
++            or not os.path.exists(context.full_path('/etc/pki/entitlement'))):
++        api.current_logger().warning(
++            'Cannot set the container mode for the subscription-manager as'
++            ' one of required directories is missing. Most likely RHSM is not'
++            ' installed. Skipping other actions.'
++        )
++        return
++
+     try:
+         context.call(['ln', '-s', '/etc/rhsm', '/etc/rhsm-host'])
+         context.call(['ln', '-s', '/etc/pki/entitlement', '/etc/pki/entitlement-host'])
+-- 
+2.41.0
+

SOURCES/0002-pciscanner-Fix-2-issues-in-regards-to-pci-address-ha.patch

@@ -1,44 +0,0 @@
-From 53ceded213ae17ca5d27268bc496e736dfea7e64 Mon Sep 17 00:00:00 2001
-From: Vinzenz Feenstra <vfeenstr@redhat.com>
-Date: Thu, 14 Apr 2022 14:50:07 +0200
-Subject: [PATCH 2/3] pciscanner: Fix 2 issues in regards to pci address
- handling
-
-In a previous patch, the introduction of the new handling of deprecation
-data, 2 problems slipped through.
-
-1. The regex replacement for pci ids errornous adds an empty space
-   instead of empty string
-2. Drivers should be matched on lspci output against the driver
-   deprecation data only if the pci_id is empty
-
-Signed-off-by: Vinzenz Feenstra <vfeenstr@redhat.com>
----
- .../actors/pcidevicesscanner/libraries/pcidevicesscanner.py   | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
-index 0f02bd02..eb063abb 100644
---- a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
-+++ b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
-@@ -78,7 +78,7 @@ def parse_pci_devices(pci_textual, pci_numeric):
- def produce_detected_devices(devices):
-     prefix_re = re.compile('0x')
-     entry_lookup = {
--        prefix_re.sub(' ', entry.device_id): entry
-+        prefix_re.sub('', entry.device_id): entry
-         for message in api.consume(DeviceDriverDeprecationData) for entry in message.entries
-     }
-     api.produce(*[
-@@ -98,7 +98,7 @@ def produce_detected_drivers(devices):
-     entry_lookup = {
-         entry.driver_name: entry
-         for message in api.consume(DeviceDriverDeprecationData) for entry in message.entries
--        if entry.driver_name and entry.driver_name not in active_modules
-+        if not entry.device_id and entry.driver_name and entry.driver_name not in active_modules
-     }
- 
-     drivers = {device.driver for device in devices if device.driver in entry_lookup}
--- 
-2.35.1
-

SOURCES/0003-Ensure-the-right-repositories-are-enabled-on-Satelli.patch

@@ -1,78 +0,0 @@
-From a1fdabea9c00a96ffc1504577f12733e1c1830ee Mon Sep 17 00:00:00 2001
-From: Evgeni Golov <evgeni@golov.de>
-Date: Thu, 7 Apr 2022 14:56:18 +0200
-Subject: [PATCH 3/3] Ensure the right repositories are enabled on Satellite
- Capsules
-
----
- .../actors/satellite_upgrade_facts/actor.py   |  6 +++-
- .../unit_test_satellite_upgrade_facts.py      | 34 ++++++++++++++++++-
- 2 files changed, 38 insertions(+), 2 deletions(-)
-
-diff --git a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py
-index eb87cd68..fb83107e 100644
---- a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py
-+++ b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py
-@@ -129,6 +129,10 @@ class SatelliteUpgradeFacts(Actor):
-             modules_to_enable=modules_to_enable
-             )
-         )
--        repositories_to_enable = ['ansible-2.9-for-rhel-8-x86_64-rpms', 'satellite-6.11-for-rhel-8-x86_64-rpms',
-+        repositories_to_enable = ['ansible-2.9-for-rhel-8-x86_64-rpms',
-                                   'satellite-maintenance-6.11-for-rhel-8-x86_64-rpms']
-+        if has_package(InstalledRPM, 'foreman'):
-+            repositories_to_enable.append('satellite-6.11-for-rhel-8-x86_64-rpms')
-+        else:
-+            repositories_to_enable.append('satellite-capsule-6.11-for-rhel-8-x86_64-rpms')
-         self.produce(RepositoriesSetupTasks(to_enable=repositories_to_enable))
-diff --git a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
-index 5c8e79ff..e77b7b58 100644
---- a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
-+++ b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
-@@ -1,6 +1,14 @@
- import os
- 
--from leapp.models import DNFWorkaround, InstalledRPM, Module, RPM, RpmTransactionTasks, SatelliteFacts
-+from leapp.models import (
-+    DNFWorkaround,
-+    InstalledRPM,
-+    Module,
-+    RepositoriesSetupTasks,
-+    RPM,
-+    RpmTransactionTasks,
-+    SatelliteFacts
-+)
- from leapp.snactor.fixture import current_actor_context
- 
- RH_PACKAGER = 'Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>'
-@@ -87,3 +95,27 @@ def test_detects_remote_postgresql(current_actor_context):
-     assert not satellitemsg.postgresql.local_postgresql
- 
-     assert not current_actor_context.consume(DNFWorkaround)
-+
-+
-+def test_enables_right_repositories_on_satellite(current_actor_context):
-+    current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM]))
-+    current_actor_context.run()
-+
-+    rpmmessage = current_actor_context.consume(RepositoriesSetupTasks)[0]
-+
-+    assert 'ansible-2.9-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
-+    assert 'satellite-maintenance-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
-+    assert 'satellite-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
-+    assert 'satellite-capsule-6.11-for-rhel-8-x86_64-rpms' not in rpmmessage.to_enable
-+
-+
-+def test_enables_right_repositories_on_capsule(current_actor_context):
-+    current_actor_context.feed(InstalledRPM(items=[FOREMAN_PROXY_RPM]))
-+    current_actor_context.run()
-+
-+    rpmmessage = current_actor_context.consume(RepositoriesSetupTasks)[0]
-+
-+    assert 'ansible-2.9-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
-+    assert 'satellite-maintenance-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
-+    assert 'satellite-6.11-for-rhel-8-x86_64-rpms' not in rpmmessage.to_enable
-+    assert 'satellite-capsule-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
--- 
-2.35.1
-

