.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1,2 +1,5 @@
-SOURCES/deps-pkgs-11.tar.gz
-SOURCES/leapp-repository-0.21.0.tar.gz
+SOURCES/deps-pkgs-9.tar.gz
+SOURCES/leapp-repository-0.18.0.tar.gz
+/deps-pkgs-9.tar.gz
+/deps-pkgs-10.tar.gz
+/leapp-repository-0.20.0.tar.gz

.leapp-repository.metadata

@@ -1,2 +0,0 @@
-8b3fe3a7b52d2e144d374623aa5b0b0add7ab0c7 SOURCES/deps-pkgs-11.tar.gz
-9327be3720ccb3f7b285d2199463d7df0c38dfae SOURCES/leapp-repository-0.21.0.tar.gz

0001-rhui-do-not-bootstrap-target-client-on-aws.patch

@@ -0,0 +1,251 @@
+From 921c06892f7550a3a8e2b3fe941c6272bdacf88d Mon Sep 17 00:00:00 2001
+From: mhecko <mhecko@redhat.com>
+Date: Thu, 15 Feb 2024 09:56:27 +0100
+Subject: [PATCH 01/34] rhui: do not bootstrap target client on aws
+
+Bootstrapping target RHUI client now requires installing the entire
+RHEL8 RPM stack. Threfore, do not try installing target client
+and instead rely only on the files from our leapp-rhui-aws package.
+---
+ .../cloud/checkrhui/libraries/checkrhui.py    |   6 +-
+ .../libraries/userspacegen.py                 | 104 ++++++++++++++----
+ .../system_upgrade/common/models/rhuiinfo.py  |   7 ++
+ 3 files changed, 92 insertions(+), 25 deletions(-)
+
+diff --git a/repos/system_upgrade/common/actors/cloud/checkrhui/libraries/checkrhui.py b/repos/system_upgrade/common/actors/cloud/checkrhui/libraries/checkrhui.py
+index 84ab40e3..e1c158c7 100644
+--- a/repos/system_upgrade/common/actors/cloud/checkrhui/libraries/checkrhui.py
++++ b/repos/system_upgrade/common/actors/cloud/checkrhui/libraries/checkrhui.py
+@@ -142,7 +142,11 @@ def customize_rhui_setup_for_aws(rhui_family, setup_info):
+ 
+     target_version = version.get_target_major_version()
+     if target_version == '8':
+-        return  # The rhel8 plugin is packed into leapp-rhui-aws as we need python2 compatible client
++        # RHEL8 rh-amazon-rhui-client depends on amazon-libdnf-plugin that depends
++        # essentially on the entire RHEL8 RPM stack, so we cannot just swap the clients
++        # The leapp-rhui-aws will provide all necessary files to access entire RHEL8 content
++        setup_info.bootstrap_target_client = False
++        return
+ 
+     amazon_plugin_copy_task = CopyFile(src='/usr/lib/python3.9/site-packages/dnf-plugins/amazon-id.py',
+                                        dst='/usr/lib/python3.6/site-packages/dnf-plugins/')
+diff --git a/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py b/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
+index d917bfd5..d60bc75f 100644
+--- a/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
++++ b/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
+@@ -853,9 +853,9 @@ def _get_rhui_available_repoids(context, cloud_repo):
+     return set(repoids)
+ 
+ 
+-def get_copy_location_from_copy_in_task(context, copy_task):
++def get_copy_location_from_copy_in_task(context_basepath, copy_task):
+     basename = os.path.basename(copy_task.src)
+-    dest_in_container = context.full_path(copy_task.dst)
++    dest_in_container = os.path.join(context_basepath, copy_task.dst)
+     if os.path.isdir(dest_in_container):
+         return os.path.join(copy_task.dst, basename)
+     return copy_task.dst
+@@ -871,7 +871,10 @@ def _get_rh_available_repoids(context, indata):
+ 
+     # If we are upgrading a RHUI system, check what repositories are provided by the (already installed) target clients
+     if indata and indata.rhui_info:
+-        files_provided_by_clients = _query_rpm_for_pkg_files(context, indata.rhui_info.target_client_pkg_names)
++        setup_info = indata.rhui_info.target_client_setup_info
++        target_content_access_files = set()
++        if setup_info.bootstrap_target_client:
++            target_content_access_files = _query_rpm_for_pkg_files(context, indata.rhui_info.target_client_pkg_names)
+ 
+         def is_repofile(path):
+             return os.path.dirname(path) == '/etc/yum.repos.d' and os.path.basename(path).endswith('.repo')
+@@ -884,24 +887,33 @@ def _get_rh_available_repoids(context, indata):
+ 
+         yum_repos_d = context.full_path('/etc/yum.repos.d')
+         all_repofiles = {os.path.join(yum_repos_d, path) for path in os.listdir(yum_repos_d) if path.endswith('.repo')}
+-        client_repofiles = {context.full_path(path) for path in files_provided_by_clients if is_repofile(path)}
++        api.current_logger().debug('(RHUI Setup) All available repofiles: {0}'.format(' '.join(all_repofiles)))
++
++        target_access_repofiles = {
++            context.full_path(path) for path in target_content_access_files if is_repofile(path)
++        }
+ 
+         # Exclude repofiles used to setup the target rhui access as on some platforms the repos provided by
+         # the client are not sufficient to install the client into target userspace (GCP)
+         rhui_setup_repofile_tasks = [task for task in setup_tasks if task.src.endswith('repo')]
+         rhui_setup_repofiles = (
+-            get_copy_location_from_copy_in_task(context, copy_task) for copy_task in rhui_setup_repofile_tasks
++            get_copy_location_from_copy_in_task(context.base_dir, copy) for copy in rhui_setup_repofile_tasks
+         )
+         rhui_setup_repofiles = {context.full_path(repofile) for repofile in rhui_setup_repofiles}
+ 
+-        foreign_repofiles = all_repofiles - client_repofiles - rhui_setup_repofiles
++        foreign_repofiles = all_repofiles - target_access_repofiles - rhui_setup_repofiles
++
++        api.current_logger().debug(
++            'The following repofiles are considered as unknown to'
++            ' the target RHUI content setup and will be ignored: {0}'.format(' '.join(foreign_repofiles))
++        )
+ 
+         # Rename non-client repofiles so they will not be recognized when running dnf repolist
+         for foreign_repofile in foreign_repofiles:
+             os.rename(foreign_repofile, '{0}.back'.format(foreign_repofile))
+ 
+         try:
+-            dnf_cmd = ['dnf', 'repolist', '--releasever', target_ver, '-v']
++            dnf_cmd = ['dnf', 'repolist', '--releasever', target_ver, '-v', '--enablerepo', '*']
+             repolist_result = context.call(dnf_cmd)['stdout']
+             repoid_lines = [line for line in repolist_result.split('\n') if line.startswith('Repo-id')]
+             rhui_repoids = {extract_repoid_from_line(line) for line in repoid_lines}
+@@ -919,6 +931,9 @@ def _get_rh_available_repoids(context, indata):
+             for foreign_repofile in foreign_repofiles:
+                 os.rename('{0}.back'.format(foreign_repofile), foreign_repofile)
+ 
++    api.current_logger().debug(
++        'The following repofiles are considered as provided by RedHat: {0}'.format(' '.join(rh_repoids))
++    )
+     return rh_repoids
+ 
+ 
+@@ -1086,7 +1101,7 @@ def _get_target_userspace():
+     return constants.TARGET_USERSPACE.format(get_target_major_version())
+ 
+ 
+-def _create_target_userspace(context, packages, files, target_repoids):
++def _create_target_userspace(context, indata, packages, files, target_repoids):
+     """Create the target userspace."""
+     target_path = _get_target_userspace()
+     prepare_target_userspace(context, target_path, target_repoids, list(packages))
+@@ -1096,12 +1111,57 @@ def _create_target_userspace(context, packages, files, target_repoids):
+         _copy_files(target_context, files)
+     dnfplugin.install(_get_target_userspace())
+ 
++    # If we used only repofiles from leapp-rhui-<provider> then remove these as they provide
++    # duplicit definitions as the target clients already installed in the target container
++    if indata.rhui_info:
++        api.current_logger().debug(
++            'Target container should have access to content. '
++            'Removing repofiles from leapp-rhui-<provider> from the target..'
++        )
++        setup_info = indata.rhui_info.target_client_setup_info
++        if not setup_info.bootstrap_target_client:
++            target_userspace_path = _get_target_userspace()
++            for copy in setup_info.preinstall_tasks.files_to_copy_into_overlay:
++                dst_in_container = get_copy_location_from_copy_in_task(target_userspace_path, copy)
++                dst_in_container = dst_in_container.strip('/')
++                dst_in_host = os.path.join(target_userspace_path, dst_in_container)
++                if os.path.isfile(dst_in_host) and dst_in_host.endswith('.repo'):
++                    api.current_logger().debug('Removing repofile: {0}'.format(dst_in_host))
++                    os.remove(dst_in_host)
++
+     # and do not forget to set the rhsm into the container mode again
+     with mounting.NspawnActions(_get_target_userspace()) as target_context:
+         rhsm.set_container_mode(target_context)
+ 
+ 
+-def install_target_rhui_client_if_needed(context, indata):
++def _apply_rhui_access_preinstall_tasks(context, rhui_setup_info):
++    if rhui_setup_info.preinstall_tasks:
++        api.current_logger().debug('Applying RHUI preinstall tasks.')
++        preinstall_tasks = rhui_setup_info.preinstall_tasks
++
++        for file_to_remove in preinstall_tasks.files_to_remove:
++            api.current_logger().debug('Removing {0} from the scratch container.'.format(file_to_remove))
++            context.remove(file_to_remove)
++
++        for copy_info in preinstall_tasks.files_to_copy_into_overlay:
++            api.current_logger().debug(
++                'Copying {0} in {1} into the scratch container.'.format(copy_info.src, copy_info.dst)
++            )
++            context.makedirs(os.path.dirname(copy_info.dst), exists_ok=True)
++            context.copy_to(copy_info.src, copy_info.dst)
++
++
++def _apply_rhui_access_postinstall_tasks(context, rhui_setup_info):
++    if rhui_setup_info.postinstall_tasks:
++        api.current_logger().debug('Applying RHUI postinstall tasks.')
++        for copy_info in rhui_setup_info.postinstall_tasks.files_to_copy:
++            context.makedirs(os.path.dirname(copy_info.dst), exists_ok=True)
++            debug_msg = 'Copying {0} to {1} (inside the scratch container).'
++            api.current_logger().debug(debug_msg.format(copy_info.src, copy_info.dst))
++            context.call(['cp', copy_info.src, copy_info.dst])
++
++
++def setup_target_rhui_access_if_needed(context, indata):
+     if not indata.rhui_info:
+         return
+ 
+@@ -1110,15 +1170,14 @@ def install_target_rhui_client_if_needed(context, indata):
+     _create_target_userspace_directories(userspace_dir)
+ 
+     setup_info = indata.rhui_info.target_client_setup_info
+-    if setup_info.preinstall_tasks:
+-        preinstall_tasks = setup_info.preinstall_tasks
++    _apply_rhui_access_preinstall_tasks(context, setup_info)
+ 
+-        for file_to_remove in preinstall_tasks.files_to_remove:
+-            context.remove(file_to_remove)
+-
+-        for copy_info in preinstall_tasks.files_to_copy_into_overlay:
+-            context.makedirs(os.path.dirname(copy_info.dst), exists_ok=True)
+-            context.copy_to(copy_info.src, copy_info.dst)
++    if not setup_info.bootstrap_target_client:
++        # Installation of the target RHUI client is not possible and we bundle all necessary
++        # files into the leapp-rhui-<provider> packages.
++        api.current_logger().debug('Bootstrapping target RHUI client is disabled, leapp will rely '
++                                   'only on files budled in leapp-rhui-<provider> package.')
++        return
+ 
+     cmd = ['dnf', '-y']
+ 
+@@ -1149,16 +1208,13 @@ def install_target_rhui_client_if_needed(context, indata):
+ 
+     context.call(cmd, callback_raw=utils.logging_handler, stdin='\n'.join(dnf_transaction_steps))
+ 
+-    if setup_info.postinstall_tasks:
+-        for copy_info in setup_info.postinstall_tasks.files_to_copy:
+-            context.makedirs(os.path.dirname(copy_info.dst), exists_ok=True)
+-            context.call(['cp', copy_info.src, copy_info.dst])
++    _apply_rhui_access_postinstall_tasks(context, setup_info)
+ 
+     # Do a cleanup so there are not duplicit repoids
+     files_owned_by_clients = _query_rpm_for_pkg_files(context, indata.rhui_info.target_client_pkg_names)
+ 
+     for copy_task in setup_info.preinstall_tasks.files_to_copy_into_overlay:
+-        dest = get_copy_location_from_copy_in_task(context, copy_task)
++        dest = get_copy_location_from_copy_in_task(context.base_dir, copy_task)
+         can_be_cleaned_up = copy_task.src not in setup_info.files_supporting_client_operation
+         if dest not in files_owned_by_clients and can_be_cleaned_up:
+             context.remove(dest)
+@@ -1184,10 +1240,10 @@ def perform():
+             target_iso = next(api.consume(TargetOSInstallationImage), None)
+             with mounting.mount_upgrade_iso_to_root_dir(overlay.target, target_iso):
+ 
+-                install_target_rhui_client_if_needed(context, indata)
++                setup_target_rhui_access_if_needed(context, indata)
+ 
+                 target_repoids = _gather_target_repositories(context, indata, prod_cert_path)
+-                _create_target_userspace(context, indata.packages, indata.files, target_repoids)
++                _create_target_userspace(context, indata, indata.packages, indata.files, target_repoids)
+                 # TODO: this is tmp solution as proper one needs significant refactoring
+                 target_repo_facts = repofileutils.get_parsed_repofiles(context)
+                 api.produce(TMPTargetRepositoriesFacts(repositories=target_repo_facts))
+diff --git a/repos/system_upgrade/common/models/rhuiinfo.py b/repos/system_upgrade/common/models/rhuiinfo.py
+index 3eaa4826..0a2e45af 100644
+--- a/repos/system_upgrade/common/models/rhuiinfo.py
++++ b/repos/system_upgrade/common/models/rhuiinfo.py
+@@ -36,6 +36,13 @@ class TargetRHUISetupInfo(Model):
+     files_supporting_client_operation = fields.List(fields.String(), default=[])
+     """A subset of files copied in preinstall tasks that should not be cleaned up."""
+ 
++    bootstrap_target_client = fields.Boolean(default=True)
++    """
++    Swap the current RHUI client for the target one to facilitate access to the target content.
++
++    When False, only files from the leapp-rhui-<provider> will be used to access target content.
++    """
++
+ 
+ class RHUIInfo(Model):
+     """
+-- 
+2.42.0
+

0002-Packit-Drop-tests-for-obsoleted-upgrade-paths-restru.patch

@@ -0,0 +1,830 @@
+From b875ae256cc61336c76ea83f5e40eb7895cab0fc Mon Sep 17 00:00:00 2001
+From: Petr Stodulka <pstodulk@redhat.com>
+Date: Fri, 9 Feb 2024 13:00:16 +0100
+Subject: [PATCH 02/34] Packit: Drop tests for obsoleted upgrade paths +
+ restructuralization
+
+Dropping upgrade paths related to following releases: 8.6, 8.9, 9.0,
+9.3. See the previous commit for more info.
+
+During the drop of these release, I've realized the current structure
+of tests is not suitable for such operations as current test/job
+definitions has been chained. So e.g. tests for 8.10 -> 9.4 depended
+on 8.9 -> 9.3, which depended on 8.8 -> 8.6, etc... Even going deeper,
+IPU 8->9 definitions have been based on 7 -> 8 definitions.
+
+So I updated the structure, separating tests for IPU 7 -> 8 and 8 -> 9
+and also deps between all upgrade paths. Now, particular tests
+can inherit one of *abstract* jobs definitions, so dropping or removing
+tests for an upgrade path does not affect other tests.
+
+Also fixed some incorrect definitions in tests, like a fixed label
+for `beaker-minimal-88to92` (orig "8.6to9.2").
+
+Update welcome-PR bot msg to reflect changes in upgrade paths.
+
+Jira: OAMG-10451
+---
+ .github/workflows/pr-welcome-msg.yml |  11 +-
+ .packit.yaml                         | 530 ++++++++++-----------------
+ 2 files changed, 191 insertions(+), 350 deletions(-)
+
+diff --git a/.github/workflows/pr-welcome-msg.yml b/.github/workflows/pr-welcome-msg.yml
+index e791340e..e23c9bbb 100644
+--- a/.github/workflows/pr-welcome-msg.yml
++++ b/.github/workflows/pr-welcome-msg.yml
+@@ -24,18 +24,15 @@ jobs:
+             - **review please @oamg/developers** to notify leapp developers of the review request
+             - **/packit copr-build** to submit a public copr build using packit
+ 
+-            Packit will automatically schedule regression tests for this PR's build and latest upstream leapp build. If you need a different version of leapp from PR#42, use `/packit test oamg/leapp#42`
++            Packit will automatically schedule regression tests for this PR's build and latest upstream leapp build. If you need a different version of leapp, e.g. from PR#42, use `/packit test oamg/leapp#42`
++            Note that first time contributors cannot run tests automatically - they will be started by a reviewer.
+ 
+             It is possible to schedule specific on-demand tests as well. Currently 2 test sets are supported, `beaker-minimal` and `kernel-rt`, both can be used to be run on all upgrade paths or just a couple of specific ones.
+             To launch on-demand tests with packit:
+             - **/packit test --labels kernel-rt** to schedule `kernel-rt` tests set for all upgrade paths
+-            - **/packit test --labels beaker-minimal-8.9to9.3,kernel-rt-8.9to9.3** to schedule `kernel-rt` and `beaker-minimal` test sets for 8.9->9.3 upgrade path
++            - **/packit test --labels beaker-minimal-8.10to9.4,kernel-rt-8.10to9.4** to schedule `kernel-rt` and `beaker-minimal` test sets for 8.10->9.4 upgrade path
+ 
+-            [Deprecated] To launch on-demand regression testing public members of oamg organization can leave the following comment:
+-            - **/rerun** to schedule basic regression tests using this pr build and latest upstream leapp build as artifacts
+-            - **/rerun 42** to schedule basic regression tests using this pr build and leapp\*PR42\* as artifacts
+-            - **/rerun-sst** to schedule sst tests using this pr build and latest upstream leapp build as artifacts
+-            - **/rerun-sst 42** to schedule sst tests using this pr build and leapp\*PR42\* as artifacts
++            See other labels for particular jobs defined in the `.packit.yaml` file.
+ 
+             Please [open ticket](https://url.corp.redhat.com/oamg-ci-issue) in case you experience technical problem with the CI. (RH internal only)
+ 
+diff --git a/.packit.yaml b/.packit.yaml
+index 491b1450..bce97bad 100644
+--- a/.packit.yaml
++++ b/.packit.yaml
+@@ -85,18 +85,31 @@ jobs:
+     # builds from master branch should start with 100 release, to have high priority
+     - bash -c "sed -i \"s/1%{?dist}/100%{?dist}/g\" packaging/leapp-repository.spec"
+ 
+-- &sanity-79to86
++
++# NOTE: to see what envars, targets, .. can be set in tests, see
++# the configuration of tests here:
++#   https://gitlab.cee.redhat.com/oamg/leapp-tests/-/blob/main/config.yaml
++# Available only to RH Employees.
++
++# ###################################################################### #
++# ############################### 7 TO 8 ############################### #
++# ###################################################################### #
++
++# ###################################################################### #
++# ### Abstract job definitions to make individual tests/jobs smaller ### #
++# ###################################################################### #
++- &sanity-abstract-7to8
+   job: tests
++  trigger: ignore
+   fmf_url: "https://gitlab.cee.redhat.com/oamg/leapp-tests"
+   fmf_ref: "main"
+   use_internal_tf: True
+-  trigger: pull_request
+   labels:
+     - sanity
+   targets:
+     epel-7-x86_64:
+       distros: [RHEL-7.9-ZStream]
+-  identifier: sanity-7.9to8.6
++  identifier: sanity-abstract-7to8
+   tmt_plan: ""
+   tf_extra_params:
+     test:
+@@ -110,20 +123,16 @@ jobs:
+           provisioning:
+             tags:
+               BusinessUnit: sst_upgrades@leapp_upstream_test
+-  env:
+-    SOURCE_RELEASE: "7.9"
+-    TARGET_RELEASE: "8.6"
+-    LEAPPDATA_BRANCH: "upstream"
+ 
+-- &sanity-79to86-aws
+-  <<: *sanity-79to86
++- &sanity-abstract-7to8-aws
++  <<: *sanity-abstract-7to8
+   labels:
+     - sanity
+     - aws
+   targets:
+     epel-7-x86_64:
+       distros: [RHEL-7.9-rhui]
+-  identifier: sanity-7.9to8.6-aws
++  identifier: sanity-abstract-7to8-aws
+   # NOTE(ivasilev) Unfortunately to use yaml templates we need to rewrite the whole tf_extra_params dict
+   # to use plan_filter (can't just specify one section test.tmt.plan_filter, need to specify environments.* as well)
+   tf_extra_params:
+@@ -139,57 +148,14 @@ jobs:
+             post_install_script: "#!/bin/sh\nsudo sed -i s/.*ssh-rsa/ssh-rsa/ /root/.ssh/authorized_keys; yum-config-manager --enable rhel-7-server-rhui-optional-rpms"
+             tags:
+               BusinessUnit: sst_upgrades@leapp_upstream_test
+-  env:
+-    SOURCE_RELEASE: "7.9"
+-    TARGET_RELEASE: "8.6"
+-    RHUI: "aws"
+-    LEAPPDATA_BRANCH: "upstream"
+-    LEAPP_NO_RHSM: "1"
+-    USE_CUSTOM_REPOS: rhui
+-
+-- &sanity-79to88-aws
+-  <<: *sanity-79to86-aws
+-  identifier: sanity-7.9to8.8-aws
+-  env:
+-    SOURCE_RELEASE: "7.9"
+-    TARGET_RELEASE: "8.8"
+-    RHUI: "aws"
+-    LEAPPDATA_BRANCH: "upstream"
+-    LEAPP_NO_RHSM: "1"
+-    USE_CUSTOM_REPOS: rhui
+-
+-- &sanity-79to89-aws
+-  <<: *sanity-79to86-aws
+-  identifier: sanity-7.9to8.9-aws
+-  env:
+-    SOURCE_RELEASE: "7.9"
+-    TARGET_RELEASE: "8.9"
+-    RHUI: "aws"
+-    LEAPPDATA_BRANCH: "upstream"
+-    LEAPP_NO_RHSM: "1"
+-    USE_CUSTOM_REPOS: rhui
+-
+-# NOTE(mkluson) RHEL 8.10 content is not publicly available (via RHUI)
+-#- &sanity-79to810-aws
+-#  <<: *sanity-79to86-aws
+-#  identifier: sanity-7.9to8.10-aws
+-#  env:
+-#    SOURCE_RELEASE: "7.9"
+-#    TARGET_RELEASE: "8.10"
+-#    RHUI: "aws"
+-#    LEAPPDATA_BRANCH: "upstream"
+-#    LEAPP_NO_RHSM: "1"
+-#    USE_CUSTOM_REPOS: rhui
+ 
+ # On-demand minimal beaker tests
+-- &beaker-minimal-79to86
+-  <<: *sanity-79to86
++- &beaker-minimal-7to8-abstract-ondemand
++  <<: *sanity-abstract-7to8
+   manual_trigger: True
+   labels:
+     - beaker-minimal
+-    - beaker-minimal-7.9to8.6
+-    - 7.9to8.6
+-  identifier: sanity-7.9to8.6-beaker-minimal
++  identifier: beaker-minimal-7to8-abstract-ondemand
+   tf_extra_params:
+     test:
+       tmt:
+@@ -204,13 +170,11 @@ jobs:
+               BusinessUnit: sst_upgrades@leapp_upstream_test
+ 
+ # On-demand kernel-rt tests
+-- &kernel-rt-79to86
+-  <<: *beaker-minimal-79to86
++- &kernel-rt-abstract-7to8-ondemand
++  <<: *beaker-minimal-7to8-abstract-ondemand
+   labels:
+     - kernel-rt
+-    - kernel-rt-7.9to8.6
+-    - 7.9to8.6
+-  identifier: sanity-7.9to8.6-kernel-rt
++  identifier: sanity-7to8-kernel-rt-abstract-ondemand
+   tf_extra_params:
+     test:
+       tmt:
+@@ -224,114 +188,133 @@ jobs:
+             tags:
+               BusinessUnit: sst_upgrades@leapp_upstream_test
+ 
++
++# ###################################################################### #
++# ######################### Individual tests ########################### #
++# ###################################################################### #
++
++# Tests: 7.9 -> 8.8
++- &sanity-79to88-aws
++  <<: *sanity-abstract-7to8-aws
++  trigger: pull_request
++  identifier: sanity-7.9to8.8-aws
++  env:
++    SOURCE_RELEASE: "7.9"
++    TARGET_RELEASE: "8.8"
++    RHUI: "aws"
++    LEAPPDATA_BRANCH: "upstream"
++    LEAPP_NO_RHSM: "1"
++    USE_CUSTOM_REPOS: rhui
++
+ - &sanity-79to88
+-  <<: *sanity-79to86
++  <<: *sanity-abstract-7to8
++  trigger: pull_request
+   identifier: sanity-7.9to8.8
+   env:
+     SOURCE_RELEASE: "7.9"
+     TARGET_RELEASE: "8.8"
+     LEAPPDATA_BRANCH: "upstream"
+ 
+-# On-demand minimal beaker tests
+ - &beaker-minimal-79to88
+-  <<: *beaker-minimal-79to86
++  <<: *beaker-minimal-7to8-abstract-ondemand
++  trigger: pull_request
+   labels:
+     - beaker-minimal
+     - beaker-minimal-7.9to8.8
+     - 7.9to8.8
+-  identifier: sanity-7.9to8.8-beaker-minimal
++  identifier: sanity-7.9to8.8-beaker-minimal-ondemand
+   env:
+     SOURCE_RELEASE: "7.9"
+     TARGET_RELEASE: "8.8"
+     LEAPPDATA_BRANCH: "upstream"
+ 
+-# On-demand kernel-rt tests
+ - &kernel-rt-79to88
+-  <<: *kernel-rt-79to86
++  <<: *kernel-rt-abstract-7to8-ondemand
++  trigger: pull_request
+   labels:
+     - kernel-rt
+     - kernel-rt-7.9to8.8
+     - 7.9to8.8
+-  identifier: sanity-7.9to8.8-kernel-rt
++  identifier: sanity-7.9to8.8-kernel-rt-ondemand
+   env:
+     SOURCE_RELEASE: "7.9"
+     TARGET_RELEASE: "8.8"
+     LEAPPDATA_BRANCH: "upstream"
+ 
+-- &sanity-79to89
+-  <<: *sanity-79to86
+-  identifier: sanity-7.9to8.9
+-  env:
+-    SOURCE_RELEASE: "7.9"
+-    TARGET_RELEASE: "8.9"
+-    LEAPPDATA_BRANCH: "upstream"
+-
+-# On-demand minimal beaker tests
+-- &beaker-minimal-79to89
+-  <<: *beaker-minimal-79to86
+-  labels:
+-    - beaker-minimal
+-    - beaker-minimal-7.9to8.9
+-    - 7.9to8.9
+-  identifier: sanity-7.9to8.9-beaker-minimal
+-  env:
+-    SOURCE_RELEASE: "7.9"
+-    TARGET_RELEASE: "8.9"
+-    LEAPPDATA_BRANCH: "upstream"
+-
+-# On-demand kernel-rt tests
+-- &kernel-rt-79to89
+-  <<: *kernel-rt-79to88
+-  labels:
+-    - kernel-rt
+-    - kernel-rt-7.9to8.9
+-    - 7.9to8.9
+-  identifier: sanity-7.9to8.9-kernel-rt
+-  env:
+-    SOURCE_RELEASE: "7.9"
+-    TARGET_RELEASE: "8.9"
+-    LEAPPDATA_BRANCH: "upstream"
+-
++# Tests: 7.9 -> 8.10
+ - &sanity-79to810
+-  <<: *sanity-79to86
++  <<: *sanity-abstract-7to8
++  trigger: pull_request
+   identifier: sanity-7.9to8.10
+   env:
+     SOURCE_RELEASE: "7.9"
+     TARGET_RELEASE: "8.10"
+     LEAPPDATA_BRANCH: "upstream"
+ 
+-# On-demand minimal beaker tests
++# NOTE(mkluson) RHEL 8.10 content is not publicly available (via RHUI)
++#- &sanity-79to810-aws
++#  <<: *sanity-abstract-7to8-aws
++#  trigger: pull_request
++#  identifier: sanity-7.9to8.10-aws
++#  env:
++#    SOURCE_RELEASE: "7.9"
++#    TARGET_RELEASE: "8.10"
++#    RHUI: "aws"
++#    LEAPPDATA_BRANCH: "upstream"
++#    LEAPP_NO_RHSM: "1"
++#    USE_CUSTOM_REPOS: rhui
++
+ - &beaker-minimal-79to810
+-  <<: *beaker-minimal-79to86
++  <<: *beaker-minimal-7to8-abstract-ondemand
++  trigger: pull_request
+   labels:
+     - beaker-minimal
+     - beaker-minimal-7.9to8.10
+     - 7.9to8.10
+-  identifier: sanity-7.9to8.10-beaker-minimal
++  identifier: sanity-7.9to8.10-beaker-minimal-ondemand
+   env:
+     SOURCE_RELEASE: "7.9"
+     TARGET_RELEASE: "8.10"
+     LEAPPDATA_BRANCH: "upstream"
+ 
+-# On-demand kernel-rt tests
+ - &kernel-rt-79to810
+-  <<: *kernel-rt-79to88
++  <<: *kernel-rt-abstract-7to8-ondemand
++  trigger: pull_request
+   labels:
+     - kernel-rt
+     - kernel-rt-7.9to8.10
+     - 7.9to8.10
+-  identifier: sanity-7.9to8.10-kernel-rt
++  identifier: sanity-7.9to8.10-kernel-rt-ondemand
+   env:
+     SOURCE_RELEASE: "7.9"
+     TARGET_RELEASE: "8.10"
+     LEAPPDATA_BRANCH: "upstream"
+ 
+-- &sanity-86to90
+-  <<: *sanity-79to86
++
++# ###################################################################### #
++# ############################## 8 TO 10 ############################### #
++# ###################################################################### #
++
++# ###################################################################### #
++# ### Abstract job definitions to make individual tests/jobs smaller ### #
++# ###################################################################### #
++
++#NOTE(pstodulk) putting default values in abstract jobs as from 8.10, as this
++# is the last RHEL 8 release and all new future tests will start from this
++# one release.
++
++- &sanity-abstract-8to9
++  job: tests
++  trigger: ignore
++  fmf_url: "https://gitlab.cee.redhat.com/oamg/leapp-tests"
++  fmf_ref: "main"
++  use_internal_tf: True
++  labels:
++    - sanity
+   targets:
+     epel-8-x86_64:
+-      distros: [RHEL-8.6.0-Nightly]
+-  identifier: sanity-8.6to9.0
++      distros: [RHEL-8.10.0-Nightly]
++  identifier: sanity-abstract-8to9
+   tf_extra_params:
+     test:
+       tmt:
+@@ -339,28 +322,44 @@ jobs:
+     environments:
+       - tmt:
+           context:
+-            distro: "rhel-8.6"
++            distro: "rhel-8.10"
+         settings:
+           provisioning:
+             tags:
+               BusinessUnit: sst_upgrades@leapp_upstream_test
+-  env:
+-    SOURCE_RELEASE: "8.6"
+-    TARGET_RELEASE: "9.0"
+-    RHSM_REPOS_EUS: "eus"
+-    LEAPPDATA_BRANCH: "upstream"
+ 
+-# On-demand minimal beaker tests
+-- &beaker-minimal-86to90
+-  <<: *beaker-minimal-79to86
++- &sanity-abstract-8to9-aws
++  <<: *sanity-abstract-8to9
++  labels:
++    - sanity
++    - aws
++  targets:
++    epel-8-x86_64:
++      distros: [RHEL-8.10-rhui]
++  identifier: sanity-abstract-8to9-aws
++  tf_extra_params:
++    test:
++      tmt:
++        plan_filter: 'tag:upgrade_happy_path & enabled:true'
++    environments:
++      - tmt:
++          context:
++            distro: "rhel-8.10"
++        settings:
++          provisioning:
++            post_install_script: "#!/bin/sh\nsudo sed -i s/.*ssh-rsa/ssh-rsa/ /root/.ssh/authorized_keys"
++            tags:
++              BusinessUnit: sst_upgrades@leapp_upstream_test
++
++- &beaker-minimal-8to9-abstract-ondemand
++  <<: *sanity-abstract-8to9
++  manual_trigger: True
+   labels:
+     - beaker-minimal
+-    - beaker-minimal-8.6to9.0
+-    - 8.6to9.0
+   targets:
+     epel-8-x86_64:
+-      distros: [RHEL-8.6.0-Nightly]
+-  identifier: sanity-8.6to9.0-beaker-minimal
++      distros: [RHEL-8.10.0-Nightly]
++  identifier: beaker-minimal-8to9-abstract-ondemand
+   tf_extra_params:
+     test:
+       tmt:
+@@ -368,25 +367,17 @@ jobs:
+     environments:
+       - tmt:
+           context:
+-            distro: "rhel-8.6"
++            distro: "rhel-8.10"
+         settings:
+           provisioning:
+             tags:
+               BusinessUnit: sst_upgrades@leapp_upstream_test
+-  env:
+-    SOURCE_RELEASE: "8.6"
+-    TARGET_RELEASE: "9.0"
+-    RHSM_REPOS_EUS: "eus"
+-    LEAPPDATA_BRANCH: "upstream"
+ 
+-# On-demand kernel-rt tests
+-- &kernel-rt-86to90
+-  <<: *beaker-minimal-86to90
++- &kernel-rt-abstract-8to9-ondemand
++  <<: *beaker-minimal-8to9-abstract-ondemand
+   labels:
+     - kernel-rt
+-    - kernel-rt-8.6to9.0
+-    - 8.6to9.0
+-  identifier: sanity-8.6to9.0-kernel-rt
++  identifier: sanity-8to9-kernel-rt-abstract-ondemand
+   tf_extra_params:
+     test:
+       tmt:
+@@ -394,14 +385,21 @@ jobs:
+     environments:
+       - tmt:
+           context:
+-            distro: "rhel-8.6"
++            distro: "rhel-8.10"
+         settings:
+           provisioning:
+             tags:
+               BusinessUnit: sst_upgrades@leapp_upstream_test
+ 
++
++# ###################################################################### #
++# ######################### Individual tests ########################### #
++# ###################################################################### #
++
++# Tests: 8.8 -> 9.2
+ - &sanity-88to92
+-  <<: *sanity-86to90
++  <<: *sanity-abstract-8to9
++  trigger: pull_request
+   targets:
+     epel-8-x86_64:
+       distros: [RHEL-8.8.0-Nightly]
+@@ -425,21 +423,18 @@ jobs:
+     LEAPPDATA_BRANCH: "upstream"
+     LEAPP_DEVEL_TARGET_RELEASE: "9.2"
+ 
+-# On-demand minimal beaker tests
+-- &beaker-minimal-88to92
+-  <<: *beaker-minimal-86to90
+-  labels:
+-    - beaker-minimal
+-    - beaker-minimal-8.8to9.2
+-    - 8.6to9.2
++- &sanity-88to92-aws
++  <<: *sanity-abstract-8to9-aws
++  trigger: pull_request
+   targets:
+     epel-8-x86_64:
+-      distros: [RHEL-8.8.0-Nightly]
+-  identifier: sanity-8.8to9.2-beaker-minimal
++      distros: [RHEL-8.8-rhui]
++  identifier: sanity-8.8to9.2-aws
++  # NOTE(mkluson) Unfortunately to use yaml templates we need to rewrite the whole tf_extra_params dict
+   tf_extra_params:
+     test:
+       tmt:
+-        plan_filter: 'tag:partitioning & tag:8to9 & enabled:true'
++        plan_filter: 'tag:upgrade_happy_path & enabled:true'
+     environments:
+       - tmt:
+           context:
+@@ -452,122 +447,77 @@ jobs:
+   env:
+     SOURCE_RELEASE: "8.8"
+     TARGET_RELEASE: "9.2"
++    RHSM_REPOS: "rhel-8-for-x86_64-appstream-eus-rpms,rhel-8-for-x86_64-baseos-eus-rpms"
++    RHUI: "aws"
+     LEAPPDATA_BRANCH: "upstream"
+-    LEAPP_DEVEL_TARGET_RELEASE: "9.2"
++    LEAPP_NO_RHSM: "1"
++    USE_CUSTOM_REPOS: rhui
+ 
+-# On-demand kernel-rt tests
+-- &kernel-rt-88to92
+-  <<: *beaker-minimal-88to92
++- &beaker-minimal-88to92
++  <<: *beaker-minimal-8to9-abstract-ondemand
++  trigger: pull_request
+   labels:
+-    - kernel-rt
+-    - kernel-rt-8.8to9.2
++    - beaker-minimal
++    - beaker-minimal-8.8to9.2
+     - 8.8to9.2
+-  identifier: sanity-8.8to9.2-kernel-rt
+-  tf_extra_params:
+-    test:
+-      tmt:
+-        plan_filter: 'tag:kernel-rt & tag:8to9 & enabled:true'
+-    environments:
+-      - tmt:
+-          context:
+-            distro: "rhel-8.8"
+-        settings:
+-          provisioning:
+-            tags:
+-              BusinessUnit: sst_upgrades@leapp_upstream_test
+-
+-- &sanity-89to93
+-  <<: *sanity-88to92
+   targets:
+     epel-8-x86_64:
+-      distros: [RHEL-8.9.0-Nightly]
+-  identifier: sanity-8.9to9.3
++      distros: [RHEL-8.8.0-Nightly]
++  identifier: sanity-8.8to9.2-beaker-minimal-ondemand
+   tf_extra_params:
+     test:
+       tmt:
+-        plan_filter: 'tag:sanity & tag:8to9 & enabled:true'
++        plan_filter: 'tag:partitioning & tag:8to9 & enabled:true'
+     environments:
+       - tmt:
+           context:
+-            distro: "rhel-8.9"
++            distro: "rhel-8.8"
+         settings:
+           provisioning:
++            post_install_script: "#!/bin/sh\nsudo sed -i s/.*ssh-rsa/ssh-rsa/ /root/.ssh/authorized_keys"
+             tags:
+               BusinessUnit: sst_upgrades@leapp_upstream_test
+   env:
+-    SOURCE_RELEASE: "8.9"
+-    TARGET_RELEASE: "9.3"
++    SOURCE_RELEASE: "8.8"
++    TARGET_RELEASE: "9.2"
+     LEAPPDATA_BRANCH: "upstream"
+-    LEAPP_DEVEL_TARGET_RELEASE: "9.3"
++    LEAPP_DEVEL_TARGET_RELEASE: "9.2"
+ 
+-# On-demand minimal beaker tests
+-- &beaker-minimal-89to93
+-  <<: *beaker-minimal-88to92
++- &kernel-rt-88to92
++  <<: *kernel-rt-abstract-8to9-ondemand
++  trigger: pull_request
+   labels:
+-    - beaker-minimal
+-    - beaker-minimal-8.9to9.3
+-    - 8.9to9.3
++    - kernel-rt
++    - kernel-rt-8.8to9.2
++    - 8.8to9.2
++  identifier: sanity-8.8to9.2-kernel-rt-ondemand
+   targets:
+     epel-8-x86_64:
+-      distros: [RHEL-8.9.0-Nightly]
+-  identifier: sanity-8.9to9.3-beaker-minimal
++      distros: [RHEL-8.8.0-Nightly]
+   tf_extra_params:
+     test:
+       tmt:
+-        plan_filter: 'tag:partitioning & tag:8to9 & enabled:true'
++        plan_filter: 'tag:kernel-rt & tag:8to9 & enabled:true'
+     environments:
+       - tmt:
+           context:
+-            distro: "rhel-8.9"
++            distro: "rhel-8.8"
+         settings:
+           provisioning:
+             tags:
+               BusinessUnit: sst_upgrades@leapp_upstream_test
+   env:
+-    SOURCE_RELEASE: "8.9"
+-    TARGET_RELEASE: "9.3"
++    SOURCE_RELEASE: "8.8"
++    TARGET_RELEASE: "9.2"
+     LEAPPDATA_BRANCH: "upstream"
+-    LEAPP_DEVEL_TARGET_RELEASE: "9.3"
++    LEAPP_DEVEL_TARGET_RELEASE: "9.2"
+ 
+-# On-demand kernel-rt tests
+-- &kernel-rt-89to93
+-  <<: *beaker-minimal-89to93
+-  labels:
+-    - kernel-rt
+-    - kernel-rt-8.9to9.3
+-    - 8.9to9.3
+-  identifier: sanity-8.9to9.3-kernel-rt
+-  tf_extra_params:
+-    test:
+-      tmt:
+-        plan_filter: 'tag:kernel-rt & tag:8to9 & enabled:true'
+-    environments:
+-      - tmt:
+-          context:
+-            distro: "rhel-8.9"
+-        settings:
+-          provisioning:
+-            tags:
+-              BusinessUnit: sst_upgrades@leapp_upstream_test
+ 
++# Tests: 8.10 -> 9.4
+ - &sanity-810to94
+-  <<: *sanity-88to92
+-  targets:
+-    epel-8-x86_64:
+-      distros: [RHEL-8.10.0-Nightly]
++  <<: *sanity-abstract-8to9
++  trigger: pull_request
+   identifier: sanity-8.10to9.4
+-  tf_extra_params:
+-    test:
+-      tmt:
+-        plan_filter: 'tag:sanity & tag:8to9 & enabled:true'
+-    environments:
+-      - tmt:
+-          context:
+-            distro: "rhel-8.10"
+-        settings:
+-          provisioning:
+-            tags:
+-              BusinessUnit: sst_upgrades@leapp_upstream_test
+   env:
+     SOURCE_RELEASE: "8.10"
+     TARGET_RELEASE: "9.4"
+@@ -576,27 +526,13 @@ jobs:
+ 
+ # On-demand minimal beaker tests
+ - &beaker-minimal-810to94
+-  <<: *beaker-minimal-88to92
++  <<: *beaker-minimal-8to9-abstract-ondemand
++  trigger: pull_request
+   labels:
+     - beaker-minimal
+     - beaker-minimal-8.10to9.4
+     - 8.10to9.4
+-  targets:
+-    epel-8-x86_64:
+-      distros: [RHEL-8.10.0-Nightly]
+-  identifier: sanity-8.10to9.4-beaker-minimal
+-  tf_extra_params:
+-    test:
+-      tmt:
+-        plan_filter: 'tag:partitioning & tag:8to9 & enabled:true'
+-    environments:
+-      - tmt:
+-          context:
+-            distro: "rhel-8.10"
+-        settings:
+-          provisioning:
+-            tags:
+-              BusinessUnit: sst_upgrades@leapp_upstream_test
++  identifier: sanity-8.10to9.4-beaker-minimal-ondemand
+   env:
+     SOURCE_RELEASE: "8.10"
+     TARGET_RELEASE: "9.4"
+@@ -604,107 +540,15 @@ jobs:
+ 
+ # On-demand kernel-rt tests
+ - &kernel-rt-810to94
+-  <<: *beaker-minimal-810to94
++  <<: *kernel-rt-abstract-8to9-ondemand
++  trigger: pull_request
+   labels:
+     - kernel-rt
+     - kernel-rt-8.10to9.4
+     - 8.10to9.4
+-  identifier: sanity-8.10to9.4-kernel-rt
+-  tf_extra_params:
+-    test:
+-      tmt:
+-        plan_filter: 'tag:kernel-rt & tag:8to9 & enabled:true'
+-    environments:
+-      - tmt:
+-          context:
+-            distro: "rhel-8.10"
+-        settings:
+-          provisioning:
+-            tags:
+-              BusinessUnit: sst_upgrades@leapp_upstream_test
+-
+-- &sanity-86to90-aws
+-  <<: *sanity-79to86-aws
+-  targets:
+-    epel-8-x86_64:
+-      distros: [RHEL-8.6-rhui]
+-  identifier: sanity-8.6to9.0-aws
+-  tf_extra_params:
+-    test:
+-      tmt:
+-        plan_filter: 'tag:upgrade_happy_path & enabled:true'
+-    environments:
+-      - tmt:
+-          context:
+-            distro: "rhel-8.6"
+-        settings:
+-          provisioning:
+-            post_install_script: "#!/bin/sh\nsudo sed -i s/.*ssh-rsa/ssh-rsa/ /root/.ssh/authorized_keys"
+-            tags:
+-              BusinessUnit: sst_upgrades@leapp_upstream_test
+-  env:
+-    SOURCE_RELEASE: "8.6"
+-    TARGET_RELEASE: "9.0"
+-    RHSM_REPOS: "rhel-8-for-x86_64-appstream-eus-rpms,rhel-8-for-x86_64-baseos-eus-rpms"
+-    RHUI: "aws"
+-    LEAPPDATA_BRANCH: "upstream"
+-    LEAPP_NO_RHSM: "1"
+-    USE_CUSTOM_REPOS: rhui
+-
+-- &sanity-88to92-aws
+-  <<: *sanity-86to90-aws
+-  targets:
+-    epel-8-x86_64:
+-      distros: [RHEL-8.8-rhui]
+-  identifier: sanity-8.8to9.2-aws
+-  # NOTE(mkluson) Unfortunately to use yaml templates we need to rewrite the whole tf_extra_params dict
+-  tf_extra_params:
+-    test:
+-      tmt:
+-        plan_filter: 'tag:upgrade_happy_path & enabled:true'
+-    environments:
+-      - tmt:
+-          context:
+-            distro: "rhel-8.8"
+-        settings:
+-          provisioning:
+-            post_install_script: "#!/bin/sh\nsudo sed -i s/.*ssh-rsa/ssh-rsa/ /root/.ssh/authorized_keys"
+-            tags:
+-              BusinessUnit: sst_upgrades@leapp_upstream_test
++  identifier: sanity-8.10to9.4-kernel-rt-ondemand
+   env:
+-    SOURCE_RELEASE: "8.8"
+-    TARGET_RELEASE: "9.2"
+-    RHSM_REPOS: "rhel-8-for-x86_64-appstream-eus-rpms,rhel-8-for-x86_64-baseos-eus-rpms"
+-    RHUI: "aws"
+-    LEAPPDATA_BRANCH: "upstream"
+-    LEAPP_NO_RHSM: "1"
+-    USE_CUSTOM_REPOS: rhui
+-
+-- &sanity-89to93-aws
+-  <<: *sanity-86to90-aws
+-  targets:
+-    epel-8-x86_64:
+-      distros: [RHEL-8.9-rhui]
+-  identifier: sanity-8.9to9.3-aws
+-  # NOTE(mkluson) Unfortunately to use yaml templates we need to rewrite the whole tf_extra_params dict
+-  tf_extra_params:
+-    test:
+-      tmt:
+-        plan_filter: 'tag:upgrade_happy_path & enabled:true'
+-    environments:
+-      - tmt:
+-          context:
+-            distro: "rhel-8.9"
+-        settings:
+-          provisioning:
+-            post_install_script: "#!/bin/sh\nsudo sed -i s/.*ssh-rsa/ssh-rsa/ /root/.ssh/authorized_keys"
+-            tags:
+-              BusinessUnit: sst_upgrades@leapp_upstream_test
+-  env:
+-    SOURCE_RELEASE: "8.9"
+-    TARGET_RELEASE: "9.3"
+-    RHSM_REPOS: "rhel-8-for-x86_64-appstream-rpms,rhel-8-for-x86_64-baseos-rpms"
+-    RHUI: "aws"
++    SOURCE_RELEASE: "8.10"
++    TARGET_RELEASE: "9.4"
++    RHSM_REPOS: "rhel-8-for-x86_64-appstream-beta-rpms,rhel-8-for-x86_64-baseos-beta-rpms"
+     LEAPPDATA_BRANCH: "upstream"
+-    LEAPP_NO_RHSM: "1"
+-    USE_CUSTOM_REPOS: rhui
+-- 
+2.42.0
+