SOURCES/0004-Enforce-the-removal-of-rubygem-irb-do-not-install-it.patch

@@ -1,23 +0,0 @@
-From 496abd1775779054377c5e35ae96fa4d390bab42 Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Tue, 19 Apr 2022 21:51:03 +0200
-Subject: [PATCH] Enforce the removal of rubygem-irb (do not install it)
-
----
- etc/leapp/transaction/to_remove | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/etc/leapp/transaction/to_remove b/etc/leapp/transaction/to_remove
-index 0feb782..07c6864 100644
---- a/etc/leapp/transaction/to_remove
-+++ b/etc/leapp/transaction/to_remove
-@@ -1,3 +1,6 @@
- ### List of packages (each on new line) to be removed from the upgrade transaction
- # Removing initial-setup package to avoid it asking for EULA acceptance during upgrade - OAMG-1531
- initial-setup
-+
-+# temporary workaround for the file conflict symlink <-> dir (#2030627)
-+rubygem-irb
--- 
-2.35.1
-

SOURCES/0005-IPU-8-9-Migrate-blacklisted-CAs-hotfix.patch

@@ -1,209 +0,0 @@
-From eeb4f99f57c67937ea562fce11fd5607470ae0a6 Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Fri, 22 Apr 2022 00:20:15 +0200
-Subject: [PATCH] [IPU 8 -> 9] Migrate blacklisted CAs (hotfix)
-
-Preserve blacklisted certificates during the IPU 8 -> 9
-
-Path for the blacklisted certificates has been changed on RHEL 9.
-The original paths on RHEL 8 and older systems have been:
-    /etc/pki/ca-trust/source/blacklist/
-    /usr/share/pki/ca-trust-source/blacklist/
-However on RHEL 9 the blacklist directory has been renamed to 'blocklist'.
-So the paths are:
-    /etc/pki/ca-trust/source/blocklist/
-    /usr/share/pki/ca-trust-source/blocklist/
-This actor moves all blacklisted certificates into the expected directories
-and fix symlinks if to point to the new dirs if they originally pointed
-to one of obsoleted dirs.
-
-Covered cases:
-- covered situations with missing dirs
-- covered both mentioned blacklist directories
-- update symlinks in case they point to one of obsoleted directories
-- remove obsoleted directories when all files migrated successfully
-- execute /usr/bin/update-ca-trust in the end
-- remove original a blacklist directory in case all discovered files
-  inside are migrated successfully
-- print error logs in case of any issues so the upgrade does not
-  crash in case of troubles and users could deal with problems
-  manually after the upgrade
-
-The actor is not covered by unit-tests as it's just a hotfix. Follow
-up works are expected to extend the problem with reports during
-preupgrade phases, improve the test coverage, ....
-
-BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2077432
-Followup ticket: CRYPTO-7097
----
- .../actors/migrateblacklistca/actor.py        | 28 ++++++
- .../libraries/migrateblacklistca.py           | 89 +++++++++++++++++++
- .../tests/unit_test_migrateblacklistca.py     | 25 ++++++
- 3 files changed, 142 insertions(+)
- create mode 100644 repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py
- create mode 100644 repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py
- create mode 100644 repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py
-
-diff --git a/repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py
-new file mode 100644
-index 00000000..863a0063
---- /dev/null
-+++ b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py
-@@ -0,0 +1,28 @@
-+from leapp.actors import Actor
-+from leapp.libraries.actor import migrateblacklistca
-+from leapp.tags import ApplicationsPhaseTag, IPUWorkflowTag
-+
-+
-+class MigrateBlacklistCA(Actor):
-+    """
-+    Preserve blacklisted certificates during the upgrade
-+
-+    Path for the blacklisted certificates has been changed on RHEL 9.
-+    The original paths on RHEL 8 and older systems have been:
-+        /etc/pki/ca-trust/source/blacklist/
-+        /usr/share/pki/ca-trust-source/blacklist/
-+    However on RHEL 9 the blacklist directory has been renamed to 'blocklist'.
-+    So the new paths are:
-+        /etc/pki/ca-trust/source/blocklist/
-+        /usr/share/pki/ca-trust-source/blocklist/
-+    This actor moves all blacklisted certificates into the expected directories
-+    and fix symlinks if needed.
-+    """
-+
-+    name = 'migrate_blacklist_ca'
-+    consumes = ()
-+    produces = ()
-+    tags = (ApplicationsPhaseTag, IPUWorkflowTag)
-+
-+    def process(self):
-+        migrateblacklistca.process()
-diff --git a/repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py
-new file mode 100644
-index 00000000..73c9d565
---- /dev/null
-+++ b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py
-@@ -0,0 +1,89 @@
-+import os
-+import shutil
-+
-+from leapp.libraries.stdlib import api, CalledProcessError, run
-+
-+# dict(orig_dir: new_dir)
-+DIRS_CHANGE = {
-+    '/etc/pki/ca-trust/source/blacklist/': '/etc/pki/ca-trust/source/blocklist/',
-+    '/usr/share/pki/ca-trust-source/blacklist/': '/usr/share/pki/ca-trust-source/blocklist/'
-+}
-+
-+
-+def _link_src_path(filepath):
-+    """
-+    Return expected target path for the symlink.
-+
-+    In case the symlink points to one of dirs supposed to be migrated in this
-+    actor, we need to point to the new directory instead.
-+
-+    In case the link points anywhere else, keep the target path as it is.
-+    """
-+    realpath = os.path.realpath(filepath)
-+    for dirname in DIRS_CHANGE:
-+        if realpath.startswith(dirname):
-+            return realpath.replace(dirname, DIRS_CHANGE[dirname])
-+
-+    # it seems we can keep this path
-+    return realpath
-+
-+
-+def _migrate_file(filename, src_basedir):
-+    dst_path = filename.replace(src_basedir, DIRS_CHANGE[src_basedir])
-+    if os.path.exists(dst_path):
-+        api.current_logger().info(
-+            'Skipping migration of the {} certificate. The target file already exists'
-+            .format(filename)
-+        )
-+        return
-+    os.makedirs(os.path.dirname(dst_path), mode=0o755, exist_ok=True)
-+    if os.path.islink(filename):
-+        # create the new symlink instead of the moving the file
-+        # as the target path could be different as well
-+        link_src_path = _link_src_path(filename)
-+        # TODO: is the broken symlink ok?
-+        os.symlink(link_src_path, dst_path)
-+        os.unlink(filename)
-+    else:
-+        # normal file, just move it
-+        shutil.move(filename, dst_path)
-+
-+
-+def _get_files(dirname):
-+    return run(['find', dirname, '-type', 'f,l'], split=True)['stdout']
-+
-+
-+def process():
-+    for dirname in DIRS_CHANGE:
-+        if not os.path.exists(dirname):
-+            # The directory does not exist; nothing to do here
-+            continue
-+        try:
-+            blacklisted_certs = _get_files(dirname)
-+        except (CalledProcessError, OSError) as e:
-+            # TODO: create post-upgrade report
-+            api.current_logger().error('Cannot get list of files in {}: {}.'.format(dirname, e))
-+            api.current_logger().error('Certificates under {} must be migrated manually.'.format(dirname))
-+            continue
-+        failed_files = []
-+        for filename in blacklisted_certs:
-+            try:
-+                _migrate_file(filename, dirname)
-+            except OSError as e:
-+                api.current_logger().error(
-+                    'Failed migration of blacklisted certificate {}: {}'
-+                    .format(filename, e)
-+                )
-+                failed_files.append(filename)
-+        if not failed_files:
-+            # the failed removal is not such a big issue here
-+            # clean the dir if all files have been migrated successfully
-+            shutil.rmtree(dirname, ignore_errors=True)
-+    try:
-+        run(['/usr/bin/update-ca-trust'])
-+    except (CalledProcessError, OSError) as e:
-+        api.current_logger().error(
-+            'Cannot update CA trust on the system.'
-+            ' It needs to be done manually after the in-place upgrade.'
-+            ' Reason: {}'.format(e)
-+        )
-diff --git a/repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py
-new file mode 100644
-index 00000000..970dcb97
---- /dev/null
-+++ b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py
-@@ -0,0 +1,25 @@
-+import os
-+
-+from leapp.libraries.actor import migrateblacklistca
-+from leapp.libraries.common.testutils import CurrentActorMocked
-+from leapp.libraries.stdlib import api
-+
-+
-+class MockedGetFiles():
-+    def __init__(self):
-+        self.called = 0
-+
-+    def __call__(self):
-+        self.called += 1
-+        return []
-+
-+
-+def test_no_dirs_exist(monkeypatch):
-+    mocked_files = MockedGetFiles()
-+    monkeypatch.setattr(os.path, 'exists', lambda dummy: False)
-+    monkeypatch.setattr(migrateblacklistca, '_get_files', mocked_files)
-+    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked())
-+    # this is bad mock, but we want to be sure that update-ca-trust is not
-+    # called on the testing machine
-+    monkeypatch.setattr(migrateblacklistca, 'run', lambda dummy: dummy)
-+    assert not mocked_files.called
--- 
-2.35.1
-