0003-silence-use-yield-from-from-pylint-3.1.patch

@@ -0,0 +1,25 @@
+From db8a0cf5c66ced0ed49990a40a45a08373b34af5 Mon Sep 17 00:00:00 2001
+From: Evgeni Golov <evgeni@golov.de>
+Date: Fri, 1 Mar 2024 20:30:04 +0100
+Subject: [PATCH 03/34] silence use-yield-from from pylint 3.1
+
+yield from cannot be used until we require python3.3 or greater
+---
+ .pylintrc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/.pylintrc b/.pylintrc
+index 57259bcb..f78c1c3f 100644
+--- a/.pylintrc
++++ b/.pylintrc
+@@ -57,6 +57,7 @@ disable=
+  redundant-u-string-prefix,  # still have py2 to support
+  logging-format-interpolation,
+  logging-not-lazy,
++ use-yield-from,  # yield from cannot be used until we require python 3.3 or greater
+  too-many-lines  # we do not want to take care about that one
+ 
+ [FORMAT]
+-- 
+2.42.0
+

0004-rocescanner-Actually-call-process-in-test_roce_notib.patch

@@ -0,0 +1,23 @@
+From 214ed9b57c5e291cda5ff6baf7c7a790038fef34 Mon Sep 17 00:00:00 2001
+From: Matej Matuska <mmatuska@redhat.com>
+Date: Mon, 11 Mar 2024 18:30:23 +0100
+Subject: [PATCH 04/34] rocescanner: Actually call process() in
+ test_roce_notibmz test
+
+---
+ .../el8toel9/actors/rocescanner/tests/unit_test_rocescanner.py   | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/repos/system_upgrade/el8toel9/actors/rocescanner/tests/unit_test_rocescanner.py b/repos/system_upgrade/el8toel9/actors/rocescanner/tests/unit_test_rocescanner.py
+index a4889328..ee9e4498 100644
+--- a/repos/system_upgrade/el8toel9/actors/rocescanner/tests/unit_test_rocescanner.py
++++ b/repos/system_upgrade/el8toel9/actors/rocescanner/tests/unit_test_rocescanner.py
+@@ -151,4 +151,5 @@ def test_roce_noibmz(monkeypatch, arch):
+     monkeypatch.setattr(rocescanner.api, 'current_actor', CurrentActorMocked(arch=arch))
+     monkeypatch.setattr(rocescanner.api.current_actor(), 'produce', mocked_produce)
+     monkeypatch.setattr(rocescanner, 'get_roce_nics_lines', lambda: mocked_roce_lines)
++    rocescanner.process()
+     assert not mocked_produce.called
+-- 
+2.42.0
+

0005-Fix-incorrect-parsing-of-lscpu-output.patch

@@ -0,0 +1,624 @@
+From 050620eabe52a2184b40a7ac2818d927516d8b6d Mon Sep 17 00:00:00 2001
+From: David Kubek <dkubek@redhat.com>
+Date: Tue, 20 Feb 2024 20:54:16 +0100
+Subject: [PATCH 05/34] Fix incorrect parsing of `lscpu` output
+
+Original solution expected always ``key: val`` pair on each line.
+However, it has not been expected that val could be actually empty
+string, which would lead to situation where the following line is
+interpreted as a value.
+
+The new solution updates the parsing for output on RHEL 7, but also
+calls newly ``lscpu -J`` on RHEL 8+ to obtain data in the JSON format,
+which drops all possible parsing problems from our side.
+
+Fixes #1182
+---
+ .github/workflows/codespell.yml               |  2 +-
+ .../actors/scancpu/libraries/scancpu.py       | 39 +++++----
+ .../actors/scancpu/tests/files/json/invalid   |  2 +
+ .../scancpu/tests/files/json/lscpu_aarch64    | 29 +++++++
+ .../scancpu/tests/files/json/lscpu_ppc64le    | 19 +++++
+ .../scancpu/tests/files/json/lscpu_s390x      | 30 +++++++
+ .../scancpu/tests/files/json/lscpu_x86_64     | 31 +++++++
+ .../actors/scancpu/tests/files/lscpu_aarch64  | 26 ------
+ .../actors/scancpu/tests/files/lscpu_ppc64le  | 24 ------
+ .../actors/scancpu/tests/files/lscpu_s390x    | 38 ---------
+ .../scancpu/tests/files/txt/lscpu_aarch64     | 25 ++++++
+ .../scancpu/tests/files/txt/lscpu_empty_field |  4 +
+ .../scancpu/tests/files/txt/lscpu_ppc64le     | 15 ++++
+ .../scancpu/tests/files/txt/lscpu_s390x       | 26 ++++++
+ .../tests/files/{ => txt}/lscpu_x86_64        |  0
+ .../actors/scancpu/tests/test_scancpu.py      | 82 ++++++++++++++++---
+ 16 files changed, 279 insertions(+), 113 deletions(-)
+ create mode 100644 repos/system_upgrade/common/actors/scancpu/tests/files/json/invalid
+ create mode 100644 repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_aarch64
+ create mode 100644 repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_ppc64le
+ create mode 100644 repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_s390x
+ create mode 100644 repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_x86_64
+ delete mode 100644 repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_aarch64
+ delete mode 100644 repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_ppc64le
+ delete mode 100644 repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_s390x
+ create mode 100644 repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_aarch64
+ create mode 100644 repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_empty_field
+ create mode 100644 repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_ppc64le
+ create mode 100644 repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_s390x
+ rename repos/system_upgrade/common/actors/scancpu/tests/files/{ => txt}/lscpu_x86_64 (100%)
+
+diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
+index 24add3fb..4921bc90 100644
+--- a/.github/workflows/codespell.yml
++++ b/.github/workflows/codespell.yml
+@@ -23,7 +23,7 @@ jobs:
+             ./repos/system_upgrade/el8toel9/actors/xorgdrvfact/tests/files/journalctl-xorg-intel,\
+             ./repos/system_upgrade/el8toel9/actors/xorgdrvfact/tests/files/journalctl-xorg-qxl,\
+             ./repos/system_upgrade/el8toel9/actors/xorgdrvfact/tests/files/journalctl-xorg-without-qxl,\
+-            ./repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_s390x,\
++            ./repos/system_upgrade/common/actors/scancpu/tests/files,\
+             ./etc/leapp/files/device_driver_deprecation_data.json,\
+             ./etc/leapp/files/pes-events.json,\
+             ./etc/leapp/files/repomap.json,\
+diff --git a/repos/system_upgrade/common/actors/scancpu/libraries/scancpu.py b/repos/system_upgrade/common/actors/scancpu/libraries/scancpu.py
+index 9de50fae..7451066a 100644
+--- a/repos/system_upgrade/common/actors/scancpu/libraries/scancpu.py
++++ b/repos/system_upgrade/common/actors/scancpu/libraries/scancpu.py
+@@ -1,22 +1,41 @@
++import json
+ import re
+ 
+ from leapp.libraries.common.config import architecture
++from leapp.libraries.common.config.version import get_source_major_version
+ from leapp.libraries.stdlib import api, CalledProcessError, run
+ from leapp.models import CPUInfo, DetectedDeviceOrDriver, DeviceDriverDeprecationData
+ 
+-LSCPU_NAME_VALUE = re.compile(r'(?P<name>[^:]+):\s+(?P<value>.+)\n?')
++LSCPU_NAME_VALUE = re.compile(r'^(?P<name>[^:]+):[^\S\n]+(?P<value>.+)\n?', flags=re.MULTILINE)
+ PPC64LE_MODEL = re.compile(r'\d+\.\d+ \(pvr (?P<family>[0-9a-fA-F]+) 0*[0-9a-fA-F]+\)')
+ 
+ 
+-def _get_lscpu_output():
++def _get_lscpu_output(output_json=False):
+     try:
+-        result = run(['lscpu'])
++        result = run(['lscpu', '-J' if output_json else ''])
+         return result.get('stdout', '')
+     except (OSError, CalledProcessError):
+         api.current_logger().debug('Executing `lscpu` failed', exc_info=True)
+     return ''
+ 
+ 
++def _parse_lscpu_output():
++    if get_source_major_version() == '7':
++        return dict(LSCPU_NAME_VALUE.findall(_get_lscpu_output()))
++
++    lscpu = _get_lscpu_output(output_json=True)
++    try:
++        parsed_json = json.loads(lscpu)
++        # The json contains one entry "lscpu" which is a list of dictionaries
++        # with 2 keys "field" (name of the field from lscpu) and "data" (value
++        # of the field).
++        return dict((entry['field'].rstrip(':'), entry['data']) for entry in parsed_json['lscpu'])
++    except ValueError:
++        api.current_logger().debug('Failed to parse json output from `lscpu`. Got:\n{}'.format(lscpu))
++
++    return dict()
++
++
+ def _get_cpu_flags(lscpu):
+     flags = lscpu.get('Flags', '')
+     return flags.split()
+@@ -128,24 +147,16 @@ def _find_deprecation_data_entries(lscpu):
+         arch_prefix, is_detected = architecture.ARCH_ARM64, _is_detected_aarch64
+ 
+     if arch_prefix and is_detected:
+-        return [
+-            _to_detected_device(entry) for entry in _get_cpu_entries_for(arch_prefix)
+-            if is_detected(lscpu, entry)
+-        ]
++        return [_to_detected_device(entry) for entry in _get_cpu_entries_for(arch_prefix) if is_detected(lscpu, entry)]
+ 
+     api.current_logger().warning('Unsupported platform could not detect relevant CPU information')
+     return []
+ 
+ 
+ def process():
+-    lscpu = dict(LSCPU_NAME_VALUE.findall(_get_lscpu_output()))
++    lscpu = _parse_lscpu_output()
+     api.produce(*_find_deprecation_data_entries(lscpu))
+     # Backwards compatibility
+     machine_type = lscpu.get('Machine type')
+     flags = _get_cpu_flags(lscpu)
+-    api.produce(
+-            CPUInfo(
+-                machine_type=int(machine_type) if machine_type else None,
+-                flags=flags
+-                )
+-            )
++    api.produce(CPUInfo(machine_type=int(machine_type) if machine_type else None, flags=flags))
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/files/json/invalid b/repos/system_upgrade/common/actors/scancpu/tests/files/json/invalid
+new file mode 100644
+index 00000000..422c2b7a
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/scancpu/tests/files/json/invalid
+@@ -0,0 +1,2 @@
++a
++b
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_aarch64 b/repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_aarch64
+new file mode 100644
+index 00000000..79186695
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_aarch64
+@@ -0,0 +1,29 @@
++{
++   "lscpu": [
++      {"field": "Architecture:", "data": "aarch64"},
++      {"field": "Byte Order:", "data": "Little Endian"},
++      {"field": "CPU(s):", "data": "160"},
++      {"field": "On-line CPU(s) list:", "data": "0-159"},
++      {"field": "Thread(s) per core:", "data": "1"},
++      {"field": "Core(s) per socket:", "data": "80"},
++      {"field": "Socket(s):", "data": "2"},
++      {"field": "NUMA node(s):", "data": "4"},
++      {"field": "Vendor ID:", "data": "ARM"},
++      {"field": "BIOS Vendor ID:", "data": "Ampere(R)"},
++      {"field": "Model:", "data": "1"},
++      {"field": "Model name:", "data": "Neoverse-N1"},
++      {"field": "BIOS Model name:", "data": "Ampere(R) Altra(R) Processor"},
++      {"field": "Stepping:", "data": "r3p1"},
++      {"field": "CPU max MHz:", "data": "3000.0000"},
++      {"field": "CPU min MHz:", "data": "1000.0000"},
++      {"field": "BogoMIPS:", "data": "50.00"},
++      {"field": "L1d cache:", "data": "64K"},
++      {"field": "L1i cache:", "data": "64K"},
++      {"field": "L2 cache:", "data": "1024K"},
++      {"field": "NUMA node0 CPU(s):", "data": "0-79"},
++      {"field": "NUMA node1 CPU(s):", "data": "80-159"},
++      {"field": "NUMA node2 CPU(s):", "data": null},
++      {"field": "NUMA node3 CPU(s):", "data": null},
++      {"field": "Flags:", "data": "fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp ssbs"}
++   ]
++}
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_ppc64le b/repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_ppc64le
+new file mode 100644
+index 00000000..cc51c4ac
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_ppc64le
+@@ -0,0 +1,19 @@
++{
++   "lscpu": [
++      {"field": "Architecture:", "data": "ppc64le"},
++      {"field": "Byte Order:", "data": "Little Endian"},
++      {"field": "CPU(s):", "data": "8"},
++      {"field": "On-line CPU(s) list:", "data": "0-7"},
++      {"field": "Thread(s) per core:", "data": "1"},
++      {"field": "Core(s) per socket:", "data": "1"},
++      {"field": "Socket(s):", "data": "8"},
++      {"field": "NUMA node(s):", "data": "1"},
++      {"field": "Model:", "data": "2.1 (pvr 004b 0201)"},
++      {"field": "Model name:", "data": "POWER8E (raw), altivec supported"},
++      {"field": "Hypervisor vendor:", "data": "KVM"},
++      {"field": "Virtualization type:", "data": "para"},
++      {"field": "L1d cache:", "data": "64K"},
++      {"field": "L1i cache:", "data": "32K"},
++      {"field": "NUMA node0 CPU(s):", "data": "0-7"}
++   ]
++}
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_s390x b/repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_s390x
+new file mode 100644
+index 00000000..950da2de
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_s390x
+@@ -0,0 +1,30 @@
++{
++   "lscpu": [
++      {"field": "Architecture:", "data": "s390x"},
++      {"field": "CPU op-mode(s):", "data": "32-bit, 64-bit"},
++      {"field": "Byte Order:", "data": "Big Endian"},
++      {"field": "CPU(s):", "data": "4"},
++      {"field": "On-line CPU(s) list:", "data": "0-3"},
++      {"field": "Thread(s) per core:", "data": "1"},
++      {"field": "Core(s) per socket:", "data": "1"},
++      {"field": "Socket(s) per book:", "data": "1"},
++      {"field": "Book(s) per drawer:", "data": "1"},
++      {"field": "Drawer(s):", "data": "4"},
++      {"field": "NUMA node(s):", "data": "1"},
++      {"field": "Vendor ID:", "data": "IBM/S390"},
++      {"field": "Machine type:", "data": "3931"},
++      {"field": "CPU dynamic MHz:", "data": "5200"},
++      {"field": "CPU static MHz:", "data": "5200"},
++      {"field": "BogoMIPS:", "data": "3331.00"},
++      {"field": "Hypervisor:", "data": "KVM/Linux"},
++      {"field": "Hypervisor vendor:", "data": "KVM"},
++      {"field": "Virtualization type:", "data": "full"},
++      {"field": "Dispatching mode:", "data": "horizontal"},
++      {"field": "L1d cache:", "data": "128K"},
++      {"field": "L1i cache:", "data": "128K"},
++      {"field": "L2 cache:", "data": "32768K"},
++      {"field": "L3 cache:", "data": "262144K"},
++      {"field": "NUMA node0 CPU(s):", "data": "0-3"},
++      {"field": "Flags:", "data": "esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt vxp2 nnpa sie"}
++   ]
++}
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_x86_64 b/repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_x86_64
+new file mode 100644
+index 00000000..da75a3fa
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/scancpu/tests/files/json/lscpu_x86_64
+@@ -0,0 +1,31 @@
++{
++   "lscpu": [
++      {"field": "Architecture:", "data": "x86_64"},
++      {"field": "CPU op-mode(s):", "data": "32-bit, 64-bit"},
++      {"field": "Byte Order:", "data": "Little Endian"},
++      {"field": "CPU(s):", "data": "2"},
++      {"field": "On-line CPU(s) list:", "data": "0,1"},
++      {"field": "Thread(s) per core:", "data": "1"},
++      {"field": "Core(s) per socket:", "data": "1"},
++      {"field": "Socket(s):", "data": "2"},
++      {"field": "NUMA node(s):", "data": "1"},
++      {"field": "Vendor ID:", "data": "GenuineIntel"},
++      {"field": "BIOS Vendor ID:", "data": "QEMU"},
++      {"field": "CPU family:", "data": "6"},
++      {"field": "Model:", "data": "165"},
++      {"field": "Model name:", "data": "Intel(R) Core(TM) i7-10850H CPU @ 2.70GHz"},
++      {"field": "BIOS Model name:", "data": "pc-i440fx-7.2"},
++      {"field": "Stepping:", "data": "2"},
++      {"field": "CPU MHz:", "data": "2712.006"},
++      {"field": "BogoMIPS:", "data": "5424.01"},
++      {"field": "Virtualization:", "data": "VT-x"},
++      {"field": "Hypervisor vendor:", "data": "KVM"},
++      {"field": "Virtualization type:", "data": "full"},
++      {"field": "L1d cache:", "data": "32K"},
++      {"field": "L1i cache:", "data": "32K"},
++      {"field": "L2 cache:", "data": "4096K"},
++      {"field": "L3 cache:", "data": "16384K"},
++      {"field": "NUMA node0 CPU(s):", "data": "0,1"},
++      {"field": "Flags:", "data": "fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid cqm xsaveopt cqm_llc cqm_occup_llc dtherm ida arat pln pts md_clear flush_l1d"}
++   ]
++}
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_aarch64 b/repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_aarch64
+deleted file mode 100644
+index 5b6c3470..00000000
+--- a/repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_aarch64
++++ /dev/null
+@@ -1,26 +0,0 @@
+-Architecture:                    aarch64
+-CPU op-mode(s):                  32-bit, 64-bit
+-Byte Order:                      Little Endian
+-CPU(s):                          5
+-On-line CPU(s) list:             0-4
+-Vendor ID:                       APM
+-Model name:                      -
+-Model:                           2
+-Thread(s) per core:              1
+-Core(s) per cluster:             5
+-Socket(s):                       -
+-Cluster(s):                      1
+-Stepping:                        0x3
+-BogoMIPS:                        80.00
+-Flags:                           fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid
+-NUMA node(s):                    1
+-NUMA node0 CPU(s):               0-4
+-Vulnerability Itlb multihit:     Not affected
+-Vulnerability L1tf:              Not affected
+-Vulnerability Mds:               Not affected
+-Vulnerability Meltdown:          Mitigation; PTI
+-Vulnerability Spec store bypass: Vulnerable
+-Vulnerability Spectre v1:        Mitigation; __user pointer sanitization
+-Vulnerability Spectre v2:        Vulnerable
+-Vulnerability Srbds:             Not affected
+-Vulnerability Tsx async abort:   Not affected
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_ppc64le b/repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_ppc64le
+deleted file mode 100644
+index 259dd19d..00000000
+--- a/repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_ppc64le
++++ /dev/null
+@@ -1,24 +0,0 @@
+-Architecture:                    ppc64le
+-Byte Order:                      Little Endian
+-CPU(s):                          8
+-On-line CPU(s) list:             0-7
+-Model name:                      POWER9 (architected), altivec supported
+-Model:                           2.2 (pvr 004e 1202)
+-Thread(s) per core:              1
+-Core(s) per socket:              1
+-Socket(s):                       8
+-Hypervisor vendor:               KVM
+-Virtualization type:             para
+-L1d cache:                       256 KiB (8 instances)
+-L1i cache:                       256 KiB (8 instances)
+-NUMA node(s):                    1
+-NUMA node0 CPU(s):               0-7
+-Vulnerability Itlb multihit:     Not affected
+-Vulnerability L1tf:              Mitigation; RFI Flush, L1D private per thread
+-Vulnerability Mds:               Not affected
+-Vulnerability Meltdown:          Mitigation; RFI Flush, L1D private per thread
+-Vulnerability Spec store bypass: Mitigation; Kernel entry/exit barrier (eieio)
+-Vulnerability Spectre v1:        Mitigation; __user pointer sanitization, ori31 speculation barrier enabled
+-Vulnerability Spectre v2:        Mitigation; Software count cache flush (hardware accelerated), Software link stack flush
+-Vulnerability Srbds:             Not affected
+-Vulnerability Tsx async abort:   Not affected
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_s390x b/repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_s390x
+deleted file mode 100644
+index 3c0a0ac3..00000000
+--- a/repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_s390x
++++ /dev/null
+@@ -1,38 +0,0 @@
+-Architecture:                    s390x
+-CPU op-mode(s):                  32-bit, 64-bit
+-Byte Order:                      Big Endian
+-CPU(s):                          2
+-On-line CPU(s) list:             0,1
+-Vendor ID:                       IBM/S390
+-Model name:                      -
+-Machine type:                    2827
+-Thread(s) per core:              1
+-Core(s) per socket:              1
+-Socket(s) per book:              1
+-Book(s) per drawer:              1
+-Drawer(s):                       2
+-CPU dynamic MHz:                 5200
+-CPU static MHz:                  5200
+-BogoMIPS:                        3241.00
+-Dispatching mode:                horizontal
+-Flags:                           esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt sie
+-Hypervisor:                      z/VM 7.2.0
+-Hypervisor vendor:               IBM
+-Virtualization type:             full
+-L1d cache:                       256 KiB (2 instances)
+-L1i cache:                       256 KiB (2 instances)
+-L2d cache:                       8 MiB (2 instances)
+-L2i cache:                       8 MiB (2 instances)
+-L3 cache:                        256 MiB
+-L4 cache:                        960 MiB
+-NUMA node(s):                    1
+-NUMA node0 CPU(s):               0,1
+-Vulnerability Itlb multihit:     Not affected
+-Vulnerability L1tf:              Not affected
+-Vulnerability Mds:               Not affected
+-Vulnerability Meltdown:          Not affected
+-Vulnerability Spec store bypass: Not affected
+-Vulnerability Spectre v1:        Mitigation; __user pointer sanitization
+-Vulnerability Spectre v2:        Mitigation; etokens
+-Vulnerability Srbds:             Not affected
+-Vulnerability Tsx async abort:   Not affected
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_aarch64 b/repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_aarch64
+new file mode 100644
+index 00000000..3b9619ef
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_aarch64
+@@ -0,0 +1,25 @@
++Architecture:        aarch64
++Byte Order:          Little Endian
++CPU(s):              160
++On-line CPU(s) list: 0-159
++Thread(s) per core:  1
++Core(s) per socket:  80
++Socket(s):           2
++NUMA node(s):        4
++Vendor ID:           ARM
++BIOS Vendor ID:      Ampere(R)
++Model:               1
++Model name:          Neoverse-N1
++BIOS Model name:     Ampere(R) Altra(R) Processor
++Stepping:            r3p1
++CPU max MHz:         3000.0000
++CPU min MHz:         1000.0000
++BogoMIPS:            50.00
++L1d cache:           64K
++L1i cache:           64K
++L2 cache:            1024K
++NUMA node0 CPU(s):   0-79
++NUMA node1 CPU(s):   80-159
++NUMA node2 CPU(s):
++NUMA node3 CPU(s):
++Flags:               fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp ssbs
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_empty_field b/repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_empty_field
+new file mode 100644
+index 00000000..f830b7fe
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_empty_field
+@@ -0,0 +1,4 @@
++Empyt 1:                    
++Empyt 2:                    
++Empyt 3:                    
++Flags:                           flag
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_ppc64le b/repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_ppc64le
+new file mode 100644
+index 00000000..07d2ed65
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_ppc64le
+@@ -0,0 +1,15 @@
++Architecture:        ppc64le
++Byte Order:          Little Endian
++CPU(s):              8
++On-line CPU(s) list: 0-7
++Thread(s) per core:  1
++Core(s) per socket:  1
++Socket(s):           8
++NUMA node(s):        1
++Model:               2.1 (pvr 004b 0201)
++Model name:          POWER8E (raw), altivec supported
++Hypervisor vendor:   KVM
++Virtualization type: para
++L1d cache:           64K
++L1i cache:           32K
++NUMA node0 CPU(s):   0-7
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_s390x b/repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_s390x
+new file mode 100644
+index 00000000..2c0de9f9
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_s390x
+@@ -0,0 +1,26 @@
++Architecture:        s390x
++CPU op-mode(s):      32-bit, 64-bit
++Byte Order:          Big Endian
++CPU(s):              4
++On-line CPU(s) list: 0-3
++Thread(s) per core:  1
++Core(s) per socket:  1
++Socket(s) per book:  1
++Book(s) per drawer:  1
++Drawer(s):           4
++NUMA node(s):        1
++Vendor ID:           IBM/S390
++Machine type:        3931
++CPU dynamic MHz:     5200
++CPU static MHz:      5200
++BogoMIPS:            3331.00
++Hypervisor:          KVM/Linux
++Hypervisor vendor:   KVM
++Virtualization type: full
++Dispatching mode:    horizontal
++L1d cache:           128K
++L1i cache:           128K
++L2 cache:            32768K
++L3 cache:            262144K
++NUMA node0 CPU(s):   0-3
++Flags:               esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx vxd vxe gs vxe2 vxp sort dflt vxp2 nnpa sie
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_x86_64 b/repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_x86_64
+similarity index 100%
+rename from repos/system_upgrade/common/actors/scancpu/tests/files/lscpu_x86_64
+rename to repos/system_upgrade/common/actors/scancpu/tests/files/txt/lscpu_x86_64
+diff --git a/repos/system_upgrade/common/actors/scancpu/tests/test_scancpu.py b/repos/system_upgrade/common/actors/scancpu/tests/test_scancpu.py
+index 894fae08..dc9d1ffc 100644
+--- a/repos/system_upgrade/common/actors/scancpu/tests/test_scancpu.py
++++ b/repos/system_upgrade/common/actors/scancpu/tests/test_scancpu.py
+@@ -3,7 +3,6 @@ import os
+ import pytest
+ 
+ from leapp.libraries.actor import scancpu
+-from leapp.libraries.common import testutils
+ from leapp.libraries.common.config.architecture import (
+     ARCH_ARM64,
+     ARCH_PPC64LE,
+@@ -11,6 +10,7 @@ from leapp.libraries.common.config.architecture import (
+     ARCH_SUPPORTED,
+     ARCH_X86_64
+ )
++from leapp.libraries.common.testutils import CurrentActorMocked, logger_mocked, produce_mocked
+ from leapp.libraries.stdlib import api
+ from leapp.models import CPUInfo
+ 
+@@ -18,8 +18,12 @@ CUR_DIR = os.path.dirname(os.path.abspath(__file__))
+ 
+ LSCPU = {
+     ARCH_ARM64: {
+-        "machine_type": None,
+-        "flags": ['fp', 'asimd', 'evtstrm', 'aes', 'pmull', 'sha1', 'sha2', 'crc32', 'cpuid'],
++        "machine_type":
++            None,
++        "flags": [
++            'fp', 'asimd', 'evtstrm', 'aes', 'pmull', 'sha1', 'sha2', 'crc32', 'atomics', 'fphp', 'asimdhp', 'cpuid',
++            'asimdrdm', 'lrcpc', 'dcpop', 'asimddp', 'ssbs'
++        ]
+     },
+     ARCH_PPC64LE: {
+         "machine_type": None,
+@@ -27,10 +31,10 @@ LSCPU = {
+     },
+     ARCH_S390X: {
+         "machine_type":
+-            2827,
++            3931,
+         "flags": [
+             'esan3', 'zarch', 'stfle', 'msa', 'ldisp', 'eimm', 'dfp', 'edat', 'etf3eh', 'highgprs', 'te', 'vx', 'vxd',
+-            'vxe', 'gs', 'vxe2', 'vxp', 'sort', 'dflt', 'sie'
++            'vxe', 'gs', 'vxe2', 'vxp', 'sort', 'dflt', 'vxp2', 'nnpa', 'sie'
+         ]
+     },
+     ARCH_X86_64: {
+@@ -57,23 +61,34 @@ class mocked_get_cpuinfo(object):
+     def __init__(self, filename):
+         self.filename = filename
+ 
+-    def __call__(self):
++    def __call__(self, output_json=False):
+         """
+         Return lines of the self.filename test file located in the files directory.
+ 
+         Those files contain /proc/cpuinfo content from several machines.
+         """
+-        with open(os.path.join(CUR_DIR, 'files', self.filename), 'r') as fp:
++
++        filename = self.filename
++        if output_json:
++            filename = os.path.join('json', filename)
++        else:
++            filename = os.path.join('txt', filename)
++        filename = os.path.join(CUR_DIR, 'files', filename)
++
++        with open(filename, 'r') as fp:
+             return '\n'.join(fp.read().splitlines())
+ 
+ 
+ @pytest.mark.parametrize("arch", ARCH_SUPPORTED)
+-def test_scancpu(monkeypatch, arch):
++@pytest.mark.parametrize("version", ['7', '8'])
++def test_scancpu(monkeypatch, arch, version):
++
++    monkeypatch.setattr('leapp.libraries.actor.scancpu.get_source_major_version', lambda: version)
+ 
+     mocked_cpuinfo = mocked_get_cpuinfo('lscpu_' + arch)
+     monkeypatch.setattr(scancpu, '_get_lscpu_output', mocked_cpuinfo)
+-    monkeypatch.setattr(api, 'produce', testutils.produce_mocked())
+-    current_actor = testutils.CurrentActorMocked(arch=arch)
++    monkeypatch.setattr(api, 'produce', produce_mocked())
++    current_actor = CurrentActorMocked(arch=arch)
+     monkeypatch.setattr(api, 'current_actor', current_actor)
+ 
+     scancpu.process()
+@@ -89,3 +104,50 @@ def test_scancpu(monkeypatch, arch):
+ 
+     # Did not produce anything extra
+     assert expected == produced
++
++
++def test_lscpu_with_empty_field(monkeypatch):
++
++    def mocked_cpuinfo(*args, **kwargs):
++        return mocked_get_cpuinfo('lscpu_empty_field')(output_json=False)
++
++    monkeypatch.setattr(scancpu, '_get_lscpu_output', mocked_cpuinfo)
++    monkeypatch.setattr(api, 'produce', produce_mocked())
++    current_actor = CurrentActorMocked()
++    monkeypatch.setattr(api, 'current_actor', current_actor)
++
++    scancpu.process()
++
++    expected = CPUInfo(machine_type=None, flags=['flag'])
++    produced = api.produce.model_instances[0]
++
++    assert api.produce.called == 1
++
++    assert expected.machine_type == produced.machine_type
++    assert sorted(expected.flags) == sorted(produced.flags)
++
++
++def test_parse_invalid_json(monkeypatch):
++
++    monkeypatch.setattr('leapp.libraries.actor.scancpu.get_source_major_version', lambda: '8')
++
++    def mocked_cpuinfo(*args, **kwargs):
++        return mocked_get_cpuinfo('invalid')(output_json=True)
++
++    monkeypatch.setattr(scancpu, '_get_lscpu_output', mocked_cpuinfo)
++    monkeypatch.setattr(api, 'produce', produce_mocked())
++    monkeypatch.setattr(api, 'current_logger', logger_mocked())
++    current_actor = CurrentActorMocked()
++    monkeypatch.setattr(api, 'current_actor', current_actor)
++
++    scancpu.process()
++
++    assert api.produce.called == 1
++
++    assert any('Failed to parse json output' in msg for msg in api.current_logger().dbgmsg)
++
++    expected = CPUInfo(machine_type=None, flags=[])
++    produced = api.produce.model_instances[0]
++
++    assert expected.machine_type == produced.machine_type
++    assert sorted(expected.flags) == sorted(produced.flags)
+-- 
+2.42.0
+

0006-Add-unit-tests-for-actor-udevamdinfo.patch

@@ -0,0 +1,254 @@
+From b65ef94be64f16eacb79a55d1185e37aa401832e Mon Sep 17 00:00:00 2001
+From: tomasfratrik <tomasfratrik8@gmail.com>
+Date: Mon, 4 Mar 2024 09:10:02 +0100
+Subject: [PATCH 06/34] Add unit tests for actor udevamdinfo
+
+* Move actor's process to its library
+* Add check for run in process
+* Create file with short output of 'udevamd info -e' for testing
+  purposes
+* Add unit tests for actor
+
+Jira: OAMG-1277
+---
+ .../common/actors/udev/udevadminfo/actor.py   |   5 +-
+ .../udev/udevadminfo/libraries/udevadminfo.py |  19 +++
+ .../udevadminfo/tests/files/udevadm_database  | 134 ++++++++++++++++++
+ .../udevadminfo/tests/test_udevadminfo.py     |  40 ++++++
+ 4 files changed, 195 insertions(+), 3 deletions(-)
+ create mode 100644 repos/system_upgrade/common/actors/udev/udevadminfo/libraries/udevadminfo.py
+ create mode 100644 repos/system_upgrade/common/actors/udev/udevadminfo/tests/files/udevadm_database
+ create mode 100644 repos/system_upgrade/common/actors/udev/udevadminfo/tests/test_udevadminfo.py
+
+diff --git a/repos/system_upgrade/common/actors/udev/udevadminfo/actor.py b/repos/system_upgrade/common/actors/udev/udevadminfo/actor.py
+index b674e56c..ac702914 100644
+--- a/repos/system_upgrade/common/actors/udev/udevadminfo/actor.py
++++ b/repos/system_upgrade/common/actors/udev/udevadminfo/actor.py
+@@ -1,5 +1,5 @@
+ from leapp.actors import Actor
+-from leapp.libraries.stdlib import run
++from leapp.libraries.actor import udevadminfo
+ from leapp.models import UdevAdmInfoData
+ from leapp.tags import FactsPhaseTag, IPUWorkflowTag
+ 
+@@ -15,5 +15,4 @@ class UdevAdmInfo(Actor):
+     tags = (IPUWorkflowTag, FactsPhaseTag,)
+ 
+     def process(self):
+-        out = run(['udevadm', 'info', '-e'])['stdout']
+-        self.produce(UdevAdmInfoData(db=out))
++        udevadminfo.process()
+diff --git a/repos/system_upgrade/common/actors/udev/udevadminfo/libraries/udevadminfo.py b/repos/system_upgrade/common/actors/udev/udevadminfo/libraries/udevadminfo.py
+new file mode 100644
+index 00000000..dabe49e0
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/udev/udevadminfo/libraries/udevadminfo.py
+@@ -0,0 +1,19 @@
++from leapp.exceptions import StopActorExecutionError
++from leapp.libraries.stdlib import api, CalledProcessError, run
++from leapp.models import UdevAdmInfoData
++
++
++def process():
++    try:
++        out = run(['udevadm', 'info', '-e'])['stdout']
++    except (CalledProcessError, OSError) as err:
++        raise StopActorExecutionError(
++            message=(
++                "Unable to gather information about the system devices"
++            ),
++            details={
++                'details': 'Failed to execute `udevadm info -e` command.',
++                'error': str(err)
++            }
++        )
++    api.produce(UdevAdmInfoData(db=out))
+diff --git a/repos/system_upgrade/common/actors/udev/udevadminfo/tests/files/udevadm_database b/repos/system_upgrade/common/actors/udev/udevadminfo/tests/files/udevadm_database
+new file mode 100644
+index 00000000..219fb574
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/udev/udevadminfo/tests/files/udevadm_database
+@@ -0,0 +1,134 @@
++P: /devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00/LNXCPU:00
++E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00/LNXCPU:00
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:LNXCPU:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1698543
++
++P: /devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00/LNXCPU:01
++E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00/LNXCPU:01
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:LNXCPU:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1698839
++
++P: /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0103:00
++E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0103:00
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:PNP0103:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1697906
++
++P: /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00
++E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:PNP0A03:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1698109
++
++P: /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/PNP0A06:00
++E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/PNP0A06:00
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:PNP0A06:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1702939
++P: /devices/LNXSYSTM:00
++E: DEVPATH=/devices/LNXSYSTM:00
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:LNXSYSTM:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1694509
++
++P: /devices/LNXSYSTM:00/LNXPWRBN:00
++E: DEVPATH=/devices/LNXSYSTM:00/LNXPWRBN:00
++E: DRIVER=button
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:LNXPWRBN:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1695034
++
++P: /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
++E: DEVPATH=/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
++E: EV=3
++E: ID_FOR_SEAT=input-acpi-LNXPWRBN_00
++E: ID_INPUT=1
++E: ID_INPUT_KEY=1
++E: ID_PATH=acpi-LNXPWRBN:00
++E: ID_PATH_TAG=acpi-LNXPWRBN_00
++E: KEY=10000000000000 0
++E: MODALIAS=input:b0019v0000p0001e0000-e0,1,k74,ramlsfw
++E: NAME="Power Button"
++E: PHYS="LNXPWRBN/button/input0"
++E: PRODUCT=19/0/1/0
++E: PROP=0
++E: SUBSYSTEM=input
++E: TAGS=:seat:
++E: USEC_INITIALIZED=1697068
++
++P: /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/event0
++N: input/event0
++E: DEVNAME=/dev/input/event0
++E: DEVPATH=/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/event0
++E: ID_INPUT=1
++E: ID_INPUT_KEY=1
++E: ID_PATH=acpi-LNXPWRBN:00
++E: ID_PATH_TAG=acpi-LNXPWRBN_00
++E: MAJOR=13
++E: MINOR=64
++E: SUBSYSTEM=input
++E: TAGS=:power-switch:
++E: USEC_INITIALIZED=1744996
++
++P: /devices/LNXSYSTM:00/LNXPWRBN:00/wakeup/wakeup10
++E: DEVPATH=/devices/LNXSYSTM:00/LNXPWRBN:00/wakeup/wakeup10
++E: SUBSYSTEM=wakeup
++
++P: /devices/LNXSYSTM:00/LNXSYBUS:00
++E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:LNXSYBUS:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1695925
++
++P: /devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00
++E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:ACPI0010:PNP0A05:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1698058
++
++P: /devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00/LNXCPU:00
++E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00/LNXCPU:00
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:LNXCPU:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1698543
++
++P: /devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00/LNXCPU:01
++E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00/LNXCPU:01
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:LNXCPU:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1698839
++
++P: /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0103:00
++E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0103:00
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:PNP0103:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1697906
++
++P: /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00
++E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:PNP0A03:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1698109
++
++P: /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/PNP0A06:00
++E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/PNP0A06:00
++E: ID_VENDOR_FROM_DATABASE=The Linux Foundation
++E: MODALIAS=acpi:PNP0A06:
++E: SUBSYSTEM=acpi
++E: USEC_INITIALIZED=1702939
++
+diff --git a/repos/system_upgrade/common/actors/udev/udevadminfo/tests/test_udevadminfo.py b/repos/system_upgrade/common/actors/udev/udevadminfo/tests/test_udevadminfo.py
+new file mode 100644
+index 00000000..f465d6f6
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/udev/udevadminfo/tests/test_udevadminfo.py
+@@ -0,0 +1,40 @@
++import os
++
++import pytest
++
++from leapp.exceptions import StopActorExecutionError
++from leapp.libraries.actor import udevadminfo
++from leapp.libraries.common import testutils
++from leapp.libraries.stdlib import api, CalledProcessError
++from leapp.models import UdevAdmInfoData
++
++CUR_DIR = os.path.dirname(os.path.abspath(__file__))
++
++
++def _raise_call_error(*args):
++    raise CalledProcessError(
++        message='A Leapp Command Error occurred.',
++        command=args,
++        result={'signal': None, 'exit_code': 1, 'pid': 0, 'stdout': 'fake', 'stderr': 'fake'}
++    )
++
++
++def test_failed_run(monkeypatch):
++    monkeypatch.setattr(api, 'produce', testutils.produce_mocked())
++    monkeypatch.setattr(udevadminfo, 'run', _raise_call_error)
++
++    with pytest.raises(StopActorExecutionError):
++        udevadminfo.process()
++
++
++def test_udevadminfo(monkeypatch):
++
++    with open(os.path.join(CUR_DIR, 'files', 'udevadm_database'), 'r') as fp:
++        mocked_data = fp.read()
++    monkeypatch.setattr(api, 'produce', testutils.produce_mocked())
++    monkeypatch.setattr(udevadminfo, 'run', lambda *args: {'stdout': mocked_data})
++    udevadminfo.process()
++
++    assert api.produce.called == 1
++    assert isinstance(api.produce.model_instances[0], UdevAdmInfoData)
++    assert api.produce.model_instances[0].db == mocked_data
+-- 
+2.42.0
+