SOURCES/0006-Skip-comment-lines-when-parsing-grub-configuration-f.patch

@@ -1,108 +0,0 @@
-From 32702c7c7d1c445b9ab95e0d1bbdfdf8f06d4303 Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Wed, 27 Apr 2022 11:25:40 +0200
-Subject: [PATCH] Skip comment lines when parsing grub configuration file
-
-Added simple unit-test for default grub info to see the valid lines
-can be parsed as expected.
----
- .../systemfacts/libraries/systemfacts.py      | 21 ++++++++-
- .../tests/test_systemfacts_grub.py            | 46 +++++++++++++++++++
- 2 files changed, 65 insertions(+), 2 deletions(-)
- create mode 100644 repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py
-
-diff --git a/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py b/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py
-index 0de8b383..81aea6f5 100644
---- a/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py
-+++ b/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py
-@@ -9,6 +9,7 @@ import re
- import six
- 
- from leapp import reporting
-+from leapp.exceptions import StopActorExecutionError
- from leapp.libraries.common import repofileutils
- from leapp.libraries.common.config import architecture
- from leapp.libraries.stdlib import api, CalledProcessError, run
-@@ -289,9 +290,25 @@ def _default_grub_info():
-         ])
-     else:
-         for line in run(['cat', default_grb_fpath], split=True)['stdout']:
--            if not line.strip():
-+            line = line.strip()
-+            if not line or line[0] == '#':
-+                # skip comments and empty lines
-                 continue
--            name, value = tuple(map(type(line).strip, line.split('=', 1)))
-+            try:
-+                name, value = tuple(map(type(line).strip, line.split('=', 1)))
-+            except ValueError as e:
-+                # we do not want to really continue when we cannot parse this file
-+                # TODO(pstodulk): rewrite this in the form we produce inhibitor
-+                # with problematic lines. This is improvement just in comparison
-+                # to the original hard crash.
-+                raise StopActorExecutionError(
-+                    'Failed parsing of {}'.format(default_grb_fpath),
-+                    details={
-+                        'error': str(e),
-+                        'problematic line': str(line)
-+                    }
-+                )
-+
-             yield DefaultGrub(
-                 name=name,
-                 value=value
-diff --git a/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py b/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py
-new file mode 100644
-index 00000000..08552771
---- /dev/null
-+++ b/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py
-@@ -0,0 +1,46 @@
-+import os
-+
-+from leapp.libraries.actor import systemfacts
-+from leapp.models import DefaultGrub
-+
-+
-+class RunMocked(object):
-+    def __init__(self, cmd_result):
-+        self.called = 0
-+        self.cmd_result = cmd_result
-+        self.split = False
-+        self.cmd = None
-+
-+    def __call__(self, cmd, split=False):
-+        self.cmd = cmd
-+        self.split = split
-+        self.called += 1
-+        return self.cmd_result
-+
-+
-+def test_default_grub_info_valid(monkeypatch):
-+    mocked_run = RunMocked({
-+        'stdout': [
-+            'line="whatever else here"',
-+            'newline="whatever"',
-+            '# comment here',
-+            'why_not=value',
-+            ' # whitespaces around comment ',
-+            ' ',
-+            ' last=last really'
-+        ],
-+    })
-+    expected_result = [
-+        DefaultGrub(name='line', value='"whatever else here"'),
-+        DefaultGrub(name='newline', value='"whatever"'),
-+        DefaultGrub(name='why_not', value='value'),
-+        DefaultGrub(name='last', value='last really'),
-+    ]
-+    monkeypatch.setattr(systemfacts, 'run', mocked_run)
-+    monkeypatch.setattr(os.path, 'isfile', lambda dummy: True)
-+    for msg in systemfacts._default_grub_info():
-+        expected_msg = expected_result.pop(0)
-+        assert msg.name == expected_msg.name
-+        assert msg.value == expected_msg.value
-+    assert mocked_run.called
-+    assert not expected_result
--- 
-2.35.1
-