0007-Add-unit-tests-for-scansourcefiles-actor-1190.patch

@@ -0,0 +1,166 @@
+From 3066cad4e7a2a440a93f01fd0c0cbec84bb5485f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Fr=C3=A1trik?=
+ <93993694+tomasfratrik@users.noreply.github.com>
+Date: Thu, 11 Apr 2024 13:48:31 +0200
+Subject: [PATCH 07/34] Add unit tests for scansourcefiles actor (#1190)
+
+Jira: OAMG-10367
+---
+ .../tests/unit_test_scansourcefiles.py        | 147 +++++++++++++++++-
+ 1 file changed, 142 insertions(+), 5 deletions(-)
+
+diff --git a/repos/system_upgrade/common/actors/scansourcefiles/tests/unit_test_scansourcefiles.py b/repos/system_upgrade/common/actors/scansourcefiles/tests/unit_test_scansourcefiles.py
+index 6a6b009a..40ae2408 100644
+--- a/repos/system_upgrade/common/actors/scansourcefiles/tests/unit_test_scansourcefiles.py
++++ b/repos/system_upgrade/common/actors/scansourcefiles/tests/unit_test_scansourcefiles.py
+@@ -1,5 +1,142 @@
+-def test_scansourcefiles():
+-    # TODO(pstodulk): keeping unit tests for later after I check the idea
+-    # of this actor with the team.
+-    # JIRA: OAMG-10367
+-    pass
++import os
++
++import pytest
++
++from leapp.libraries.actor import scansourcefiles
++from leapp.libraries.common import testutils
++from leapp.libraries.stdlib import api, CalledProcessError
++from leapp.models import FileInfo, TrackedFilesInfoSource
++
++
++@pytest.mark.parametrize(
++    ('run_output', 'expected_output_is_modified'),
++    (
++        ({'exit_code': 0}, False),
++        ({'exit_code': 1, 'stdout': 'missing     /boot/efi/EFI (Permission denied)'}, True),
++        ({'exit_code': 1, 'stdout': 'S.5......  c /etc/openldap/ldap.conf'}, True),
++        ({'exit_code': 1, 'stdout': '..?......  c /etc/libaudit.conf'}, False),
++        ({'exit_code': 1, 'stdout': '.....UG..  g /var/run/avahi-daemon'}, False),
++    )
++)
++def test_is_modified(monkeypatch, run_output, expected_output_is_modified):
++    input_file = '/file'
++
++    def mocked_run(cmd, *args, **kwargs):
++        assert cmd == ['rpm', '-Vf', '--nomtime', input_file]
++        return run_output
++
++    monkeypatch.setattr(scansourcefiles, 'run', mocked_run)
++    assert scansourcefiles.is_modified(input_file) == expected_output_is_modified
++
++
++@pytest.mark.parametrize(
++    'run_output',
++    [
++        {'stdout': ['']},
++        {'stdout': ['rpm']},
++        {'stdout': ['rpm1', 'rpm2']},
++    ]
++)
++def test_get_rpm_name(monkeypatch, run_output):
++    input_file = '/file'
++
++    def mocked_run(cmd, *args, **kwargs):
++        assert cmd == ['rpm', '-qf', '--queryformat', r'%{NAME}\n', input_file]
++        return run_output
++
++    monkeypatch.setattr(scansourcefiles, 'run', mocked_run)
++    monkeypatch.setattr(api, 'current_logger', testutils.logger_mocked())
++    assert scansourcefiles._get_rpm_name(input_file) == run_output['stdout'][0]
++
++    if len(run_output['stdout']) > 1:
++        expected_warnmsg = ('The {} file is owned by multiple rpms: {}.'
++                            .format(input_file, ', '.join(run_output['stdout'])))
++        assert api.current_logger.warnmsg == [expected_warnmsg]
++
++
++def test_get_rpm_name_error(monkeypatch):
++    input_file = '/file'
++
++    def mocked_run(cmd, *args, **kwargs):
++        assert cmd == ['rpm', '-qf', '--queryformat', r'%{NAME}\n', input_file]
++        raise CalledProcessError("mocked error", cmd, "result")
++
++    monkeypatch.setattr(scansourcefiles, 'run', mocked_run)
++    assert scansourcefiles._get_rpm_name(input_file) == ''
++
++
++@pytest.mark.parametrize(
++    ('input_file', 'exists', 'rpm_name', 'is_modified'),
++    (
++        ('/not_existing_file', False, '', False),
++        ('/not_existing_file_rpm_owned', False, 'rpm', False),
++        ('/not_existing_file_rpm_owned_modified', False, 'rpm', True),
++        ('/existing_file_not_modified', True, '', False),
++        ('/existing_file_owned_by_rpm_not_modified', True, 'rpm', False),
++        ('/existing_file_owned_by_rpm_modified', True, 'rpm', True),
++    )
++)
++def test_scan_file(monkeypatch, input_file, exists, rpm_name, is_modified):
++    monkeypatch.setattr(scansourcefiles, 'is_modified', lambda _: is_modified)
++    monkeypatch.setattr(scansourcefiles, '_get_rpm_name', lambda _: rpm_name)
++    monkeypatch.setattr(os.path, 'exists', lambda _: exists)
++
++    expected_model_output = FileInfo(path=input_file, exists=exists, rpm_name=rpm_name, is_modified=is_modified)
++    assert scansourcefiles.scan_file(input_file) == expected_model_output
++
++
++@pytest.mark.parametrize(
++    ('input_files'),
++    (
++        ([]),
++        (['/file1']),
++        (['/file1', '/file2']),
++    )
++)
++def test_scan_files(monkeypatch, input_files):
++    base_data = {
++        'exists': False,
++        'rpm_name': '',
++        'is_modified': False
++    }
++
++    def scan_file_mocked(input_file):
++        return FileInfo(path=input_file, **base_data)
++
++    monkeypatch.setattr(scansourcefiles, 'scan_file', scan_file_mocked)
++    expected_output_list = [FileInfo(path=input_file, **base_data) for input_file in input_files]
++    assert scansourcefiles.scan_files(input_files) == expected_output_list
++
++
++@pytest.mark.parametrize(
++    'rhel_major_version', ['8', '9']
++)
++def test_tracked_files(monkeypatch, rhel_major_version):
++    TRACKED_FILES_MOCKED = {
++        'common': [
++            '/file1',
++        ],
++        '8': [
++            '/file2',
++        ],
++        '9': [
++            '/file3',
++        ],
++    }
++
++    def scan_files_mocked(files):
++        return [FileInfo(path=file_path, exists=False, rpm_name='', is_modified=False) for file_path in files]
++
++    monkeypatch.setattr(api, 'produce', testutils.produce_mocked())
++    monkeypatch.setattr(scansourcefiles, 'TRACKED_FILES', TRACKED_FILES_MOCKED)
++    monkeypatch.setattr(scansourcefiles, 'get_source_major_version', lambda: rhel_major_version)
++    monkeypatch.setattr(scansourcefiles, 'scan_files', scan_files_mocked)
++
++    scansourcefiles.process()
++
++    tracked_files_model = api.produce.model_instances[0]
++    assert api.produce.called == 1
++    assert isinstance(tracked_files_model, TrackedFilesInfoSource)
++    # assert only 1 common and 1 version file were scanned
++    assert len(tracked_files_model.files) == 2
++    assert all(isinstance(files_list_item, FileInfo) for files_list_item in tracked_files_model.files)
+-- 
+2.42.0
+

0008-pes_events_scanner-overwrite-repositories-when-apply.patch

@@ -0,0 +1,72 @@
+From 82070789813ae64f8fadc31a5096bf8df4124f75 Mon Sep 17 00:00:00 2001
+From: mhecko <mhecko@redhat.com>
+Date: Tue, 2 Apr 2024 11:24:49 +0200
+Subject: [PATCH 08/34] pes_events_scanner: overwrite repositories when
+ applying an event
+
+The Package class has custom __hash__ and __eq__ methods in order to
+achieve a straightforward presentation via set manipulation. However,
+this causes problems, e.g., when applying split events. For example:
+Applying the event Split(in={(A, repo1)}, out={(A, repo2), (B, repo2)})
+to the package state {(A, repo1), (B, repo1)} results in the following:
+  {(A, repo1), (B, repo1)} --apply--> {(A, repo2), (B, repo1)}
+which is undesired as repo1 is a source system repository. Such
+a package will get reported to the user as potentially removed during
+the upgrade. This patch addresses this unwanted behavior.
+---
+ .../peseventsscanner/libraries/pes_events_scanner.py     | 9 ++++++++-
+ .../peseventsscanner/tests/test_pes_event_scanner.py     | 9 +++++++++
+ 2 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/repos/system_upgrade/common/actors/peseventsscanner/libraries/pes_events_scanner.py b/repos/system_upgrade/common/actors/peseventsscanner/libraries/pes_events_scanner.py
+index f9411dfe..f5cb2613 100644
+--- a/repos/system_upgrade/common/actors/peseventsscanner/libraries/pes_events_scanner.py
++++ b/repos/system_upgrade/common/actors/peseventsscanner/libraries/pes_events_scanner.py
+@@ -139,8 +139,11 @@ def compute_pkg_changes_between_consequent_releases(source_installed_pkgs,
+         if event.action == Action.PRESENT:
+             for pkg in event.in_pkgs:
+                 if pkg in seen_pkgs:
++                    # First remove the package with the old repository and add it back, but now with the new
++                    # repository. As the Package class has a custom __hash__ and __eq__ comparing only name
++                    # and modulestream, the pkg.repository field is ignore and therefore the add() call
++                    # does not update the entry.
+                     if pkg in target_pkgs:
+-                        # Remove the package with the old repository, add the one with the new one
+                         target_pkgs.remove(pkg)
+                     target_pkgs.add(pkg)
+         elif event.action == Action.DEPRECATED:
+@@ -163,7 +166,11 @@ def compute_pkg_changes_between_consequent_releases(source_installed_pkgs,
+                              event.id, event.action, removed_pkgs_str, added_pkgs_str)
+ 
+                 # In pkgs are present, event can be applied
++                # Note: We do a .difference(event.out_packages) followed by an .union(event.out_packages) to overwrite
++                # #     repositories of the packages (Package has overwritten __hash__ and __eq__, ignoring
++                # #     the repository field)
+                 target_pkgs = target_pkgs.difference(event.in_pkgs)
++                target_pkgs = target_pkgs.difference(event.out_pkgs)
+                 target_pkgs = target_pkgs.union(event.out_pkgs)
+ 
+         pkgs_to_demodularize = pkgs_to_demodularize.difference(event.in_pkgs)
+diff --git a/repos/system_upgrade/common/actors/peseventsscanner/tests/test_pes_event_scanner.py b/repos/system_upgrade/common/actors/peseventsscanner/tests/test_pes_event_scanner.py
+index 7cdcf820..80ece770 100644
+--- a/repos/system_upgrade/common/actors/peseventsscanner/tests/test_pes_event_scanner.py
++++ b/repos/system_upgrade/common/actors/peseventsscanner/tests/test_pes_event_scanner.py
+@@ -123,6 +123,15 @@ def pkgs_into_tuples(pkgs):
+             [(8, 0)],
+             {Package('renamed-out', 'rhel8-repo', None)}
+         ),
++        (
++            {Package('A', 'rhel7-repo', None), Package('B', 'rhel7-repo', None)},
++            [
++                Event(1, Action.SPLIT, {Package('A', 'rhel7-repo', None)},
++                      {Package('A', 'rhel8-repo', None), Package('B', 'rhel8-repo', None)}, (7, 6), (8, 0), [])
++            ],
++            [(8, 0)],
++            {Package('A', 'rhel8-repo', None), Package('B', 'rhel8-repo', None)}
++        ),
+     )
+ )
+ def test_event_application_fundamentals(monkeypatch, installed_pkgs, events, releases, expected_target_pkgs):
+-- 
+2.42.0
+

0009-Modify-upgrade-not-terminate-after-lockfile-detected.patch

@@ -0,0 +1,53 @@
+From 1f8b8f3259d7daff63dff0a4d630b36e615e416d Mon Sep 17 00:00:00 2001
+From: David Kubek <dkubek@redhat.com>
+Date: Wed, 10 Apr 2024 12:08:23 +0200
+Subject: [PATCH 09/34] Modify upgrade not terminate after lockfile detected
+
+Previously, when the upgrade failed in the initram the file
+/sysroot/root/tmp_leapp_py3/.leapp_upgrade_failed has been generated and
+upon detecting this file leapp triggered an emergency shell. This caused
+the original failure to be hidden from the customer.
+
+With this commit, we no longer crash immediately upon detecting the file
+but rather continue and "wait" for the underlying issue and error to
+emerge.
+
+RHEL-24148
+---
+ .../files/dracut/85sys-upgrade-redhat/do-upgrade.sh | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/do-upgrade.sh b/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/do-upgrade.sh
+index 4a6f7b62..56a94b5d 100755
+--- a/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/do-upgrade.sh
++++ b/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/do-upgrade.sh
+@@ -282,6 +282,11 @@ do_upgrade() {
+         local dirname
+         dirname="$("$NEWROOT/bin/dirname" "$NEWROOT$LEAPP_FAILED_FLAG_FILE")"
+         [ -d "$dirname" ] || mkdir "$dirname"
++        
++        echo >&2 "Creating file $NEWROOT$LEAPP_FAILED_FLAG_FILE"
++        echo >&2 "Warning: Leapp upgrade failed and there is an issue blocking the upgrade."
++        echo >&2 "Please file a support case with /var/log/leapp/leapp-upgrade.log attached"
++
+         "$NEWROOT/bin/touch" "$NEWROOT$LEAPP_FAILED_FLAG_FILE"
+     fi
+ 
+@@ -358,10 +363,10 @@ mount -o "remount,rw" "$NEWROOT"
+     # check if leapp previously failed in the initramfs, if it did return to the emergency shell
+     [ -f "$NEWROOT$LEAPP_FAILED_FLAG_FILE" ] && {
+         echo >&2 "Found file $NEWROOT$LEAPP_FAILED_FLAG_FILE"
+-        echo >&2 "Error: Leapp previously failed and cannot continue, returning back to emergency shell"
+-        echo >&2 "Please file a support case with $NEWROOT/var/log/leapp/leapp-upgrade.log attached"
+-        echo >&2 "To rerun the upgrade upon exiting the dracut shell remove the $NEWROOT$LEAPP_FAILED_FLAG_FILE file"
+-        exit 1
++        echo >&2 "Warning: Leapp failed on a previous execution and something might be blocking the upgrade."
++        echo >&2 "Continuing with the upgrade anyway. Note that any subsequent error might be potentially misleading due to a previous failure."
++        echo >&2 "A log file will be generated at $NEWROOT/var/log/leapp/leapp-upgrade.log."
++        echo >&2 "In case of persisting failure, if possible, try to boot to the original system and file a support case with /var/log/leapp/leapp-upgrade.log attached."
+     }
+ 
+     [ ! -x "$NEWROOT$LEAPPBIN" ] && {
+-- 
+2.42.0
+

0010-Make-the-reboot-required-text-more-visible-in-the-co.patch

@@ -0,0 +1,37 @@
+From 1fb7e78bfa86163c27c309d6244298d4b3075762 Mon Sep 17 00:00:00 2001
+From: Matej Matuska <mmatuska@redhat.com>
+Date: Fri, 2 Feb 2024 12:32:15 +0100
+Subject: [PATCH 10/34]  Make the reboot required text more visible in the
+ console output
+
+The "A reboot is required to continue. Please reboot your system."
+message is printed before the reports summary and thus is easily
+overlooked by users.
+
+This patch adds a second such message after the report summary to
+improve this.
+
+Jira: RHEL-22736
+---
+ commands/upgrade/__init__.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/commands/upgrade/__init__.py b/commands/upgrade/__init__.py
+index c42b7cba..cc5fe647 100644
+--- a/commands/upgrade/__init__.py
++++ b/commands/upgrade/__init__.py
+@@ -113,6 +113,11 @@ def upgrade(args, breadcrumbs):
+ 
+     if workflow.failure:
+         sys.exit(1)
++    elif not args.resume:
++        sys.stdout.write(
++            'Reboot the system to continue with the upgrade.'
++            ' This might take a while depending on the system configuration.\n'
++        )
+ 
+ 
+ def register(base_command):
+-- 
+2.42.0
+

0011-check_grub_legacy-inhibit-when-GRUB-legacy-is-presen.patch

@@ -0,0 +1,176 @@
+From 8fe2a2d35395a43b8449354d68479d8339ef49ab Mon Sep 17 00:00:00 2001
+From: mhecko <mhecko@redhat.com>
+Date: Sun, 21 Apr 2024 22:40:38 +0200
+Subject: [PATCH 11/34] check_grub_legacy: inhibit when GRUB legacy is present
+
+Adds a new actor checking for whether any of the GRUB devices
+have the old GRUB Legacy installed. If any of such devices
+is detected, the upgrade is inhibited. The GRUB Legacy is detected
+by searching for the string 'GRUB version 0.94' in `file -s`
+of the device.
+---
+ .../el7toel8/actors/checklegacygrub/actor.py  | 20 ++++++
+ .../libraries/check_legacy_grub.py            | 71 +++++++++++++++++++
+ .../tests/test_check_legacy_grub.py           | 45 ++++++++++++
+ 3 files changed, 136 insertions(+)
+ create mode 100644 repos/system_upgrade/el7toel8/actors/checklegacygrub/actor.py
+ create mode 100644 repos/system_upgrade/el7toel8/actors/checklegacygrub/libraries/check_legacy_grub.py
+ create mode 100644 repos/system_upgrade/el7toel8/actors/checklegacygrub/tests/test_check_legacy_grub.py
+
+diff --git a/repos/system_upgrade/el7toel8/actors/checklegacygrub/actor.py b/repos/system_upgrade/el7toel8/actors/checklegacygrub/actor.py
+new file mode 100644
+index 00000000..1fc7dde4
+--- /dev/null
++++ b/repos/system_upgrade/el7toel8/actors/checklegacygrub/actor.py
+@@ -0,0 +1,20 @@
++from leapp.actors import Actor
++from leapp.libraries.actor import check_legacy_grub as check_legacy_grub_lib
++from leapp.reporting import Report
++from leapp.tags import FactsPhaseTag, IPUWorkflowTag
++
++
++class CheckLegacyGrub(Actor):
++    """
++    Check whether GRUB Legacy is installed in the MBR.
++
++    GRUB Legacy is deprecated since RHEL 7 in favour of GRUB2.
++    """
++
++    name = 'check_grub_legacy'
++    consumes = ()
++    produces = (Report,)
++    tags = (FactsPhaseTag, IPUWorkflowTag)
++
++    def process(self):
++        check_legacy_grub_lib.check_grub_disks_for_legacy_grub()
+diff --git a/repos/system_upgrade/el7toel8/actors/checklegacygrub/libraries/check_legacy_grub.py b/repos/system_upgrade/el7toel8/actors/checklegacygrub/libraries/check_legacy_grub.py
+new file mode 100644
+index 00000000..d02c14f9
+--- /dev/null
++++ b/repos/system_upgrade/el7toel8/actors/checklegacygrub/libraries/check_legacy_grub.py
+@@ -0,0 +1,71 @@
++from leapp import reporting
++from leapp.exceptions import StopActorExecution
++from leapp.libraries.common import grub as grub_lib
++from leapp.libraries.stdlib import api, CalledProcessError, run
++from leapp.reporting import create_report
++
++# There is no grub legacy package on RHEL7, therefore, the system must have been upgraded from RHEL6
++MIGRATION_TO_GRUB2_GUIDE_URL = 'https://access.redhat.com/solutions/2643721'
++
++
++def has_legacy_grub(device):
++    try:
++        output = run(['file', '-s', device])
++    except CalledProcessError as err:
++        msg = 'Failed to determine the file type for the special device `{0}`. Full error: `{1}`'
++        api.current_logger().warning(msg.format(device, str(err)))
++
++        # According to `file` manpage, the exit code > 0 iff the file does not exists (meaning)
++        # that grub_lib.get_grub_devices() is unreliable for some reason (better stop the upgrade),
++        # or because the file type could not be determined. However, its manpage directly gives examples
++        # of file -s being used on block devices, so this should be unlikely - especially if one would
++        # consider that get_grub_devices was able to determine that it is a grub device.
++        raise StopActorExecution()
++
++    grub_legacy_version_string = 'GRUB version 0.94'
++    return grub_legacy_version_string in output['stdout']
++
++
++def check_grub_disks_for_legacy_grub():
++    # Both GRUB2 and Grub Legacy are recognized by `get_grub_devices`
++    grub_devices = grub_lib.get_grub_devices()
++
++    legacy_grub_devices = []
++    for device in grub_devices:
++        if has_legacy_grub(device):
++            legacy_grub_devices.append(device)
++
++    if legacy_grub_devices:
++        details = (
++            'Leapp detected GRUB Legacy to be installed on the system. '
++            'The GRUB Legacy bootloader is unsupported on RHEL7 and GRUB2 must be used instead. '
++            'The presence of GRUB Legacy is possible on systems that have been upgraded from RHEL 6 in the past, '
++            'but required manual post-upgrade steps have not been performed. '
++            'Note that the in-place upgrade from RHEL 6 to RHEL 7 systems is in such a case '
++            'considered as unfinished.\n\n'
++
++            'GRUB Legacy has been detected on following devices:\n'
++            '{block_devices_fmt}\n'
++        )
++
++        hint = (
++            'Migrate to the GRUB2 bootloader on the reported devices. '
++            'Also finish other post-upgrade steps related to the previous in-place upgrade, the majority of which '
++            'is a part of the related preupgrade report for upgrades from RHEL 6 to RHEL 7.'
++            'If you are not sure whether all previously required post-upgrade steps '
++            'have been performed, consider a clean installation of the RHEL 8 system instead. '
++            'Note that the in-place upgrade to RHEL 8 can fail in various ways '
++            'if the RHEL 7 system is misconfigured.'
++        )
++
++        block_devices_fmt = '\n'.join(legacy_grub_devices)
++        create_report([
++            reporting.Title("GRUB Legacy is used on the system"),
++            reporting.Summary(details.format(block_devices_fmt=block_devices_fmt)),
++            reporting.Severity(reporting.Severity.HIGH),
++            reporting.Groups([reporting.Groups.BOOT]),
++            reporting.Remediation(hint=hint),
++            reporting.Groups([reporting.Groups.INHIBITOR]),
++            reporting.ExternalLink(url=MIGRATION_TO_GRUB2_GUIDE_URL,
++                                   title='How to install GRUB2 after a RHEL6 to RHEL7 upgrade'),
++        ])
+diff --git a/repos/system_upgrade/el7toel8/actors/checklegacygrub/tests/test_check_legacy_grub.py b/repos/system_upgrade/el7toel8/actors/checklegacygrub/tests/test_check_legacy_grub.py
+new file mode 100644
+index 00000000..d6e5008e
+--- /dev/null
++++ b/repos/system_upgrade/el7toel8/actors/checklegacygrub/tests/test_check_legacy_grub.py
+@@ -0,0 +1,45 @@
++import pytest
++
++from leapp.libraries.actor import check_legacy_grub as check_legacy_grub_lib
++from leapp.libraries.common import grub as grub_lib
++from leapp.libraries.common.testutils import create_report_mocked
++from leapp.utils.report import is_inhibitor
++
++VDA_WITH_LEGACY_GRUB = (
++    '/dev/vda: x86 boot sector; GRand Unified Bootloader, stage1 version 0x3, '
++    'stage2 address 0x2000, stage2 segment 0x200, GRUB version 0.94; partition 1: ID=0x83, '
++    'active, starthead 32, startsector 2048, 1024000 sectors; partition 2: ID=0x83, starthead 221, '
++    'startsector 1026048, 19945472 sectors, code offset 0x48\n'
++)
++
++NVME0N1_VDB_WITH_GRUB = (
++    '/dev/nvme0n1: x86 boot sector; partition 1: ID=0x83, active, starthead 32, startsector 2048, 6291456 sectors; '
++    'partition 2: ID=0x83, starthead 191, startsector 6293504, 993921024 sectors, code offset 0x63'
++)
++
++
++@pytest.mark.parametrize(
++    ('grub_device_to_file_output', 'should_inhibit'),
++    [
++        ({'/dev/vda': VDA_WITH_LEGACY_GRUB}, True),
++        ({'/dev/nvme0n1': NVME0N1_VDB_WITH_GRUB}, False),
++        ({'/dev/vda': VDA_WITH_LEGACY_GRUB, '/dev/nvme0n1': NVME0N1_VDB_WITH_GRUB}, True)
++    ]
++)
++def test_check_legacy_grub(monkeypatch, grub_device_to_file_output, should_inhibit):
++
++    def file_cmd_mock(cmd, *args, **kwargs):
++        assert cmd[:2] == ['file', '-s']
++        return {'stdout': grub_device_to_file_output[cmd[2]]}
++
++    monkeypatch.setattr(check_legacy_grub_lib, 'create_report', create_report_mocked())
++    monkeypatch.setattr(grub_lib, 'get_grub_devices', lambda: list(grub_device_to_file_output.keys()))
++    monkeypatch.setattr(check_legacy_grub_lib, 'run', file_cmd_mock)
++
++    check_legacy_grub_lib.check_grub_disks_for_legacy_grub()
++
++    assert bool(check_legacy_grub_lib.create_report.called) == should_inhibit
++    if should_inhibit:
++        assert len(check_legacy_grub_lib.create_report.reports) == 1
++        report = check_legacy_grub_lib.create_report.reports[0]
++        assert is_inhibitor(report)
+-- 
+2.42.0
+

0012-Default-channel-to-GA-is-not-specified-otherwise-120.patch

@@ -0,0 +1,46 @@
+From a4e3906fff5d11e0fb94f5dbe10ed653dc2d0bee Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Matej=20Matu=C5=A1ka?= <mmatuska@redhat.com>
+Date: Tue, 23 Apr 2024 23:56:57 +0200
+Subject: [PATCH 12/34] Default channel to GA is not specified otherwise
+ (#1205)
+
+Originally we tried to map by default repositories from particular channels on the source system to their equivalents on the target system. IOW:
+
+    * eus -> eus
+    * aus -> aus
+    * e4s -> e4s
+    * "ga" -> "ga"
+    ...
+
+However, it has been revealed this logic should not apply on minor releases for which these non-ga (premium) repositories do not exist. So doing upgrade e.g. to 8.9, 8.10 , 9.3 for which specific eus, etc.. repositories are not defined lead to 404 error.
+
+Discussing this deeply between stakeholders, it has been decided to drop this logic and target always to "ga" repositories unless the leapp is executed with instructions to choose a different channel (using envars, --channel .. option). To prevent this issue.
+
+It's still possible to require mistakenly e.g. "eus" channel for the target release for which the related repositories are not defined. e.g.:
+     > leapp upgrade --channel eus --target 8.10
+
+In such a case, the previous errors (404 Not found) can be hit again. But it will not happen by default. In this case, we expect and request people to understand what they want when they use the option.
+
+@pirat89 : Updated commit msg
+
+jira: RHEL-24720
+---
+ commands/upgrade/util.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/commands/upgrade/util.py b/commands/upgrade/util.py
+index b11265ee..9eff0ad1 100644
+--- a/commands/upgrade/util.py
++++ b/commands/upgrade/util.py
+@@ -207,6 +207,8 @@ def prepare_configuration(args):
+ 
+     if args.channel:
+         os.environ['LEAPP_TARGET_PRODUCT_CHANNEL'] = args.channel
++    elif 'LEAPP_TARGET_PRODUCT_CHANNEL' not in os.environ:
++        os.environ['LEAPP_TARGET_PRODUCT_CHANNEL'] = 'ga'
+ 
+     if args.iso:
+         os.environ['LEAPP_TARGET_ISO'] = args.iso
+-- 
+2.42.0
+

0013-Enhance-grub2-install-failure-message.patch

@@ -0,0 +1,39 @@
+From 6d05575efdd6c3c728e784add3017d072eda4d5e Mon Sep 17 00:00:00 2001
+From: Toshio Kuratomi <tkuratom@redhat.com>
+Date: Tue, 23 Apr 2024 14:03:44 -0700
+Subject: [PATCH 13/34] Enhance grub2 install failure message.
+
+The new message informs the useir will happen (they will boot into the old RHEL's kernel) so they
+understand why they need to run the remediation.
+
+jira: https://issues.redhat.com/browse/RHEL-29683
+---
+ .../common/actors/checkgrubcore/actor.py               | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/repos/system_upgrade/common/actors/checkgrubcore/actor.py b/repos/system_upgrade/common/actors/checkgrubcore/actor.py
+index ae9e53ef..662c4d64 100644
+--- a/repos/system_upgrade/common/actors/checkgrubcore/actor.py
++++ b/repos/system_upgrade/common/actors/checkgrubcore/actor.py
+@@ -46,11 +46,15 @@ class CheckGrubCore(Actor):
+                     reporting.Title('Leapp could not identify where GRUB2 core is located'),
+                     reporting.Summary(
+                         'We assumed GRUB2 core is located on the same device(s) as /boot, '
+-                        'however Leapp could not detect GRUB2 on the device(s). '
+-                        'GRUB2 core needs to be updated maually on legacy (BIOS) systems. '
++                        'however Leapp could not detect GRUB2 on those device(s). '
++                        'This means GRUB2 core will not be updated during the upgrade process and '
++                        'the system will probably ' 'boot into the old kernel after the upgrade. '
++                        'GRUB2 core needs to be updated manually on legacy (BIOS) systems to '
++                        'fix this.'
+                     ),
+                     reporting.Severity(reporting.Severity.HIGH),
+                     reporting.Groups([reporting.Groups.BOOT]),
+                     reporting.Remediation(
+-                        hint='Please run "grub2-install <GRUB_DEVICE> command manually after the upgrade'),
++                        hint='Please run the "grub2-install <GRUB_DEVICE>" command manually '
++                        'after the upgrade'),
+                 ])
+-- 
+2.42.0
+

0014-boot-check-first-partition-offset-on-GRUB-devices.patch

@@ -0,0 +1,388 @@
+From ea6cd7912ce650f033a972921a2b29636ac304db Mon Sep 17 00:00:00 2001
+From: mhecko <mhecko@redhat.com>
+Date: Tue, 2 Apr 2024 19:29:16 +0200
+Subject: [PATCH 14/34] boot: check first partition offset on GRUB devices
+
+Check that the first partition starts at least at 1MiB (2048 cylinders),
+as too small first-partition offsets lead to failures when doing
+grub2-install. The limit (1MiB) has been chosen as it is a common
+value set by the disk formatting tools nowadays.
+
+jira: https://issues.redhat.com/browse/RHEL-3341
+---
+ .../actors/checkfirstpartitionoffset/actor.py | 24 ++++++
+ .../libraries/check_first_partition_offset.py | 52 +++++++++++++
+ .../test_check_first_partition_offset.py      | 51 ++++++++++++
+ .../scangrubdevpartitionlayout/actor.py       | 18 +++++
+ .../libraries/scan_layout.py                  | 64 +++++++++++++++
+ .../tests/test_scan_partition_layout.py       | 78 +++++++++++++++++++
+ .../el7toel8/models/partitionlayout.py        | 28 +++++++
+ 7 files changed, 315 insertions(+)
+ create mode 100644 repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/actor.py
+ create mode 100644 repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/libraries/check_first_partition_offset.py
+ create mode 100644 repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/tests/test_check_first_partition_offset.py
+ create mode 100644 repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/actor.py
+ create mode 100644 repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/libraries/scan_layout.py
+ create mode 100644 repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/tests/test_scan_partition_layout.py
+ create mode 100644 repos/system_upgrade/el7toel8/models/partitionlayout.py
+
+diff --git a/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/actor.py b/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/actor.py
+new file mode 100644
+index 00000000..cde27c2a
+--- /dev/null
++++ b/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/actor.py
+@@ -0,0 +1,24 @@
++from leapp.actors import Actor
++from leapp.libraries.actor import check_first_partition_offset
++from leapp.models import FirmwareFacts, GRUBDevicePartitionLayout
++from leapp.reporting import Report
++from leapp.tags import ChecksPhaseTag, IPUWorkflowTag
++
++
++class CheckFirstPartitionOffset(Actor):
++    """
++    Check whether the first partition starts at the offset >=1MiB.
++
++    The alignment of the first partition plays role in disk access speeds. Older tools placed the start of the first
++    partition at cylinder 63 (due to historical reasons connected to the INT13h BIOS API). However, grub core
++    binary is placed before the start of the first partition, meaning that not enough space causes bootloader
++    installation to fail. Modern partitioning tools place the first partition at >= 1MiB (cylinder 2048+).
++    """
++
++    name = 'check_first_partition_offset'
++    consumes = (FirmwareFacts, GRUBDevicePartitionLayout,)
++    produces = (Report,)
++    tags = (ChecksPhaseTag, IPUWorkflowTag,)
++
++    def process(self):
++        check_first_partition_offset.check_first_partition_offset()
+diff --git a/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/libraries/check_first_partition_offset.py b/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/libraries/check_first_partition_offset.py
+new file mode 100644
+index 00000000..fbd4e178
+--- /dev/null
++++ b/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/libraries/check_first_partition_offset.py
+@@ -0,0 +1,52 @@
++from leapp import reporting
++from leapp.libraries.common.config import architecture
++from leapp.libraries.stdlib import api
++from leapp.models import FirmwareFacts, GRUBDevicePartitionLayout
++
++SAFE_OFFSET_BYTES = 1024*1024  # 1MiB
++
++
++def check_first_partition_offset():
++    if architecture.matches_architecture(architecture.ARCH_S390X):
++        return
++
++    for fact in api.consume(FirmwareFacts):
++        if fact.firmware == 'efi':
++            return  # Skip EFI system
++
++    problematic_devices = []
++    for grub_dev in api.consume(GRUBDevicePartitionLayout):
++        first_partition = min(grub_dev.partitions, key=lambda partition: partition.start_offset)
++        if first_partition.start_offset < SAFE_OFFSET_BYTES:
++            problematic_devices.append(grub_dev.device)
++
++    if problematic_devices:
++        summary = (
++            'On the system booting by using BIOS, the in-place upgrade fails '
++            'when upgrading the GRUB2 bootloader if the boot disk\'s embedding area '
++            'does not contain enough space for the core image installation. '
++            'This results in a broken system, and can occur when the disk has been '
++            'partitioned manually, for example using the RHEL 6 fdisk utility.\n\n'
++
++            'The list of devices with small embedding area:\n'
++            '{0}.'
++        )
++        problematic_devices_fmt = ['- {0}'.format(dev) for dev in problematic_devices]
++
++        hint = (
++            'We recommend to perform a fresh installation of the RHEL 8 system '
++            'instead of performing the in-place upgrade.\n'
++            'Another possibility is to reformat the devices so that there is '
++            'at least {0} kiB space before the first partition. '
++            'Note that this operation is not supported and does not have to be '
++            'always possible.'
++        )
++
++        reporting.create_report([
++            reporting.Title('Found GRUB devices with too little space reserved before the first partition'),
++            reporting.Summary(summary.format('\n'.join(problematic_devices_fmt))),
++            reporting.Remediation(hint=hint.format(SAFE_OFFSET_BYTES // 1024)),
++            reporting.Severity(reporting.Severity.HIGH),
++            reporting.Groups([reporting.Groups.BOOT]),
++            reporting.Groups([reporting.Groups.INHIBITOR]),
++        ])
+diff --git a/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/tests/test_check_first_partition_offset.py b/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/tests/test_check_first_partition_offset.py
+new file mode 100644
+index 00000000..e349ff7d
+--- /dev/null
++++ b/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/tests/test_check_first_partition_offset.py
+@@ -0,0 +1,51 @@
++import pytest
++
++from leapp import reporting
++from leapp.libraries.actor import check_first_partition_offset
++from leapp.libraries.common import grub
++from leapp.libraries.common.testutils import create_report_mocked, CurrentActorMocked
++from leapp.libraries.stdlib import api
++from leapp.models import FirmwareFacts, GRUBDevicePartitionLayout, PartitionInfo
++from leapp.reporting import Report
++from leapp.utils.report import is_inhibitor
++
++
++@pytest.mark.parametrize(
++    ('devices', 'should_report'),
++    [
++        (
++            [
++                GRUBDevicePartitionLayout(device='/dev/vda',
++                                          partitions=[PartitionInfo(part_device='/dev/vda1', start_offset=32256)])
++            ],
++            True
++        ),
++        (
++            [
++                GRUBDevicePartitionLayout(device='/dev/vda',
++                                          partitions=[PartitionInfo(part_device='/dev/vda1', start_offset=1024*1025)])
++            ],
++            False
++        ),
++        (
++            [
++                GRUBDevicePartitionLayout(device='/dev/vda',
++                                          partitions=[PartitionInfo(part_device='/dev/vda1', start_offset=1024*1024)])
++            ],
++            False
++        )
++    ]
++)
++def test_bad_offset_reported(monkeypatch, devices, should_report):
++    def consume_mocked(model_cls):
++        if model_cls == FirmwareFacts:
++            return [FirmwareFacts(firmware='bios')]
++        return devices
++
++    monkeypatch.setattr(api, 'consume', consume_mocked)
++    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked())
++    monkeypatch.setattr(reporting, 'create_report', create_report_mocked())
++
++    check_first_partition_offset.check_first_partition_offset()
++
++    assert bool(reporting.create_report.called) == should_report
+diff --git a/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/actor.py b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/actor.py
+new file mode 100644
+index 00000000..0db93aba
+--- /dev/null
++++ b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/actor.py
+@@ -0,0 +1,18 @@
++from leapp.actors import Actor
++from leapp.libraries.actor import scan_layout as scan_layout_lib
++from leapp.models import GRUBDevicePartitionLayout, GrubInfo
++from leapp.tags import FactsPhaseTag, IPUWorkflowTag
++
++
++class ScanGRUBDevicePartitionLayout(Actor):
++    """
++    Scan all identified GRUB devices for their partition layout.
++    """
++
++    name = 'scan_grub_device_partition_layout'
++    consumes = (GrubInfo,)
++    produces = (GRUBDevicePartitionLayout,)
++    tags = (FactsPhaseTag, IPUWorkflowTag,)
++
++    def process(self):
++        scan_layout_lib.scan_grub_device_partition_layout()
+diff --git a/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/libraries/scan_layout.py b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/libraries/scan_layout.py
+new file mode 100644
+index 00000000..bb2e6d9e
+--- /dev/null
++++ b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/libraries/scan_layout.py
+@@ -0,0 +1,64 @@
++from leapp.libraries.stdlib import api, CalledProcessError, run
++from leapp.models import GRUBDevicePartitionLayout, GrubInfo, PartitionInfo
++
++SAFE_OFFSET_BYTES = 1024*1024  # 1MiB
++
++
++def split_on_space_segments(line):
++    fragments = (fragment.strip() for fragment in line.split(' '))
++    return [fragment for fragment in fragments if fragment]
++
++
++def get_partition_layout(device):
++    try:
++        partition_table = run(['fdisk', '-l', '-u=sectors', device], split=True)['stdout']
++    except CalledProcessError as err:
++        # Unlikely - if the disk has no partition table, `fdisk` terminates with 0 (no err). Fdisk exits with an err
++        # when the device does not exists, or if it is too small to contain a partition table.
++
++        err_msg = 'Failed to run `fdisk` to obtain the partition table of the device {0}. Full error: \'{1}\''
++        api.current_logger().error(err_msg.format(device, str(err)))
++        return None
++
++    table_iter = iter(partition_table)
++
++    for line in table_iter:
++        if not line.startswith('Units'):
++            # We are still reading general device information and not the table itself
++            continue
++
++        unit = line.split('=')[2].strip()  # Contains '512 bytes'
++        unit = int(unit.split(' ')[0].strip())
++        break  # First line of the partition table header
++
++    for line in table_iter:
++        line = line.strip()
++        if not line.startswith('Device'):
++            continue
++
++        part_all_attrs = split_on_space_segments(line)
++        break
++
++    partitions = []
++    for partition_line in table_iter:
++        # Fields:               Device     Boot   Start      End  Sectors Size Id Type
++        # The line looks like: `/dev/vda1  *       2048  2099199  2097152   1G 83 Linux`
++        part_info = split_on_space_segments(partition_line)
++
++        # If the partition is not bootable, the Boot column might be empty
++        part_device = part_info[0]
++        part_start = int(part_info[2]) if len(part_info) == len(part_all_attrs) else int(part_info[1])
++        partitions.append(PartitionInfo(part_device=part_device, start_offset=part_start*unit))
++
++    return GRUBDevicePartitionLayout(device=device, partitions=partitions)
++
++
++def scan_grub_device_partition_layout():
++    grub_devices = next(api.consume(GrubInfo), None)
++    if not grub_devices:
++        return
++
++    for device in grub_devices.orig_devices:
++        dev_info = get_partition_layout(device)
++        if dev_info:
++            api.produce(dev_info)
+diff --git a/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/tests/test_scan_partition_layout.py b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/tests/test_scan_partition_layout.py
+new file mode 100644
+index 00000000..37bb5bcf
+--- /dev/null
++++ b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/tests/test_scan_partition_layout.py
+@@ -0,0 +1,78 @@
++from collections import namedtuple
++
++import pytest
++
++from leapp.libraries.actor import scan_layout as scan_layout_lib
++from leapp.libraries.common import grub
++from leapp.libraries.common.testutils import create_report_mocked, produce_mocked
++from leapp.libraries.stdlib import api
++from leapp.models import GRUBDevicePartitionLayout, GrubInfo
++from leapp.utils.report import is_inhibitor
++
++Device = namedtuple('Device', ['name', 'partitions', 'sector_size'])
++Partition = namedtuple('Partition', ['name', 'start_offset'])
++
++
++@pytest.mark.parametrize(
++    'devices',
++    [
++        (
++            Device(name='/dev/vda', sector_size=512,
++                   partitions=[Partition(name='/dev/vda1', start_offset=63),
++                               Partition(name='/dev/vda2', start_offset=1000)]),
++            Device(name='/dev/vdb', sector_size=1024,
++                   partitions=[Partition(name='/dev/vdb1', start_offset=100),
++                               Partition(name='/dev/vdb2', start_offset=20000)])
++        ),
++        (
++            Device(name='/dev/vda', sector_size=512,
++                   partitions=[Partition(name='/dev/vda1', start_offset=111),
++                               Partition(name='/dev/vda2', start_offset=1000)]),
++        )
++    ]
++)
++def test_get_partition_layout(monkeypatch, devices):
++    device_to_fdisk_output = {}
++    for device in devices:
++        fdisk_output = [
++            'Disk {0}: 42.9 GB, 42949672960 bytes, 83886080 sectors'.format(device.name),
++            'Units = sectors of 1 * {sector_size} = {sector_size} bytes'.format(sector_size=device.sector_size),
++            'Sector size (logical/physical): 512 bytes / 512 bytes',
++            'I/O size (minimum/optimal): 512 bytes / 512 bytes',
++            'Disk label type: dos',
++            'Disk identifier: 0x0000000da',
++            '',
++            '   Device Boot      Start         End      Blocks   Id  System',
++        ]
++        for part in device.partitions:
++            part_line = '{0}   *     {1}     2099199     1048576   83  Linux'.format(part.name, part.start_offset)
++            fdisk_output.append(part_line)
++
++        device_to_fdisk_output[device.name] = fdisk_output
++
++    def mocked_run(cmd, *args, **kwargs):
++        assert cmd[:3] == ['fdisk', '-l', '-u=sectors']
++        device = cmd[3]
++        output = device_to_fdisk_output[device]
++        return {'stdout': output}
++
++    def consume_mocked(*args, **kwargs):
++        yield GrubInfo(orig_devices=[device.name for device in devices])
++
++    monkeypatch.setattr(scan_layout_lib, 'run', mocked_run)
++    monkeypatch.setattr(api, 'produce', produce_mocked())
++    monkeypatch.setattr(api, 'consume', consume_mocked)
++
++    scan_layout_lib.scan_grub_device_partition_layout()
++
++    assert api.produce.called == len(devices)
++
++    dev_name_to_desc = {dev.name: dev for dev in devices}
++
++    for message in api.produce.model_instances:
++        assert isinstance(message, GRUBDevicePartitionLayout)
++        dev = dev_name_to_desc[message.device]
++
++        expected_part_name_to_start = {part.name: part.start_offset*dev.sector_size for part in dev.partitions}
++        actual_part_name_to_start = {part.part_device: part.start_offset for part in message.partitions}
++        assert expected_part_name_to_start == actual_part_name_to_start
+diff --git a/repos/system_upgrade/el7toel8/models/partitionlayout.py b/repos/system_upgrade/el7toel8/models/partitionlayout.py
+new file mode 100644
+index 00000000..c6483283
+--- /dev/null
++++ b/repos/system_upgrade/el7toel8/models/partitionlayout.py
+@@ -0,0 +1,28 @@
++from leapp.models import fields, Model
++from leapp.topics import SystemInfoTopic
++
++
++class PartitionInfo(Model):
++    """
++    Information about a single partition.
++    """
++    topic = SystemInfoTopic
++
++    part_device = fields.String()
++    """ Partition device """
++
++    start_offset = fields.Integer()
++    """ Partition start - offset from the start of the block device in bytes """
++
++
++class GRUBDevicePartitionLayout(Model):
++    """
++    Information about partition layout of a GRUB device.
++    """
++    topic = SystemInfoTopic
++
++    device = fields.String()
++    """ GRUB device """
++
++    partitions = fields.List(fields.Model(PartitionInfo))
++    """ List of partitions present on the device """
+-- 
+2.42.0
+

0015-boot-Skip-checks-of-first-partition-offset-for-for-g.patch

@@ -0,0 +1,138 @@
+From 683176dbeeeff32cc6b04410b4f7e4715a3de8e0 Mon Sep 17 00:00:00 2001
+From: Petr Stodulka <pstodulk@redhat.com>
+Date: Wed, 24 Apr 2024 01:09:51 +0200
+Subject: [PATCH 15/34] boot: Skip checks of first partition offset for for gpt
+ partition table
+
+This is extension of the previous commit. The original problem that
+we are trying to resolve is to be sure the embedding area (MBR gap)
+has expected size. This is irrelevant in case of GPT partition table
+is used on a device. The fdisk output format is in case of GPT
+disk label different, which breaks the parsing, resulting in empty
+list of partitions in related GRUBDevicePartitionLayout msg.
+
+For now, let's skip produce of msgs for "GPT devices". As a seatbelt,
+ignore processing of messages with empty partitions field, expecting
+that such a device does not contain MBR. We want to prevent false
+positive inhibitors (and FP blocking errors). We expect that total
+number of machines with small embedding area is very minor in total
+numbers, so even if we would miss something (which is not expected
+now to our best knowledge) it's still good trade-off as the major
+goal is to reduce number of machines that have problems with the
+in-place upgrade.
+
+The solution can be updated in future if there is a reason for it.
+---
+ .../libraries/check_first_partition_offset.py |  7 +++++
+ .../test_check_first_partition_offset.py      | 16 +++++++++++
+ .../libraries/scan_layout.py                  | 28 +++++++++++++++++++
+ .../tests/test_scan_partition_layout.py       |  5 ++++
+ 4 files changed, 56 insertions(+)
+
+diff --git a/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/libraries/check_first_partition_offset.py b/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/libraries/check_first_partition_offset.py
+index fbd4e178..fca9c3ff 100644
+--- a/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/libraries/check_first_partition_offset.py
++++ b/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/libraries/check_first_partition_offset.py
+@@ -16,6 +16,13 @@ def check_first_partition_offset():
+ 
+     problematic_devices = []
+     for grub_dev in api.consume(GRUBDevicePartitionLayout):
++        if not grub_dev.partitions:
++            # NOTE(pstodulk): In case of empty partition list we have nothing to do.
++            # This can could happen when the fdisk output is different then expected.
++            # E.g. when GPT partition table is used on the disk. We are right now
++            # interested strictly about MBR only, so ignoring these cases.
++            # This is seatbelt, as the msg should not be produced for GPT at all.
++            continue
+         first_partition = min(grub_dev.partitions, key=lambda partition: partition.start_offset)
+         if first_partition.start_offset < SAFE_OFFSET_BYTES:
+             problematic_devices.append(grub_dev.device)
+diff --git a/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/tests/test_check_first_partition_offset.py b/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/tests/test_check_first_partition_offset.py
+index e349ff7d..f925f7d4 100644
+--- a/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/tests/test_check_first_partition_offset.py
++++ b/repos/system_upgrade/el7toel8/actors/checkfirstpartitionoffset/tests/test_check_first_partition_offset.py
+@@ -20,6 +20,16 @@ from leapp.utils.report import is_inhibitor
+             ],
+             True
+         ),
++        (
++            [
++                GRUBDevicePartitionLayout(device='/dev/vda',
++                                          partitions=[
++                                            PartitionInfo(part_device='/dev/vda2', start_offset=1024*1025),
++                                            PartitionInfo(part_device='/dev/vda1', start_offset=32256)
++                                          ])
++            ],
++            True
++        ),
+         (
+             [
+                 GRUBDevicePartitionLayout(device='/dev/vda',
+@@ -33,6 +43,12 @@ from leapp.utils.report import is_inhibitor
+                                           partitions=[PartitionInfo(part_device='/dev/vda1', start_offset=1024*1024)])
+             ],
+             False
++        ),
++        (
++            [
++                GRUBDevicePartitionLayout(device='/dev/vda', partitions=[])
++            ],
++            False
+         )
+     ]
+ )
+diff --git a/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/libraries/scan_layout.py b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/libraries/scan_layout.py
+index bb2e6d9e..f51bcda4 100644
+--- a/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/libraries/scan_layout.py
++++ b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/libraries/scan_layout.py
+@@ -31,6 +31,34 @@ def get_partition_layout(device):
+         unit = int(unit.split(' ')[0].strip())
+         break  # First line of the partition table header
+ 
++    # Discover disk label type: dos | gpt
++    for line in table_iter:
++        line = line.strip()
++        if not line.startswith('Disk label type'):
++            continue
++        disk_type = line.split(':')[1].strip()
++        break
++
++    if disk_type == 'gpt':
++        api.current_logger().info(
++            'Detected GPT partition table. Skipping produce of GRUBDevicePartitionLayout message.'
++        )
++        # NOTE(pstodulk): The GPT table has a different output format than
++        # expected below, example (ignore start/end lines):
++        # --------------------------- start ----------------------------------
++        # #         Start          End    Size  Type            Name
++        # 1         2048         4095      1M  BIOS boot
++        # 2         4096      2101247      1G  Microsoft basic
++        # 3      2101248     41940991     19G  Linux LVM
++        # ---------------------------- end -----------------------------------
++        # But mainly, in case of GPT, we have nothing to actually check as
++        # we are gathering this data now mainly to get information about the
++        # actual size of embedding area (MBR gap). In case of GPT, there is
++        # bios boot / prep boot partition, which has always 1 MiB and fulfill
++        # our expectations. So skip in this case another processing and generation
++        # of the msg. Let's improve it in future if we find a reason for it.
++        return None
++
+     for line in table_iter:
+         line = line.strip()
+         if not line.startswith('Device'):
+diff --git a/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/tests/test_scan_partition_layout.py b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/tests/test_scan_partition_layout.py
+index 37bb5bcf..54025379 100644
+--- a/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/tests/test_scan_partition_layout.py
++++ b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/tests/test_scan_partition_layout.py
+@@ -76,3 +76,8 @@ def test_get_partition_layout(monkeypatch, devices):
+         expected_part_name_to_start = {part.name: part.start_offset*dev.sector_size for part in dev.partitions}
+         actual_part_name_to_start = {part.part_device: part.start_offset for part in message.partitions}
+         assert expected_part_name_to_start == actual_part_name_to_start
++
++
++def test_get_partition_layout_gpt(monkeypatch):
++    # TODO(pstodulk): skipping for now, due to time pressure. Testing for now manually.
++    pass
+-- 
+2.42.0
+

0016-repomapping-Add-RHEL7-ELS-repos.patch

@@ -0,0 +1,152 @@
+From 8d84c02b92f3a7a7d74a272aa31d5b0a0f24faea Mon Sep 17 00:00:00 2001
+From: Matej Matuska <mmatuska@redhat.com>
+Date: Thu, 11 Apr 2024 15:56:51 +0200
+Subject: [PATCH 16/34] repomapping: Add RHEL7 ELS repos
+
+RHEL-21891
+---
+ etc/leapp/files/repomap.json                  | 60 ++++++++++++++++++-
+ .../common/models/repositoriesmap.py          |  2 +-
+ 2 files changed, 59 insertions(+), 3 deletions(-)
+
+diff --git a/etc/leapp/files/repomap.json b/etc/leapp/files/repomap.json
+index 57cab1ad..1ee6c56a 100644
+--- a/etc/leapp/files/repomap.json
++++ b/etc/leapp/files/repomap.json
+@@ -1,6 +1,6 @@
+ {
+-    "datetime": "202401261328Z",
+-    "version_format": "1.2.0",
++    "datetime": "202404091246Z",
++    "version_format": "1.2.1",
+     "mapping": [
+         {
+             "source_major_version": "7",
+@@ -303,6 +303,13 @@
+                     "channel": "beta",
+                     "repo_type": "rpm"
+                 },
++                {
++                    "major_version": "7",
++                    "repoid": "rhel-7-for-system-z-els-rpms",
++                    "arch": "s390x",
++                    "channel": "els",
++                    "repo_type": "rpm"
++                },
+                 {
+                     "major_version": "7",
+                     "repoid": "rhel-7-for-system-z-eus-rpms",
+@@ -346,6 +353,13 @@
+                     "channel": "e4s",
+                     "repo_type": "rpm"
+                 },
++                {
++                    "major_version": "7",
++                    "repoid": "rhel-7-server-els-rpms",
++                    "arch": "x86_64",
++                    "channel": "els",
++                    "repo_type": "rpm"
++                },
+                 {
+                     "major_version": "7",
+                     "repoid": "rhel-7-server-eus-rpms",
+@@ -486,6 +500,13 @@
+                     "channel": "ga",
+                     "repo_type": "rpm"
+                 },
++                {
++                    "major_version": "7",
++                    "repoid": "rhel-7-for-system-z-els-optional-rpms",
++                    "arch": "s390x",
++                    "channel": "els",
++                    "repo_type": "rpm"
++                },
+                 {
+                     "major_version": "7",
+                     "repoid": "rhel-7-for-system-z-eus-optional-rpms",
+@@ -529,6 +550,13 @@
+                     "channel": "e4s",
+                     "repo_type": "rpm"
+                 },
++                {
++                    "major_version": "7",
++                    "repoid": "rhel-7-server-els-optional-rpms",
++                    "arch": "x86_64",
++                    "channel": "els",
++                    "repo_type": "rpm"
++                },
+                 {
+                     "major_version": "7",
+                     "repoid": "rhel-7-server-eus-optional-rpms",
+@@ -892,6 +920,13 @@
+                     "channel": "beta",
+                     "repo_type": "rpm"
+                 },
++                {
++                    "major_version": "7",
++                    "repoid": "rhel-sap-for-rhel-7-for-system-z-els-rpms",
++                    "arch": "s390x",
++                    "channel": "els",
++                    "repo_type": "rpm"
++                },
+                 {
+                     "major_version": "7",
+                     "repoid": "rhel-sap-for-rhel-7-for-system-z-eus-rpms",
+@@ -920,6 +955,13 @@
+                     "channel": "e4s",
+                     "repo_type": "rpm"
+                 },
++                {
++                    "major_version": "7",
++                    "repoid": "rhel-sap-for-rhel-7-server-els-rpms",
++                    "arch": "x86_64",
++                    "channel": "els",
++                    "repo_type": "rpm"
++                },
+                 {
+                     "major_version": "7",
+                     "repoid": "rhel-sap-for-rhel-7-server-eus-rhui-rpms",
+@@ -1022,6 +1064,13 @@
+                     "channel": "e4s",
+                     "repo_type": "rpm"
+                 },
++                {
++                    "major_version": "7",
++                    "repoid": "rhel-sap-hana-for-rhel-7-server-els-rpms",
++                    "arch": "x86_64",
++                    "channel": "els",
++                    "repo_type": "rpm"
++                },
+                 {
+                     "major_version": "7",
+                     "repoid": "rhel-sap-hana-for-rhel-7-server-eus-rhui-rpms",
+@@ -1125,6 +1174,13 @@
+                     "channel": "e4s",
+                     "repo_type": "rpm"
+                 },
++                {
++                    "major_version": "7",
++                    "repoid": "rhel-ha-for-rhel-7-server-els-rpms",
++                    "arch": "x86_64",
++                    "channel": "els",
++                    "repo_type": "rpm"
++                },
+                 {
+                     "major_version": "7",
+                     "repoid": "rhel-ha-for-rhel-7-server-eus-rhui-rpms",
+diff --git a/repos/system_upgrade/common/models/repositoriesmap.py b/repos/system_upgrade/common/models/repositoriesmap.py
+index 7ef0bdb4..7192a60d 100644
+--- a/repos/system_upgrade/common/models/repositoriesmap.py
++++ b/repos/system_upgrade/common/models/repositoriesmap.py
+@@ -61,7 +61,7 @@ class PESIDRepositoryEntry(Model):
+     too.
+     """
+ 
+-    channel = fields.StringEnum(['ga', 'e4s', 'eus', 'aus', 'beta'])
++    channel = fields.StringEnum(['ga', 'e4s', 'eus', 'aus', 'beta', 'els'])
+     """
+     The 'channel' of the repository.
+ 
+-- 
+2.42.0
+

0017-bump-required-repomap-version.patch

@@ -0,0 +1,25 @@
+From f154c6566a2fbeb4fe64405794b6777c156cabcb Mon Sep 17 00:00:00 2001
+From: Matej Matuska <mmatuska@redhat.com>
+Date: Mon, 15 Apr 2024 17:13:03 +0200
+Subject: [PATCH 17/34] bump required repomap version
+
+---
+ .../actors/repositoriesmapping/libraries/repositoriesmapping.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/repos/system_upgrade/common/actors/repositoriesmapping/libraries/repositoriesmapping.py b/repos/system_upgrade/common/actors/repositoriesmapping/libraries/repositoriesmapping.py
+index 8045634e..58089195 100644
+--- a/repos/system_upgrade/common/actors/repositoriesmapping/libraries/repositoriesmapping.py
++++ b/repos/system_upgrade/common/actors/repositoriesmapping/libraries/repositoriesmapping.py
+@@ -17,7 +17,7 @@ REPOMAP_FILE = 'repomap.json'
+ 
+ 
+ class RepoMapData(object):
+-    VERSION_FORMAT = '1.2.0'
++    VERSION_FORMAT = '1.2.1'
+ 
+     def __init__(self):
+         self.repositories = []
+-- 
+2.42.0
+

0018-fixup-bump-required-repomap-version.patch

@@ -0,0 +1,24 @@
+From 6dc1621c4395412724d8cccf7a2694013fb4f5f0 Mon Sep 17 00:00:00 2001
+From: Matej Matuska <mmatuska@redhat.com>
+Date: Mon, 15 Apr 2024 17:25:07 +0200
+Subject: [PATCH 18/34] fixup! bump required repomap version
+
+---
+ .../actors/repositoriesmapping/tests/files/repomap_example.json | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/repos/system_upgrade/common/actors/repositoriesmapping/tests/files/repomap_example.json b/repos/system_upgrade/common/actors/repositoriesmapping/tests/files/repomap_example.json
+index 5e95f5fe..a5fc5fe1 100644
+--- a/repos/system_upgrade/common/actors/repositoriesmapping/tests/files/repomap_example.json
++++ b/repos/system_upgrade/common/actors/repositoriesmapping/tests/files/repomap_example.json
+@@ -1,6 +1,6 @@
+ {
+   "datetime": "202107141655Z",
+-  "version_format": "1.2.0",
++  "version_format": "1.2.1",
+   "mapping": [
+     {
+       "source_major_version": "7",
+-- 
+2.42.0
+

0019-Fix-incorrect-command-formulation.patch

@@ -0,0 +1,33 @@
+From a5bd2546f748ddac4240b3a34b168e422ef78c99 Mon Sep 17 00:00:00 2001
+From: David Kubek <dkubek@redhat.com>
+Date: Wed, 24 Apr 2024 11:05:32 +0200
+Subject: [PATCH 19/34] Fix incorrect command formulation
+
+Mitigation of an error where instead of no argument an "empty argument"
+was passed to `lscpu`
+
+	lscpu ''
+
+vs.
+
+	lscpu
+---
+ repos/system_upgrade/common/actors/scancpu/libraries/scancpu.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/repos/system_upgrade/common/actors/scancpu/libraries/scancpu.py b/repos/system_upgrade/common/actors/scancpu/libraries/scancpu.py
+index 7451066a..db3f92d4 100644
+--- a/repos/system_upgrade/common/actors/scancpu/libraries/scancpu.py
++++ b/repos/system_upgrade/common/actors/scancpu/libraries/scancpu.py
+@@ -12,7 +12,7 @@ PPC64LE_MODEL = re.compile(r'\d+\.\d+ \(pvr (?P<family>[0-9a-fA-F]+) 0*[0-9a-fA-
+ 
+ def _get_lscpu_output(output_json=False):
+     try:
+-        result = run(['lscpu', '-J' if output_json else ''])
++        result = run(['lscpu'] + (['-J'] if output_json else []))
+         return result.get('stdout', '')
+     except (OSError, CalledProcessError):
+         api.current_logger().debug('Executing `lscpu` failed', exc_info=True)
+-- 
+2.42.0
+

0020-mention-Report-in-produces-of-transitionsystemdservi.patch

@@ -0,0 +1,37 @@
+From 5e51626069dd7d5e38f36cafdd45f14cfb213e5d Mon Sep 17 00:00:00 2001
+From: Evgeni Golov <evgeni@golov.de>
+Date: Thu, 25 Apr 2024 14:59:55 +0200
+Subject: [PATCH 20/34] mention `Report` in produces of
+ transitionsystemdservicesstates (#1210)
+
+fixes upgrade warnings:
+
+     leapp.workflow.Applications.transition_systemd_services_states: Actor is trying to produce a message of type "<class 'leapp.reporting.Report'>" without mentioning it explicitely in the actor's "produces" tuple. The message will be ignored
+---
+ .../actors/systemd/transitionsystemdservicesstates/actor.py    | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/repos/system_upgrade/common/actors/systemd/transitionsystemdservicesstates/actor.py b/repos/system_upgrade/common/actors/systemd/transitionsystemdservicesstates/actor.py
+index 139f9f6b..d2863e09 100644
+--- a/repos/system_upgrade/common/actors/systemd/transitionsystemdservicesstates/actor.py
++++ b/repos/system_upgrade/common/actors/systemd/transitionsystemdservicesstates/actor.py
+@@ -7,6 +7,7 @@ from leapp.models import (
+     SystemdServicesPresetInfoTarget,
+     SystemdServicesTasks
+ )
++from leapp.reporting import Report
+ from leapp.tags import ApplicationsPhaseTag, IPUWorkflowTag
+ 
+ 
+@@ -46,7 +47,7 @@ class TransitionSystemdServicesStates(Actor):
+         SystemdServicesPresetInfoSource,
+         SystemdServicesPresetInfoTarget
+     )
+-    produces = (SystemdServicesTasks,)
++    produces = (Report, SystemdServicesTasks)
+     tags = (ApplicationsPhaseTag, IPUWorkflowTag)
+ 
+     def process(self):
+-- 
+2.42.0
+

0021-Update-packit-config-after-tier-redefinition.patch

@@ -0,0 +1,47 @@
+From 346b741209553b9aeb96f2f728480e740a25e0af Mon Sep 17 00:00:00 2001
+From: Inessa Vasilevskaya <ivasilev@redhat.com>
+Date: Thu, 25 Apr 2024 13:25:56 +0200
+Subject: [PATCH 21/34] Update packit config after tier redefinition
+
+Now for basic sanity test verification in upstream tests
+tagged by 'tier0' will be used instead of 'sanity'.
+
+RHELMISC-3211
+---
+ .packit.yaml | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/.packit.yaml b/.packit.yaml
+index bce97bad..ed6412dc 100644
+--- a/.packit.yaml
++++ b/.packit.yaml
+@@ -114,7 +114,7 @@ jobs:
+   tf_extra_params:
+     test:
+       tmt:
+-        plan_filter: 'tag:sanity & enabled:true'
++        plan_filter: 'tag:tier0 & enabled:true'
+     environments:
+       - tmt:
+           context:
+@@ -318,7 +318,7 @@ jobs:
+   tf_extra_params:
+     test:
+       tmt:
+-        plan_filter: 'tag:sanity & tag:8to9 & enabled:true'
++        plan_filter: 'tag:tier0 & tag:8to9 & enabled:true'
+     environments:
+       - tmt:
+           context:
+@@ -407,7 +407,7 @@ jobs:
+   tf_extra_params:
+     test:
+       tmt:
+-        plan_filter: 'tag:sanity & tag:8to9 & enabled:true'
++        plan_filter: 'tag:tier0 & tag:8to9 & enabled:true'
+     environments:
+       - tmt:
+           context:
+-- 
+2.42.0
+

0022-Update-reboot-msg-Note-the-console-access.patch

@@ -0,0 +1,34 @@
+From 0d904126f785ae785e29165bf83a493d8f837fbe Mon Sep 17 00:00:00 2001
+From: Petr Stodulka <pstodulk@redhat.com>
+Date: Fri, 26 Apr 2024 14:45:06 +0200
+Subject: [PATCH 22/34] Update reboot msg: Note the console access
+
+Some users hasn't read the upgrade documentation and are not aware
+that after the reboot the actual upgrade is processing. As they wait
+just for the ssh connection, they think that something is wrong and
+sometimes reboot the machine, interrupting the entire process, making
+the machine broken in some cases.
+
+Adding info that they need a console access in case they want to watch
+the upgrade progress.
+
+Jira: https://issues.redhat.com/browse/RHEL-27231
+---
+ commands/upgrade/__init__.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/commands/upgrade/__init__.py b/commands/upgrade/__init__.py
+index cc5fe647..1e15b59c 100644
+--- a/commands/upgrade/__init__.py
++++ b/commands/upgrade/__init__.py
+@@ -117,6 +117,7 @@ def upgrade(args, breadcrumbs):
+         sys.stdout.write(
+             'Reboot the system to continue with the upgrade.'
+             ' This might take a while depending on the system configuration.\n'
++            'Make sure you have console access to view the actual upgrade process.\n'
+         )
+ 
+ 
+-- 
+2.42.0
+

0023-Fix-kernel-cmdline-args-we-add-not-being-propogated-.patch

@@ -0,0 +1,435 @@
+From 2b27cfbbed1059d8af1add3a209d919901897e47 Mon Sep 17 00:00:00 2001
+From: Toshio Kuratomi <tkuratom@redhat.com>
+Date: Tue, 30 Apr 2024 07:28:35 -0700
+Subject: [PATCH 23/34] Fix kernel cmdline args we add not being propogated to
+ newly installed kernels. (#1193)
+
+On some upgrades, any kernel commandline args that we were adding were added to the default kernel
+but once the user installed a new kernel, those args were not propogated to the new kernel.  This
+was happening on S390x and on RHEL7=>8 upgrades.
+
+To fix this, we add the kernel commandline args to both the default kernel and to the defaults for
+all kernels.
+
+On S390x and upgrades to RHEL9 or greater, this is done by placing the kernel cmdline arguments into
+the /etc/kernel/cmdline file.
+
+On upgrades to RHEL <= 8 for all architectures other than S390x, this is done by having
+grub2-editenv modify the /boot/grub2/grubenv file.
+
+Jira: RHEL-26840, OAMG-10424
+---
+ .../actors/kernelcmdlineconfig/actor.py       |   3 +-
+ .../libraries/kernelcmdlineconfig.py          | 166 +++++++++++++++++-
+ .../tests/test_kernelcmdlineconfig.py         | 116 ++++++++++--
+ 3 files changed, 261 insertions(+), 24 deletions(-)
+
+diff --git a/repos/system_upgrade/common/actors/kernelcmdlineconfig/actor.py b/repos/system_upgrade/common/actors/kernelcmdlineconfig/actor.py
+index 13c47113..b44fd835 100644
+--- a/repos/system_upgrade/common/actors/kernelcmdlineconfig/actor.py
++++ b/repos/system_upgrade/common/actors/kernelcmdlineconfig/actor.py
+@@ -29,4 +29,5 @@ class KernelCmdlineConfig(Actor):
+ 
+         if ff.firmware == 'bios' and os.path.ismount('/boot/efi'):
+             configs = ['/boot/grub2/grub.cfg', '/boot/efi/EFI/redhat/grub.cfg']
+-        kernelcmdlineconfig.modify_kernel_args_in_boot_cfg(configs)
++
++        kernelcmdlineconfig.entrypoint(configs)
+diff --git a/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py b/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
+index f98e8168..ad59eb22 100644
+--- a/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
++++ b/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
+@@ -1,9 +1,27 @@
++import re
++
++from leapp import reporting
+ from leapp.exceptions import StopActorExecutionError
+ from leapp.libraries import stdlib
+-from leapp.libraries.common.config import architecture
++from leapp.libraries.common.config import architecture, version
+ from leapp.libraries.stdlib import api
+ from leapp.models import InstalledTargetKernelInfo, KernelCmdlineArg, TargetKernelCmdlineArgTasks
+ 
++KERNEL_CMDLINE_FILE = "/etc/kernel/cmdline"
++
++
++class ReadOfKernelArgsError(Exception):
++    """
++    Failed to retrieve the kernel command line arguments
++    """
++
++
++def use_cmdline_file():
++    if (architecture.matches_architecture(architecture.ARCH_S390X) or
++            version.matches_target_version('>= 9.0')):
++        return True
++    return False
++
+ 
+ def run_grubby_cmd(cmd):
+     try:
+@@ -15,6 +33,9 @@ def run_grubby_cmd(cmd):
+             stdlib.run(['/usr/sbin/zipl'])
+ 
+     except (OSError, stdlib.CalledProcessError) as e:
++        # In most cases we don't raise StopActorExecutionError in post-upgrade
++        # actors.
++        #
+         raise StopActorExecutionError(
+             "Failed to append extra arguments to kernel command line.",
+             details={"details": str(e)})
+@@ -31,22 +52,36 @@ def format_kernelarg_msgs_for_grubby_cmd(kernelarg_msgs):
+     return ' '.join(kernel_args)
+ 
+ 
+-def modify_kernel_args_in_boot_cfg(configs_to_modify_explicitly=None):
+-    kernel_info = next(api.consume(InstalledTargetKernelInfo), None)
+-    if not kernel_info:
+-        return
++def set_default_kernel_args(kernel_args):
++    if use_cmdline_file():
++        # Put kernel_args into /etc/kernel/cmdline
++        with open(KERNEL_CMDLINE_FILE, 'w') as f:
++            f.write(kernel_args)
++    else:
++        # Use grub2-editenv to put the kernel args into /boot/grub2/grubenv
++        stdlib.run(['grub2-editenv', '-', 'set', 'kernelopts={}'.format(kernel_args)])
+ 
+-    # Collect desired kernelopt modifications
++
++def retrieve_arguments_to_modify():
++    """
++    Retrieve the arguments other actors would like to add or remove from the kernel cmdline.
++    """
+     kernelargs_msgs_to_add = list(api.consume(KernelCmdlineArg))
+     kernelargs_msgs_to_remove = []
++
+     for target_kernel_arg_task in api.consume(TargetKernelCmdlineArgTasks):
+         kernelargs_msgs_to_add.extend(target_kernel_arg_task.to_add)
+         kernelargs_msgs_to_remove.extend(target_kernel_arg_task.to_remove)
+ 
+-    if not kernelargs_msgs_to_add and not kernelargs_msgs_to_remove:
+-        return  # There is no work to do
++    return kernelargs_msgs_to_add, kernelargs_msgs_to_remove
++
+ 
+-    grubby_modify_kernelargs_cmd = ['grubby', '--update-kernel={0}'.format(kernel_info.kernel_img_path)]
++def modify_args_for_default_kernel(kernel_info,
++                                   kernelargs_msgs_to_add,
++                                   kernelargs_msgs_to_remove,
++                                   configs_to_modify_explicitly=None):
++    grubby_modify_kernelargs_cmd = ['grubby',
++                                    '--update-kernel={0}'.format(kernel_info.kernel_img_path)]
+ 
+     if kernelargs_msgs_to_add:
+         grubby_modify_kernelargs_cmd += [
+@@ -64,3 +99,116 @@ def modify_kernel_args_in_boot_cfg(configs_to_modify_explicitly=None):
+             run_grubby_cmd(cmd)
+     else:
+         run_grubby_cmd(grubby_modify_kernelargs_cmd)
++
++
++def _extract_grubby_value(record):
++    data = record.split('=', 1)[1]
++    matches = re.match(r'^([\'"]?)(.*)\1$', data)
++    return matches.group(2)
++
++
++def retrieve_args_for_default_kernel(kernel_info):
++    # Copy the args for the default kernel to all kernels.
++    kernel_args = None
++    kernel_root = None
++    cmd = ['grubby', '--info', kernel_info.kernel_img_path]
++    output = stdlib.run(cmd, split=False)
++    for record in output['stdout'].splitlines():
++        # This could be done with one regex but it's cleaner to parse it as
++        # structured data.
++        if record.startswith('args='):
++            temp_kernel_args = _extract_grubby_value(record)
++
++            if kernel_args:
++                api.current_logger().warning('Grubby output is malformed:'
++                                             ' `args=` is listed more than once.')
++                if kernel_args != temp_kernel_args:
++                    raise ReadOfKernelArgsError('Grubby listed `args=` multiple'
++                                                ' times with different values.')
++            kernel_args = _extract_grubby_value(record)
++        elif record.startswith('root='):
++            api.current_logger().warning('Grubby output is malformed:'
++                                         ' `root=` is listed more than once.')
++            if kernel_root:
++                raise ReadOfKernelArgsError('Grubby listed `root=` multiple'
++                                            ' times with different values')
++            kernel_root = _extract_grubby_value(record)
++
++    if not kernel_args or not kernel_root:
++        raise ReadOfKernelArgsError(
++            'Failed to retrieve kernel command line to save for future installed'
++            ' kernels: root={}, args={}'.format(kernel_root, kernel_args)
++        )
++
++    return kernel_root, kernel_args
++
++
++def modify_kernel_args_in_boot_cfg(configs_to_modify_explicitly=None):
++    kernel_info = next(api.consume(InstalledTargetKernelInfo), None)
++    if not kernel_info:
++        return
++
++    # Collect desired kernelopt modifications
++    kernelargs_msgs_to_add, kernelargs_msgs_to_remove = retrieve_arguments_to_modify()
++    if not kernelargs_msgs_to_add and not kernelargs_msgs_to_remove:
++        # Nothing to do
++        return
++
++    # Modify the kernel cmdline for the default kernel
++    modify_args_for_default_kernel(kernel_info,
++                                   kernelargs_msgs_to_add,
++                                   kernelargs_msgs_to_remove,
++                                   configs_to_modify_explicitly)
++
++    # Copy kernel params from the default kernel to all the kernels
++    kernel_root, kernel_args = retrieve_args_for_default_kernel(kernel_info)
++    complete_kernel_args = 'root={} {}'.format(kernel_root, kernel_args)
++    set_default_kernel_args(complete_kernel_args)
++
++
++def entrypoint(configs=None):
++    try:
++        modify_kernel_args_in_boot_cfg(configs)
++    except ReadOfKernelArgsError as e:
++        api.current_logger().error(str(e))
++
++        if use_cmdline_file():
++            report_hint = reporting.Hints(
++                'After the system has been rebooted into the new version of RHEL, you'
++                ' should take the kernel cmdline arguments from /proc/cmdline (Everything'
++                ' except the BOOT_IMAGE entry and initrd entries) and copy them into'
++                ' /etc/kernel/cmdline before installing any new kernels.'
++            )
++        else:
++            report_hint = reporting.Hints(
++                'After the system has been rebooted into the new version of RHEL, you'
++                ' should take the kernel cmdline arguments from /proc/cmdline (Everything'
++                ' except the BOOT_IMAGE entry and initrd entries) and then use the'
++                ' grub2-editenv command to make them the default kernel args.  For example,'
++                ' if /proc/cmdline contains:\n\n'
++                '    BOOT_IMAGE=(hd0,msdos1)/vmlinuz-4.18.0-425.3.1.el8.x86_64'
++                ' root=/dev/mapper/rhel_ibm--root ro console=tty0'
++                ' console=ttyS0,115200 rd_NO_PLYMOUTH\n\n'
++                ' then run the following grub2-editenv command:\n\n'
++                '    # grub2-editenv - set "kernelopts=root=/dev/mapper/rhel_ibm--root'
++                ' ro console=tty0 console=ttyS0,115200 rd_NO_PLYMOUTH"'
++            )
++
++        reporting.create_report([
++            reporting.Title('Could not set the kernel arguments for future kernels'),
++            reporting.Summary(
++                'During the upgrade we needed to modify the kernel command line arguments.'
++                ' We were able to change the arguments for the default kernel but we were'
++                ' not able to set the arguments as the default for kernels installed in'
++                ' the future.'
++            ),
++            report_hint,
++            reporting.Severity(reporting.Severity.HIGH),
++            reporting.Groups([
++                reporting.Groups.BOOT,
++                reporting.Groups.KERNEL,
++                reporting.Groups.POST,
++            ]),
++            reporting.RelatedResource('file', '/etc/kernel/cmdline'),
++            reporting.RelatedResource('file', '/proc/cmdline'),
++        ])
+diff --git a/repos/system_upgrade/common/actors/kernelcmdlineconfig/tests/test_kernelcmdlineconfig.py b/repos/system_upgrade/common/actors/kernelcmdlineconfig/tests/test_kernelcmdlineconfig.py
+index 3f9b2e5e..ffe4b046 100644
+--- a/repos/system_upgrade/common/actors/kernelcmdlineconfig/tests/test_kernelcmdlineconfig.py
++++ b/repos/system_upgrade/common/actors/kernelcmdlineconfig/tests/test_kernelcmdlineconfig.py
+@@ -1,7 +1,10 @@
++from __future__ import division
++
+ from collections import namedtuple
+ 
+ import pytest
+ 
++from leapp.exceptions import StopActorExecutionError
+ from leapp.libraries import stdlib
+ from leapp.libraries.actor import kernelcmdlineconfig
+ from leapp.libraries.common.config import architecture
+@@ -11,14 +14,44 @@ from leapp.models import InstalledTargetKernelInfo, KernelCmdlineArg, TargetKern
+ 
+ TARGET_KERNEL_NEVRA = 'kernel-core-1.2.3-4.x86_64.el8.x64_64'
+ 
++# pylint: disable=E501
++SAMPLE_KERNEL_ARGS = ('ro rootflags=subvol=root'
++                      ' resume=/dev/mapper/luks-2c0df999-81ec-4a35-a1f9-b93afee8c6ad'
++                      ' rd.luks.uuid=luks-90a6412f-c588-46ca-9118-5aca35943d25'
++                      ' rd.luks.uuid=luks-2c0df999-81ec-4a35-a1f9-b93afee8c6ad rhgb quiet'
++                      )
++SAMPLE_KERNEL_ROOT = 'UUID=1aa15850-2685-418d-95a6-f7266a2de83a'
++TEMPLATE_GRUBBY_INFO_OUTPUT = """index=0
++kernel="/boot/vmlinuz-6.5.13-100.fc37.x86_64"
++args="{0}"
++root="{1}"
++initrd="/boot/initramfs-6.5.13-100.fc37.x86_64.img"
++title="Fedora Linux (6.5.13-100.fc37.x86_64) 37 (Thirty Seven)"
++id="a3018267cdd8451db7c77bb3e5b1403d-6.5.13-100.fc37.x86_64"
++"""  # noqa: E501
++SAMPLE_GRUBBY_INFO_OUTPUT = TEMPLATE_GRUBBY_INFO_OUTPUT.format(SAMPLE_KERNEL_ARGS, SAMPLE_KERNEL_ROOT)
++# pylint: enable=E501
++
+ 
+ class MockedRun(object):
+-    def __init__(self):
++    def __init__(self, outputs=None):
++        """
++        Mock stdlib.run().
++
++        If outputs is given, it is a dictionary mapping a cmd to output as stdout.
++        """
+         self.commands = []
++        self.outputs = outputs or {}
+ 
+     def __call__(self, cmd, *args, **kwargs):
+         self.commands.append(cmd)
+-        return {}
++        return {
++            "stdout": self.outputs.get(" ".join(cmd), ""),
++            "stderr": "",
++            "signal": None,
++            "exit_code": 0,
++            "pid": 1234,
++        }
+ 
+ 
+ @pytest.mark.parametrize(
+@@ -50,7 +83,7 @@ class MockedRun(object):
+         ),
+     ]
+ )
+-def test_kernelcmdline_config_valid_msgs(monkeypatch, msgs, expected_grubby_kernelopt_args):
++def test_kernelcmdline_config_valid_msgs(monkeypatch, tmpdir, msgs, expected_grubby_kernelopt_args):
+     kernel_img_path = '/boot/vmlinuz-X'
+     kernel_info = InstalledTargetKernelInfo(pkg_nevra=TARGET_KERNEL_NEVRA,
+                                             uname_r='',
+@@ -61,18 +94,28 @@ def test_kernelcmdline_config_valid_msgs(monkeypatch, msgs, expected_grubby_kern
+     grubby_base_cmd = ['grubby', '--update-kernel={}'.format(kernel_img_path)]
+     expected_grubby_cmd = grubby_base_cmd + expected_grubby_kernelopt_args
+ 
+-    mocked_run = MockedRun()
++    mocked_run = MockedRun(
++        outputs={" ".join(("grubby", "--info", kernel_img_path)): SAMPLE_GRUBBY_INFO_OUTPUT}
++    )
+     monkeypatch.setattr(stdlib, 'run', mocked_run)
+-    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(architecture.ARCH_X86_64, msgs=msgs))
++    monkeypatch.setattr(api, 'current_actor',
++                        CurrentActorMocked(architecture.ARCH_X86_64,
++                                           dst_ver="8.1",
++                                           msgs=msgs)
++                        )
+     kernelcmdlineconfig.modify_kernel_args_in_boot_cfg()
+-    assert mocked_run.commands and len(mocked_run.commands) == 1
+-    assert expected_grubby_cmd == mocked_run.commands.pop()
++    assert mocked_run.commands and len(mocked_run.commands) == 3
++    assert expected_grubby_cmd == mocked_run.commands.pop(0)
+ 
+-    mocked_run = MockedRun()
++    mocked_run = MockedRun(
++        outputs={" ".join(("grubby", "--info", kernel_img_path)): SAMPLE_GRUBBY_INFO_OUTPUT}
++    )
+     monkeypatch.setattr(stdlib, 'run', mocked_run)
+     monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(architecture.ARCH_S390X, msgs=msgs))
++    monkeypatch.setattr(kernelcmdlineconfig, 'KERNEL_CMDLINE_FILE', str(tmpdir / 'cmdline'))
++
+     kernelcmdlineconfig.modify_kernel_args_in_boot_cfg()
+-    assert mocked_run.commands and len(mocked_run.commands) == 2
++    assert mocked_run.commands and len(mocked_run.commands) == 3
+     assert expected_grubby_cmd == mocked_run.commands.pop(0)
+     assert ['/usr/sbin/zipl'] == mocked_run.commands.pop(0)
+ 
+@@ -86,9 +129,17 @@ def test_kernelcmdline_explicit_configs(monkeypatch):
+                                             initramfs_path='/boot/initramfs-X')
+     msgs = [kernel_info, TargetKernelCmdlineArgTasks(to_remove=[KernelCmdlineArg(key='key1', value='value1')])]
+ 
+-    mocked_run = MockedRun()
++    grubby_cmd_info = ["grubby", "--info", kernel_img_path]
++    mocked_run = MockedRun(
++        outputs={" ".join(grubby_cmd_info): SAMPLE_GRUBBY_INFO_OUTPUT}
++    )
+     monkeypatch.setattr(stdlib, 'run', mocked_run)
+-    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(architecture.ARCH_X86_64, msgs=msgs))
++    monkeypatch.setattr(api, 'current_actor',
++                        CurrentActorMocked(architecture.ARCH_X86_64,
++                                           dst_ver="8.1",
++                                           msgs=msgs
++                                           )
++                        )
+ 
+     configs = ['/boot/grub2/grub.cfg', '/boot/efi/EFI/redhat/grub.cfg']
+     kernelcmdlineconfig.modify_kernel_args_in_boot_cfg(configs_to_modify_explicitly=configs)
+@@ -97,19 +148,27 @@ def test_kernelcmdline_explicit_configs(monkeypatch):
+                                  '--remove-args', 'key1=value1']
+     expected_cmds = [
+         grubby_cmd_without_config + ['-c', '/boot/grub2/grub.cfg'],
+-        grubby_cmd_without_config + ['-c', '/boot/efi/EFI/redhat/grub.cfg']
++        grubby_cmd_without_config + ['-c', '/boot/efi/EFI/redhat/grub.cfg'],
++        grubby_cmd_info,
++        ["grub2-editenv", "-", "set", "kernelopts=root={} {}".format(
++            SAMPLE_KERNEL_ROOT, SAMPLE_KERNEL_ARGS)],
+     ]
+ 
+     assert mocked_run.commands == expected_cmds
+ 
+ 
+ def test_kernelcmdline_config_no_args(monkeypatch):
++    kernel_img_path = '/boot/vmlinuz-X'
+     kernel_info = InstalledTargetKernelInfo(pkg_nevra=TARGET_KERNEL_NEVRA,
+                                             uname_r='',
+-                                            kernel_img_path='/boot/vmlinuz-X',
++                                            kernel_img_path=kernel_img_path,
+                                             initramfs_path='/boot/initramfs-X')
+ 
+-    mocked_run = MockedRun()
++    mocked_run = MockedRun(
++        outputs={" ".join(("grubby", "--info", kernel_img_path)):
++                 TEMPLATE_GRUBBY_INFO_OUTPUT.format("", "")
++                 }
++    )
+     monkeypatch.setattr(stdlib, 'run', mocked_run)
+     monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(architecture.ARCH_S390X, msgs=[kernel_info]))
+     kernelcmdlineconfig.modify_kernel_args_in_boot_cfg()
+@@ -122,3 +181,32 @@ def test_kernelcmdline_config_no_version(monkeypatch):
+     monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(architecture.ARCH_S390X))
+     kernelcmdlineconfig.modify_kernel_args_in_boot_cfg()
+     assert not mocked_run.commands
++
++
++def test_kernelcmdline_config_malformed_args(monkeypatch):
++    kernel_img_path = '/boot/vmlinuz-X'
++    kernel_info = InstalledTargetKernelInfo(pkg_nevra=TARGET_KERNEL_NEVRA,
++                                            uname_r='',
++                                            kernel_img_path=kernel_img_path,
++                                            initramfs_path='/boot/initramfs-X')
++
++    # For this test, we need to check we get the proper error if grubby --info
++    # doesn't output any args information at all.
++    grubby_info_output = "\n".join(line for line in SAMPLE_GRUBBY_INFO_OUTPUT.splitlines()
++                                   if not line.startswith("args="))
++    mocked_run = MockedRun(
++        outputs={" ".join(("grubby", "--info", kernel_img_path)): grubby_info_output,
++                 }
++    )
++    msgs = [kernel_info,
++            TargetKernelCmdlineArgTasks(to_remove=[
++                KernelCmdlineArg(key='key1', value='value1')])
++            ]
++    monkeypatch.setattr(stdlib, 'run', mocked_run)
++    monkeypatch.setattr(api, 'current_actor',
++                        CurrentActorMocked(architecture.ARCH_S390X, msgs=msgs))
++
++    with pytest.raises(kernelcmdlineconfig.ReadOfKernelArgsError,
++                       match="Failed to retrieve kernel command line to save for future"
++                       " installed kernels."):
++        kernelcmdlineconfig.modify_kernel_args_in_boot_cfg()
+-- 
+2.42.0
+

0024-kernelcmdlineconfig-add-newline-in-etc-kernel-cmdlin.patch

@@ -0,0 +1,30 @@
+From 0869ab168780f4fa10f37f34aaf51342a88c0e5c Mon Sep 17 00:00:00 2001
+From: Petr Stodulka <pstodulk@redhat.com>
+Date: Tue, 30 Apr 2024 16:42:26 +0200
+Subject: [PATCH 24/34] kernelcmdlineconfig: add newline in /etc/kernel/cmdline
+
+Previous solution created the file without adding the newline
+in the end of the file. The original solution worked, but to stay
+on the safe side, adding the expected new line.
+
+Jira: RHEL-26840, OAMG-10424
+---
+ .../actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py b/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
+index ad59eb22..238a8aa6 100644
+--- a/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
++++ b/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
+@@ -57,6 +57,8 @@ def set_default_kernel_args(kernel_args):
+         # Put kernel_args into /etc/kernel/cmdline
+         with open(KERNEL_CMDLINE_FILE, 'w') as f:
+             f.write(kernel_args)
++            # new line is expected in the EOF (POSIX).
++            f.write('\n')
+     else:
+         # Use grub2-editenv to put the kernel args into /boot/grub2/grubenv
+         stdlib.run(['grub2-editenv', '-', 'set', 'kernelopts={}'.format(kernel_args)])
+-- 
+2.42.0
+

0027-Move-common-Satellite-Upgrade-code-to-common.patch

@@ -0,0 +1,110 @@
+From 88126ef33db2094b89fc17ad9e9a3962a9bb7d65 Mon Sep 17 00:00:00 2001
+From: Evgeni Golov <evgeni@golov.de>
+Date: Mon, 19 Feb 2024 12:09:05 +0100
+Subject: [PATCH 27/34] Move common Satellite Upgrade code to "common"
+
+This allows the re-use of the code in the el8toel9 upgrade.
+---
+ .../satellite_upgrade_services/actor.py       | 35 +++++++++++++++++++
+ .../actors/satellite_upgrader/actor.py        |  0
+ .../tests/unit_test_satellite_upgrader.py     |  0
+ .../{el7toel8 => common}/models/satellite.py  |  0
+ .../satellite_upgrade_data_migration/actor.py | 15 +-------
+ 5 files changed, 36 insertions(+), 14 deletions(-)
+ create mode 100644 repos/system_upgrade/common/actors/satellite_upgrade_services/actor.py
+ rename repos/system_upgrade/{el7toel8 => common}/actors/satellite_upgrader/actor.py (100%)
+ rename repos/system_upgrade/{el7toel8 => common}/actors/satellite_upgrader/tests/unit_test_satellite_upgrader.py (100%)
+ rename repos/system_upgrade/{el7toel8 => common}/models/satellite.py (100%)
+
+diff --git a/repos/system_upgrade/common/actors/satellite_upgrade_services/actor.py b/repos/system_upgrade/common/actors/satellite_upgrade_services/actor.py
+new file mode 100644
+index 00000000..3cda49a9
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/satellite_upgrade_services/actor.py
+@@ -0,0 +1,35 @@
++import glob
++import os
++
++from leapp.actors import Actor
++from leapp.models import SatelliteFacts
++from leapp.tags import ApplicationsPhaseTag, IPUWorkflowTag
++
++SYSTEMD_WANTS_BASE = '/etc/systemd/system/multi-user.target.wants/'
++SERVICES_TO_DISABLE = ['dynflow-sidekiq@*', 'foreman', 'foreman-proxy',
++                       'httpd', 'postgresql', 'pulpcore-api', 'pulpcore-content',
++                       'pulpcore-worker@*', 'tomcat', 'redis']
++
++
++class SatelliteUpgradeServices(Actor):
++    """
++    Reconfigure Satellite services
++    """
++
++    name = 'satellite_upgrade_services'
++    consumes = (SatelliteFacts,)
++    produces = ()
++    tags = (IPUWorkflowTag, ApplicationsPhaseTag)
++
++    def process(self):
++        facts = next(self.consume(SatelliteFacts), None)
++        if not facts or not facts.has_foreman:
++            return
++
++        # disable services, will be re-enabled by the installer
++        for service_name in SERVICES_TO_DISABLE:
++            for service in glob.glob(os.path.join(SYSTEMD_WANTS_BASE, '{}.service'.format(service_name))):
++                try:
++                    os.unlink(service)
++                except OSError as e:
++                    self.log.warning('Failed disabling service {}: {}'.format(service, e))
+diff --git a/repos/system_upgrade/el7toel8/actors/satellite_upgrader/actor.py b/repos/system_upgrade/common/actors/satellite_upgrader/actor.py
+similarity index 100%
+rename from repos/system_upgrade/el7toel8/actors/satellite_upgrader/actor.py
+rename to repos/system_upgrade/common/actors/satellite_upgrader/actor.py
+diff --git a/repos/system_upgrade/el7toel8/actors/satellite_upgrader/tests/unit_test_satellite_upgrader.py b/repos/system_upgrade/common/actors/satellite_upgrader/tests/unit_test_satellite_upgrader.py
+similarity index 100%
+rename from repos/system_upgrade/el7toel8/actors/satellite_upgrader/tests/unit_test_satellite_upgrader.py
+rename to repos/system_upgrade/common/actors/satellite_upgrader/tests/unit_test_satellite_upgrader.py
+diff --git a/repos/system_upgrade/el7toel8/models/satellite.py b/repos/system_upgrade/common/models/satellite.py
+similarity index 100%
+rename from repos/system_upgrade/el7toel8/models/satellite.py
+rename to repos/system_upgrade/common/models/satellite.py
+diff --git a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_data_migration/actor.py b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_data_migration/actor.py
+index 0cf66970..1dd52691 100644
+--- a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_data_migration/actor.py
++++ b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_data_migration/actor.py
+@@ -11,15 +11,10 @@ POSTGRESQL_SCL_DATA_PATH = '/var/opt/rh/rh-postgresql12/lib/pgsql/data/'
+ POSTGRESQL_USER = 'postgres'
+ POSTGRESQL_GROUP = 'postgres'
+ 
+-SYSTEMD_WANTS_BASE = '/etc/systemd/system/multi-user.target.wants/'
+-SERVICES_TO_DISABLE = ['dynflow-sidekiq@*', 'foreman', 'foreman-proxy',
+-                       'httpd', 'postgresql', 'pulpcore-api', 'pulpcore-content',
+-                       'pulpcore-worker@*', 'tomcat']
+-
+ 
+ class SatelliteUpgradeDataMigration(Actor):
+     """
+-    Reconfigure Satellite services and migrate PostgreSQL data
++    Migrate Satellite PostgreSQL data
+     """
+ 
+     name = 'satellite_upgrade_data_migration'
+@@ -32,14 +27,6 @@ class SatelliteUpgradeDataMigration(Actor):
+         if not facts or not facts.has_foreman:
+             return
+ 
+-        # disable services, will be re-enabled by the installer
+-        for service_name in SERVICES_TO_DISABLE:
+-            for service in glob.glob(os.path.join(SYSTEMD_WANTS_BASE, '{}.service'.format(service_name))):
+-                try:
+-                    os.unlink(service)
+-                except Exception as e:  # pylint: disable=broad-except
+-                    self.log.warning('Failed disabling service {}: {}'.format(service, e))
+-
+         if facts.postgresql.local_postgresql and os.path.exists(POSTGRESQL_SCL_DATA_PATH):
+             # we can assume POSTGRESQL_DATA_PATH exists and is empty
+             # move PostgreSQL data to the new home
+-- 
+2.42.0
+