SPECS/leapp-repository.spec

@@ -2,7 +2,7 @@
 %global repositorydir %{leapp_datadir}/repositories
 %global custom_repositorydir %{leapp_datadir}/custom-repositories
 
-%define leapp_repo_deps  6
+%define leapp_repo_deps  9
 
 %if 0%{?rhel} == 7
     %define leapp_python_sitelib %{python2_sitelib}
@@ -41,24 +41,23 @@ py2_byte_compile "%1" "%2"}
 # RHEL 8+ packages to be consistent with other leapp projects in future.
 
 Name:           leapp-repository
-Version:        0.16.0
-Release:        6%{?dist}
+Version:        0.19.0
+Release:        4%{?dist}
 Summary:        Repositories for leapp
 
 License:        ASL 2.0
 URL:            https://oamg.github.io/leapp/
-Source0:        https://github.com/oamg/leapp-repository/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source1:        deps-pkgs-6.tar.gz
+Source0:        https://github.com/oamg/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source1:        deps-pkgs-9.tar.gz
+
+# NOTE: Our packages must be noarch. Do no drop this in any way.
 BuildArch:      noarch
 
 ### PATCHES HERE
 # Patch0001:    filename.patch
-Patch0001:      0001-pcidevicesscanner-Also-match-deprecation-data-agains.patch1
-Patch0002:      0002-pciscanner-Fix-2-issues-in-regards-to-pci-address-ha.patch
-Patch0003:      0003-Ensure-the-right-repositories-are-enabled-on-Satelli.patch
-Patch0004:      0004-Enforce-the-removal-of-rubygem-irb-do-not-install-it.patch
-Patch0005:      0005-IPU-8-9-Migrate-blacklisted-CAs-hotfix.patch
-Patch0006:      0006-Skip-comment-lines-when-parsing-grub-configuration-f.patch
+Patch0001:      0001-RHSM-Adjust-the-switch-to-container-mode-for-new-RHS.patch
+Patch0002:      0002-Do-not-create-dangling-symlinks-for-containerized-RH.patch
+
 
 %description
 %{summary}
@@ -77,7 +76,7 @@ Requires:       python2-leapp
 Obsoletes:      leapp-repository-data <= 0.6.1
 Provides:       leapp-repository-data <= 0.6.1
 
-# Former leapp subpackage that is part of the sos package since HEL 7.8
+# Former leapp subpackage that is part of the sos package since RHEL 7.8
 Obsoletes:      leapp-repository-sos-plugin <= 0.10.0
 
 # Set the conflict to be sure this RPM is not upgraded automatically to
@@ -97,18 +96,22 @@ Conflicts:      leapp-upgrade-el7toel8
 
 %endif
 
-# IMPORTANT: everytime the requirements are changed, increment number by one
+# IMPORTANT: every time the requirements are changed, increment number by one
 # - same for Provides in deps subpackage
 Requires:       leapp-repository-dependencies = %{leapp_repo_deps}
 
 # IMPORTANT: this is capability provided by the leapp framework rpm.
 # Check that 'version' instead of the real framework rpm version.
-Requires:       leapp-framework >= 2.2
+Requires:       leapp-framework >= 5.0
 
 # Since we provide sub-commands for the leapp utility, we expect the leapp
 # tool to be installed as well.
 Requires:       leapp
 
+# Used to determine RHEL version of a given target RHEL installation image -
+# uncompressing redhat-release package from the ISO.
+Requires:   cpio
+
 # The leapp-repository rpm is renamed to %%{lpr_name}
 Obsoletes:      leapp-repository < 0.14.0-5
 Provides:       leapp-repository = %{version}-%{release}
@@ -117,13 +120,21 @@ Provides:       leapp-repository = %{version}-%{release}
 # to install "leapp-upgrade" in the official docs.
 Provides:       leapp-upgrade = %{version}-%{release}
 
+# Provide leapp-commands so the framework could refer to them when customers
+# do not have installed particular leapp-repositories
+Provides:       leapp-command(answer)
+Provides:       leapp-command(preupgrade)
+Provides:       leapp-command(upgrade)
+Provides:       leapp-command(rerun)
+Provides:       leapp-command(list-runs)
+
 
 %description -n %{lpr_name}
 Leapp repositories for the in-place upgrade to the next major version
 of the Red Hat Enterprise Linux system.
 
 
-# This metapackage should contain all RPM dependencies exluding deps on *leapp*
+# This metapackage should contain all RPM dependencies excluding deps on *leapp*
 # RPMs. This metapackage will be automatically replaced during the upgrade
 # to satisfy dependencies with RPMs from target system.
 %package -n %{lpr_name}-deps
@@ -132,7 +143,7 @@ Summary:    Meta-package with system dependencies of %{lpr_name} package
 # The package has been renamed, so let's obsoletes the old one
 Obsoletes:      leapp-repository-deps < 0.14.0-5
 
-# IMPORTANT: everytime the requirements are changed, increment number by one
+# IMPORTANT: every time the requirements are changed, increment number by one
 # - same for Requires in main package
 Provides:  leapp-repository-dependencies = %{leapp_repo_deps}
 ##################################################
@@ -160,6 +171,18 @@ Requires:   python3-requests
 Requires:   python3-six
 # required by SELinux actors
 Requires:   policycoreutils-python-utils
+# required by systemfacts, and several other actors
+Requires:   procps-ng
+Requires:   kmod
+# since RHEL 8+ dracut does not have to be present on the system all the time
+# and missing dracut could be killing situation for us :)
+Requires:   dracut
+
+# Required to scan NetworkManagerConnection (e.g. to recognize secrets)
+# NM is requested to be used on RHEL 8+ systems
+Requires:   NetworkManager-libnm
+Requires:   python3-gobject-base
+
 %endif
 ##################################################
 # end requirement
@@ -178,18 +201,13 @@ Requires:   policycoreutils-python-utils
 # %%patch0001 -p1
 %patch0001 -p1
 %patch0002 -p1
-%patch0003 -p1
-%patch0004 -p1
-%patch0005 -p1
-%patch0006 -p1
 
-# enforce removal of packages below during the upgrade
 
 %build
 %if 0%{?rhel} == 7
-cp -a leapp*deps-el8*rpm repos/system_upgrade/el7toel8/files/bundled-rpms/
+cp -a leapp*deps*el8.noarch.rpm repos/system_upgrade/el7toel8/files/bundled-rpms/
 %else
-cp -a leapp*deps-el9*rpm repos/system_upgrade/el8toel9/files/bundled-rpms/
+cp -a leapp*deps*el9.noarch.rpm repos/system_upgrade/el8toel9/files/bundled-rpms/
 %endif
 
 
@@ -201,6 +219,7 @@ install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/repos.d/
 install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/transaction/
 install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/files/
 install -m 0644 etc/leapp/transaction/* %{buildroot}%{_sysconfdir}/leapp/transaction
+install -m 0644 etc/leapp/files/* %{buildroot}%{_sysconfdir}/leapp/files
 
 # install CLI commands for the leapp utility on the expected path
 install -m 0755 -d %{buildroot}%{leapp_python_sitelib}/leapp/cli/
@@ -220,6 +239,7 @@ rm -rf %{buildroot}%{repositorydir}/common/actors/testactor
 find %{buildroot}%{repositorydir}/common -name "test.py" -delete
 rm -rf `find %{buildroot}%{repositorydir} -name "tests" -type d`
 find %{buildroot}%{repositorydir} -name "Makefile" -delete
+find %{buildroot} -name "*.py.orig" -delete
 
 for DIRECTORY in $(find  %{buildroot}%{repositorydir}/  -mindepth 1 -maxdepth 1 -type d);
 do
@@ -247,6 +267,7 @@ done;
 %dir %{repositorydir}
 %dir %{custom_repositorydir}
 %dir %{leapp_python_sitelib}/leapp/cli/commands
+%config %{_sysconfdir}/leapp/files/*
 %{_sysconfdir}/leapp/repos.d/*
 %{_sysconfdir}/leapp/transaction/*
 %{repositorydir}/*
@@ -257,6 +278,164 @@ done;
 # no files here
 