0028-Add-el8toel9-upgrade-facts-for-Satellite.patch

@@ -0,0 +1,252 @@
+From 0f70dbf229c04b5374d767eeab25ad3fa32e0d8f Mon Sep 17 00:00:00 2001
+From: Evgeni Golov <evgeni@golov.de>
+Date: Mon, 19 Feb 2024 12:23:28 +0100
+Subject: [PATCH 28/34] Add el8toel9 upgrade facts for Satellite
+
+This adds the el8toel9 specific fact scanner/generator for Satellite
+upgrades. The result of this actor is what drives the actual upgrade
+actions.
+---
+ .../actors/satellite_upgrade_facts/actor.py   |  71 ++++++++
+ .../unit_test_satellite_upgrade_facts.py      | 151 ++++++++++++++++++
+ 2 files changed, 222 insertions(+)
+ create mode 100644 repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/actor.py
+ create mode 100644 repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
+
+diff --git a/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/actor.py b/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/actor.py
+new file mode 100644
+index 00000000..2dc78cce
+--- /dev/null
++++ b/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/actor.py
+@@ -0,0 +1,71 @@
++from leapp.actors import Actor
++from leapp.libraries.common.config import architecture
++from leapp.libraries.common.rpms import has_package
++from leapp.models import (
++    InstalledRPM,
++    RepositoriesSetupTasks,
++    RpmTransactionTasks,
++    SatelliteFacts,
++    SatellitePostgresqlFacts,
++    UsedRepositories
++)
++from leapp.tags import FactsPhaseTag, IPUWorkflowTag
++
++RELATED_PACKAGES = ('foreman', 'foreman-selinux', 'foreman-proxy', 'katello', 'katello-selinux',
++                    'candlepin', 'candlepin-selinux', 'pulpcore-selinux', 'satellite', 'satellite-capsule')
++RELATED_PACKAGE_PREFIXES = ('rubygem-hammer', 'rubygem-foreman', 'rubygem-katello',
++                            'rubygem-smart_proxy', 'python3.11-pulp', 'foreman-installer',
++                            'satellite-installer')
++
++
++class SatelliteUpgradeFacts(Actor):
++    """
++    Report which Satellite packages require updates and how to handle PostgreSQL data
++    """
++
++    name = 'satellite_upgrade_facts'
++    consumes = (InstalledRPM, UsedRepositories)
++    produces = (RepositoriesSetupTasks, RpmTransactionTasks, SatelliteFacts)
++    tags = (IPUWorkflowTag, FactsPhaseTag)
++
++    def process(self):
++        if not architecture.matches_architecture(architecture.ARCH_X86_64):
++            return
++
++        has_foreman = has_package(InstalledRPM, 'foreman') or has_package(InstalledRPM, 'foreman-proxy')
++        if not has_foreman:
++            return
++
++        local_postgresql = has_package(InstalledRPM, 'postgresql-server')
++
++        to_install = ['rubygem-foreman_maintain']
++
++        for rpm_pkgs in self.consume(InstalledRPM):
++            for pkg in rpm_pkgs.items:
++                if pkg.name in RELATED_PACKAGES or pkg.name.startswith(RELATED_PACKAGE_PREFIXES):
++                    to_install.append(pkg.name)
++
++        if local_postgresql:
++            to_install.extend(['postgresql', 'postgresql-server'])
++            if has_package(InstalledRPM, 'postgresql-contrib'):
++                to_install.append('postgresql-contrib')
++            if has_package(InstalledRPM, 'postgresql-evr'):
++                to_install.append('postgresql-evr')
++
++        self.produce(SatelliteFacts(
++            has_foreman=has_foreman,
++            has_katello_installer=False,
++            postgresql=SatellitePostgresqlFacts(
++                local_postgresql=local_postgresql,
++            ),
++        ))
++
++        repositories_to_enable = []
++        for used_repos in self.consume(UsedRepositories):
++            for used_repo in used_repos.repositories:
++                if used_repo.repository.startswith(('satellite-6', 'satellite-capsule-6', 'satellite-maintenance-6')):
++                    repositories_to_enable.append(used_repo.repository.replace('for-rhel-8', 'for-rhel-9'))
++        if repositories_to_enable:
++            self.produce(RepositoriesSetupTasks(to_enable=repositories_to_enable))
++
++        self.produce(RpmTransactionTasks(to_install=to_install))
+diff --git a/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py b/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
+new file mode 100644
+index 00000000..b0e44c46
+--- /dev/null
++++ b/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
+@@ -0,0 +1,151 @@
++from leapp.libraries.common.config import mock_configs
++from leapp.models import (
++    InstalledRPM,
++    RepositoriesSetupTasks,
++    RPM,
++    RpmTransactionTasks,
++    SatelliteFacts,
++    UsedRepositories,
++    UsedRepository
++)
++
++RH_PACKAGER = 'Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>'
++
++
++def fake_package(pkg_name):
++    return RPM(name=pkg_name, version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch',
++               pgpsig='RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 199e2f91fd431d51')
++
++
++FOREMAN_RPM = fake_package('foreman')
++FOREMAN_PROXY_RPM = fake_package('foreman-proxy')
++KATELLO_INSTALLER_RPM = fake_package('foreman-installer-katello')
++KATELLO_RPM = fake_package('katello')
++RUBYGEM_KATELLO_RPM = fake_package('rubygem-katello')
++RUBYGEM_FOREMAN_PUPPET_RPM = fake_package('rubygem-foreman_puppet')
++POSTGRESQL_RPM = fake_package('postgresql-server')
++SATELLITE_RPM = fake_package('satellite')
++SATELLITE_CAPSULE_RPM = fake_package('satellite-capsule')
++
++SATELLITE_REPOSITORY = UsedRepository(repository='satellite-6.99-for-rhel-8-x86_64-rpms')
++CAPSULE_REPOSITORY = UsedRepository(repository='satellite-capsule-6.99-for-rhel-8-x86_64-rpms')
++MAINTENANCE_REPOSITORY = UsedRepository(repository='satellite-maintenance-6.99-for-rhel-8-x86_64-rpms')
++
++
++def test_no_satellite_present(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++    message = current_actor_context.consume(SatelliteFacts)
++    assert not message
++
++
++def test_satellite_present(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++    message = current_actor_context.consume(SatelliteFacts)[0]
++    assert message.has_foreman
++
++
++def test_wrong_arch(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM]))
++    current_actor_context.run(config_model=mock_configs.CONFIG_S390X)
++    message = current_actor_context.consume(SatelliteFacts)
++    assert not message
++
++
++def test_satellite_capsule_present(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_PROXY_RPM]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++    message = current_actor_context.consume(SatelliteFacts)[0]
++    assert message.has_foreman
++
++
++def test_no_katello_installer_present(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++    message = current_actor_context.consume(SatelliteFacts)[0]
++    assert not message.has_katello_installer
++
++
++def test_katello_installer_present(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM, KATELLO_INSTALLER_RPM]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++    message = current_actor_context.consume(SatelliteFacts)[0]
++    # while the katello installer rpm is present, we do not want this to be true
++    # as the version in EL8 doesn't have the system checks we skip with this flag
++    assert not message.has_katello_installer
++
++
++def test_installs_related_package(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM, KATELLO_RPM, RUBYGEM_KATELLO_RPM,
++                                                   RUBYGEM_FOREMAN_PUPPET_RPM]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++    message = current_actor_context.consume(RpmTransactionTasks)[0]
++    assert 'katello' in message.to_install
++    assert 'rubygem-katello' in message.to_install
++    assert 'rubygem-foreman_puppet' in message.to_install
++
++
++def test_installs_satellite_package(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM, SATELLITE_RPM]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++    message = current_actor_context.consume(RpmTransactionTasks)[0]
++    assert 'satellite' in message.to_install
++    assert 'satellite-capsule' not in message.to_install
++
++
++def test_installs_satellite_capsule_package(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_PROXY_RPM, SATELLITE_CAPSULE_RPM]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++    message = current_actor_context.consume(RpmTransactionTasks)[0]
++    assert 'satellite-capsule' in message.to_install
++    assert 'satellite' not in message.to_install
++
++
++def test_detects_local_postgresql(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM, POSTGRESQL_RPM]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++
++    satellitemsg = current_actor_context.consume(SatelliteFacts)[0]
++    assert satellitemsg.postgresql.local_postgresql
++
++
++def test_detects_remote_postgresql(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++
++    satellitemsg = current_actor_context.consume(SatelliteFacts)[0]
++    assert not satellitemsg.postgresql.local_postgresql
++
++
++def test_enables_right_repositories_on_satellite(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM, SATELLITE_RPM]))
++    current_actor_context.feed(UsedRepositories(repositories=[SATELLITE_REPOSITORY, MAINTENANCE_REPOSITORY]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++
++    rpmmessage = current_actor_context.consume(RepositoriesSetupTasks)[0]
++
++    assert 'satellite-maintenance-6.99-for-rhel-9-x86_64-rpms' in rpmmessage.to_enable
++    assert 'satellite-6.99-for-rhel-9-x86_64-rpms' in rpmmessage.to_enable
++    assert 'satellite-capsule-6.99-for-rhel-9-x86_64-rpms' not in rpmmessage.to_enable
++
++
++def test_enables_right_repositories_on_capsule(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_PROXY_RPM, SATELLITE_CAPSULE_RPM]))
++    current_actor_context.feed(UsedRepositories(repositories=[CAPSULE_REPOSITORY, MAINTENANCE_REPOSITORY]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++
++    rpmmessage = current_actor_context.consume(RepositoriesSetupTasks)[0]
++
++    assert 'satellite-maintenance-6.99-for-rhel-9-x86_64-rpms' in rpmmessage.to_enable
++    assert 'satellite-6.99-for-rhel-9-x86_64-rpms' not in rpmmessage.to_enable
++    assert 'satellite-capsule-6.99-for-rhel-9-x86_64-rpms' in rpmmessage.to_enable
++
++
++def test_enables_right_repositories_on_upstream(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++
++    message = current_actor_context.consume(RepositoriesSetupTasks)
++
++    assert not message
+-- 
+2.42.0
+

0029-Refresh-collation-version-if-pulp-ansible-is-present.patch

@@ -0,0 +1,112 @@
+From 720bb13c5eb411469e8bf825b93aeefdc771f039 Mon Sep 17 00:00:00 2001
+From: Evgeni Golov <evgeni@golov.de>
+Date: Wed, 24 Apr 2024 13:58:39 +0200
+Subject: [PATCH 29/34] Refresh collation version if pulp-ansible is present
+
+When migrating to a new OS, we REINDEX all databases.
+pulp_ansible ships with an own collation (using ICU), which needs a
+version refresh after the REINDEX has been done.
+---
+ .../common/actors/satellite_upgrader/actor.py  |  4 ++++
+ .../tests/unit_test_satellite_upgrader.py      | 18 ++++++++++++++++++
+ .../system_upgrade/common/models/satellite.py  |  2 ++
+ .../actors/satellite_upgrade_facts/actor.py    |  1 +
+ .../tests/unit_test_satellite_upgrade_facts.py |  9 +++++++++
+ 5 files changed, 34 insertions(+)
+
+diff --git a/repos/system_upgrade/common/actors/satellite_upgrader/actor.py b/repos/system_upgrade/common/actors/satellite_upgrader/actor.py
+index f498f2fa..2e0290ae 100644
+--- a/repos/system_upgrade/common/actors/satellite_upgrader/actor.py
++++ b/repos/system_upgrade/common/actors/satellite_upgrader/actor.py
+@@ -25,6 +25,10 @@ class SatelliteUpgrader(Actor):
+                 run(['sed', '-i', '/data_directory/d', '/var/lib/pgsql/data/postgresql.conf'])
+                 run(['systemctl', 'start', 'postgresql'])
+                 run(['runuser', '-u', 'postgres', '--', 'reindexdb', '-a'])
++                if facts.postgresql.has_pulp_ansible_semver:
++                    run(['runuser', '-c',
++                         'echo "ALTER COLLATION pulp_ansible_semver REFRESH VERSION;" | psql pulpcore',
++                         'postgres'])
+             except CalledProcessError as e:
+                 api.current_logger().error('Failed to reindex the database: {}'.format(str(e)))
+ 
+diff --git a/repos/system_upgrade/common/actors/satellite_upgrader/tests/unit_test_satellite_upgrader.py b/repos/system_upgrade/common/actors/satellite_upgrader/tests/unit_test_satellite_upgrader.py
+index 2f3509f3..55896c75 100644
+--- a/repos/system_upgrade/common/actors/satellite_upgrader/tests/unit_test_satellite_upgrader.py
++++ b/repos/system_upgrade/common/actors/satellite_upgrader/tests/unit_test_satellite_upgrader.py
+@@ -48,3 +48,21 @@ def test_run_reindexdb(monkeypatch, current_actor_context):
+     assert mocked_run.commands[1] == ['systemctl', 'start', 'postgresql']
+     assert mocked_run.commands[2] == ['runuser', '-u', 'postgres', '--', 'reindexdb', '-a']
+     assert mocked_run.commands[3] == ['foreman-installer', '--disable-system-checks']
++
++
++def test_run_reindexdb_with_pulp_ansible(monkeypatch, current_actor_context):
++    mocked_run = MockedRun()
++    monkeypatch.setattr('leapp.libraries.stdlib.run', mocked_run)
++    current_actor_context.feed(SatelliteFacts(has_foreman=True,
++                                              postgresql=SatellitePostgresqlFacts(local_postgresql=True,
++                                                                                  has_pulp_ansible_semver=True)))
++    current_actor_context.run()
++    assert mocked_run.commands
++    assert len(mocked_run.commands) == 5
++    assert mocked_run.commands[0] == ['sed', '-i', '/data_directory/d', '/var/lib/pgsql/data/postgresql.conf']
++    assert mocked_run.commands[1] == ['systemctl', 'start', 'postgresql']
++    assert mocked_run.commands[2] == ['runuser', '-u', 'postgres', '--', 'reindexdb', '-a']
++    assert mocked_run.commands[3] == ['runuser', '-c',
++                                      'echo "ALTER COLLATION pulp_ansible_semver REFRESH VERSION;" | psql pulpcore',
++                                      'postgres']
++    assert mocked_run.commands[4] == ['foreman-installer', '--disable-system-checks']
+diff --git a/repos/system_upgrade/common/models/satellite.py b/repos/system_upgrade/common/models/satellite.py
+index b4282790..532f6a3a 100644
+--- a/repos/system_upgrade/common/models/satellite.py
++++ b/repos/system_upgrade/common/models/satellite.py
+@@ -15,6 +15,8 @@ class SatellitePostgresqlFacts(Model):
+     """ How many bytes are required on the target partition """
+     space_available = fields.Nullable(fields.Integer())
+     """ How many bytes are available on the target partition """
++    has_pulp_ansible_semver = fields.Boolean(default=False)
++    """ Whether the DB has the pulp_ansible_semver collation """
+ 
+ 
+ class SatelliteFacts(Model):
+diff --git a/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/actor.py b/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/actor.py
+index 2dc78cce..46612876 100644
+--- a/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/actor.py
++++ b/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/actor.py
+@@ -57,6 +57,7 @@ class SatelliteUpgradeFacts(Actor):
+             has_katello_installer=False,
+             postgresql=SatellitePostgresqlFacts(
+                 local_postgresql=local_postgresql,
++                has_pulp_ansible_semver=has_package(InstalledRPM, 'python3.11-pulp-ansible'),
+             ),
+         ))
+ 
+diff --git a/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py b/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
+index b0e44c46..e7ca512e 100644
+--- a/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
++++ b/repos/system_upgrade/el8toel9/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
+@@ -26,6 +26,7 @@ RUBYGEM_FOREMAN_PUPPET_RPM = fake_package('rubygem-foreman_puppet')
+ POSTGRESQL_RPM = fake_package('postgresql-server')
+ SATELLITE_RPM = fake_package('satellite')
+ SATELLITE_CAPSULE_RPM = fake_package('satellite-capsule')
++PULP_ANSIBLE_RPM = fake_package('python3.11-pulp-ansible')
+ 
+ SATELLITE_REPOSITORY = UsedRepository(repository='satellite-6.99-for-rhel-8-x86_64-rpms')
+ CAPSULE_REPOSITORY = UsedRepository(repository='satellite-capsule-6.99-for-rhel-8-x86_64-rpms')
+@@ -118,6 +119,14 @@ def test_detects_remote_postgresql(current_actor_context):
+     assert not satellitemsg.postgresql.local_postgresql
+ 
+ 
++def test_detects_pulp_ansible(current_actor_context):
++    current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM, POSTGRESQL_RPM, PULP_ANSIBLE_RPM]))
++    current_actor_context.run(config_model=mock_configs.CONFIG)
++
++    satellitemsg = current_actor_context.consume(SatelliteFacts)[0]
++    assert satellitemsg.postgresql.has_pulp_ansible_semver
++
++
+ def test_enables_right_repositories_on_satellite(current_actor_context):
+     current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM, SATELLITE_RPM]))
+     current_actor_context.feed(UsedRepositories(repositories=[SATELLITE_REPOSITORY, MAINTENANCE_REPOSITORY]))
+-- 
+2.42.0
+

0030-Refactor-satellite_upgrade_services-to-use-SystemdSe.patch

@@ -0,0 +1,90 @@
+From bad2fb2e446246dc80807b078c80e0c98fd72fe5 Mon Sep 17 00:00:00 2001
+From: Evgeni Golov <evgeni@golov.de>
+Date: Fri, 26 Apr 2024 09:08:58 +0200
+Subject: [PATCH 30/34] Refactor satellite_upgrade_services to use
+ SystemdServicesTasks
+
+We used to just delete the symlinks in /etc/systemd, but with the new
+systemd actors this doesn't work anymore as they will restore the
+pre-delete state because they by default aim at having source and
+target systems match in terms of services. By using SystemdServicesTasks
+we can explicitly turn those services off and inform all interested
+parties about this.
+---
+ .../satellite_upgrade_services/actor.py       | 15 ++++++------
+ .../unit_test_satellite_upgrade_services.py   | 24 +++++++++++++++++++
+ 2 files changed, 31 insertions(+), 8 deletions(-)
+ create mode 100644 repos/system_upgrade/common/actors/satellite_upgrade_services/tests/unit_test_satellite_upgrade_services.py
+
+diff --git a/repos/system_upgrade/common/actors/satellite_upgrade_services/actor.py b/repos/system_upgrade/common/actors/satellite_upgrade_services/actor.py
+index 3cda49a9..d14edfb7 100644
+--- a/repos/system_upgrade/common/actors/satellite_upgrade_services/actor.py
++++ b/repos/system_upgrade/common/actors/satellite_upgrade_services/actor.py
+@@ -2,8 +2,8 @@ import glob
+ import os
+ 
+ from leapp.actors import Actor
+-from leapp.models import SatelliteFacts
+-from leapp.tags import ApplicationsPhaseTag, IPUWorkflowTag
++from leapp.models import SatelliteFacts, SystemdServicesTasks
++from leapp.tags import FactsPhaseTag, IPUWorkflowTag
+ 
+ SYSTEMD_WANTS_BASE = '/etc/systemd/system/multi-user.target.wants/'
+ SERVICES_TO_DISABLE = ['dynflow-sidekiq@*', 'foreman', 'foreman-proxy',
+@@ -18,8 +18,8 @@ class SatelliteUpgradeServices(Actor):
+ 
+     name = 'satellite_upgrade_services'
+     consumes = (SatelliteFacts,)
+-    produces = ()
+-    tags = (IPUWorkflowTag, ApplicationsPhaseTag)
++    produces = (SystemdServicesTasks,)
++    tags = (IPUWorkflowTag, FactsPhaseTag)
+ 
+     def process(self):
+         facts = next(self.consume(SatelliteFacts), None)
+@@ -27,9 +27,8 @@ class SatelliteUpgradeServices(Actor):
+             return
+ 
+         # disable services, will be re-enabled by the installer
++        services_to_disable = []
+         for service_name in SERVICES_TO_DISABLE:
+             for service in glob.glob(os.path.join(SYSTEMD_WANTS_BASE, '{}.service'.format(service_name))):
+-                try:
+-                    os.unlink(service)
+-                except OSError as e:
+-                    self.log.warning('Failed disabling service {}: {}'.format(service, e))
++                services_to_disable.append(os.path.basename(service))
++        self.produce(SystemdServicesTasks(to_disable=services_to_disable))
+diff --git a/repos/system_upgrade/common/actors/satellite_upgrade_services/tests/unit_test_satellite_upgrade_services.py b/repos/system_upgrade/common/actors/satellite_upgrade_services/tests/unit_test_satellite_upgrade_services.py
+new file mode 100644
+index 00000000..f41621ab
+--- /dev/null
++++ b/repos/system_upgrade/common/actors/satellite_upgrade_services/tests/unit_test_satellite_upgrade_services.py
+@@ -0,0 +1,24 @@
++import glob
++
++from leapp.models import SatelliteFacts, SatellitePostgresqlFacts, SystemdServicesTasks
++
++
++def test_disable_httpd(monkeypatch, current_actor_context):
++    def mock_glob():
++        orig_glob = glob.glob
++
++        def mocked_glob(pathname):
++            if pathname == '/etc/systemd/system/multi-user.target.wants/httpd.service':
++                return [pathname]
++            return orig_glob(pathname)
++
++        return mocked_glob
++
++    monkeypatch.setattr('glob.glob', mock_glob())
++
++    current_actor_context.feed(SatelliteFacts(has_foreman=True,
++                                              postgresql=SatellitePostgresqlFacts(local_postgresql=False)))
++    current_actor_context.run()
++
++    message = current_actor_context.consume(SystemdServicesTasks)[0]
++    assert 'httpd.service' in message.to_disable
+-- 
+2.42.0
+

0031-mount-usr-Implement-try-sleep-loop-add-time-for-stor.patch

@@ -0,0 +1,144 @@
+From 64e2c58ac3bd97cbb09daf4c861204705c69ec97 Mon Sep 17 00:00:00 2001
+From: Petr Stodulka <pstodulk@redhat.com>
+Date: Fri, 3 May 2024 14:44:51 +0200
+Subject: [PATCH 31/34] mount /usr: Implement try-sleep loop - add time for
+ storage initialisation
+
+This problem is typical for SAN + FC when the storage needs sometimes
+more time for the initialisation. Implemented try-sleep loop.
+Retry the activation of the storage + /usr mounting in 15s.
+The loop can be repeated 10 times, so total time is 150s right now
+for the activation.
+
+Note that this is not proper solution for the storage initialisation,
+however we have discovered some obstacles in the bootup process to
+be able to do it correctly as we would like to. Regarding limited
+time, we are going to deliver this solution, that should improve
+the experience and should be safe to not cause regressions for already
+working functionality. We expect to provide better solution for
+newer upgrades paths in future (IPU 8->9 and newer).
+
+jira: https://issues.redhat.com/browse/RHEL-3344
+---
+ .../dracut/85sys-upgrade-redhat/mount_usr.sh  | 95 +++++++++++++++----
+ 1 file changed, 79 insertions(+), 16 deletions(-)
+
+diff --git a/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/mount_usr.sh b/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/mount_usr.sh
+index 3c52652f..db065d87 100755
+--- a/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/mount_usr.sh
++++ b/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/mount_usr.sh
+@@ -22,6 +22,18 @@ filtersubvol() {
+ 
+ mount_usr()
+ {
++    #
++    # mount_usr [true | false]
++    # Expected a "true" value for the last attempt to mount /usr. On the last
++    # attempt, in case of failure drop to shell.
++    #
++    # Return 0 when everything is all right
++    # In case of failure and /usr has been detected:
++    #   return 2 when $1 is "true" (drop to shell invoked)
++    #            (note: possibly it's nonsense, but to be sure..)
++    #   return 1 otherwise
++    #
++    _last_attempt="$1"
+     # check, if we have to mount the /usr filesystem
+     while read -r _dev _mp _fs _opts _freq _passno; do
+         [ "${_dev%%#*}" != "$_dev" ] && continue
+@@ -60,25 +72,76 @@ mount_usr()
+         fi
+     done < "${NEWROOT}/etc/fstab" >> /etc/fstab
+ 
+-    if [ "$_usr_found" != "" ]; then
+-        info "Mounting /usr with -o $_opts"
+-        mount "${NEWROOT}/usr" 2>&1 | vinfo
+-        mount -o remount,rw "${NEWROOT}/usr"
++    if [ "$_usr_found" = "" ]; then
++        # nothing to do
++        return 0
++    fi
+ 
+-        if ! ismounted "${NEWROOT}/usr"; then
+-            warn "Mounting /usr to ${NEWROOT}/usr failed"
+-            warn "*** Dropping you to a shell; the system will continue"
+-            warn "*** when you leave the shell."
+-            action_on_fail
+-        fi
++    info "Mounting /usr with -o $_opts"
++    mount "${NEWROOT}/usr" 2>&1 | vinfo
++    mount -o remount,rw "${NEWROOT}/usr"
++
++    if ismounted "${NEWROOT}/usr"; then
++        # success!!
++        return 0
++    fi
++
++    if [ "$_last_attempt" = "true" ]; then
++        warn "Mounting /usr to ${NEWROOT}/usr failed"
++        warn "*** Dropping you to a shell; the system will continue"
++        warn "*** when you leave the shell."
++        action_on_fail
++        return 2
+     fi
++
++    return 1
+ }
+ 
+-if [ -f "${NEWROOT}/etc/fstab" ]; then
+-    # In case we have the LVM command available try make it activate all partitions
+-    if command -v lvm 2>/dev/null 1>/dev/null; then
+-        lvm vgchange -a y
++
++try_to_mount_usr() {
++  _last_attempt="$1"
++  if [ ! -f "${NEWROOT}/etc/fstab" ]; then
++      warn "File ${NEWROOT}/etc/fstab doesn't exist."
++      return 1
++  fi
++
++  # In case we have the LVM command available try make it activate all partitions
++  if command -v lvm 2>/dev/null 1>/dev/null; then
++      lvm vgchange -a y || {
++          warn "Detected problem when tried to activate LVM VG."
++          if [ "$_last_attempt" != "true" ]; then
++              # this is not last execution, retry
++              return 1
++          fi
++          # NOTE(pstodulk):
++          # last execution, so call mount_usr anyway
++          # I am not 100% about lvm vgchange exit codes and I am aware of
++          # possible warnings, in this last run, let's keep it on mount_usr
++          # anyway..
++      }
++  fi
++
++  mount_usr "$1"
++}
++
++_sleep_timeout=15
++_last_attempt="false"
++for i in 0 1 2 3 4 5 6 7 8 9 10 11; do
++    if [ $i -eq 11 ]; then
++        _last_attempt="true"
+     fi
++    try_to_mount_usr "$_last_attempt" && break
++
++    # something is wrong. In some cases, storage needs more time for the
++    # initialisation - especially in case of SAN.
++
++    if [ "$_last_attempt" = "true" ]; then
++        warn "The last attempt to initialize storage has not been successful."
++        warn "Unknown state of the storage. It is possible that upgrade will be stopped."
++        break
++    fi
++
++    warn "Failed attempt to initialize the storage. Retry in $_sleep_timeout seconds. Attempt: $i of 10"
++    sleep $_sleep_timeout
++done
+ 
+-    mount_usr
+-fi
+-- 
+2.42.0
+

0032-Add-additional-KB-resources.patch

@@ -0,0 +1,374 @@
+From 3cb522d3a682365dae5d8745056f4671bdd5e41b Mon Sep 17 00:00:00 2001
+From: Michal Reznik <mreznik@redhat.com>
+Date: Fri, 3 May 2024 13:47:49 +0200
+Subject: [PATCH 32/34] Add additional KB resources
+
+add aditional KB resources in a form of ExternalLink or
+error details as requested by support
+---
+ .../libraries/checkbootavailspace.py                   |  4 ++++
+ .../common/actors/checkcifs/libraries/checkcifs.py     |  5 +++++
+ .../libraries/checkdddd.py                             | 10 ++++++++++
+ .../common/actors/checkmemory/libraries/checkmemory.py |  5 +++++
+ repos/system_upgrade/common/actors/checknfs/actor.py   |  4 ++++
+ .../common/actors/checkrootsymlinks/actor.py           |  5 +++++
+ .../libraries/checkyumpluginsenabled.py                |  4 ++++
+ .../libraries/checkinstalledkernels.py                 |  5 +++++
+ .../missinggpgkeysinhibitor/libraries/missinggpgkey.py |  5 ++++-
+ .../common/actors/opensshpermitrootlogincheck/actor.py |  5 +++++
+ .../common/actors/persistentnetnamesdisable/actor.py   |  5 +++++
+ .../targetuserspacecreator/libraries/userspacegen.py   |  9 +++++++++
+ .../actors/verifydialogs/libraries/verifydialogs.py    |  5 +++++
+ repos/system_upgrade/common/libraries/rhsm.py          |  3 ++-
+ .../system_upgrade/el7toel8/actors/checkbtrfs/actor.py |  4 ++++
+ .../actors/checkhacluster/libraries/checkhacluster.py  |  4 ++++
+ .../el7toel8/actors/checkremovedpammodules/actor.py    |  4 ++++
+ .../libraries/checkinstalleddevelkernels.py            |  4 ++++
+ .../libraries/satellite_upgrade_check.py               |  5 +++++
+ .../actors/checkifcfg/libraries/checkifcfg_ifcfg.py    |  5 +++++
+ .../actors/firewalldcheckallowzonedrifting/actor.py    |  5 +++++
+ 21 files changed, 103 insertions(+), 2 deletions(-)
+
+diff --git a/repos/system_upgrade/common/actors/checkbootavailspace/libraries/checkbootavailspace.py b/repos/system_upgrade/common/actors/checkbootavailspace/libraries/checkbootavailspace.py
+index 7380f335..0cc4cf7d 100644
+--- a/repos/system_upgrade/common/actors/checkbootavailspace/libraries/checkbootavailspace.py
++++ b/repos/system_upgrade/common/actors/checkbootavailspace/libraries/checkbootavailspace.py
+@@ -32,6 +32,10 @@ def inhibit_upgrade(avail_bytes):
+             '/boot needs additional {0} MiB to be able to accommodate the upgrade initramfs and new kernel.'.format(
+              additional_mib_needed)
+         ),
++        reporting.ExternalLink(
++            url='https://access.redhat.com/solutions/298263',
++            title='Why does kernel cannot be upgraded due to insufficient space in /boot ?'
++        ),
+         reporting.Severity(reporting.Severity.HIGH),
+         reporting.Groups([reporting.Groups.FILESYSTEM]),
+         reporting.Groups([reporting.Groups.INHIBITOR]),
+diff --git a/repos/system_upgrade/common/actors/checkcifs/libraries/checkcifs.py b/repos/system_upgrade/common/actors/checkcifs/libraries/checkcifs.py
+index b3ae146f..fc26ea70 100644
+--- a/repos/system_upgrade/common/actors/checkcifs/libraries/checkcifs.py
++++ b/repos/system_upgrade/common/actors/checkcifs/libraries/checkcifs.py
+@@ -18,6 +18,11 @@ def checkcifs(storage_info):
+                         reporting.Groups.NETWORK
+                 ]),
+                 reporting.Remediation(hint='Comment out CIFS entries to proceed with the upgrade.'),
++                reporting.ExternalLink(
++                    url='https://access.redhat.com/solutions/6964304',
++                    title='Leapp upgrade failed with error '
++                          '"Inhibitor: Use of CIFS detected. Upgrade cannot proceed"'
++                ),
+                 reporting.Groups([reporting.Groups.INHIBITOR]),
+                 reporting.RelatedResource('file', '/etc/fstab')
+             ])
+diff --git a/repos/system_upgrade/common/actors/checkdetecteddevicesanddrivers/libraries/checkdddd.py b/repos/system_upgrade/common/actors/checkdetecteddevicesanddrivers/libraries/checkdddd.py
+index df431c0e..defe3f9a 100644
+--- a/repos/system_upgrade/common/actors/checkdetecteddevicesanddrivers/libraries/checkdddd.py
++++ b/repos/system_upgrade/common/actors/checkdetecteddevicesanddrivers/libraries/checkdddd.py
+@@ -35,6 +35,16 @@ def create_inhibitors(inhibiting_entries):
+                     source=get_source_major_version(),
+                 )
+             ),
++            reporting.ExternalLink(
++                url='https://access.redhat.com/solutions/6971716',
++                title='Leapp preupgrade getting "Inhibitor: Detected loaded kernel drivers which have been '
++                      'removed in RHEL 8. Upgrade cannot proceed." '
++            ),
++            reporting.ExternalLink(
++                url='https://access.redhat.com/solutions/5436131',
++                title='Leapp upgrade fail with error "Inhibitor: Detected loaded kernel drivers which '
++                      'have been removed in RHEL 8. Upgrade cannot proceed."'
++            ),
+             reporting.Audience('sysadmin'),
+             reporting.Groups([reporting.Groups.KERNEL, reporting.Groups.DRIVERS]),
+             reporting.Severity(reporting.Severity.HIGH),
+diff --git a/repos/system_upgrade/common/actors/checkmemory/libraries/checkmemory.py b/repos/system_upgrade/common/actors/checkmemory/libraries/checkmemory.py
+index 25012273..808c9662 100644
+--- a/repos/system_upgrade/common/actors/checkmemory/libraries/checkmemory.py
++++ b/repos/system_upgrade/common/actors/checkmemory/libraries/checkmemory.py
+@@ -42,6 +42,11 @@ def process():
+                           reporting.Summary(summary),
+                           reporting.Severity(reporting.Severity.HIGH),
+                           reporting.Groups([reporting.Groups.SANITY, reporting.Groups.INHIBITOR]),
++                          reporting.ExternalLink(
++                              url='https://access.redhat.com/solutions/7014179',
++                              title='Leapp upgrade fail with error"Minimum memory requirements '
++                                    'for RHEL 8 are not met"Upgrade cannot proceed'
++                          ),
+                           reporting.ExternalLink(
+                             url='https://access.redhat.com/articles/rhel-limits',
+                             title='Red Hat Enterprise Linux Technology Capabilities and Limits'
+diff --git a/repos/system_upgrade/common/actors/checknfs/actor.py b/repos/system_upgrade/common/actors/checknfs/actor.py
+index 208c5dd9..94c5e606 100644
+--- a/repos/system_upgrade/common/actors/checknfs/actor.py
++++ b/repos/system_upgrade/common/actors/checknfs/actor.py
+@@ -61,6 +61,10 @@ class CheckNfs(Actor):
+                         reporting.Groups.NETWORK
+                 ]),
+                 reporting.Remediation(hint='Disable NFS temporarily for the upgrade if possible.'),
++                reporting.ExternalLink(
++                    url='https://access.redhat.com/solutions/6964006',
++                    title='Why does leapp upgrade fail on detecting NFS during upgrade?'
++                ),
+                 reporting.Groups([reporting.Groups.INHIBITOR]),
+                 ] + fstab_related_resource
+             )
+diff --git a/repos/system_upgrade/common/actors/checkrootsymlinks/actor.py b/repos/system_upgrade/common/actors/checkrootsymlinks/actor.py
+index 2769b7c1..c35272b2 100644
+--- a/repos/system_upgrade/common/actors/checkrootsymlinks/actor.py
++++ b/repos/system_upgrade/common/actors/checkrootsymlinks/actor.py
+@@ -37,6 +37,11 @@ class CheckRootSymlinks(Actor):
+                     'point to absolute paths.\n'
+                     'Please change these links to relative ones.'
+                     ),
++                reporting.ExternalLink(
++                    url='https://access.redhat.com/solutions/6989732',
++                    title='leapp upgrade stops with Inhibitor "Upgrade requires links in root '
++                          'directory to be relative"'
++                ),
+                 reporting.Severity(reporting.Severity.HIGH),
+                 reporting.Groups([reporting.Groups.INHIBITOR])]
+ 
+diff --git a/repos/system_upgrade/common/actors/checkyumpluginsenabled/libraries/checkyumpluginsenabled.py b/repos/system_upgrade/common/actors/checkyumpluginsenabled/libraries/checkyumpluginsenabled.py
+index 48f38d0a..5522af9c 100644
+--- a/repos/system_upgrade/common/actors/checkyumpluginsenabled/libraries/checkyumpluginsenabled.py
++++ b/repos/system_upgrade/common/actors/checkyumpluginsenabled/libraries/checkyumpluginsenabled.py
+@@ -63,6 +63,10 @@ def check_required_yum_plugins_enabled(pkg_manager_info):
+                 # Provide all commands as one due to problems with satellites
+                 commands=[['bash', '-c', '"{0}"'.format('; '.join(remediation_commands))]]
+             ),
++            reporting.ExternalLink(
++                url='https://access.redhat.com/solutions/7028063',
++                title='Why is Leapp preupgrade generating "Inhibitor: Required YUM plugins are not being loaded."'
++            ),
+             reporting.RelatedResource('file', pkg_manager_config_path),
+             reporting.RelatedResource('file', subscription_manager_plugin_conf),
+             reporting.RelatedResource('file', product_id_plugin_conf),
+diff --git a/repos/system_upgrade/common/actors/kernel/checkinstalledkernels/libraries/checkinstalledkernels.py b/repos/system_upgrade/common/actors/kernel/checkinstalledkernels/libraries/checkinstalledkernels.py
+index 95882d29..4573354b 100644
+--- a/repos/system_upgrade/common/actors/kernel/checkinstalledkernels/libraries/checkinstalledkernels.py
++++ b/repos/system_upgrade/common/actors/kernel/checkinstalledkernels/libraries/checkinstalledkernels.py
+@@ -103,5 +103,10 @@ def process():
+             reporting.Groups([reporting.Groups.KERNEL, reporting.Groups.BOOT]),
+             reporting.Groups([reporting.Groups.INHIBITOR]),
+             reporting.Remediation(hint=remediation),
++            reporting.ExternalLink(
++                url='https://access.redhat.com/solutions/7014134',
++                title='Leapp upgrade fail with error "Inhibitor:Newest installed kernel '
++                      'not in use" Upgrade cannot proceed'
++            ),
+             reporting.RelatedResource('package', 'kernel')
+         ])
+diff --git a/repos/system_upgrade/common/actors/missinggpgkeysinhibitor/libraries/missinggpgkey.py b/repos/system_upgrade/common/actors/missinggpgkeysinhibitor/libraries/missinggpgkey.py
+index 9a806ca2..4b93e741 100644
+--- a/repos/system_upgrade/common/actors/missinggpgkeysinhibitor/libraries/missinggpgkey.py
++++ b/repos/system_upgrade/common/actors/missinggpgkeysinhibitor/libraries/missinggpgkey.py
+@@ -65,7 +65,10 @@ def _consume_data():
+         used_target_repos = next(api.consume(UsedTargetRepositories)).repos
+     except StopIteration:
+         raise StopActorExecutionError(
+-            'Could not check for valid GPG keys', details={'details': 'No UsedTargetRepositories facts'}
++            'Could not check for valid GPG keys', details={
++                'details': 'No UsedTargetRepositories facts',
++                'link': 'https://access.redhat.com/solutions/7061850'
++            }
+         )
+ 
+     try:
+diff --git a/repos/system_upgrade/common/actors/opensshpermitrootlogincheck/actor.py b/repos/system_upgrade/common/actors/opensshpermitrootlogincheck/actor.py
+index 2ac4ec8f..7a49622f 100644
+--- a/repos/system_upgrade/common/actors/opensshpermitrootlogincheck/actor.py
++++ b/repos/system_upgrade/common/actors/opensshpermitrootlogincheck/actor.py
+@@ -135,6 +135,11 @@ class OpenSshPermitRootLoginCheck(Actor):
+                          'sshd_config next to the "PermitRootLogin yes" directive '
+                          'to prevent rpm replacing it during the upgrade.'
+                 ),
++                reporting.ExternalLink(
++                    url='https://access.redhat.com/solutions/7003083',
++                    title='Why Leapp Preupgrade for RHEL 8 to 9 getting '
++                          '"Possible problems with remote login using root account" ?'
++                ),
+                 reporting.Groups([reporting.Groups.INHIBITOR])
+             ] + COMMON_RESOURCES)
+         # If the configuration is modified and contains any directive allowing
+diff --git a/repos/system_upgrade/common/actors/persistentnetnamesdisable/actor.py b/repos/system_upgrade/common/actors/persistentnetnamesdisable/actor.py
+index 0e13c139..1f7f1413 100644
+--- a/repos/system_upgrade/common/actors/persistentnetnamesdisable/actor.py
++++ b/repos/system_upgrade/common/actors/persistentnetnamesdisable/actor.py
+@@ -50,6 +50,11 @@ class PersistentNetNamesDisable(Actor):
+                     title='How to perform an in-place upgrade to RHEL 8 when using kernel NIC names on RHEL 7',
+                     url='https://access.redhat.com/solutions/4067471'
+                 ),
++                reporting.ExternalLink(
++                    title='RHEL 8 to RHEL 9: inplace upgrade fails at '
++                          '"Network configuration for unsupported device types detected"',
++                    url='https://access.redhat.com/solutions/7009239'
++                ),
+                 reporting.Remediation(
+                     hint='Rename all ethX network interfaces following the attached KB solution article.'
+                 ),
+diff --git a/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py b/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
+index d60bc75f..dc93c9a0 100644
+--- a/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
++++ b/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
+@@ -828,6 +828,10 @@ def _get_rhsm_available_repoids(context):
+                 ' to set up Satellite and the system properly.'
+ 
+             ).format(target_major_version)),
++            reporting.ExternalLink(
++                url='https://access.redhat.com/solutions/5392811',
++                title='RHEL 7 to RHEL 8 LEAPP Upgrade Failing When Using Red Hat Satellite'
++            ),
+             reporting.ExternalLink(
+                 # https://red.ht/preparing-for-upgrade-to-rhel8
+                 # https://red.ht/preparing-for-upgrade-to-rhel9
+@@ -1007,6 +1011,11 @@ def gather_target_repositories(context, indata):
+                 # https://red.ht/preparing-for-upgrade-to-rhel10
+                 url='https://red.ht/preparing-for-upgrade-to-rhel{}'.format(target_major_version),
+                 title='Preparing for the upgrade'),
++            reporting.ExternalLink(
++                url='https://access.redhat.com/solutions/7001181',
++                title='LEAPP Upgrade Failing from RHEL 7 to RHEL 8 when system is '
++                      'registered to custromer portal'
++            ),
+             reporting.RelatedResource("file", "/etc/leapp/files/repomap.json"),
+             reporting.RelatedResource("file", "/etc/yum.repos.d/")
+         ])
+diff --git a/repos/system_upgrade/common/actors/verifydialogs/libraries/verifydialogs.py b/repos/system_upgrade/common/actors/verifydialogs/libraries/verifydialogs.py
+index a6dbe6eb..a79079b1 100644
+--- a/repos/system_upgrade/common/actors/verifydialogs/libraries/verifydialogs.py
++++ b/repos/system_upgrade/common/actors/verifydialogs/libraries/verifydialogs.py
+@@ -20,5 +20,10 @@ def check_dialogs(inhibit_if_no_userchoice=True):
+                        reporting.Summary(summary.format('\n'.join(sections))),
+                        reporting.Groups([reporting.Groups.INHIBITOR] if inhibit_if_no_userchoice else []),
+                        reporting.Remediation(hint=dialogs_remediation, commands=cmd_remediation),
++                       reporting.ExternalLink(
++                           url='https://access.redhat.com/solutions/7035321',
++                           title='Leapp upgrade fail with error "Inhibitor: Missing required answers '
++                                 'in the answer file."'
++                       ),
+                        reporting.Key(dialog.key)]
+         reporting.create_report(report_data + dialog_resources)
+diff --git a/repos/system_upgrade/common/libraries/rhsm.py b/repos/system_upgrade/common/libraries/rhsm.py
+index eb388829..74f6aeb1 100644
+--- a/repos/system_upgrade/common/libraries/rhsm.py
++++ b/repos/system_upgrade/common/libraries/rhsm.py
+@@ -85,7 +85,8 @@ def _handle_rhsm_exceptions(hint=None):
+             details={
+                 'details': str(e),
+                 'stderr': e.stderr,
+-                'hint': hint or _def_hint
++                'hint': hint or _def_hint,
++                'link': 'https://access.redhat.com/solutions/6138372'
+             }
+         )
+ 
+diff --git a/repos/system_upgrade/el7toel8/actors/checkbtrfs/actor.py b/repos/system_upgrade/el7toel8/actors/checkbtrfs/actor.py
+index c1b07f8d..a3848957 100644
+--- a/repos/system_upgrade/el7toel8/actors/checkbtrfs/actor.py
++++ b/repos/system_upgrade/el7toel8/actors/checkbtrfs/actor.py
+@@ -41,6 +41,10 @@ class CheckBtrfs(Actor):
+                             title='How do I prevent a kernel module from loading automatically?',
+                             url='https://access.redhat.com/solutions/41278'
+                         ),
++                        reporting.ExternalLink(
++                            title='Leapp upgrade fail with error "Inhibitor: Btrfs has been removed from RHEL8"',
++                            url='https://access.redhat.com/solutions/7020130'
++                        ),
+                         reporting.Severity(reporting.Severity.HIGH),
+                         reporting.Groups([reporting.Groups.INHIBITOR]),
+                         reporting.Groups([reporting.Groups.FILESYSTEM]),
+diff --git a/repos/system_upgrade/el7toel8/actors/checkhacluster/libraries/checkhacluster.py b/repos/system_upgrade/el7toel8/actors/checkhacluster/libraries/checkhacluster.py
+index 870cf8a9..115867d2 100644
+--- a/repos/system_upgrade/el7toel8/actors/checkhacluster/libraries/checkhacluster.py
++++ b/repos/system_upgrade/el7toel8/actors/checkhacluster/libraries/checkhacluster.py
+@@ -25,6 +25,10 @@ def inhibit(node_type):
+                 " to a RHEL High Availability or Resilient Storage Cluster"
+             ),
+         ),
++        reporting.ExternalLink(
++            url='https://access.redhat.com/solutions/7049940',
++            title='Leapp upgrade from RHEL 7 to RHEL 8 fails for pacemaker cluster'
++        ),
+         reporting.Remediation(
+             hint=(
+                 "Destroy the existing HA cluster"
+diff --git a/repos/system_upgrade/el7toel8/actors/checkremovedpammodules/actor.py b/repos/system_upgrade/el7toel8/actors/checkremovedpammodules/actor.py
+index 503f6149..d2e92398 100644
+--- a/repos/system_upgrade/el7toel8/actors/checkremovedpammodules/actor.py
++++ b/repos/system_upgrade/el7toel8/actors/checkremovedpammodules/actor.py
+@@ -59,6 +59,10 @@ class CheckRemovedPamModules(Actor):
+                          'please remove the pam module(s) from all the files '
+                          'under /etc/pam.d/.'.format(', '.join(replacements))
+                 ),
++                reporting.ExternalLink(
++                    url='https://access.redhat.com/solutions/7004774',
++                    title='Leapp preupgrade fails with: The pam_tally2 pam module(s) no longer available'
++                ),
+                 reporting.Severity(reporting.Severity.HIGH),
+                 reporting.Groups([reporting.Groups.INHIBITOR]),
+             ] + [reporting.RelatedResource('pam', r) for r in replacements | found_modules])
+diff --git a/repos/system_upgrade/el7toel8/actors/kernel/checkinstalleddevelkernels/checkinstalleddevelkernels/libraries/checkinstalleddevelkernels.py b/repos/system_upgrade/el7toel8/actors/kernel/checkinstalleddevelkernels/checkinstalleddevelkernels/libraries/checkinstalleddevelkernels.py
+index 0ff4489f..fa49092c 100644
+--- a/repos/system_upgrade/el7toel8/actors/kernel/checkinstalleddevelkernels/checkinstalleddevelkernels/libraries/checkinstalleddevelkernels.py
++++ b/repos/system_upgrade/el7toel8/actors/kernel/checkinstalleddevelkernels/checkinstalleddevelkernels/libraries/checkinstalleddevelkernels.py
+@@ -38,5 +38,9 @@ def process():
+             reporting.Groups([reporting.Groups.KERNEL]),
+             reporting.Groups([reporting.Groups.INHIBITOR]),
+             reporting.Remediation(hint=hint, commands=commands),
++            reporting.ExternalLink(
++                url='https://access.redhat.com/solutions/4723671',
++                title='leapp upgrade fails on kernel-devel packages'
++            ),
+             reporting.RelatedResource('package', 'kernel-devel')
+         ])
+diff --git a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_check/libraries/satellite_upgrade_check.py b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_check/libraries/satellite_upgrade_check.py
+index 6954dd50..82148ef3 100644
+--- a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_check/libraries/satellite_upgrade_check.py
++++ b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_check/libraries/satellite_upgrade_check.py
+@@ -53,6 +53,11 @@ def satellite_upgrade_check(facts):
+         reporting.create_report([
+             reporting.Title(title),
+             reporting.Summary(summary),
++            reporting.ExternalLink(
++                url='https://access.redhat.com/solutions/6794671',
++                title='Leapp preupgrade of Red Hat Satellite 6 fails on '
++                      'Old PostgreSQL data found in /var/lib/pgsql/data'
++            ),
+             reporting.Severity(severity),
+             reporting.Groups([]),
+             reporting.Groups(flags)
+diff --git a/repos/system_upgrade/el8toel9/actors/checkifcfg/libraries/checkifcfg_ifcfg.py b/repos/system_upgrade/el8toel9/actors/checkifcfg/libraries/checkifcfg_ifcfg.py
+index 946841df..ed666350 100644
+--- a/repos/system_upgrade/el8toel9/actors/checkifcfg/libraries/checkifcfg_ifcfg.py
++++ b/repos/system_upgrade/el8toel9/actors/checkifcfg/libraries/checkifcfg_ifcfg.py
+@@ -88,6 +88,11 @@ def process():
+             reporting.Title(title),
+             reporting.Summary(summary),
+             reporting.Remediation(hint=remediation),
++            reporting.ExternalLink(
++                url='https://access.redhat.com/solutions/7009239',
++                title='RHEL 8 to RHEL 9: inplace upgrade fails at '
++                      '"Network configuration for unsupported device types detected"'
++            ),
+             reporting.Severity(reporting.Severity.HIGH),
+             reporting.Groups([reporting.Groups.NETWORK, reporting.Groups.SERVICES]),
+             reporting.Groups([reporting.Groups.INHIBITOR]),
+diff --git a/repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py b/repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
+index b7eb5806..0002f6aa 100644
+--- a/repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
++++ b/repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
+@@ -44,6 +44,11 @@ class FirewalldCheckAllowZoneDrifting(Actor):
+             reporting.ExternalLink(
+                 url='https://access.redhat.com/articles/4855631',
+                 title='Changes in firewalld related to Zone Drifting'),
++            reporting.ExternalLink(
++                url='https://access.redhat.com/solutions/6969130',
++                title='Leapp Preupgrade check fails with error - '
++                      '"Inhibitor: Firewalld Configuration AllowZoneDrifting Is Unsupported".'
++            ),
+             reporting.Remediation(
+                 hint='Set AllowZoneDrifting=no in /etc/firewalld/firewalld.conf',
+                 commands=[['sed', '-i', 's/^AllowZoneDrifting=.*/AllowZoneDrifting=no/',
+-- 
+2.42.0
+