 %changelog
+* Thu Nov 02 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-4
+- Fix the upgrade for systems without subscription-manager package
+- Resolves: RHEL-14901
+
+* Tue Oct 31 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-3
+- Fix the upgrade when the release is locked by new subscription-manager
+- Resolves: RHEL-14901
+
+* Wed Aug 23 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-1
+- Rebase to v0.19.0
+- Requires leapp-framework 5.0
+- Handle correctly the installed certificates to allow upgrades with custom repositories using HTTPs with enabled SSL verification
+- Fix failing upgrades with devtmpfs file systems specified in FSTAB
+- Do not try to update GRUB core on IBM Z systems
+- Minor improvements and fixes of various reports and error messages
+- Redesign handling of information about kernel (booted and target) to reflect changes in RHEL 9.3
+- Use new leapp CLI API which provides better report summary output
+- Resolves: rhbz#2215997, rhbz#2222861, rhbz#2232618
+
+* Tue Jul 18 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-5
+- Fix the calculation of the required free space on each partitions/volume for the upgrade transactions
+- Create source overlay images with dynamic sizes to optimize disk space consumption
+- Update GRUB2 when /boot resides on multiple devices aggregated in RAID
+- Use new leapp CLI API which provides better report summary output
+- Introduce possibility to add (custom) kernel drivers to initramfs
+- Detect and report use of deprecated Xorg drivers
+- Fix the generation of the report about hybrid images
+- Inhibit the upgrade when unsupported x86-64 microarchitecture is detected
+- Minor improvements and fixes of various reports
+- Requires leapp-framework 4.0
+- Update leapp data files
+- Resolves: rhbz#2140011, rhbz#2144304, rhbz#2174095, rhbz#2215997
+
+* Mon Jun 19 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-4
+- Introduce new upgrade path RHEL 8.9 -> 9.3
+- Update leapp data files to reflect new changes between systems
+- Detect and report use of deprecated Xorg drivers
+- Minor improvements of generated reports
+- Fix false positive report about invalid symlinks
+- Inhibit the upgrade when unsupported x86-64 microarchitecture is detected
+- Resolves: rhbz#2215997
+
+* Mon Jun 05 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-3
+- Update the repomap.json file to address planned changes on RHUI Azure
+- Resolves: rhbz#2203800
+
+* Fri May 19 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-2
+- Include leap data files in the package
+- Introduce in-place upgrades for systems with enabled FIPS mode
+- Enable the upgrade path 8.8 -> 9.2 for RHEL with SAP HANA
+- Fix the upgrade of ruby-irb package
+- Resolves: rhbz#2030627, rhbz#2097003, rhbz#2203800, rhbz#2203803
+
+* Tue Feb 21 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-1
+- Rebase to v0.18.0
+- Introduce new upgrade path RHEL 8.8 -> 9.2
+- Requires cpio
+- Requires python3-gobject-base, NetworkManager-libnm
+- Bump leapp-repository-dependencies to 9
+- Add breadcrumbs results to RHSM facts
+- Add leapp RHUI packages to an allowlist to drop confusing reports
+- Added checks for RHEL SAP IPU 8.6 -> 9.0
+- Check RPM signatures during the upgrade
+- Check only mounted XFS partitions
+- Check the validity and compatitibility of used leapp data
+- Detect CIFS also when upgrading from RHEL8 to RHEL9 (PR1035)
+- Detect RoCE on IBM Z machines and check the configuration is safe for the upgrade
+- Detect a proxy configuration in YUM/DNF and adjust an error msg on issues caused by the configuration
+- Detect and report systemd symlinks that are broken before the upgrade
+- Detect the kernel-core RPM instead of kernel to prevent an error during post-upgrade phases
+- Disable the amazon-id DNF plugin on AWS during the upgrade stage to omit confusing error messages
+- Do not create new *pyc files when running leapp after the DNF upgrade transaction
+- Drop obsoleted upgrade paths
+- Enable upgrades of RHEL 8 for SAP HANA to RHEL 9 on ppc64le
+- Enable upgrades on s390x when /boot is part of rootfs
+- Extend the allow list of RHUI clients by azure-sap-apps to omit confusing report
+- Filter out PES events unrelated for the used upgrade path and handle overlapping event
+ (fixes upgrades with quagga installed)
+- Fix scan of ceph volumes on systems without ceph-osd or when ceph-osd container is not found
+- Fix systemd symlinks that become incorrect during the IPU
+- Fix the check of memory (RAM) limits and use human readable values in the report
+- Fix the kernel detection during initramfs creation for new kernel on RHEL 9.2+
+- Fix the upgrade of IBM Z machines configured with ZFCP
+- Fix the upgrade on Azure using RHUI for SAP Apps images