0033-storage-initialisation-apply-sleep-always.patch

@@ -0,0 +1,43 @@
+From da5ce33f51b2607c372acfc0e9bb28bf5270ef65 Mon Sep 17 00:00:00 2001
+From: Petr Stodulka <pstodulk@redhat.com>
+Date: Sat, 4 May 2024 10:07:14 +0200
+Subject: [PATCH 33/34] storage initialisation: apply sleep always
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Based on feedback from @rmetrich¹ the sleep period should be applied
+always as the problem with initialisation is happening also on systems
+with higher than few number of LVs where /usr is not on dedicated
+volume.
+
+1: https://github.com/oamg/leapp-repository/pull/1218#issuecomment-2093303020
+---
+ .../files/dracut/85sys-upgrade-redhat/mount_usr.sh           | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/mount_usr.sh b/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/mount_usr.sh
+index db065d87..84f4857d 100755
+--- a/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/mount_usr.sh
++++ b/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/mount_usr.sh
+@@ -127,6 +127,8 @@ try_to_mount_usr() {
+ _sleep_timeout=15
+ _last_attempt="false"
+ for i in 0 1 2 3 4 5 6 7 8 9 10 11; do
++    info "Storage initialisation: Attempt $i of 11. Wait $_sleep_timeout seconds."
++    sleep $_sleep_timeout
+     if [ $i -eq 11 ]; then
+         _last_attempt="true"
+     fi
+@@ -141,7 +143,6 @@ for i in 0 1 2 3 4 5 6 7 8 9 10 11; do
+         break
+     fi
+ 
+-    warn "Failed attempt to initialize the storage. Retry in $_sleep_timeout seconds. Attempt: $i of 10"
+-    sleep $_sleep_timeout
++    warn "Failed attempt to initialize the storage. Retry..."
+ done
+ 
+-- 
+2.42.0
+

0034-Add-renovate-to-track-github-actions-deps.patch

@@ -0,0 +1,30 @@
+From ce8dfff52c067fc334511c9773759eca8bff8b61 Mon Sep 17 00:00:00 2001
+From: Rodolfo Olivieri <rolivier@redhat.com>
+Date: Tue, 7 May 2024 09:38:41 -0300
+Subject: [PATCH 34/34] Add renovate to track github-actions deps
+
+The renovate bot will track and automatically update the github actions
+dependencies in the project.
+---
+ .github/renovate.json | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+ create mode 100644 .github/renovate.json
+
+diff --git a/.github/renovate.json b/.github/renovate.json
+new file mode 100644
+index 00000000..f55d8081
+--- /dev/null
++++ b/.github/renovate.json
+@@ -0,0 +1,8 @@
++{
++    "extends": [
++        "config:base"
++    ],
++    "enabledManagers": [
++        "github-actions"
++    ]
++}
+\ No newline at end of file
+-- 
+2.42.0
+

0035-chore-deps-update-redhat-plumbers-in-action-differen.patch

@@ -0,0 +1,25 @@
+From 82b20e29da6c05bfb385c44eed2dc9af72c36148 Mon Sep 17 00:00:00 2001
+From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
+Date: Sat, 11 May 2024 14:59:13 +0000
+Subject: [PATCH 35/49] chore(deps): update
+ redhat-plumbers-in-action/differential-shellcheck action to v5
+
+---
+ .github/workflows/differential-shellcheck.yml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
+index 4af99f8d..f643f054 100644
+--- a/.github/workflows/differential-shellcheck.yml
++++ b/.github/workflows/differential-shellcheck.yml
+@@ -24,6 +24,6 @@ jobs:
+           fetch-depth: 0
+ 
+       - name: Differential ShellCheck
+-        uses: redhat-plumbers-in-action/differential-shellcheck@v3
++        uses: redhat-plumbers-in-action/differential-shellcheck@v5
+         with:
+           token: ${{ secrets.GITHUB_TOKEN }}
+-- 
+2.44.0
+

0036-chore-deps-update-actions-checkout-action-to-v4.patch

@@ -0,0 +1,76 @@
+From 821a387628e935e1aa9a74af153cd7598c8038c1 Mon Sep 17 00:00:00 2001
+From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
+Date: Wed, 8 May 2024 12:45:11 +0000
+Subject: [PATCH 36/49] chore(deps): update actions/checkout action to v4
+
+---
+ .github/workflows/codespell.yml               | 2 +-
+ .github/workflows/differential-shellcheck.yml | 2 +-
+ .github/workflows/reuse-copr-build.yml        | 4 ++--
+ .github/workflows/unit-tests.yml              | 2 +-
+ 4 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
+index 4921bc90..c0ec20d6 100644
+--- a/.github/workflows/codespell.yml
++++ b/.github/workflows/codespell.yml
+@@ -14,7 +14,7 @@ jobs:
+     runs-on: ubuntu-latest
+ 
+     steps:
+-      - uses: actions/checkout@v3
++      - uses: actions/checkout@v4
+       - uses: codespell-project/actions-codespell@master
+         with:
+           ignore_words_list: ro,fo,couldn,repositor
+diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
+index f643f054..f1ed5f6a 100644
+--- a/.github/workflows/differential-shellcheck.yml
++++ b/.github/workflows/differential-shellcheck.yml
+@@ -19,7 +19,7 @@ jobs:
+ 
+     steps: 
+       - name: Repository checkout
+-        uses: actions/checkout@v3
++        uses: actions/checkout@v4
+         with:
+           fetch-depth: 0
+ 
+diff --git a/.github/workflows/reuse-copr-build.yml b/.github/workflows/reuse-copr-build.yml
+index 093e0c1a..c742db50 100644
+--- a/.github/workflows/reuse-copr-build.yml
++++ b/.github/workflows/reuse-copr-build.yml
+@@ -42,7 +42,7 @@ jobs:
+         # TODO: The correct way to checkout would be to use similar approach as in get_commit_by_timestamp function of
+         #       the github gluetool module (i.e. do not use HEAD but the last commit before comment).
+         id: checkout
+-        uses: actions/checkout@v2
++        uses: actions/checkout@v4
+         with:
+           ref: "refs/pull/${{ steps.pr_nr.outputs.pr_nr }}/head"
+ 
+@@ -105,7 +105,7 @@ jobs:
+       - name: Checkout leapp
+         id: checkout_leapp
+         if: ${{ steps.leapp_pr_regex_match.outputs.match != '' }}
+-        uses: actions/checkout@v2
++        uses: actions/checkout@v4
+         with:
+           repository: "oamg/leapp"
+           ref: "refs/pull/${{ steps.leapp_pr.outputs.leapp_pr }}/head"
+diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
+index 107a1fc0..e4b4d173 100644
+--- a/.github/workflows/unit-tests.yml
++++ b/.github/workflows/unit-tests.yml
+@@ -34,7 +34,7 @@ jobs:
+ 
+     steps:
+       - name: Checkout code
+-        uses: actions/checkout@v2
++        uses: actions/checkout@v4
+         with:
+           # NOTE(ivasilev) fetch-depth 0 is critical here as leapp deps discovery depends on specific substring in
+           # commit message and default 1 option will get us just merge commit which has an unrelevant message.
+-- 
+2.44.0
+

0037-chore-deps-update-dependency-ubuntu-to-v22.patch

@@ -1,25 +1,25 @@
-From 9c07443b0148139b511bcd52ecac294c86a15826 Mon Sep 17 00:00:00 2001
+From d7ad5d7da691f1425a3eba59e1f74392948a98e3 Mon Sep 17 00:00:00 2001
 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
-Date: Wed, 16 Oct 2024 09:17:17 +0000
-Subject: [PATCH 41/53] chore(deps): update dependency ubuntu to v24
+Date: Fri, 10 May 2024 05:33:55 +0000
+Subject: [PATCH 37/49] chore(deps): update dependency ubuntu to v22
 
 ---
  .github/workflows/reuse-copr-build.yml | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/.github/workflows/reuse-copr-build.yml b/.github/workflows/reuse-copr-build.yml
-index 3cf06254..c6702e1a 100644
+index c742db50..6bf71226 100644
 --- a/.github/workflows/reuse-copr-build.yml
 +++ b/.github/workflows/reuse-copr-build.yml
 @@ -16,7 +16,7 @@ jobs:
    reusable_workflow_copr_build_job:
      # This job only runs for '/rerun' pull request comments by owner, member, or collaborator of the repo/organization.
      name: Build copr builds for tft tests
--    runs-on: ubuntu-22.04
-+    runs-on: ubuntu-24.04
+-    runs-on: ubuntu-20.04
++    runs-on: ubuntu-22.04
      outputs:
        artifacts: ${{ steps.gen_artifacts.outputs.artifacts }}
      if: |
 -- 
-2.47.1
+2.44.0
 

0038-Fix-E0606-errors-reported-by-pylint.patch

@@ -0,0 +1,119 @@
+From 96346a5400a6e9741566e5070024a7918a6a9323 Mon Sep 17 00:00:00 2001
+From: Petr Stodulka <pstodulk@redhat.com>
+Date: Tue, 14 May 2024 15:24:43 +0200
+Subject: [PATCH 38/49] Fix E0606 errors reported by pylint
+
+E0606 -> possibly-used-before-assignement
+
+Note that in case of checktargetrepos actor we are introducing
+  https://red.ht/upgrading-rhel9-to-rhel10-main-official-doc
+for IPU 9 -> 10. However, this shortened URL must be defined yet later.
+---
+ .../actors/checktargetrepos/libraries/checktargetrepos.py      | 2 ++
+ .../tests/unit_test_upgradeinitramfsgenerator.py               | 1 +
+ .../common/actors/scantargetiso/tests/test_scan_target_iso.py  | 1 +
+ .../tests/unit_test_selinuxcontentscanner.py                   | 2 ++
+ .../selinux/selinuxprepare/tests/unit_test_selinuxprepare.py   | 1 +
+ repos/system_upgrade/common/libraries/tests/test_grub.py       | 3 +++
+ repos/system_upgrade/common/libraries/tests/test_mdraid.py     | 2 ++
+ 7 files changed, 12 insertions(+)
+
+diff --git a/repos/system_upgrade/common/actors/checktargetrepos/libraries/checktargetrepos.py b/repos/system_upgrade/common/actors/checktargetrepos/libraries/checktargetrepos.py
+index 6d5a2f65..c286ed4f 100644
+--- a/repos/system_upgrade/common/actors/checktargetrepos/libraries/checktargetrepos.py
++++ b/repos/system_upgrade/common/actors/checktargetrepos/libraries/checktargetrepos.py
+@@ -33,6 +33,8 @@ def process():
+         ipu_doc_url = 'https://red.ht/upgrading-rhel7-to-rhel8-main-official-doc'
+     elif target_major_version == '9':
+         ipu_doc_url = 'https://red.ht/upgrading-rhel8-to-rhel9-main-official-doc'
++    else:
++        ipu_doc_url = 'https://red.ht/upgrading-rhel9-to-rhel10-main-official-doc'
+ 
+     rhui_info = next(api.consume(RHUIInfo), None)
+ 
+diff --git a/repos/system_upgrade/common/actors/initramfs/upgradeinitramfsgenerator/tests/unit_test_upgradeinitramfsgenerator.py b/repos/system_upgrade/common/actors/initramfs/upgradeinitramfsgenerator/tests/unit_test_upgradeinitramfsgenerator.py
+index 8068e177..7397b82b 100644
+--- a/repos/system_upgrade/common/actors/initramfs/upgradeinitramfsgenerator/tests/unit_test_upgradeinitramfsgenerator.py
++++ b/repos/system_upgrade/common/actors/initramfs/upgradeinitramfsgenerator/tests/unit_test_upgradeinitramfsgenerator.py
+@@ -354,6 +354,7 @@ def test_copy_modules_fail(monkeypatch, kind):
+ 
+     module_class = None
+     copy_fn = None
++    dst_path = None
+     if kind == 'dracut':
+         module_class = DracutModule
+         copy_fn = upgradeinitramfsgenerator.copy_dracut_modules
+diff --git a/repos/system_upgrade/common/actors/scantargetiso/tests/test_scan_target_iso.py b/repos/system_upgrade/common/actors/scantargetiso/tests/test_scan_target_iso.py
+index 4dd0a125..8e235c6d 100644
+--- a/repos/system_upgrade/common/actors/scantargetiso/tests/test_scan_target_iso.py
++++ b/repos/system_upgrade/common/actors/scantargetiso/tests/test_scan_target_iso.py
+@@ -201,6 +201,7 @@ def test_iso_repository_detection(monkeypatch, repodirs_in_iso, expected_repoids
+ 
+     produced_custom_repo_msgs = []
+     target_iso_msg = None
++    target_iso = None
+     for produced_msg in produced_msgs:
+         if isinstance(produced_msg, CustomTargetRepository):
+             produced_custom_repo_msgs.append(produced_msg)
+diff --git a/repos/system_upgrade/common/actors/selinux/selinuxcontentscanner/tests/unit_test_selinuxcontentscanner.py b/repos/system_upgrade/common/actors/selinux/selinuxcontentscanner/tests/unit_test_selinuxcontentscanner.py
+index 1837c245..830eeac5 100644
+--- a/repos/system_upgrade/common/actors/selinux/selinuxcontentscanner/tests/unit_test_selinuxcontentscanner.py
++++ b/repos/system_upgrade/common/actors/selinux/selinuxcontentscanner/tests/unit_test_selinuxcontentscanner.py
+@@ -33,6 +33,8 @@ class run_mocked(object):
+                       "port -a -t http_port_t -p udp 81",
+                       "fcontext -a -f a -t httpd_sys_content_t '/web(/.*)?'",
+                       "fcontext -a -f a -t cgdcbxd_exec_t '/ganesha(/.*)?'"]
++        else:
++            assert False, 'run_mocked: Called unexpected cmd not covered by test: {}'.format(self.args)
+ 
+         return {'stdout': stdout}
+ 
+diff --git a/repos/system_upgrade/common/actors/selinux/selinuxprepare/tests/unit_test_selinuxprepare.py b/repos/system_upgrade/common/actors/selinux/selinuxprepare/tests/unit_test_selinuxprepare.py
+index 7d975dda..c1ad06c5 100644
+--- a/repos/system_upgrade/common/actors/selinux/selinuxprepare/tests/unit_test_selinuxprepare.py
++++ b/repos/system_upgrade/common/actors/selinux/selinuxprepare/tests/unit_test_selinuxprepare.py
+@@ -24,6 +24,7 @@ class run_mocked(object):
+                     self.removed_modules.add(self.args[idx + 1])
+         else:
+             self.non_semodule_calls += 1
++            stdout = []
+ 
+         return {'stdout': stdout}
+ 
+diff --git a/repos/system_upgrade/common/libraries/tests/test_grub.py b/repos/system_upgrade/common/libraries/tests/test_grub.py
+index 5a4f3f63..6f13538c 100644
+--- a/repos/system_upgrade/common/libraries/tests/test_grub.py
++++ b/repos/system_upgrade/common/libraries/tests/test_grub.py
+@@ -40,6 +40,7 @@ class RunMocked(object):
+     def __call__(self, args, encoding=None):
+         self.called += 1
+         self.args = args
++        stdout = ''
+         if self.raise_err:
+             raise_call_error(args)
+ 
+@@ -50,6 +51,8 @@ class RunMocked(object):
+             stdout = BOOT_DEVICE
+         elif self.args[:-1] == ['lsblk', '-spnlo', 'name']:
+             stdout = self.args[-1][:-1]
++        else:
++            assert False, 'RunMockedError: Called unexpected cmd not covered by test: {}'.format(self.args)
+ 
+         return {'stdout': stdout}
+ 
+diff --git a/repos/system_upgrade/common/libraries/tests/test_mdraid.py b/repos/system_upgrade/common/libraries/tests/test_mdraid.py
+index cb7c1059..d536beec 100644
+--- a/repos/system_upgrade/common/libraries/tests/test_mdraid.py
++++ b/repos/system_upgrade/common/libraries/tests/test_mdraid.py
+@@ -42,6 +42,8 @@ class RunMocked(object):
+             stdout = 'ARRAY /dev/md0 level=raid1 num-devices=2 metadata=1.2 name=localhost.localdomain:0 UUID=c4acea6e:d56e1598:91822e3f:fb26832c\n    devices=/dev/sda1,/dev/sdb1'  # noqa: E501; pylint: disable=line-too-long
+         elif self.args == ['mdadm', '--detail', '--verbose', '--brief', NOT_MD_DEVICE]:
+             stdout = 'mdadm: /dev/sda does not appear to be an md device'
++        else:
++            assert False, 'RunMockedError: Called unexpected cmd not covered by test: {}'.format(self.args)
+ 
+         return {'stdout': stdout}
+ 
+-- 
+2.44.0
+

0039-Fix-W0135-reported-by-pylint.patch

@@ -0,0 +1,78 @@
+From 35e667c33dc186292a27efe2dceb2f71a20a5e13 Mon Sep 17 00:00:00 2001
+From: Petr Stodulka <pstodulk@redhat.com>
+Date: Tue, 14 May 2024 16:14:20 +0200
+Subject: [PATCH 39/49] Fix W0135 reported by pylint
+
+W0135 -> contextmanager-generator-missing-cleanup
+
+Expects try-finally around `yield`. Checked reported functions,
+usually it's FP. In one case I changed the code to make it clear.
+---
+ repos/system_upgrade/common/libraries/dnfplugin.py |  3 +++
+ .../system_upgrade/common/libraries/overlaygen.py  | 14 ++++++++++----
+ 2 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/repos/system_upgrade/common/libraries/dnfplugin.py b/repos/system_upgrade/common/libraries/dnfplugin.py
+index fbd58246..e59168ef 100644
+--- a/repos/system_upgrade/common/libraries/dnfplugin.py
++++ b/repos/system_upgrade/common/libraries/dnfplugin.py
+@@ -460,6 +460,9 @@ def perform_transaction_install(target_userspace_info, storage_info, used_repos,
+ 
+ @contextlib.contextmanager
+ def _prepare_perform(used_repos, target_userspace_info, xfs_info, storage_info, target_iso=None):
++    # noqa: W0135; pylint: disable=contextmanager-generator-missing-cleanup
++    # NOTE(pstodulk): the pylint check is not valid in this case - finally is covered
++    # implicitly
+     reserve_space = overlaygen.get_recommended_leapp_free_space(target_userspace_info.path)
+     with _prepare_transaction(used_repos=used_repos,
+                               target_userspace_info=target_userspace_info
+diff --git a/repos/system_upgrade/common/libraries/overlaygen.py b/repos/system_upgrade/common/libraries/overlaygen.py
+index 6b0ff97d..4bcbf32b 100644
+--- a/repos/system_upgrade/common/libraries/overlaygen.py
++++ b/repos/system_upgrade/common/libraries/overlaygen.py
+@@ -296,6 +296,9 @@ def _prepare_required_mounts(scratch_dir, mounts_dir, storage_info, scratch_rese
+ 
+ @contextlib.contextmanager
+ def _build_overlay_mount(root_mount, mounts):
++    # noqa: W0135; pylint: disable=contextmanager-generator-missing-cleanup
++    # NOTE(pstodulk): the pylint check is not valid in this case - finally is covered
++    # implicitly
+     if not root_mount:
+         raise StopActorExecutionError('Root mount point has not been prepared for overlayfs.')
+     if not mounts:
+@@ -519,6 +522,9 @@ def _mount_dnf_cache(overlay_target):
+     """
+     Convenience context manager to ensure bind mounted /var/cache/dnf and removal of the mount.
+     """
++    # noqa: W0135; pylint: disable=contextmanager-generator-missing-cleanup
++    # NOTE(pstodulk): the pylint check is not valid in this case - finally is covered
++    # implicitly
+     with mounting.BindMount(
+             source='/var/cache/dnf',
+             target=os.path.join(overlay_target, 'var', 'cache', 'dnf')) as cache_mount:
+@@ -570,6 +576,9 @@ def create_source_overlay(mounts_dir, scratch_dir, xfs_info, storage_info, mount
+     :type scratch_reserve: Optional[int]
+     :rtype: mounting.BindMount or mounting.NullMount
+     """
++    # noqa: W0135; pylint: disable=contextmanager-generator-missing-cleanup
++    # NOTE(pstodulk): the pylint check is not valid in this case - finally is covered
++    # implicitly
+     api.current_logger().debug('Creating source overlay in {scratch_dir} with mounts in {mounts_dir}'.format(
+         scratch_dir=scratch_dir, mounts_dir=mounts_dir))
+     try:
+@@ -589,11 +598,8 @@ def create_source_overlay(mounts_dir, scratch_dir, xfs_info, storage_info, mount
+                     with _build_overlay_mount(root_overlay, mounts) as overlay:
+                         with _mount_dnf_cache(overlay.target):
+                             yield overlay
+-    except Exception:
++    finally:
+         cleanup_scratch(scratch_dir, mounts_dir)
+-        raise
+-    # cleanup always now
+-    cleanup_scratch(scratch_dir, mounts_dir)
+ 
+ 
+ # #############################################################################
+-- 
+2.44.0
+

0040-chore-deps-update-peter-evans-create-or-update-comme.patch

@@ -0,0 +1,35 @@
+From d14423e2de7f6aeec921fd9cf0aad85101f6a65d Mon Sep 17 00:00:00 2001
+From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
+Date: Thu, 16 May 2024 08:11:44 +0200
+Subject: [PATCH 40/49] chore(deps): update
+ peter-evans/create-or-update-comment digest to v4 (#1222)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Update peter-evans/create-or-update-comment digest to v4 to use versioned (released) content instead of updating it per each new commit change.
+
+---------
+
+Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
+Co-authored-by: Petr Stodůlka <pstodulk@redhat.com>
+---
+ .github/workflows/pr-welcome-msg.yml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/.github/workflows/pr-welcome-msg.yml b/.github/workflows/pr-welcome-msg.yml
+index e23c9bbb..c6527da4 100644
+--- a/.github/workflows/pr-welcome-msg.yml
++++ b/.github/workflows/pr-welcome-msg.yml
+@@ -14,7 +14,7 @@ jobs:
+     runs-on: ubuntu-latest
+     steps:
+       - name: Create comment
+-        uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae
++        uses: peter-evans/create-or-update-comment@v4
+         with:
+           issue-number: ${{ github.event.pull_request.number }}
+           body: |
+-- 
+2.44.0
+

0041-properly-indent-the-list-of-supported-OSes.patch

@@ -0,0 +1,56 @@
+From c68bc5ef0f277a5878802566dc5517a1f98feac6 Mon Sep 17 00:00:00 2001
+From: Evgeni Golov <evgeni@golov.de>
+Date: Thu, 16 May 2024 11:08:47 +0200
+Subject: [PATCH 41/49] properly indent the list of supported OSes
+
+before:
+```
+Risk Factor: high (inhibitor)
+Title: The installed OS version is not supported for the in-place upgrade to the target RHEL version
+Summary: The supported OS releases for the upgrade process:
+ RHEL 8.8
+RHEL 8.10
+RHEL-SAPHANA 8.8
+RHEL-SAPHANA 8.10
+```
+
+after:
+```
+Risk Factor: high (inhibitor)
+Title: The installed OS version is not supported for the in-place upgrade to the target RHEL version
+Summary: The supported OS releases for the upgrade process:
+    - RHEL 8.8
+    - RHEL 8.10
+    - RHEL-SAPHANA 8.8
+    - RHEL-SAPHANA 8.10
+```
+---
+ .../common/actors/checkosrelease/libraries/checkosrelease.py | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/repos/system_upgrade/common/actors/checkosrelease/libraries/checkosrelease.py b/repos/system_upgrade/common/actors/checkosrelease/libraries/checkosrelease.py
+index e57ba1a7..bbc6b5ae 100644
+--- a/repos/system_upgrade/common/actors/checkosrelease/libraries/checkosrelease.py
++++ b/repos/system_upgrade/common/actors/checkosrelease/libraries/checkosrelease.py
+@@ -4,6 +4,7 @@ from leapp import reporting
+ from leapp.libraries.common.config import version
+ 
+ COMMON_REPORT_TAGS = [reporting.Groups.SANITY]
++FMT_LIST_SEPARATOR = '\n    - '
+ 
+ related = [reporting.RelatedResource('file', '/etc/os-release')]
+ 
+@@ -34,8 +35,8 @@ def check_os_version():
+                 'The installed OS version is not supported for the in-place upgrade to the target RHEL version'
+             ),
+             reporting.Summary(
+-                'The supported OS releases for the upgrade process:\n'
+-                ' {}'.format('\n'.join(supported_releases))
++                'The supported OS releases for the upgrade process:'
++                '{}{}'.format(FMT_LIST_SEPARATOR, FMT_LIST_SEPARATOR.join(supported_releases))
+             ),
+             reporting.Severity(reporting.Severity.HIGH),
+             reporting.Groups(COMMON_REPORT_TAGS),
+-- 
+2.44.0
+

0042-report-which-OS-release-was-detected-as-unsupported.patch

@@ -0,0 +1,47 @@
+From 8ad024515ed4b9e3df05157c67938d700eee5fa8 Mon Sep 17 00:00:00 2001
+From: Evgeni Golov <evgeni@golov.de>
+Date: Thu, 16 May 2024 11:54:17 +0200
+Subject: [PATCH 42/49] report which OS release was detected as unsupported
+
+---
+ .../common/actors/checkosrelease/libraries/checkosrelease.py | 5 ++++-
+ .../actors/checkosrelease/tests/test_checkosrelease.py       | 1 +
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/repos/system_upgrade/common/actors/checkosrelease/libraries/checkosrelease.py b/repos/system_upgrade/common/actors/checkosrelease/libraries/checkosrelease.py
+index bbc6b5ae..1ee6e6ab 100644
+--- a/repos/system_upgrade/common/actors/checkosrelease/libraries/checkosrelease.py
++++ b/repos/system_upgrade/common/actors/checkosrelease/libraries/checkosrelease.py
+@@ -30,13 +30,16 @@ def check_os_version():
+         for rel in version.SUPPORTED_VERSIONS:
+             for ver in version.SUPPORTED_VERSIONS[rel]:
+                 supported_releases.append(rel.upper() + ' ' + ver)
++        current_release = ' '.join(version.current_version()).upper()
+         reporting.create_report([
+             reporting.Title(
+                 'The installed OS version is not supported for the in-place upgrade to the target RHEL version'
+             ),
+             reporting.Summary(
+                 'The supported OS releases for the upgrade process:'
+-                '{}{}'.format(FMT_LIST_SEPARATOR, FMT_LIST_SEPARATOR.join(supported_releases))
++                '{}{}\n\nThe detected OS release is: {}'.format(FMT_LIST_SEPARATOR,
++                                                                FMT_LIST_SEPARATOR.join(supported_releases),
++                                                                current_release)
+             ),
+             reporting.Severity(reporting.Severity.HIGH),
+             reporting.Groups(COMMON_REPORT_TAGS),
+diff --git a/repos/system_upgrade/common/actors/checkosrelease/tests/test_checkosrelease.py b/repos/system_upgrade/common/actors/checkosrelease/tests/test_checkosrelease.py
+index 99d19832..aa0fd636 100644
+--- a/repos/system_upgrade/common/actors/checkosrelease/tests/test_checkosrelease.py
++++ b/repos/system_upgrade/common/actors/checkosrelease/tests/test_checkosrelease.py
+@@ -28,6 +28,7 @@ def test_no_skip_check(monkeypatch):
+ def test_not_supported_release(monkeypatch):
+     monkeypatch.setattr(version, "is_supported_version", lambda: False)
+     monkeypatch.setattr(version, "get_source_major_version", lambda: '7')
++    monkeypatch.setattr(version, "current_version", lambda: ('bad', '7'))
+     monkeypatch.setattr(reporting, "create_report", create_report_mocked())
+ 
+     checkosrelease.check_os_version()
+-- 
+2.44.0
+

0043-Fix-typo-in-.packit.yaml.patch

@@ -0,0 +1,25 @@
+From 8c22562662078459abe3e0690d2f7a3120e62809 Mon Sep 17 00:00:00 2001
+From: Martin Kluson <mkluson@redhat.com>
+Date: Mon, 20 May 2024 16:33:03 +0200
+Subject: [PATCH 43/49] Fix typo in .packit.yaml
+
+---
+ .packit.yaml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/.packit.yaml b/.packit.yaml
+index ed6412dc..dc9b9431 100644
+--- a/.packit.yaml
++++ b/.packit.yaml
+@@ -292,7 +292,7 @@ jobs:
+ 
+ 
+ # ###################################################################### #
+-# ############################## 8 TO 10 ############################### #
++# ############################## 8 TO 9 ################################ #
+ # ###################################################################### #
+ 
+ # ###################################################################### #
+-- 
+2.44.0
+

0044-drop-unused-packager-field-from-distro-metadata.patch

@@ -0,0 +1,55 @@
+From a7893092361d93a34c57b3cb2f05cc4e1db418b9 Mon Sep 17 00:00:00 2001
+From: Evgeni Golov <evgeni@golov.de>
+Date: Thu, 16 May 2024 10:24:30 +0200
+Subject: [PATCH 44/49] drop unused packager field from distro metadata
+
+The actor was refactored to accept any `gpg-key` package, regardless of
+the value in the packager field, but the data was never drop from the
+JSON files.
+
+Fixes: 4968bec73947fb83aeb2d89fe7e919fba2ca2776
+---
+ .../libraries/distributionsignedrpmscanner.py                  | 1 -
+ .../common/files/distro/centos/gpg-signatures.json             | 3 +--
+ .../common/files/distro/rhel/gpg-signatures.json               | 3 +--
+ 3 files changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/repos/system_upgrade/common/actors/distributionsignedrpmscanner/libraries/distributionsignedrpmscanner.py b/repos/system_upgrade/common/actors/distributionsignedrpmscanner/libraries/distributionsignedrpmscanner.py
+index 0bc71bfa..7898453b 100644
+--- a/repos/system_upgrade/common/actors/distributionsignedrpmscanner/libraries/distributionsignedrpmscanner.py
++++ b/repos/system_upgrade/common/actors/distributionsignedrpmscanner/libraries/distributionsignedrpmscanner.py
+@@ -16,7 +16,6 @@ def get_distribution_data(distribution):
+         with open(distribution_config) as distro_config_file:
+             distro_config_json = json.load(distro_config_file)
+             distro_keys = distro_config_json.get('keys', [])
+-            # distro_packager = distro_config_json.get('packager', 'not-available')
+     else:
+         raise StopActorExecutionError(
+             'Cannot find distribution signature configuration.',
+diff --git a/repos/system_upgrade/common/files/distro/centos/gpg-signatures.json b/repos/system_upgrade/common/files/distro/centos/gpg-signatures.json
+index 30e329ee..cf7f819d 100644
+--- a/repos/system_upgrade/common/files/distro/centos/gpg-signatures.json
++++ b/repos/system_upgrade/common/files/distro/centos/gpg-signatures.json
+@@ -3,6 +3,5 @@
+         "24c6a8a7f4a80eb5",
+         "05b555b38483c65d",
+         "4eb84e71f2ee9d55"
+-    ],
+-    "packager": "CentOS"
++    ]
+ }
+diff --git a/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json b/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json
+index eccf0106..64d9ed12 100644
+--- a/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json
++++ b/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json
+@@ -5,6 +5,5 @@
+         "938a80caf21541eb",
+         "fd372689897da07a",
+         "45689c882fa658e0"
+-    ],
+-    "packager": "Red Hat, Inc."
++    ]
+ }
+-- 
+2.44.0
+

0045-Add-environment-information-to-leappdb.patch

@@ -0,0 +1,39 @@
+From ae387bc31826e76c220f0b5fdd1f8fab4b36a5a3 Mon Sep 17 00:00:00 2001
+From: David Kubek <dkubek@redhat.com>
+Date: Tue, 21 Nov 2023 13:54:41 +0100
+Subject: [PATCH 45/49] Add environment information to leappdb
+
+Related to changes extending the information stored in the leapp db.
+After this comment, the command line arguments as well as the
+environment variables modifying the leapp execution (env vars starting
+with `LEAPP_`) will be stored in the database.
+
+Works on: OAMG-8402
+---
+ commands/upgrade/util.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/commands/upgrade/util.py b/commands/upgrade/util.py
+index 9eff0ad1..b20c316d 100644
+--- a/commands/upgrade/util.py
++++ b/commands/upgrade/util.py
+@@ -3,6 +3,7 @@ import itertools
+ import json
+ import os
+ import shutil
++import sys
+ import tarfile
+ from datetime import datetime
+ 
+@@ -235,6 +236,8 @@ def prepare_configuration(args):
+         'debug': os.getenv('LEAPP_DEBUG', '0'),
+         'verbose': os.getenv('LEAPP_VERBOSE', '0'),
+         'whitelist_experimental': args.whitelist_experimental or (),
++        'environment': {env: os.getenv(env) for env in os.environ if env.startswith('LEAPP_')},
++        'cmd': sys.argv,
+     }
+     return configuration
+ 
+-- 
+2.44.0
+

0046-chore-deps-update-actions-github-script-action-to-v7.patch

@@ -0,0 +1,34 @@
+From 3173d1a43eaf7d5353cd3cc753c4ba904a6f50d1 Mon Sep 17 00:00:00 2001
+From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
+Date: Fri, 10 May 2024 05:33:51 +0000
+Subject: [PATCH 46/49] chore(deps): update actions/github-script action to v7
+
+---
+ .github/workflows/reuse-copr-build.yml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/.github/workflows/reuse-copr-build.yml b/.github/workflows/reuse-copr-build.yml
+index 6bf71226..3cf06254 100644
+--- a/.github/workflows/reuse-copr-build.yml
++++ b/.github/workflows/reuse-copr-build.yml
+@@ -78,7 +78,7 @@ jobs:
+       - name: Add comment with copr build url
+         # TODO: Create comment when copr build fails.
+         id: link_copr
+-        uses: actions/github-script@v4
++        uses: actions/github-script@v7
+         with:
+           script: |
+             github.issues.createComment({
+@@ -145,7 +145,7 @@ jobs:
+         # TODO: Create comment when copr build fails.
+         id: link_copr_leapp
+         if: ${{ steps.leapp_pr_regex_match.outputs.match != '' }}
+-        uses: actions/github-script@v4
++        uses: actions/github-script@v7
+         with:
+           script: |
+             github.issues.createComment({
+-- 
+2.44.0
+

0047-fix-some-typos-spotted-by-codespell.patch

@@ -0,0 +1,69 @@
+From 1fab8273744b3dba9c2acf927e6b87417d25f77b Mon Sep 17 00:00:00 2001
+From: Evgeni Golov <evgeni@golov.de>
+Date: Mon, 27 May 2024 11:51:43 +0200
+Subject: [PATCH 47/49] fix some typos spotted by codespell
+
+also add `zeor` to the ignore list as that's part of an email address at
+`zeor.simegen.com`
+---
+ .github/workflows/codespell.yml                                 | 2 +-
+ .../common/actors/selinux/selinuxapplycustom/actor.py           | 2 +-
+ repos/system_upgrade/common/libraries/overlaygen.py             | 2 +-
+ .../checkcustomnetworkscripts/libraries/customnetworkscripts.py | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
+index c0ec20d6..002d3774 100644
+--- a/.github/workflows/codespell.yml
++++ b/.github/workflows/codespell.yml
+@@ -17,7 +17,7 @@ jobs:
+       - uses: actions/checkout@v4
+       - uses: codespell-project/actions-codespell@master
+         with:
+-          ignore_words_list: ro,fo,couldn,repositor
++          ignore_words_list: ro,fo,couldn,repositor,zeor
+           skip: "./repos/system_upgrade/common/actors/storagescanner/tests/files/mounts,\
+             ./repos/system_upgrade/el7toel8/actors/networkmanagerreadconfig/tests/files/nm_cfg_file_error,\
+             ./repos/system_upgrade/el8toel9/actors/xorgdrvfact/tests/files/journalctl-xorg-intel,\
+diff --git a/repos/system_upgrade/common/actors/selinux/selinuxapplycustom/actor.py b/repos/system_upgrade/common/actors/selinux/selinuxapplycustom/actor.py
+index b7f8376f..55c64c3e 100644
+--- a/repos/system_upgrade/common/actors/selinux/selinuxapplycustom/actor.py
++++ b/repos/system_upgrade/common/actors/selinux/selinuxapplycustom/actor.py
+@@ -26,7 +26,7 @@ class SELinuxApplyCustom(Actor):
+     tags = (ApplicationsPhaseTag, IPUWorkflowTag)
+ 
+     def process(self):
+-        # save progress for repoting purposes
++        # save progress for reporting purposes
+         failed_modules = []
+         failed_custom = []
+ 
+diff --git a/repos/system_upgrade/common/libraries/overlaygen.py b/repos/system_upgrade/common/libraries/overlaygen.py
+index 4bcbf32b..1132cde1 100644
+--- a/repos/system_upgrade/common/libraries/overlaygen.py
++++ b/repos/system_upgrade/common/libraries/overlaygen.py
+@@ -274,7 +274,7 @@ def _prepare_required_mounts(scratch_dir, mounts_dir, storage_info, scratch_rese
+     space_needed = scratch_reserve + _MAGICAL_CONSTANT_OVL_SIZE * len(mount_points)
+     _ensure_enough_diskimage_space(space_needed, scratch_dir)
+ 
+-    # free space required on this partition should not be affected by durin the
++    # free space required on this partition should not be affected by during the
+     # upgrade transaction execution by space consumed on creation of disk images
+     # as disk images are cleaned in the end of this functions,
+     # but we want to reserve some space in advance.
+diff --git a/repos/system_upgrade/el8toel9/actors/checkcustomnetworkscripts/libraries/customnetworkscripts.py b/repos/system_upgrade/el8toel9/actors/checkcustomnetworkscripts/libraries/customnetworkscripts.py
+index c3a6ffd1..2947aa27 100644
+--- a/repos/system_upgrade/el8toel9/actors/checkcustomnetworkscripts/libraries/customnetworkscripts.py
++++ b/repos/system_upgrade/el8toel9/actors/checkcustomnetworkscripts/libraries/customnetworkscripts.py
+@@ -28,7 +28,7 @@ def generate_report(existing_custom_network_scripts):
+             reporting.Remediation(
+                 hint=(
+                     "Migrate the custom network-scripts to NetworkManager dispatcher"
+-                    " scripts manually before the ugprade. Follow instructions in the"
++                    " scripts manually before the upgrade. Follow instructions in the"
+                     " official documentation."
+                 )
+             ),
+-- 
+2.44.0
+

0048-BZ-2283067-don-t-remove-Tomcat-during-Satellite-7to8.patch

@@ -0,0 +1,47 @@
+From 8b1fd71d209f37005d7858768d211ee1cb07a30c Mon Sep 17 00:00:00 2001
+From: Evgeni Golov <evgeni@golov.de>
+Date: Mon, 27 May 2024 12:49:04 +0200
+Subject: [PATCH 48/49] BZ#2283067 - don't remove Tomcat during Satellite 7to8
+ upgrade
+
+This was previously added to workaround issues with the packages in RHEL
+8.8/8.9, but now that 8.10 is released it's not required anymore and
+actually breaks the upgrade.
+---
+ .../actors/satellite_upgrade_facts/actor.py         | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py
+index 3cd9d9da..cfba0503 100644
+--- a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py
++++ b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py
+@@ -1,7 +1,7 @@
+ import os
+ 
+ from leapp.actors import Actor
+-from leapp.libraries.common.config import architecture
++from leapp.libraries.common.config import architecture, version
+ from leapp.libraries.common.rpms import has_package
+ from leapp.libraries.stdlib import run
+ from leapp.models import (
+@@ -55,11 +55,12 @@ class SatelliteUpgradeFacts(Actor):
+             # enable modules that are needed for Pulpcore
+             modules_to_enable.append(Module(name='python38', stream='3.8'))
+             to_install.append('katello')
+-            # Force removal of tomcat
+-            # PES data indicates tomcat.el7 can be upgraded to tomcat.el8 since EL 8.8,
+-            # but we need pki-servlet-engine from the module instead which will be pulled in via normal
+-            # package dependencies
+-            to_remove.extend(['tomcat', 'tomcat-lib'])
++            if version.matches_target_version('8.8', '8.9'):
++                # Force removal of tomcat
++                # PES data indicates tomcat.el7 can be upgraded to tomcat.el8 since EL 8.8,
++                # but we need pki-servlet-engine from the module instead which will be pulled in via normal
++                # package dependencies
++                to_remove.extend(['tomcat', 'tomcat-lib'])
+ 
+         if has_package(InstalledRPM, 'rh-redis5-redis'):
+             modules_to_enable.append(Module(name='redis', stream='5'))
+-- 
+2.44.0
+

0049-Add-product-certs-and-target-for-9.5.patch

@@ -0,0 +1,373 @@
+From 061504d4b7748e11a8d6258021b6ac9d281cc63c Mon Sep 17 00:00:00 2001
+From: Matej Matuska <mmatuska@redhat.com>
+Date: Tue, 28 May 2024 14:23:44 +0200
+Subject: [PATCH 49/49] Add product certs and target for 9.5
+
+---
+ .../common/files/prod-certs/9.5/279.pem       | 35 ++++++++++++++++++
+ .../common/files/prod-certs/9.5/362.pem       | 36 +++++++++++++++++++
+ .../common/files/prod-certs/9.5/363.pem       | 35 ++++++++++++++++++
+ .../common/files/prod-certs/9.5/419.pem       | 35 ++++++++++++++++++
+ .../common/files/prod-certs/9.5/433.pem       | 35 ++++++++++++++++++
+ .../common/files/prod-certs/9.5/479.pem       | 35 ++++++++++++++++++
+ .../common/files/prod-certs/9.5/486.pem       | 35 ++++++++++++++++++
+ .../common/files/prod-certs/9.5/72.pem        | 35 ++++++++++++++++++
+ .../common/files/upgrade_paths.json           |  4 +--
+ 9 files changed, 283 insertions(+), 2 deletions(-)
+ create mode 100644 repos/system_upgrade/common/files/prod-certs/9.5/279.pem
+ create mode 100644 repos/system_upgrade/common/files/prod-certs/9.5/362.pem
+ create mode 100644 repos/system_upgrade/common/files/prod-certs/9.5/363.pem
+ create mode 100644 repos/system_upgrade/common/files/prod-certs/9.5/419.pem
+ create mode 100644 repos/system_upgrade/common/files/prod-certs/9.5/433.pem
+ create mode 100644 repos/system_upgrade/common/files/prod-certs/9.5/479.pem
+ create mode 100644 repos/system_upgrade/common/files/prod-certs/9.5/486.pem
+ create mode 100644 repos/system_upgrade/common/files/prod-certs/9.5/72.pem
+
+diff --git a/repos/system_upgrade/common/files/prod-certs/9.5/279.pem b/repos/system_upgrade/common/files/prod-certs/9.5/279.pem
+new file mode 100644
+index 00000000..2257a543
+--- /dev/null
++++ b/repos/system_upgrade/common/files/prod-certs/9.5/279.pem
+@@ -0,0 +1,35 @@
++-----BEGIN CERTIFICATE-----
++MIIGJTCCBA2gAwIBAgIJALDxRLt/tVPfMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
++VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
++YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
++IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
++ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDExNjE1MzAyMFoXDTQ0MDEx
++NjE1MzAyMFowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFs1OWY4YmIz
++My0wZjU2LTQ2N2UtYTE1ZC1hZmQxMjUzMTYzN2NdMIICIjANBgkqhkiG9w0BAQEF
++AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
++sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
++8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
++RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
++5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
++xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
++QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
++yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
++1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
++5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
++ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
++AwEAAaOBrjCBqzAJBgNVHRMEAjAAMEMGDCsGAQQBkggJAYIXAQQzDDFSZWQgSGF0
++IEVudGVycHJpc2UgTGludXggZm9yIFBvd2VyLCBsaXR0bGUgZW5kaWFuMBUGDCsG
++AQQBkggJAYIXAgQFDAM5LjUwGQYMKwYBBAGSCAkBghcDBAkMB3BwYzY0bGUwJwYM
++KwYBBAGSCAkBghcEBBcMFXJoZWwtOSxyaGVsLTktcHBjNjRsZTANBgkqhkiG9w0B
++AQsFAAOCAgEAii9ffFWGZCeIaaI6EXmBK6s4uCryT72DsqL9xPUj6J1lm/9Xf4Nq
++h0I+4zEEaPqI4XzUmw+LuVLpZAC79daKRiZRRPoIrR74Ca0KfvCPY72ZCIXYUmHZ
++wgjrw4q6ZUSz4wYxPv/A8Q02oWlkHF7s7r8JNrq4B6IvOfdLFeVQGXtNtf7EIrH0
++YKV/RRIPMKPEuc14EhmK8z9+lpySmZ7+4/cZh1DIqFjd6XGo7UeuON7atqEsHZ8e
++PHlgw0Rl/HtCHBEHquZtuMoIF5f1C/qXGgMfIHzbHnCa42k7Vjx2/+UKxsmYmDRp
++RGfBoZJL5DHla7+JOhmN70rTuKnwhPmP3b80Ax18uvrYPgzGxhb0jd7XvlZl+bSD
++7aVhq/XK9rFjN9hf3wVwg01nIHIxMZPXZ1Eml/Af7ZzttcIxuOWTh1/TFw8XSUx/
++kS8Z0tJpH+AiTCr93JLuh88ryKK5jZ5gGSWMOIpoSWE0wqTgODGcYAAeJJ034ogb
++pbsPihjhxACkQhky+F1KJH2HE9pIKxaJNnCGWn1StX8DA9sngVSGl4YmLlZfEyUz
++K2nJeUB9DPbtyHZHXw4N6Ep17CjUPZIY2jQSMBNkhAOpkIgvtVEMYQtXu6OVLbnu
++O2sGXqV3LBUg3L00WxR9QAIG/n54z5afF3mxl3zJEcZoUwp4OHxkn84=
++-----END CERTIFICATE-----
+diff --git a/repos/system_upgrade/common/files/prod-certs/9.5/362.pem b/repos/system_upgrade/common/files/prod-certs/9.5/362.pem
+new file mode 100644
+index 00000000..aa60c216
+--- /dev/null
++++ b/repos/system_upgrade/common/files/prod-certs/9.5/362.pem
+@@ -0,0 +1,36 @@
++-----BEGIN CERTIFICATE-----
++MIIGNDCCBBygAwIBAgIJALDxRLt/tVPJMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
++VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
++YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
++IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
++ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDExNjE1Mjk1OVoXDTQ0MDEx
++NjE1Mjk1OVowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFs4OTA1ZDA0
++MC04ZGY5LTQ3ZjAtODdhZi0yZDE1ZTYwNzgxZjVdMIICIjANBgkqhkiG9w0BAQEF
++AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
++sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
++8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
++RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
++5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
++xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
++QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
++yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
++1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
++5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
++ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
++AwEAAaOBvTCBujAJBgNVHRMEAjAAMEgGDCsGAQQBkggJAYJqAQQ4DDZSZWQgSGF0
++IEVudGVycHJpc2UgTGludXggZm9yIFBvd2VyLCBsaXR0bGUgZW5kaWFuIEJldGEw
++GgYMKwYBBAGSCAkBgmoCBAoMCDkuNSBCZXRhMBkGDCsGAQQBkggJAYJqAwQJDAdw
++cGM2NGxlMCwGDCsGAQQBkggJAYJqBAQcDBpyaGVsLTkscmhlbC05LWJldGEtcHBj
++NjRsZTANBgkqhkiG9w0BAQsFAAOCAgEAgx5sfDsgXS0GiE9tBa2VUDDcQ82EgPdV
++vR8SUcrhuYv0c0XtKcYw3qwm03QRHLu8zv3f9HMT2SLQGqIPVYAjIk6IR2n9jsIW
++ssbgpkZPaypgRadgS0abapCOSDFh+67FmV3YJR9kHQSrTwMLhqGphidapfN9Si4i
++THn6sc9sy/iyXP8FDgqXehPutoWCvMA1kf6ek50v3121P860XPhhMHXQsLB6y+GV
++G3fy2QAezSpJTA0PwrIWz+ZZiZ9oH5Fpvo2hMGnPclgfsN9/Ge13IE39vBgmznum
++mlkwtArIYajjYDk4ADXFWmhY04zMBldLrR6PIrBNxRZv0a1hazcEP1LJPu2YLWgW
++eV9/FNnzUySfL0a+hkTQvDfs2Ojeb72fDvaDXMzJoT8vdjlAilVsgU98JRXEg2Wq
++5NYlLmkFpJGEvlejqGH8H73R7nFgu5aYeHetScXZmKW7itTiJoECxqX0Yqr/NQLa
++9fSsuRxs0TQUVVKlMoAVokstvrW4v8rtxIU9UqfktOUs3U/kq0GCFwASSwdeGPW4
++oWfeLK2W9TEICSoW6P38+/vNqXTe7N9x7M6wyfc8HrGM0uYiZrPSodID6yvkJtBv
++wqS9vw9mlczrBF2m55o1dehZbWuncj6CO0Jc/xC8HqpnP8BLNb7/TyPyQrISeQjN
++2LqCFq1dAdQ=
++-----END CERTIFICATE-----
+diff --git a/repos/system_upgrade/common/files/prod-certs/9.5/363.pem b/repos/system_upgrade/common/files/prod-certs/9.5/363.pem
+new file mode 100644
+index 00000000..8c15335b
+--- /dev/null
++++ b/repos/system_upgrade/common/files/prod-certs/9.5/363.pem
+@@ -0,0 +1,35 @@
++-----BEGIN CERTIFICATE-----
++MIIGJjCCBA6gAwIBAgIJALDxRLt/tVPIMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
++VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
++YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
++IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
++ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDExNjE1Mjk1OFoXDTQ0MDEx
++NjE1Mjk1OFowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFtkNWEyNjZi
++MC0zMzUwLTQxYTMtYmRmZC1kZmIyNmJmZDdmMDFdMIICIjANBgkqhkiG9w0BAQEF
++AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
++sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
++8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
++RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
++5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
++xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
++QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
++yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
++1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
++5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
++ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
++AwEAAaOBrzCBrDAJBgNVHRMEAjAAMDoGDCsGAQQBkggJAYJrAQQqDChSZWQgSGF0
++IEVudGVycHJpc2UgTGludXggZm9yIEFSTSA2NCBCZXRhMBoGDCsGAQQBkggJAYJr
++AgQKDAg5LjUgQmV0YTAZBgwrBgEEAZIICQGCawMECQwHYWFyY2g2NDAsBgwrBgEE
++AZIICQGCawQEHAwacmhlbC05LHJoZWwtOS1iZXRhLWFhcmNoNjQwDQYJKoZIhvcN
++AQELBQADggIBAM+fiLd/oETC0reNeAtlG0W+FcBdMm3Bl78L7X6Yj4cFLNjfk0PO
++1E8EVGUjw+nx9ZwPlxAdP15Sh90oPztwRgQB2SwyBugYvvQAVY/0VsGvcsq8VyHD
++IDd/mcPMjtFf+ZUqwhy3l1pbxXFiV+sMQtpltdboM5uIVEhZ6+C9hCAawHrQRcOM
++z9usjgqzxjA2jcg0QX0A0ICKmbL4r9dwnX/Wpjo1P7CJUn5gNmJcoMcVYnUmFZ3I
++oVlf+cLOWoex6BzK/QHr+UV+jnPj0d8EmS5vXgzE8Afj31iPn33JavOtsUfdr1hK
++rrdJcHGbKj/lukUIzWBbxr/snq3iC2/hn0AW57GUCpbu9eeNH2pP7G5dNPXK0CpQ
++/ThqyYdvht9HV89YqtLT+bUNjjAe8xhFCSkyBtheOBtG4zR3ctJvRCAb7kmqhTeo
++DzDNcuf0vhWV5m2g4VQ0hbUnJCt1c0eLyF7aFA6oi8xMH7CaIrwrcoO7XbQCdtW6
++uHuxNo8QQHgql6VQdNhlZpXjR/4F66WYzprs1+TITZqGXkZk1NTCjCGtWJBp/In+
++HaDSbe+w4eZ/g6OaLyTOw3X7nPz+2j/2eJnNG9FpZt7mhiSfKwgQpTB7sCkiLg+C
++YEKJL0NUBfag6Ahkjqdh/Ptldm8H+hjwzrMX0JtsyD/tJpVMb7LlkGi7
++-----END CERTIFICATE-----
+diff --git a/repos/system_upgrade/common/files/prod-certs/9.5/419.pem b/repos/system_upgrade/common/files/prod-certs/9.5/419.pem
+new file mode 100644
+index 00000000..3dd6f54b
+--- /dev/null
++++ b/repos/system_upgrade/common/files/prod-certs/9.5/419.pem
+@@ -0,0 +1,35 @@
++-----BEGIN CERTIFICATE-----
++MIIGFzCCA/+gAwIBAgIJALDxRLt/tVPeMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
++VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
++YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
++IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
++ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDExNjE1MzAyMFoXDTQ0MDEx
++NjE1MzAyMFowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFs1Yjk4YWE3
++Mi1jODQ4LTQ3M2UtOGQ2Ni1lMGU1NzQ1OGYwMDddMIICIjANBgkqhkiG9w0BAQEF
++AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
++sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
++8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
++RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
++5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
++xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
++QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
++yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
++1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
++5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
++ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
++AwEAAaOBoDCBnTAJBgNVHRMEAjAAMDUGDCsGAQQBkggJAYMjAQQlDCNSZWQgSGF0
++IEVudGVycHJpc2UgTGludXggZm9yIEFSTSA2NDAVBgwrBgEEAZIICQGDIwIEBQwD
++OS41MBkGDCsGAQQBkggJAYMjAwQJDAdhYXJjaDY0MCcGDCsGAQQBkggJAYMjBAQX
++DBVyaGVsLTkscmhlbC05LWFhcmNoNjQwDQYJKoZIhvcNAQELBQADggIBAL680KfM
++f4EeH2dvDkjsgTcRbSvkp08PUG671wLnVfIK0Ay9aLvExwoZK6a0hc1U3eLOrrlT
++Kq6MTNhpkeE7RLtGaBMZMNICGrC+Gh1r0uR0a59xAjWly5QodQ05znSjXbdaGkBU
++8vxtGm+ho9dJguEOn1d0Y8racomdK84+mivtLyc6pK3712nHTYmwQX/gzQ3dM/hm
++gB+btQo+crObv2OfjUiN+W5k2eX+DRPsgu9bIpXQaHY4l+CvoZR3/Ww7Xzut4CQE
++aAOpDbv/xAWPkWJ4CdSJp8jN6xGN05Grfw6xeBsTY+XFuoWlW4/9RsY3Qd8tjhTl
++wsIUGOUxxuDDjKq4MoEvbm+w/B0rZHOcMbE0sPi0YFRsRB5/REYJZ0fnOOikEZOw
++GC7EA38HITdkugveWL/NRkwg0AvNNt7ILNYXLVbskTBqw7QnWTy/vgxb/a2lyQuQ
++E+j/NfINlDMXbitb5Nymg45Yl3XDkmeuEQKY2TUKdWype6NRDfJpHBNeeWNWZxrG
++8u+/biqhXbYODlHp1VYRItz7BbTf+YCz7wFnCXBJA7gNPJDCwirIvJm9B15A3Hu3
++0gd0f0TciKQH1PPnKZicxsEGI9C1sf5LRv+QuVGRvWDnF4GeS5r6OnCz06hndwyj
++cuuGz2+UpjGvrPb9BtkDK2vUML0yaqj+pY7i
++-----END CERTIFICATE-----
+diff --git a/repos/system_upgrade/common/files/prod-certs/9.5/433.pem b/repos/system_upgrade/common/files/prod-certs/9.5/433.pem
+new file mode 100644
+index 00000000..de388174
+--- /dev/null
++++ b/repos/system_upgrade/common/files/prod-certs/9.5/433.pem
+@@ -0,0 +1,35 @@
++-----BEGIN CERTIFICATE-----
++MIIGKTCCBBGgAwIBAgIJALDxRLt/tVPKMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
++VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
++YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
++IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
++ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDExNjE1Mjk1OVoXDTQ0MDEx
++NjE1Mjk1OVowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFtmNjQ4ZjZk
++ZC0xZDhjLTQ2ZWYtOTZjYy02NWQ4NzA1MTNlMmFdMIICIjANBgkqhkiG9w0BAQEF
++AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
++sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
++8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
++RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
++5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
++xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
++QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
++yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
++1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
++5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
++ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
++AwEAAaOBsjCBrzAJBgNVHRMEAjAAMEEGDCsGAQQBkggJAYMxAQQxDC9SZWQgSGF0
++IEVudGVycHJpc2UgTGludXggZm9yIElCTSB6IFN5c3RlbXMgQmV0YTAaBgwrBgEE
++AZIICQGDMQIECgwIOS41IEJldGEwFwYMKwYBBAGSCAkBgzEDBAcMBXMzOTB4MCoG
++DCsGAQQBkggJAYMxBAQaDBhyaGVsLTkscmhlbC05LWJldGEtczM5MHgwDQYJKoZI
++hvcNAQELBQADggIBAIdymcUPQMVEtwFpOCTyUArt1qx5pzoHmQvsGEBaGbeyiXmQ
++4/5Nv5YgTyefrDR/uyu3ubg8BSTV8zgqqISpq3bVz2qWHTD024IqszhIvXYihHjR
++aqzhgfbd7u+OfkZGa5WqFKFCNgQ93UBmp6g2dkR1gaF63kI9aal6fhNV6wBJitND
++WXb+lGykB/i3X+HFuhXFYcFWCDvVNEpf3pyWLbXLDXsdP8+nkLFKGNnBwxRdARx8
++sPz3HxStVBnf1mdhp+uGz8j14a5/psjhaqB4Vf9pCuOVLb6d+XdxJhVBTtD7C01a
++Yp/e6He7tcEFHV7YU6qFN49kGk2eDBrMrE8svQ/StSJwHXarquq0z3QKjf4amLz5
++DUvy0H0dxWUiYiiBx7mD68f5ng/lrsTl91frhQHRo5yLKrG9NQhfWe8wW8dVI8un
++kzfesD5aDImYz0ClQAYROjzBXnMTJlVwGklSa3mrF7r8mKwsWmfvx2W8wGEF/Y27
++BpYOVLvP22lhbuNZuSxnsTEAF5tzLcRI/nwox0Xsjb0ieS5J/7+0CGe24DpmQI0b
++Dg0sSQhVzhYQkW6fwsTxZa+U2L7UcT/hojUMwji5t2n150LWcadcrtjTNnA7KJpu
++8DGVW89eCmtJI9dEoQzG49GzOQ8iCmfsxWp3Epsbv8wCXtj9pvLmU7ioizSp
++-----END CERTIFICATE-----
+diff --git a/repos/system_upgrade/common/files/prod-certs/9.5/479.pem b/repos/system_upgrade/common/files/prod-certs/9.5/479.pem
+new file mode 100644
+index 00000000..3352d4a8
+--- /dev/null
++++ b/repos/system_upgrade/common/files/prod-certs/9.5/479.pem
+@@ -0,0 +1,35 @@
++-----BEGIN CERTIFICATE-----
++MIIGFTCCA/2gAwIBAgIJALDxRLt/tVPhMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
++VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
++YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
++IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
++ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDExNjE1MzAyMVoXDTQ0MDEx
++NjE1MzAyMVowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFszYWQ2NDlj
++NS1jOTNjLTQ2NjItYWIxMy1iNzE4ODNmNWVmNzJdMIICIjANBgkqhkiG9w0BAQEF
++AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
++sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
++8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
++RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
++5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
++xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
++QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
++yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
++1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
++5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
++ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
++AwEAAaOBnjCBmzAJBgNVHRMEAjAAMDUGDCsGAQQBkggJAYNfAQQlDCNSZWQgSGF0
++IEVudGVycHJpc2UgTGludXggZm9yIHg4Nl82NDAVBgwrBgEEAZIICQGDXwIEBQwD
++OS41MBgGDCsGAQQBkggJAYNfAwQIDAZ4ODZfNjQwJgYMKwYBBAGSCAkBg18EBBYM
++FHJoZWwtOSxyaGVsLTkteDg2XzY0MA0GCSqGSIb3DQEBCwUAA4ICAQBwU1eipuYq
++/N0j9MiytX8Lvm/+xwPsg+/vpG1o2ro1Dts9U1xZDFt/Fg8+9wnApOMO2reS2aEG
++f/ZJX+R/xWdlhlQTE9z5QTk3k3b7H79b8xWfJcbQU1ZwlaSrIba4FgmHx2h2PN3r
++GNpswVsdXyCjfitBWG/uQlWi2RKDU+B5zD+8HBC3io9qPLYRybTGjfmQ/GlEINxA
++NtnkoE+rDLGSMZNlUpmpjccK8nCLgf70csRloen8MbRH4j4kkVfmjHn75lLk0epb
++zojsGHBRGvtwZzS3X7M03OB+uDoNGUKcD5RUq4zo2Rnlu9Xh0rhvG6wF9KeU2q30
++hMR6eXJ4blMhpmCBWhvIAqVm68zUnWxPPFWa1hZzECaVuarGd0ncgrm21NiT+mE2
++ZkrNBBmmZ7Hckv5QP83ynOXr4SkNEf/50rmPhcWaAD3MZr3mgOK5sg0E/diBbVmz
++ZNw1jJ59HvNvKlxeqJqsFW4MkCDBccVPGDna3P4NXSXW5RYGgF0txNfQZc1briuz
++bO+U3NAQocEdqUwflId5v97g0YElVliPdsM8b8xixrCCZT1pOXU46UXBP8+Nri70
++apME6luow+D4f4ZWqMWg3KJV3FmlYPmn04WMo6EvFv5hvmlu5n6OheBqyzv/Zc1I
++SVE+LwwzANJjNHA8PejmIqLbqzqHYrFbHg==
++-----END CERTIFICATE-----
+diff --git a/repos/system_upgrade/common/files/prod-certs/9.5/486.pem b/repos/system_upgrade/common/files/prod-certs/9.5/486.pem
+new file mode 100644
+index 00000000..a0c7c085
+--- /dev/null
++++ b/repos/system_upgrade/common/files/prod-certs/9.5/486.pem
+@@ -0,0 +1,35 @@
++-----BEGIN CERTIFICATE-----
++MIIGJDCCBAygAwIBAgIJALDxRLt/tVPLMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
++VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
++YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
++IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
++ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDExNjE1Mjk1OVoXDTQ0MDEx
++NjE1Mjk1OVowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFtiYjI5ZDU3
++NC0yNDM5LTRmYTktOWI2Zi1lOWE1NzVkZDU0ZGJdMIICIjANBgkqhkiG9w0BAQEF
++AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
++sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
++8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
++RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
++5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
++xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
++QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
++yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
++1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
++5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
++ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
++AwEAAaOBrTCBqjAJBgNVHRMEAjAAMDoGDCsGAQQBkggJAYNmAQQqDChSZWQgSGF0
++IEVudGVycHJpc2UgTGludXggZm9yIHg4Nl82NCBCZXRhMBoGDCsGAQQBkggJAYNm
++AgQKDAg5LjUgQmV0YTAYBgwrBgEEAZIICQGDZgMECAwGeDg2XzY0MCsGDCsGAQQB
++kggJAYNmBAQbDBlyaGVsLTkscmhlbC05LWJldGEteDg2XzY0MA0GCSqGSIb3DQEB
++CwUAA4ICAQC26JzDoY4bAGS+1o4L9vWLAk8zeaFWRCzXmTnEEQk6jyIP+I1lS0rH
++8QWMu8bnnqeSOkb6qhSuiffwvd2TiYtapMf4rZ6vXQ+zTzuAO9/wRAVsQt2ElBf0
++dU0Ghym9Xz/oUWP8TxZNjYuk/uRRTH9y/fVQWJ2PCP7BT3m3arMhpkyB9sNgoQDS
++Yjb/d5wHgFyIW0ZOjJrM/ThR4xj8wXWFmjidDGXbn8V0Md8NUTo2QDZuoGwH4UKA
++RlF1hjnw2uSr81RvXdWhXeG1XNjW0mJerR2v1T9dCK/QOtYJLIFX8opG05axeJ6y
++FHwbuPi9uCvL2WlWXlfsofgVax9LUPWsN0pwL3B38h2m29nWjRi8g8ob10yGmapA
++ksLACBur0QXKVUGfU0gI5Kd1CpKQMRHXXW3D+i77mfKJF+uLcle4tF2mzxuXmuxn
++3WD+2mmjVWnn5Hx/6A8nELdD5oD4qRN4fydUp2r7UDpVZLqggzvwydhoR1eJvm1K
++1ompaqRTXG5rwpEkqIz1gyJZqTt/35G8XXgwIr6gYSJzcQfFnt6VqYI/tdSu7tAh
+++qN6v3nBrASsHjIMO3qldwk3BTPfzTorzDrDi7240B2JLqdd+SeqkAcANDPcWIeZ
++p/JQSedJCYKf0UZ7ry+sJmjhdWLi5ooLq7RPUbXd7kdLCqj2Y8llNg==
++-----END CERTIFICATE-----
+diff --git a/repos/system_upgrade/common/files/prod-certs/9.5/72.pem b/repos/system_upgrade/common/files/prod-certs/9.5/72.pem
+new file mode 100644
+index 00000000..38c94ef7
+--- /dev/null
++++ b/repos/system_upgrade/common/files/prod-certs/9.5/72.pem
+@@ -0,0 +1,35 @@
++-----BEGIN CERTIFICATE-----
++MIIGFjCCA/6gAwIBAgIJALDxRLt/tVPgMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
++VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
++YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
++IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
++ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDExNjE1MzAyMVoXDTQ0MDEx
++NjE1MzAyMVowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFs3NTNmOWU4
++ZS00ZDdhLTRiZjAtOTgzMi1mYjUzOTFiNWJjNmZdMIICIjANBgkqhkiG9w0BAQEF
++AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
++sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
++8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
++RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
++5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
++xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
++QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
++yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
++1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
++5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
++ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
++AwEAAaOBnzCBnDAJBgNVHRMEAjAAMDsGCysGAQQBkggJAUgBBCwMKlJlZCBIYXQg
++RW50ZXJwcmlzZSBMaW51eCBmb3IgSUJNIHogU3lzdGVtczAUBgsrBgEEAZIICQFI
++AgQFDAM5LjUwFgYLKwYBBAGSCAkBSAMEBwwFczM5MHgwJAYLKwYBBAGSCAkBSAQE
++FQwTcmhlbC05LHJoZWwtOS1zMzkweDANBgkqhkiG9w0BAQsFAAOCAgEAu5Ud+Lr+
++ymSvv1ZmDgjZmECL254g+TJ9mqYKpZNELZJwUHbfiFETGD1k6nK6NwHIFJae0CIb
++LbeQ3bIYdbO5/RgcCIL8QUIiksYi7XzfsnJGegMOiYImoqNunQH2YTD3PRHAPy1k
++cji1k0VLISCh/4Qh8m6fT1W/fb1B2+y+Rfkzob4LewdwhfvXkh6uTEj/XKK5itiX
++GdHkahr/eE7ooQM9gty7vOX4hXRsVDgf/zjqko+2wCcO6peh6uqU8e9dZ2oqchMy
++pJlGaGMQ+I0x8XJ2dlt61mHYTgrbjcvXMEN/Kus0LFAp2mxvlhSStFkwvXfZBqTa
++e+qnKDdNLgQcxdlK7p6mwz37XjfPdpMsh4SC4o/e+HVSb5L84nn9SSDp5l+gsNXf
++4XpV+v/dYSS/cB5x4kjcACACPWSobpJc7FJ/NXCp1L0V/mvrQijSQoX9TqzJtgbv
++btKHUTrwgLpvQMEjfv8ZvNGhCCAl/IM02ACTg+GG2oNTwJKc1ogXFfP5WYVW9vEZ
++yYDQbT9mtjfiyqI/nJXvfBbnqxUHgD3lcKs8PpnE0khIkYHoAjs+c7PFfntE08Sa
++UdS/tVQ3Swwu2WczaDiVSwqfssWisHGjkIG6Fv5kmM3PNFCPpNCYnabMs+maaeyV
++jd/FZrkWz+0TLseJ8xeo0MajgW4IjRqBxwg=
++-----END CERTIFICATE-----
+diff --git a/repos/system_upgrade/common/files/upgrade_paths.json b/repos/system_upgrade/common/files/upgrade_paths.json
+index 880595c0..43bd049a 100644
+--- a/repos/system_upgrade/common/files/upgrade_paths.json
++++ b/repos/system_upgrade/common/files/upgrade_paths.json
+@@ -2,9 +2,9 @@
+     "default": {
+         "7.9": ["8.8", "8.10"],
+         "8.8": ["9.2"],
+-        "8.10": ["9.4"],
++        "8.10": ["9.4", "9.5"],
+         "7": ["8.8", "8.10"],
+-        "8": ["9.2", "9.4"]
++        "8": ["9.2", "9.4", "9.5"]
+     },
+     "saphana": {
+         "7.9": ["8.10", "8.8"],
+-- 
+2.44.0
+

SOURCES/0001-rhui-alibaba-add-ARM-RHEL8-and-RHEL9-setup-entries-1.patch

@@ -1,44 +0,0 @@
-From fbc38d4ad1d828e0553579e3719c0e4ed4a2a6bd Mon Sep 17 00:00:00 2001
-From: jinkangkang <1547182170@qq.com>
-Date: Mon, 19 Aug 2024 18:46:08 +0800
-Subject: [PATCH 01/40] rhui(alibaba): add ARM RHEL8 and RHEL9 setup entries
- (#1277)
-
-Since leapp's RHUI mechanism filters setups based on the architecture of the source system,
-it was not possible to upgrade of ARM-based RHEL systems on Alibaba cloud as there
-were no ARM entries in RHUI_SETUPS. This patch adds these entries, making it possible
-for EL 8 -> 9 upgrades of ARM systems on Alibaba cloud.
----
- repos/system_upgrade/common/libraries/rhui.py | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-diff --git a/repos/system_upgrade/common/libraries/rhui.py b/repos/system_upgrade/common/libraries/rhui.py
-index 51694ac2..30de0275 100644
---- a/repos/system_upgrade/common/libraries/rhui.py
-+++ b/repos/system_upgrade/common/libraries/rhui.py
-@@ -348,6 +348,22 @@ RHUI_SETUPS = {
-                         ('content.crt', RHUI_PKI_PRODUCT_DIR)
-                       ],
-                       os_version='9'),
-+    ],
-+    RHUIFamily(RHUIProvider.ALIBABA, arch=arch.ARCH_ARM64, client_files_folder='alibaba'): [
-+        mk_rhui_setup(clients={'aliyun_rhui_rhel8'}, leapp_pkg='leapp-rhui-alibaba',
-+                      mandatory_files=[('leapp-alibaba.repo', YUM_REPOS_PATH)],
-+                      optional_files=[
-+                        ('key.pem', RHUI_PKI_DIR),
-+                        ('content.crt', RHUI_PKI_PRODUCT_DIR)
-+                      ],
-+                      os_version='8'),
-+        mk_rhui_setup(clients={'aliyun_rhui_rhel9'}, leapp_pkg='leapp-rhui-alibaba',
-+                      mandatory_files=[('leapp-alibaba.repo', YUM_REPOS_PATH)],
-+                      optional_files=[
-+                        ('key.pem', RHUI_PKI_DIR),
-+                        ('content.crt', RHUI_PKI_PRODUCT_DIR)
-+                      ],
-+                      os_version='9'),
-     ]
- }
- 
--- 
-2.47.0
-

SOURCES/0002-don-t-require-all-versions-to-be-defined-for-obsolet.patch

@@ -1,41 +0,0 @@
-From 7e0fb44bb673893d0409903f6a441d0eb2829d22 Mon Sep 17 00:00:00 2001
-From: Evgeni Golov <evgeni@golov.de>
-Date: Tue, 20 Aug 2024 15:11:02 +0200
-Subject: [PATCH 02/40] don't require all versions to be defined for obsoleted
- keys
-
-in releases where we do not have any obsoleted keys, we still had to
-define an entry (with an empty list), as otherwise the code would fail
-
-instead, we can catch the KeyError and carry on as nothing happened
----
- .../libraries/removeobsoleterpmgpgkeys.py           | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py b/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py
-index 6e84c2e9..bda7efa3 100644
---- a/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py
-+++ b/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py
-@@ -12,11 +12,14 @@ def _get_obsolete_keys():
-     distribution = api.current_actor().configuration.os_release.release_id
-     obsoleted_keys_map = get_distribution_data(distribution).get('obsoleted-keys', {})
-     keys = []
--    for version in range(7, int(get_target_major_version()) + 1):
--        for key in obsoleted_keys_map[str(version)]:
--            name, version, release = key.rsplit("-", 2)
--            if has_package(InstalledRPM, name, version=version, release=release):
--                keys.append(key)
-+    try:
-+        for version in range(7, int(get_target_major_version()) + 1):
-+            for key in obsoleted_keys_map[str(version)]:
-+                name, version, release = key.rsplit("-", 2)
-+                if has_package(InstalledRPM, name, version=version, release=release):
-+                    keys.append(key)
-+    except KeyError:
-+        pass
- 
-     return keys
- 
--- 
-2.47.0
-