+- Ignore external accounts in /etc/passwd
+- Improve remediation instructions for packages in unknown repositories
+- Improve the error message to guide users when discovered more space is needed
+- Improve the handling of blocklisted certificates
+- Inhibit the upgrade when entries in /etc/fstab cause overshadowing during the upgrade
+- Introduced an option to use an ISO file as a target RHEL version content source
+- Introduced possibility to specify what systemd services should be enabled/disabled on the upgraded system
+- Introduced the --nogpgcheck option to skip checking of RPM signatures
+- Map the target repositories also based on the installed content
+- Prevent re-run of leapp in the upgrade initramfs in case of previous failure
+- Prevent the upgrade with RHSM when Baseos and Appstream target repositories are not discovered
+- Provide common information about systemd services
+- RHUI(Azure) Handle correctly various SAP images
+- Register subscribed systems automatically to Red Hat Insights unless --no-insights-register is used
+- Remove obsoleted GPG keys provided by RH after the upgrade to prevent errors
+- Rework the network configuration handling and parse the configuration data properly
+- Set the system release lock after the upgrade also for premium channels
+- Small improvements in various reports
+- Resolves: rhbz#2088492, rhbz#2111691, rhbz#2127920, rhbz#2129716,rhbz#2139907, rhbz#2139907, rhbz#2141393, rhbz#2143372, rhbz#2155661
+
+* Wed Sep 07 2022 Petr Stodulka <pstodulk@redhat.com> - 0.17.0-3
+- Adding back instruction to not install rubygem-irb during the in-place upgrade
+  to prevent conflict between files
+- Resolves: rhbz#2090995
+
+* Wed Sep 07 2022 Petr Stodulka <pstodulk@redhat.com> - 0.17.0-2
+- Update VDO checks to enable user to decide the system state on check failures
+  and undetermined block devices
+- The VDO dialog and related VDO reports have been properly updated
+- Resolves: rhbz#2096159
+
+* Wed Aug 24 2022 Petr Stodulka <pstodulk@redhat.com> - 0.17.0-1
+- Rebase to v0.17.0
+- Support upgrade path RHEL 8.7 -> 9.0 and RHEL SAP 8.6 -> 9.0
+- Provide and require leapp-repository-dependencies 7
+- Provide `leapp-command(<CMD>)` for each CLI command provided by leapp-repository
+- Require dracut, kmod, procps-ng on RHEL 8+
+- Require leapp-framework >= 3.1
+- Add actors covering removal of NIS components on RHEL 9
+- Add checks for obsolete .NET versions
+- Allow specifying the report schema v1.2.0
+- Check and handle upgrades with custom crypto policies
+- Check and migrate OpenSSH configuration
+- Check and migrate multipath configuration
+- Check minimum memory requirements
+- Do not create the upgrade bootloader entry when the dnf dry-run actor stops the upgrade
+- Enable Base and SAP in-place upgrades on Azure
+- Enable in-place upgrade in case LUKS volumes are Ceph OSDs
+- Enable in-place upgrades in Azure RHEL 8 base images using RHUI
+- Enable in-place upgrades on  IBM z16 machines
+- Enable the CRB repository for the upgrade only if enabled on the source system
+- Fix cloud provider detection on AWS
+- Fix detection of the latest kernel
+- Fix issues caused by leapp artifacts from previous in-place upgrades
+- Fix issues with false positive switch to emergency console during the upgrade
+- Fix swap page size on aarch64
+- Fix the VDO scanner to skip partitions unrelated to VDO and adjust error messages
+- Fix the false positive NFS storage detection on NFS servers and improve the report msg
+- Fix the issues on systems with the LANGUAGE environment variable
+- Fix the root directory scan to deal with non-utf8 filenames
+- Handle upgrades of SAP systems on AWS
+- Inform about necessary migrations related to bacula-director when installed on the system
+- Inhibit the upgrade when /var/lib/leapp being mounted in a non-persistent fashion to prevent failures
+- Inhibit the upgrade when /var/lib/leapp mounted with the noexec option to prevent failures
+- Inhibit upgrade when NVIDIA driver is detected
+- Make the application of custom selinux rules more reliable and do not override changes done by RPM scriptlets
+- Migrate the OpenSSL configuration
+- PESEventScanner actor has been fully refactored
+- Report changes around SCP and SFTP
+- Skip comment lines when parsing the GRUB configuration file
+- Stop propagating the “debug” and ”enforcing=0” kernel cmdline options into the target kernel cmdline options
+- Mass refactoring to be compatible with leapp v0.15.0
+- Resolves: rhbz#2090995, rhbz#2040470, rhbz#2092005, rhbz#2093220, rhbz#2095704, rhbz#2096159, rhbz#2100108, rhbz#2100110, rhbz#2103282, rhbz#2106904, rhbz#2110627
+
 * Wed Apr 27 2022 Petr Stodulka <pstodulk@redhat.com> - 0.16.0-6
 - Skip comments in /etc/default/grub during the parsing
 - Resolves: #1997076