SOURCES/0003-Add-RHEL-10.0-prod-certs.patch

@@ -1,226 +0,0 @@
-From 9f2f1726d8a5bdd12309a3a3111984f1666b903f Mon Sep 17 00:00:00 2001
-From: Matej Matuska <mmatuska@redhat.com>
-Date: Thu, 22 Aug 2024 15:52:19 +0200
-Subject: [PATCH 03/40] Add RHEL 10.0 prod-certs
-
-Previously we temporarily used the RHEL 9 x86_64 prod cert for others
-archs it was missing completely.
-
-Jira: OAMG-11138
----
- .../common/files/prod-certs/10.0/279.pem      | 37 ++++++++++
- .../common/files/prod-certs/10.0/419.pem      | 37 ++++++++++
- .../common/files/prod-certs/10.0/479.pem      | 68 ++++++++++---------
- .../common/files/prod-certs/10.0/72.pem       | 37 ++++++++++
- 4 files changed, 146 insertions(+), 33 deletions(-)
- create mode 100644 repos/system_upgrade/common/files/prod-certs/10.0/279.pem
- create mode 100644 repos/system_upgrade/common/files/prod-certs/10.0/419.pem
- create mode 100644 repos/system_upgrade/common/files/prod-certs/10.0/72.pem
-
-diff --git a/repos/system_upgrade/common/files/prod-certs/10.0/279.pem b/repos/system_upgrade/common/files/prod-certs/10.0/279.pem
-new file mode 100644
-index 00000000..f62340fc
---- /dev/null
-+++ b/repos/system_upgrade/common/files/prod-certs/10.0/279.pem
-@@ -0,0 +1,37 @@
-+-----BEGIN CERTIFICATE-----
-+MIIGczCCBFugAwIBAgIUfZodBQY+YRSlyRRiFX1dx4vQ5y4wDQYJKoZIhvcNAQEL
-+BQAwga4xCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEWMBQG
-+A1UECgwNUmVkIEhhdCwgSW5jLjEYMBYGA1UECwwPUmVkIEhhdCBOZXR3b3JrMS4w
-+LAYDVQQDDCVSZWQgSGF0IEVudGl0bGVtZW50IFByb2R1Y3QgQXV0aG9yaXR5MSQw
-+IgYJKoZIhvcNAQkBFhVjYS1zdXBwb3J0QHJlZGhhdC5jb20wHhcNMjQwODE1MDYx
-+NjQ5WhcNNDQwODE1MDYxNjQ5WjBEMUIwQAYDVQQDDDlSZWQgSGF0IFByb2R1Y3Qg
-+SUQgWzA0YTU4NDFkLTVlNmUtNDU1Yy1hZWYwLTdhOTQ0NTBiNjg3Nl0wggIiMA0G
-+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGP0nTjP4TN3LHVTfeQV+0u/Se01LU
-+FJ66GhksOGzXzKSx6kbuFde0eHYIwV8tmZOMDIv2LVezHKRClVB1dMalQXfcLaoF
-+AcHmCViz353vzXHynybzMXFs9xbzZMglduBbcStWHy+TmoJsbVwIAAdv4NYyrQQD
-+LLVuX8mACCFg0YFG8ok5tN0Kt2liHTYpSoEuRI9ke+joNQkU3fsxcOlV5Cr1W2pG
-+OkosvC4R9dvRjsjnEQ6tHeRhs5oEBZW3eZhnW3Qv8p9jaNU51TlYXLIH0+Fsx0uL
-+XETzTWP4YmvBwtrGaq+PhRogJHNw8BM/zrNUzUEFBr6WKWRFB6zkfKNnNkOIZi52
-+deFuqYuj+fRy5ehAFVWOHNFMzHvUSKJqGaLD5TW8aqQeFA3FvXce03WVwCFQIOvH
-+F4y+sCNh1aliWkjJbc2yw9a3VhQeJ0wFIAngpy0h/3V3IT3dpK2XHAL9CfIWxk6Z
-+wSwHNUKfP0aZYyXX/pfMFLXINSoHKSXHRMsf7P+wr0D47atkDLWYHIJjBXG9s5mG
-+eobEC5OghL4DzW/mEKOwKI5JxUH5yKXfRgG7RwfzlFnQgs2Qd0p2sstZbjCOmEra
-+cGfaDaLf7O1/6dAQPalCpn+uG5bv2NzIJmX2Rep7XA50XQLBqHg3r/cvMhcQQrIQ
-+nE2pDC01zYhUTwIDAQABo4HxMIHuMAkGA1UdEwQCMAAwQwYMKwYBBAGSCAkBghcB
-+BDMMMVJlZCBIYXQgRW50ZXJwcmlzZSBMaW51eCBmb3IgUG93ZXIsIGxpdHRsZSBl
-+bmRpYW4wFgYMKwYBBAGSCAkBghcCBAYMBDEwLjAwGQYMKwYBBAGSCAkBghcDBAkM
-+B3BwYzY0bGUwKQYMKwYBBAGSCAkBghcEBBkMF3JoZWwtMTAscmhlbC0xMC1wcGM2
-+NGxlMB0GA1UdDgQWBBRh6iC1NXyvZ2Q6/2sI5hB40M0flTAfBgNVHSMEGDAWgBSW
-+/bscQED/QIStsh8LJsHDam/WfDANBgkqhkiG9w0BAQsFAAOCAgEAv6ySsgygc2z2
-+kQJeu9sdvBNFKe+gEtXbPu6+rZKPPosW3cggMJCnsZgki3nUogovz0Z3MPkbmRz+
-+GJwVjiVBnfUQLoORSDYwqYZB4WRoqszW/dytd7/64IehvD/JZo3Oa8BNYRSG/Ukh
-+7iUIT8ryFIH1DTUIersVObINN2gk3hC2JJXoTfNqIYG+4OAEUE7/F4CptRAGbgH/
-+4/9vfe2KNXvPMoWvILpXpD5w8t9Xh0Wl97N1W7+FLVRwQHAQ2/yBTu/sY27FvVSl
-+0o+SBSvjTKIi+9QslRpi0QCVza5WxHTiO8nzYgzFjfMkt6lzK74puf3VJavpqkQ9
-+dVfyp36A3Fh6vDsiNxhsfKrp8z2JnKA3vdslsH7cOHCIFYHXiqeaP654t4oGeESD
-+EPfS6PpXSyi47Kd/qjA2srgpXNQl2yMd0ih6NoHaoSYXFfb4LX6cWFGcT/AWZsaC
-+xv2pN9J0KhF2loLp8SK19FESc0rJShkAacTcxeYjuDYbvLtJi4Z5aWWVU421rMSs
-+X9IdiWa4WL70ZaDK5cP54S4zZNsVDKniUzNXwPltDCpqefy8ka4o5QlWNreBrXXW
-+6cy8I6L2om7xZ5hAZ3CB7nUZe9QE/LXnHqK3cQetvd5Q2LMnp6gVtgQ4a+7vD9xz
-+ExLtbBZjvGJFudimMmOxvn/J5+GMmm4=
-+-----END CERTIFICATE-----
-diff --git a/repos/system_upgrade/common/files/prod-certs/10.0/419.pem b/repos/system_upgrade/common/files/prod-certs/10.0/419.pem
-new file mode 100644
-index 00000000..08cb5b02
---- /dev/null
-+++ b/repos/system_upgrade/common/files/prod-certs/10.0/419.pem
-@@ -0,0 +1,37 @@
-+-----BEGIN CERTIFICATE-----
-+MIIGZTCCBE2gAwIBAgIUWARL99TkK+hxtTJkE5icdHXLfY0wDQYJKoZIhvcNAQEL
-+BQAwga4xCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEWMBQG
-+A1UECgwNUmVkIEhhdCwgSW5jLjEYMBYGA1UECwwPUmVkIEhhdCBOZXR3b3JrMS4w
-+LAYDVQQDDCVSZWQgSGF0IEVudGl0bGVtZW50IFByb2R1Y3QgQXV0aG9yaXR5MSQw
-+IgYJKoZIhvcNAQkBFhVjYS1zdXBwb3J0QHJlZGhhdC5jb20wHhcNMjQwODE1MDYx
-+NjQ5WhcNNDQwODE1MDYxNjQ5WjBEMUIwQAYDVQQDDDlSZWQgSGF0IFByb2R1Y3Qg
-+SUQgW2Y3ZWFmNGU2LTYwZGYtNDMyNC04N2I0LTdhNGUzZGVkZmViNV0wggIiMA0G
-+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGP0nTjP4TN3LHVTfeQV+0u/Se01LU
-+FJ66GhksOGzXzKSx6kbuFde0eHYIwV8tmZOMDIv2LVezHKRClVB1dMalQXfcLaoF
-+AcHmCViz353vzXHynybzMXFs9xbzZMglduBbcStWHy+TmoJsbVwIAAdv4NYyrQQD
-+LLVuX8mACCFg0YFG8ok5tN0Kt2liHTYpSoEuRI9ke+joNQkU3fsxcOlV5Cr1W2pG
-+OkosvC4R9dvRjsjnEQ6tHeRhs5oEBZW3eZhnW3Qv8p9jaNU51TlYXLIH0+Fsx0uL
-+XETzTWP4YmvBwtrGaq+PhRogJHNw8BM/zrNUzUEFBr6WKWRFB6zkfKNnNkOIZi52
-+deFuqYuj+fRy5ehAFVWOHNFMzHvUSKJqGaLD5TW8aqQeFA3FvXce03WVwCFQIOvH
-+F4y+sCNh1aliWkjJbc2yw9a3VhQeJ0wFIAngpy0h/3V3IT3dpK2XHAL9CfIWxk6Z
-+wSwHNUKfP0aZYyXX/pfMFLXINSoHKSXHRMsf7P+wr0D47atkDLWYHIJjBXG9s5mG
-+eobEC5OghL4DzW/mEKOwKI5JxUH5yKXfRgG7RwfzlFnQgs2Qd0p2sstZbjCOmEra
-+cGfaDaLf7O1/6dAQPalCpn+uG5bv2NzIJmX2Rep7XA50XQLBqHg3r/cvMhcQQrIQ
-+nE2pDC01zYhUTwIDAQABo4HjMIHgMAkGA1UdEwQCMAAwNQYMKwYBBAGSCAkBgyMB
-+BCUMI1JlZCBIYXQgRW50ZXJwcmlzZSBMaW51eCBmb3IgQVJNIDY0MBYGDCsGAQQB
-+kggJAYMjAgQGDAQxMC4wMBkGDCsGAQQBkggJAYMjAwQJDAdhYXJjaDY0MCkGDCsG
-+AQQBkggJAYMjBAQZDBdyaGVsLTEwLHJoZWwtMTAtYWFyY2g2NDAdBgNVHQ4EFgQU
-+YeogtTV8r2dkOv9rCOYQeNDNH5UwHwYDVR0jBBgwFoAUlv27HEBA/0CErbIfCybB
-+w2pv1nwwDQYJKoZIhvcNAQELBQADggIBAIpdcHN7RN18pg5ELfc55Sj58ivL5N25
-+19KprqbM7aVum32abw7/Qksfs6maGQpU6Hh/UqhJlGQ2bN48jZ/kdMKor4agSQ/T
-+iwr3b8RBJFPVCuqQJXIe4g3iRbHfnIjGxgoMgv36j58PENoEnpPtR7ZtHMyqQ2SO
-+m1WRQhY5tJ4Fk/Zkx/trxlNvmsTAjNRa530kqG4TfiMVvWNaVdxHsjMv0lXLJRXx
-+KT6+iHt2QBs2No5O8cjlXr/CzfGrB5TlBNrsHqhO0Llmw28KpcWGYGdexKdIHrDG
-+A/K0Pr21yRstUWN39jz/tdEqt1q8T7/it3oM976keQmFAxBa/CpyEG5Y6FKw9+F0
-+LtkAyI3XGHK7LbCOE67s7u0/BfgQvww1FqztVnVZ4sXlagj/IuYPJBhfGDe/6tik
-+laqP8FtR6xJdSra2YQMBc0kZb0Sv1uy7pGofNSvLM5L76XqiwKoDVo/eAcl60OWY
-+rF86pEDLGDmdJBLJKX2/77pzpQpZ9Yvc4vWwoZrP4gRKBuWF28aLH0OsWzdsfdMG
-+9+DrcO/58slMbWng1ZzOQyEjp7x1kto5sa5m2q8LMo06ETYT8ps5A0hyltBz1yAt
-+JEBS4Y14YlF6Px67aTak07MNo7AaaphuD47D2Sy3pwHa+vOx4nv/G33+G0iOm3Lr
-+zVAjwlfLIUB9
-+-----END CERTIFICATE-----
-diff --git a/repos/system_upgrade/common/files/prod-certs/10.0/479.pem b/repos/system_upgrade/common/files/prod-certs/10.0/479.pem
-index 1ea1cd3d..d89f6188 100644
---- a/repos/system_upgrade/common/files/prod-certs/10.0/479.pem
-+++ b/repos/system_upgrade/common/files/prod-certs/10.0/479.pem
-@@ -1,35 +1,37 @@
- -----BEGIN CERTIFICATE-----
--MIIGFTCCA/2gAwIBAgIJALDxRLt/tVDQMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
--VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
--YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
--IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
--ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTIzMDcxOTE2MzQwOFoXDTQzMDcx
--OTE2MzQwOFowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFsxZDg0ZDQ5
--Ny1jZmNmLTQxNjEtOTM0YS0zNzk2MDU4M2ZmZGZdMIICIjANBgkqhkiG9w0BAQEF
--AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
--sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
--8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
--RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
--5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
--xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
--QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
--yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
--1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
--5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
--ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
--AwEAAaOBnjCBmzAJBgNVHRMEAjAAMDUGDCsGAQQBkggJAYNfAQQlDCNSZWQgSGF0
--IEVudGVycHJpc2UgTGludXggZm9yIHg4Nl82NDAVBgwrBgEEAZIICQGDXwIEBQwD
--OS40MBgGDCsGAQQBkggJAYNfAwQIDAZ4ODZfNjQwJgYMKwYBBAGSCAkBg18EBBYM
--FHJoZWwtOSxyaGVsLTkteDg2XzY0MA0GCSqGSIb3DQEBCwUAA4ICAQCGUDPFBrLs
--sK/RITJothRhKhKNX3zu9TWRG0WKxszCx/y7c4yEfH1TV/yd7BNB2RubaoayWz8E
--TQjcRW8BnVu9JrlbdpWJm4eN+dOOpcESPilLnkz4Tr0WYDsT1/jk/uiorK4h21S0
--EwMicuSuEmm0OUEX0zj2X/IyveFRtpJpH/JktznCkvexysc1JRzqMCbal8GipRX9
--Xf7Oko6QiaUpu5GDLN2OXhizYHdR2f3l+Sn2cScsbi3fSVv+DLsnaz6J0kZ4U8q3
--lYk/ZYifJjG+/7cv3e+usixpmK/qYlpOvunUDnqOkDfUs4/4bZjH8e8CdqJk4YvU
--RRtLr7muXEJsaqF7lxAViXnKxT/z/+1kOgN/+Oyzjs4QDsk2HQpWHFgNYSSG9Mmz
--PUS8tk2T0j5sN55X7QRRl5c0oqrBU5XaWyL26QcfONYcR8dBaKawjxg8CI9KzsYY
--sb2jjS+fBkB1OI2c6z4OZRd+0N6FQ6gq++KiXOLFvi/QSFNi9Veb56c5tR2l6fBk
--0pSH06Gg2s0aQg20NdMIr+HaYsVdJRsE1FgQ2tlfFx9rGkcqhgwV3Za/abgtRb2o
--YVwps28DLm41DXf5DnXK+BXFHrtR/3YAZtga+R7OL/RvcF0kc2kudlxqd/8Y33uL
--nqnoATy31FTW4J4rEfanJTQgTpatZmbaLQ==
-+MIIGYzCCBEugAwIBAgIUL5D34AcwqLAbqlUcxntHUCtEVxQwDQYJKoZIhvcNAQEL
-+BQAwga4xCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEWMBQG
-+A1UECgwNUmVkIEhhdCwgSW5jLjEYMBYGA1UECwwPUmVkIEhhdCBOZXR3b3JrMS4w
-+LAYDVQQDDCVSZWQgSGF0IEVudGl0bGVtZW50IFByb2R1Y3QgQXV0aG9yaXR5MSQw
-+IgYJKoZIhvcNAQkBFhVjYS1zdXBwb3J0QHJlZGhhdC5jb20wHhcNMjQwODE1MDYx
-+NjQ5WhcNNDQwODE1MDYxNjQ5WjBEMUIwQAYDVQQDDDlSZWQgSGF0IFByb2R1Y3Qg
-+SUQgWzk5NDZhMmY5LTI4NDMtNDJhOS1iNzhlLTIzM2E5ODIwYjVhZV0wggIiMA0G
-+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGP0nTjP4TN3LHVTfeQV+0u/Se01LU
-+FJ66GhksOGzXzKSx6kbuFde0eHYIwV8tmZOMDIv2LVezHKRClVB1dMalQXfcLaoF
-+AcHmCViz353vzXHynybzMXFs9xbzZMglduBbcStWHy+TmoJsbVwIAAdv4NYyrQQD
-+LLVuX8mACCFg0YFG8ok5tN0Kt2liHTYpSoEuRI9ke+joNQkU3fsxcOlV5Cr1W2pG
-+OkosvC4R9dvRjsjnEQ6tHeRhs5oEBZW3eZhnW3Qv8p9jaNU51TlYXLIH0+Fsx0uL
-+XETzTWP4YmvBwtrGaq+PhRogJHNw8BM/zrNUzUEFBr6WKWRFB6zkfKNnNkOIZi52
-+deFuqYuj+fRy5ehAFVWOHNFMzHvUSKJqGaLD5TW8aqQeFA3FvXce03WVwCFQIOvH
-+F4y+sCNh1aliWkjJbc2yw9a3VhQeJ0wFIAngpy0h/3V3IT3dpK2XHAL9CfIWxk6Z
-+wSwHNUKfP0aZYyXX/pfMFLXINSoHKSXHRMsf7P+wr0D47atkDLWYHIJjBXG9s5mG
-+eobEC5OghL4DzW/mEKOwKI5JxUH5yKXfRgG7RwfzlFnQgs2Qd0p2sstZbjCOmEra
-+cGfaDaLf7O1/6dAQPalCpn+uG5bv2NzIJmX2Rep7XA50XQLBqHg3r/cvMhcQQrIQ
-+nE2pDC01zYhUTwIDAQABo4HhMIHeMAkGA1UdEwQCMAAwNQYMKwYBBAGSCAkBg18B
-+BCUMI1JlZCBIYXQgRW50ZXJwcmlzZSBMaW51eCBmb3IgeDg2XzY0MBYGDCsGAQQB
-+kggJAYNfAgQGDAQxMC4wMBgGDCsGAQQBkggJAYNfAwQIDAZ4ODZfNjQwKAYMKwYB
-+BAGSCAkBg18EBBgMFnJoZWwtMTAscmhlbC0xMC14ODZfNjQwHQYDVR0OBBYEFGHq
-+ILU1fK9nZDr/awjmEHjQzR+VMB8GA1UdIwQYMBaAFJb9uxxAQP9AhK2yHwsmwcNq
-+b9Z8MA0GCSqGSIb3DQEBCwUAA4ICAQAa+c2/Usg6JToULhYTdLhf15Hk6xxdlwT7
-+zZlnZLbuAKtaDqP1NiSiX0Z/lMJzFfW0B/zyWLy8uiXLYmF5V28f8yWK0Nksx2v7
-+I7u6ZZN2dKDQZKsEoP0g3ptvVRWn9h5otS7yPkOK4Dzj04yJqOSGP9bp6OHEhm1S
-+x4ErITkN/3MXOf9vT+I6wydVKsw4fdlWgVjmBd90bzVTnv4dWtJio+le+9ad9RSf
-+M3aD5ufiELeRKMp6ExnC/cnoWtuH+b4BJ37TQ3Kpn3fDtbrzVvQH/dpqZ7P33yqg
-+PnBEXOiLimDnnmDJ9ImQ1pVTrKJMxaj1Mk6onERe36n/iAsj+BwZvBiv7UaLPMnW
-+nJGg+LQ4iUZrGWYD4N9Ou++nvsR8dCWRhXSuXensfli3lL/W0P62yzfYCyqOYeL1
-+msDcCmBEWJUtAaeAbASUIVx02JWPPmMSUqWs8xOecQjzoGuCQg4JM/UfsZzxepw0
-+bs9YSUVw8J9R2d4kuze65qDTMRg+cK2LX1xg1KkR/UWZOGxHHJAfwGWdPwSkiOPQ
-+MVJ7LJjvozebHWSuiSxk+GWWr+NdxIJrFRGbivXyAkmqMRrPe1VLVxWwCdyud9o8
-+b2WbFgrNS2jOnHwldtM2ZAhrF5W4ckvVL7hLp2JoQnJfCcWson9NK6Y2M4bNwQnC
-+ihxphLzOAw==
- -----END CERTIFICATE-----
-diff --git a/repos/system_upgrade/common/files/prod-certs/10.0/72.pem b/repos/system_upgrade/common/files/prod-certs/10.0/72.pem
-new file mode 100644
-index 00000000..e0274f9c
---- /dev/null
-+++ b/repos/system_upgrade/common/files/prod-certs/10.0/72.pem
-@@ -0,0 +1,37 @@
-+-----BEGIN CERTIFICATE-----
-+MIIGZDCCBEygAwIBAgIUSTvcD4Wsduixh8PFmwk6aI0KTEcwDQYJKoZIhvcNAQEL
-+BQAwga4xCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEWMBQG
-+A1UECgwNUmVkIEhhdCwgSW5jLjEYMBYGA1UECwwPUmVkIEhhdCBOZXR3b3JrMS4w
-+LAYDVQQDDCVSZWQgSGF0IEVudGl0bGVtZW50IFByb2R1Y3QgQXV0aG9yaXR5MSQw
-+IgYJKoZIhvcNAQkBFhVjYS1zdXBwb3J0QHJlZGhhdC5jb20wHhcNMjQwODE1MDYx
-+NjQ5WhcNNDQwODE1MDYxNjQ5WjBEMUIwQAYDVQQDDDlSZWQgSGF0IFByb2R1Y3Qg
-+SUQgW2VjN2EwZDQyLTgzNjItNDg2YS04ZjcyLTc3YThiOWU2MjM0YV0wggIiMA0G
-+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGP0nTjP4TN3LHVTfeQV+0u/Se01LU
-+FJ66GhksOGzXzKSx6kbuFde0eHYIwV8tmZOMDIv2LVezHKRClVB1dMalQXfcLaoF
-+AcHmCViz353vzXHynybzMXFs9xbzZMglduBbcStWHy+TmoJsbVwIAAdv4NYyrQQD
-+LLVuX8mACCFg0YFG8ok5tN0Kt2liHTYpSoEuRI9ke+joNQkU3fsxcOlV5Cr1W2pG
-+OkosvC4R9dvRjsjnEQ6tHeRhs5oEBZW3eZhnW3Qv8p9jaNU51TlYXLIH0+Fsx0uL
-+XETzTWP4YmvBwtrGaq+PhRogJHNw8BM/zrNUzUEFBr6WKWRFB6zkfKNnNkOIZi52
-+deFuqYuj+fRy5ehAFVWOHNFMzHvUSKJqGaLD5TW8aqQeFA3FvXce03WVwCFQIOvH
-+F4y+sCNh1aliWkjJbc2yw9a3VhQeJ0wFIAngpy0h/3V3IT3dpK2XHAL9CfIWxk6Z
-+wSwHNUKfP0aZYyXX/pfMFLXINSoHKSXHRMsf7P+wr0D47atkDLWYHIJjBXG9s5mG
-+eobEC5OghL4DzW/mEKOwKI5JxUH5yKXfRgG7RwfzlFnQgs2Qd0p2sstZbjCOmEra
-+cGfaDaLf7O1/6dAQPalCpn+uG5bv2NzIJmX2Rep7XA50XQLBqHg3r/cvMhcQQrIQ
-+nE2pDC01zYhUTwIDAQABo4HiMIHfMAkGA1UdEwQCMAAwOwYLKwYBBAGSCAkBSAEE
-+LAwqUmVkIEhhdCBFbnRlcnByaXNlIExpbnV4IGZvciBJQk0geiBTeXN0ZW1zMBUG
-+CysGAQQBkggJAUgCBAYMBDEwLjAwFgYLKwYBBAGSCAkBSAMEBwwFczM5MHgwJgYL
-+KwYBBAGSCAkBSAQEFwwVcmhlbC0xMCxyaGVsLTEwLXMzOTB4MB0GA1UdDgQWBBRh
-+6iC1NXyvZ2Q6/2sI5hB40M0flTAfBgNVHSMEGDAWgBSW/bscQED/QIStsh8LJsHD
-+am/WfDANBgkqhkiG9w0BAQsFAAOCAgEAsj4qPVsDkFrfuVDn8JCJ7tIH5WhaOzL6
-+3GBsQIKGd8a1WscPfSpr/phNSBPWFyvV2b+0HzblYzBZbx6ExykTDLh5L01nPM0s
-++hqPxZgF/kcTbLWmAanl32R9+Gs2P2JN1CaCclXgM4USEagBWYeMhJSmQR3bOnSe
-+Jjm3tjvhnbIQd6xgPpTjrqZ35z1BW0P0qQFdBbB0k+MfPkhYKEr+Vfn0rU8vk4UP
-+F9sY9HkZLqIBxlXeTUerNZvHSuOy2KgoS4l25/QwUutHnnSGZZpARiU1XYNcynVL
-+r5COHlb6TYkeRhSAm6RVM4XPYoFgN6cbhY1orwFC2/0i30EnsTMB6ctnLKCf7qgM
-+GDG2W7ct0m6koA7s2TGmgp33DPw9adX7qgIV0OjLzBYJ1fyVv3sYlOKRuyDz0l+N
-+u6Rnv1ecNUspWn+5ogBbdgwU6yah6oo/fJIWm62U38UGH5ic+/7sBnga8q5sDI90
-++h+nlTIAnD0ICzjEDASiLlYft+hQ9pOt/rgEIrPeKTe+fbefUIXJ5h343E51POnY
-+uZRXcirc33QL/PgBRce1taIXjsRD+FSJM0tx/vf8H9j0rzSAxDoXJNsdq4/32scy
-+6Zk2fgtm80xxIzju84jXVUrSBRMpWD9I+FZId4IE7tQhwKNi1b7DdNeaQLfaoq8U
-+1PEea/tQDSA=
-+-----END CERTIFICATE-----
--- 
-2.47.0
-

SOURCES/0004-properly-scope-try-except-when-loading-obsoleted-key.patch

@@ -1,100 +0,0 @@
-From bf302fc794957a88bc4785f4dd2505b8d71012e0 Mon Sep 17 00:00:00 2001
-From: Evgeni Golov <evgeni@golov.de>
-Date: Wed, 21 Aug 2024 07:52:02 +0200
-Subject: [PATCH 04/40] properly scope try/except when loading obsoleted keys
-
-We want to load all possible keys, even *after* a KeyError happenend
-
-Fixes: 7e0fb44bb673893d0409903f6a441d0eb2829d22
----
- .../libraries/removeobsoleterpmgpgkeys.py     |  8 +--
- .../tests/test_removeobsoleterpmgpgkeys.py    | 50 +++++++++++++++++++
- 2 files changed, 54 insertions(+), 4 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py b/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py
-index bda7efa3..198c4368 100644
---- a/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py
-+++ b/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py
-@@ -12,14 +12,14 @@ def _get_obsolete_keys():
-     distribution = api.current_actor().configuration.os_release.release_id
-     obsoleted_keys_map = get_distribution_data(distribution).get('obsoleted-keys', {})
-     keys = []
--    try:
--        for version in range(7, int(get_target_major_version()) + 1):
-+    for version in range(7, int(get_target_major_version()) + 1):
-+        try:
-             for key in obsoleted_keys_map[str(version)]:
-                 name, version, release = key.rsplit("-", 2)
-                 if has_package(InstalledRPM, name, version=version, release=release):
-                     keys.append(key)
--    except KeyError:
--        pass
-+        except KeyError:
-+            pass
- 
-     return keys
- 
-diff --git a/repos/system_upgrade/common/actors/removeobsoletegpgkeys/tests/test_removeobsoleterpmgpgkeys.py b/repos/system_upgrade/common/actors/removeobsoletegpgkeys/tests/test_removeobsoleterpmgpgkeys.py
-index 4d9a0e84..b78174cc 100644
---- a/repos/system_upgrade/common/actors/removeobsoletegpgkeys/tests/test_removeobsoleterpmgpgkeys.py
-+++ b/repos/system_upgrade/common/actors/removeobsoletegpgkeys/tests/test_removeobsoleterpmgpgkeys.py
-@@ -76,6 +76,56 @@ def test_get_obsolete_keys(monkeypatch, version, expected):
-     assert set(keys) == set(expected)
- 
- 
-+@pytest.mark.parametrize(
-+    "version, obsoleted_keys, expected",
-+    [
-+        (10, None, []),
-+        (10, {}, []),
-+        (10, {"8": ["gpg-pubkey-888-abc"], "10": ["gpg-pubkey-10-10"]}, ["gpg-pubkey-888-abc", "gpg-pubkey-10-10"]),
-+        (9, {"8": ["gpg-pubkey-888-abc"], "9": ["gpg-pubkey-999-def"]}, ["gpg-pubkey-999-def", "gpg-pubkey-888-abc"]),
-+        (8, {"8": ["gpg-pubkey-888-abc"], "9": ["gpg-pubkey-999-def"]}, ["gpg-pubkey-888-abc"])
-+    ]
-+)
-+def test_get_obsolete_keys_incomplete_data(monkeypatch, version, obsoleted_keys, expected):
-+    def get_target_major_version_mocked():
-+        return version
-+
-+    def get_distribution_data_mocked(_distro):
-+        if obsoleted_keys is None:
-+            return {}
-+        return {'obsoleted-keys': obsoleted_keys}
-+
-+    def has_package_mocked(*args, **kwargs):
-+        return True
-+
-+    monkeypatch.setattr(
-+        removeobsoleterpmgpgkeys,
-+        "get_target_major_version",
-+        get_target_major_version_mocked,
-+    )
-+
-+    monkeypatch.setattr(
-+        removeobsoleterpmgpgkeys,
-+        "get_distribution_data",
-+        get_distribution_data_mocked,
-+    )
-+
-+    monkeypatch.setattr(
-+        removeobsoleterpmgpgkeys,
-+        "has_package",
-+        has_package_mocked,
-+    )
-+
-+    monkeypatch.setattr(
-+        api,
-+        "current_actor",
-+        CurrentActorMocked(),
-+    )
-+
-+    keys = removeobsoleterpmgpgkeys._get_obsolete_keys()
-+    assert set(keys) == set(expected)
-+
-+
- @pytest.mark.parametrize(
-     "keys, should_register",
-     [
--- 
-2.47.0
-

SOURCES/0005-Update-references-from-master-branch-to-main.patch

@@ -1,283 +0,0 @@
-From 9d49f4675c2b7b18ba7b344bb0032a5538782560 Mon Sep 17 00:00:00 2001
-From: Vojtech Sokol <vsokol@redhat.com>
-Date: Mon, 2 Sep 2024 17:21:36 +0200
-Subject: [PATCH 05/40] Update references from master branch to main
-
-Focus was on making the CI and GitHub actions work after the default
-branch was switched from master to main.
-
-See: OAMG-4907
----
- .github/workflows/codespell.yml               |  4 ++--
- .github/workflows/differential-shellcheck.yml |  4 ++--
- .github/workflows/pr-welcome-msg.yml          |  2 +-
- .github/workflows/tmt-tests.yml               | 16 ++++++++--------
- .github/workflows/unit-tests.yml              | 12 ++++++------
- .packit.yaml                                  | 10 +++++-----
- Makefile                                      | 14 +++++++-------
- 7 files changed, 31 insertions(+), 31 deletions(-)
-
-diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
-index 673cef17..1195d8d1 100644
---- a/.github/workflows/codespell.yml
-+++ b/.github/workflows/codespell.yml
-@@ -3,10 +3,10 @@ name: Codespell
- on:
-   push:
-     branches:
--      - master
-+      - main
-   pull_request:
-     branches:
--      - master
-+      - main
- 
- jobs:
-   codespell:
-diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
-index f1ed5f6a..e1bafb93 100644
---- a/.github/workflows/differential-shellcheck.yml
-+++ b/.github/workflows/differential-shellcheck.yml
-@@ -4,7 +4,7 @@
- name: Differential ShellCheck
- on:
-   pull_request:
--    branches: [master]
-+    branches: [main]
- 
- permissions:
-   contents: read
-@@ -17,7 +17,7 @@ jobs:
-       security-events: write
-       pull-requests: write
- 
--    steps: 
-+    steps:
-       - name: Repository checkout
-         uses: actions/checkout@v4
-         with:
-diff --git a/.github/workflows/pr-welcome-msg.yml b/.github/workflows/pr-welcome-msg.yml
-index ff9414d2..0102c41f 100644
---- a/.github/workflows/pr-welcome-msg.yml
-+++ b/.github/workflows/pr-welcome-msg.yml
-@@ -28,7 +28,7 @@ jobs:
-             However, here are additional useful commands for packit:
-             - **`/packit test`** to re-run manually the default tests
-             - **`/packit retest-failed`** to re-run failed tests manually
--            - **`/packit test oamg/leapp#42`** to run tests with leapp builds for the leapp PR#42 (default is latest upstream - master - build)
-+            - **`/packit test oamg/leapp#42`** to run tests with leapp builds for the leapp PR#42 (default is latest upstream - main - build)
- 
-             Note that first time contributors cannot run tests automatically - they need to be started by a reviewer.
- 
-diff --git a/.github/workflows/tmt-tests.yml b/.github/workflows/tmt-tests.yml
-index 7e9fd706..1fa00e60 100644
---- a/.github/workflows/tmt-tests.yml
-+++ b/.github/workflows/tmt-tests.yml
-@@ -12,7 +12,7 @@ jobs:
- 
-   call_workflow_tests_79to88_integration:
-     needs: call_workflow_copr_build
--    uses: oamg/leapp/.github/workflows/reuse-tests-7to8.yml@master
-+    uses: oamg/leapp/.github/workflows/reuse-tests-7to8.yml@main
-     secrets: inherit
-     with:
-       copr_artifacts: ${{ needs.call_workflow_copr_build.outputs.artifacts }}
-@@ -26,7 +26,7 @@ jobs:
- 
-   call_workflow_tests_79to86_integration:
-     needs: call_workflow_copr_build
--    uses: oamg/leapp/.github/workflows/reuse-tests-7to8.yml@master
-+    uses: oamg/leapp/.github/workflows/reuse-tests-7to8.yml@main
-     secrets: inherit
-     with:
-       copr_artifacts: ${{ needs.call_workflow_copr_build.outputs.artifacts }}
-@@ -40,7 +40,7 @@ jobs:
- 
-   call_workflow_tests_79to88_sst:
-     needs: call_workflow_copr_build
--    uses: oamg/leapp/.github/workflows/reuse-tests-7to8.yml@master
-+    uses: oamg/leapp/.github/workflows/reuse-tests-7to8.yml@main
-     secrets: inherit
-     with:
-       copr_artifacts: ${{ needs.call_workflow_copr_build.outputs.artifacts }}
-@@ -55,7 +55,7 @@ jobs:
- 
-   call_workflow_tests_7to8_aws:
-     needs: call_workflow_copr_build
--    uses: oamg/leapp/.github/workflows/reuse-tests-7to8.yml@master
-+    uses: oamg/leapp/.github/workflows/reuse-tests-7to8.yml@main
-     secrets: inherit
-     with:
-       copr_artifacts: ${{ needs.call_workflow_copr_build.outputs.artifacts }}
-@@ -71,7 +71,7 @@ jobs:
- 
-   call_workflow_tests_86to90_integration:
-     needs: call_workflow_copr_build
--    uses: oamg/leapp/.github/workflows/reuse-tests-8to9.yml@master
-+    uses: oamg/leapp/.github/workflows/reuse-tests-8to9.yml@main
-     secrets: inherit
-     with:
-       copr_artifacts: ${{ needs.call_workflow_copr_build.outputs.artifacts }}
-@@ -85,7 +85,7 @@ jobs:
- 
-   call_workflow_tests_88to92_integration:
-     needs: call_workflow_copr_build
--    uses: oamg/leapp/.github/workflows/reuse-tests-8to9.yml@master
-+    uses: oamg/leapp/.github/workflows/reuse-tests-8to9.yml@main
-     secrets: inherit
-     with:
-       copr_artifacts: ${{ needs.call_workflow_copr_build.outputs.artifacts }}
-@@ -101,7 +101,7 @@ jobs:
- 
-   call_workflow_tests_86to90_sst:
-     needs: call_workflow_copr_build
--    uses: oamg/leapp/.github/workflows/reuse-tests-8to9.yml@master
-+    uses: oamg/leapp/.github/workflows/reuse-tests-8to9.yml@main
-     secrets: inherit
-     with:
-       copr_artifacts: ${{ needs.call_workflow_copr_build.outputs.artifacts }}
-@@ -116,7 +116,7 @@ jobs:
- 
-   call_workflow_tests_86to90_aws:
-     needs: call_workflow_copr_build
--    uses: oamg/leapp/.github/workflows/reuse-tests-8to9.yml@master
-+    uses: oamg/leapp/.github/workflows/reuse-tests-8to9.yml@main
-     secrets: inherit
-     with:
-       copr_artifacts: ${{ needs.call_workflow_copr_build.outputs.artifacts }}
-diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
-index 2a05106e..42b72b8d 100644
---- a/.github/workflows/unit-tests.yml
-+++ b/.github/workflows/unit-tests.yml
-@@ -2,10 +2,10 @@ name: Unit Tests
- on:
-   push:
-     branches:
--      - master
-+      - main
-   pull_request:
-     branches:
--      - master
-+      - main
- 
- jobs:
-   test:
-@@ -74,10 +74,10 @@ jobs:
-           # NOTE(ivasilev) fetch-depth 0 is critical here as leapp deps discovery depends on specific substring in
-           # commit message and default 1 option will get us just merge commit which has an unrelevant message.
-           fetch-depth: '0'
--      # NOTE(ivasilev) master -> origin/master is used for leapp deps discovery in Makefile via git log master..HEAD
--      - name: Set master to origin/master
--        if: github.ref != 'refs/heads/master'
-+      # NOTE(ivasilev) main -> origin/main is used for leapp deps discovery in Makefile via git log main..HEAD
-+      - name: Set main to origin/main
-+        if: github.ref != 'refs/heads/main'
-         run: |
--          git branch -f master origin/master
-+          git branch -f main origin/main
-       - name: ${{matrix.scenarios.name}}
-         run: script -e -c /bin/bash -c 'TERM=xterm podman build --security-opt=seccomp=unconfined -t leapp-tests -f utils/container-tests/Containerfile.${{matrix.scenarios.container}} utils/container-tests && PYTHON_VENV=${{matrix.scenarios.python}} REPOSITORIES=${{matrix.scenarios.repos}} podman run --security-opt=seccomp=unconfined --rm -ti -v ${PWD}:/payload --env=PYTHON_VENV --env=REPOSITORIES leapp-tests'
-diff --git a/.packit.yaml b/.packit.yaml
-index d91a47e5..fbfd0eea 100644
---- a/.packit.yaml
-+++ b/.packit.yaml
-@@ -22,7 +22,7 @@ actions:
-   fix-spec-file:
-   - bash -c "sed -i -r \"0,/Release:/ s/Release:(\s*)\S*/Release:\1${PACKIT_RPMSPEC_RELEASE}%{?dist}/\" packaging/leapp-repository.spec"
-   post-upstream-clone:
--  # builds from PRs should have lower NVR than those from master branch
-+  # builds from PRs should have lower NVR than those from main branch
-   - bash -c "sed -i \"s/1%{?dist}/0%{?dist}/g\" packaging/leapp-repository.spec"
- 
- jobs:
-@@ -44,12 +44,12 @@ jobs:
-     fix-spec-file:
-     - bash -c "sed -i -r \"0,/Release:/ s/Release:(\s*)\S*/Release:\1${PACKIT_RPMSPEC_RELEASE}%{?dist}/\" packaging/leapp-repository.spec"
-     post-upstream-clone:
--    # builds from PRs should have lower NVR than those from master branch
-+    # builds from PRs should have lower NVR than those from main branch
-     - bash -c "sed -i \"s/1%{?dist}/0%{?dist}/g\" packaging/leapp-repository.spec"
- - job: copr_build
-   trigger: commit
-   metadata:
--    branch: master
-+    branch: main
-     owner: "@oamg"
-     project: leapp
-     targets:
-@@ -65,7 +65,7 @@ jobs:
-     fix-spec-file:
-     - bash -c "sed -i -r \"0,/Release:/ s/Release:(\s*)\S*/Release:\1${PACKIT_RPMSPEC_RELEASE}%{?dist}/\" packaging/leapp-repository.spec"
-     post-upstream-clone:
--    # builds from master branch should start with 100 release, to have high priority
-+    # builds from main branch should start with 100 release, to have high priority
-     - bash -c "sed -i \"s/1%{?dist}/100%{?dist}/g\" packaging/leapp-repository.spec"
- - job: copr_build
-   trigger: release
-@@ -85,7 +85,7 @@ jobs:
-     fix-spec-file:
-     - bash -c "sed -i -r \"0,/Release:/ s/Release:(\s*)\S*/Release:\1${PACKIT_RPMSPEC_RELEASE}%{?dist}/\" packaging/leapp-repository.spec"
-     post-upstream-clone:
--    # builds from master branch should start with 100 release, to have high priority
-+    # builds from main branch should start with 100 release, to have high priority
-     - bash -c "sed -i \"s/1%{?dist}/100%{?dist}/g\" packaging/leapp-repository.spec"
- 
- 
-diff --git a/Makefile b/Makefile
-index 5b2bc4d2..8aeef77d 100644
---- a/Makefile
-+++ b/Makefile
-@@ -64,7 +64,7 @@ endif
- 
- # just to reduce number of unwanted builds mark as the upstream one when
- # someone will call copr_build without additional parameters
--MASTER_BRANCH=master
-+MASTER_BRANCH=main
- 
- # In case the PR or MR is defined or in case build is not coming from the
- # MATER_BRANCH branch, N_REL=0; (so build is not update of the approved
-@@ -76,10 +76,10 @@ SHORT_SHA=`git rev-parse --short HEAD`
- BRANCH=`git rev-parse --abbrev-ref HEAD | tr -- '-/' '_'`
- 
- # The dependent framework PR connection will be taken from the top commit's depends-on message.
--REQ_LEAPP_PR=$(shell git log master..HEAD | grep -m1 -iE '^[[:space:]]*Depends-On:[[:space:]]*.*[[:digit:]]+[[:space:]]*$$' | grep -Eo '*[[:digit:]]*')
-+REQ_LEAPP_PR=$(shell git log main..HEAD | grep -m1 -iE '^[[:space:]]*Depends-On:[[:space:]]*.*[[:digit:]]+[[:space:]]*$$' | grep -Eo '*[[:digit:]]*')
- # NOTE(ivasilev) In case of travis relying on top commit is a no go as a top commit will be a merge commit.
- ifdef CI
--	REQ_LEAPP_PR=$(shell git log master..HEAD | grep -m1 -iE '^[[:space:]]*Depends-On:[[:space:]]*.*[[:digit:]]+[[:space:]]*$$' | grep -Eo '[[:digit:]]*')
-+	REQ_LEAPP_PR=$(shell git log main..HEAD | grep -m1 -iE '^[[:space:]]*Depends-On:[[:space:]]*.*[[:digit:]]+[[:space:]]*$$' | grep -Eo '[[:digit:]]*')
- endif
- 
- # In case anyone would like to add any other suffix, just make it possible
-@@ -92,8 +92,8 @@ REQUEST=`if test -n "$$PR"; then echo ".PR$${PR}"; elif test -n "$$MR"; then ech
- # Examples:
- #    0.201810080027Z.4078402.packaging.PR2
- #    0.201810080027Z.4078402.packaging
--#    0.201810080027Z.4078402.master.MR2
--#    1.201810080027Z.4078402.master
-+#    0.201810080027Z.4078402.main.MR2
-+#    1.201810080027Z.4078402.main
- RELEASE="$(N_REL).$(TIMESTAMP).$(SHORT_SHA).$(BRANCH)$(REQUEST)$(_SUFFIX)"
- 
- all: help
-@@ -302,7 +302,7 @@ install-deps:
- 	pip install --upgrade setuptools; \
- 	pip install --upgrade -r requirements.txt; \
- 	./utils/install_commands.sh $(_PYTHON_VENV); \
--	# In case the top commit Depends-On some yet unmerged framework patch - override master leapp with the proper version
-+	# In case the top commit Depends-On some yet unmerged framework patch - override main leapp with the proper version
- 	if [[ ! -z "$(REQ_LEAPP_PR)" ]] ; then \
- 		echo "Leapp-repository depends on the yet unmerged pr of the framework #$(REQ_LEAPP_PR), installing it.." && \
- 		$(VENVNAME)/bin/pip install -I "git+https://github.com/oamg/leapp.git@refs/pull/$(REQ_LEAPP_PR)/head"; \
-@@ -332,7 +332,7 @@ install-deps-fedora:
- 	pip install --upgrade setuptools; \
- 	pip install --upgrade -r requirements.txt; \
- 	./utils/install_commands.sh $(_PYTHON_VENV); \
--	# In case the top commit Depends-On some yet unmerged framework patch - override master leapp with the proper version
-+	# In case the top commit Depends-On some yet unmerged framework patch - override main leapp with the proper version
- 	if [[ ! -z "$(REQ_LEAPP_PR)" ]] ; then \
- 		echo "Leapp-repository depends on the yet unmerged pr of the framework #$(REQ_LEAPP_PR), installing it.." && \
- 		$(VENVNAME)/bin/pip install -I "git+https://github.com/oamg/leapp.git@refs/pull/$(REQ_LEAPP_PR)/head"; \
--- 
-2.47.0
-

SOURCES/0006-ReadOfKernelArgsError-fix-the-error.patch

@@ -1,43 +0,0 @@
-From 41e32e3aa6394b8397bef9b797892d9fa119d608 Mon Sep 17 00:00:00 2001
-From: Yuriy Kohut <yura.kohut@gmail.com>
-Date: Thu, 29 Aug 2024 12:36:23 +0300
-Subject: [PATCH 06/40] ReadOfKernelArgsError: fix the error: - AttributeError:
- module 'leapp.reporting' has no attribute 'Hints'
-
----
- .../kernelcmdlineconfig/libraries/kernelcmdlineconfig.py    | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py b/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
-index 238a8aa6..6b261c3b 100644
---- a/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
-+++ b/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
-@@ -175,14 +175,14 @@ def entrypoint(configs=None):
-         api.current_logger().error(str(e))
- 
-         if use_cmdline_file():
--            report_hint = reporting.Hints(
-+            report_hint = (
-                 'After the system has been rebooted into the new version of RHEL, you'
-                 ' should take the kernel cmdline arguments from /proc/cmdline (Everything'
-                 ' except the BOOT_IMAGE entry and initrd entries) and copy them into'
-                 ' /etc/kernel/cmdline before installing any new kernels.'
-             )
-         else:
--            report_hint = reporting.Hints(
-+            report_hint = (
-                 'After the system has been rebooted into the new version of RHEL, you'
-                 ' should take the kernel cmdline arguments from /proc/cmdline (Everything'
-                 ' except the BOOT_IMAGE entry and initrd entries) and then use the'
-@@ -204,7 +204,7 @@ def entrypoint(configs=None):
-                 ' not able to set the arguments as the default for kernels installed in'
-                 ' the future.'
-             ),
--            report_hint,
-+            reporting.Remediation(hint=report_hint),
-             reporting.Severity(reporting.Severity.HIGH),
-             reporting.Groups([
-                 reporting.Groups.BOOT,
--- 
-2.47.0
-

SOURCES/0007-pylint-exclude-rule-too-many-positional-arguments-co.patch

@@ -1,44 +0,0 @@
-From 88e13fb0545e0d42df2777538a0c6921bab91e33 Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Fri, 27 Sep 2024 14:53:01 +0200
-Subject: [PATCH 07/40] pylint: exclude rule: too-many-positional-arguments
- (code: R0917)
-
-New version of Pylint have the rule for checking of positional
-arguments - complaining when more than 4 positional arguments exists.
-We do not want to refactor the code to make it happy and the default
-value cannot be set right now - that's planned for future Pylint
-versions at this moment. So excluding this rule.
-
-For more info:
-  * https://pylint.readthedocs.io/en/latest/user_guide/messages/refactor/too-many-positional-arguments.html
----
- .pylintrc | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/.pylintrc b/.pylintrc
-index f78c1c3f..5d75df40 100644
---- a/.pylintrc
-+++ b/.pylintrc
-@@ -41,6 +41,8 @@ disable=
-  consider-using-from-import,
-  use-list-literal,
-  use-dict-literal,
-+ too-many-lines,  # we do not want to take care about that one
-+ too-many-positional-arguments,  # we cannot set yet max-possitional-arguments unfortunately
- # new for python3 version of pylint
-  useless-object-inheritance,
-  consider-using-set-comprehension,  # pylint3 force to use comprehension in place we don't want (py2 doesnt have these options, for inline skip)
-@@ -57,8 +59,7 @@ disable=
-  redundant-u-string-prefix,  # still have py2 to support
-  logging-format-interpolation,
-  logging-not-lazy,
-- use-yield-from,  # yield from cannot be used until we require python 3.3 or greater
-- too-many-lines  # we do not want to take care about that one
-+ use-yield-from  # yield from cannot be used until we require python 3.3 or greater
- 
- [FORMAT]
- # Maximum number of characters on a single line.
--- 
-2.47.0
-

SOURCES/0008-pam_userdb-migrate-backend-database.patch

@@ -1,534 +0,0 @@
-From 658700d6424e852917b62c190dd23cbb3026b67d Mon Sep 17 00:00:00 2001
-From: Iker Pedrosa <ipedrosa@redhat.com>
-Date: Mon, 5 Aug 2024 15:15:44 +0200
-Subject: [PATCH 08/40] pam_userdb: migrate backend database
-
-pam_userdb module changed its backend database technology from lidb to
-gdbm for RHEL10. This requires a set of leapp actors to perform the
-database migration automatically when upgrading to RHEL10:
-
-* ScanPamUserDB takes care of scanning the PAM service folder to detect
-  whether pam_userdb is used and the location of the database in use.
-  This information is stored in a model.
-
-* CheckPamUserDB checks the databases reported by ScanPamUserDB and
-  prints a report about them.
-
-* ConvertPamUserDB checks the databases reported by ScanPamUserDB and
-  converts them to GDBM format.
-
-* RemoveOldPamUserDB checks the databases reported by ScanPamUserDB and
-  removes them.
-
-All these actors include unit-tests.
-
-Finally, there's also a spec file change to add `libdb-utils` dependency
-as it is required to convert pam_userdb databases from BerkeleyDB to
-GDBM.
-
-Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
----
- packaging/leapp-repository.spec               |  6 +++
- .../actors/pamuserdb/checkpamuserdb/actor.py  | 18 ++++++++
- .../libraries/checkpamuserdb.py               | 28 ++++++++++++
- .../tests/test_checkpamuserdb.py              | 43 +++++++++++++++++++
- .../pamuserdb/convertpamuserdb/actor.py       | 18 ++++++++
- .../libraries/convertpamuserdb.py             | 27 ++++++++++++
- .../tests/test_convertpamuserdb.py            | 39 +++++++++++++++++
- .../pamuserdb/removeoldpamuserdb/actor.py     | 18 ++++++++
- .../libraries/removeoldpamuserdb.py           | 25 +++++++++++
- .../tests/test_removeoldpamuserdb.py          | 38 ++++++++++++++++
- .../actors/pamuserdb/scanpamuserdb/actor.py   | 18 ++++++++
- .../scanpamuserdb/libraries/scanpamuserdb.py  | 29 +++++++++++++
- .../tests/files/pam_userdb_basic              |  1 +
- .../tests/files/pam_userdb_complete           |  9 ++++
- .../tests/files/pam_userdb_missing            |  1 +
- .../scanpamuserdb/tests/test_scanpamuserdb.py | 27 ++++++++++++
- .../el9toel10/models/pamuserdblocation.py     | 14 ++++++
- 17 files changed, 359 insertions(+)
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/checkpamuserdb/actor.py
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/checkpamuserdb/libraries/checkpamuserdb.py
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/checkpamuserdb/tests/test_checkpamuserdb.py
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/convertpamuserdb/actor.py
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/convertpamuserdb/libraries/convertpamuserdb.py
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/convertpamuserdb/tests/test_convertpamuserdb.py
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/removeoldpamuserdb/actor.py
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/removeoldpamuserdb/libraries/removeoldpamuserdb.py
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/removeoldpamuserdb/tests/test_removeoldpamuserdb.py
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/actor.py
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/libraries/scanpamuserdb.py
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/files/pam_userdb_basic
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/files/pam_userdb_complete
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/files/pam_userdb_missing
- create mode 100644 repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/test_scanpamuserdb.py
- create mode 100644 repos/system_upgrade/el9toel10/models/pamuserdblocation.py
-
-diff --git a/packaging/leapp-repository.spec b/packaging/leapp-repository.spec
-index 146afc45..0d63ba02 100644
---- a/packaging/leapp-repository.spec
-+++ b/packaging/leapp-repository.spec
-@@ -211,6 +211,12 @@ Requires:   dracut
- Requires:   NetworkManager-libnm
- Requires:   python3-gobject-base
- 
-+%endif
-+
-+%if 0%{?rhel} && 0%{?rhel} == 9
-+############# RHEL 9 dependencies (when the source system is RHEL 9) ##########
-+# Required to convert pam_userdb database from BerkeleyDB to GDBM
-+Requires:   libdb-utils
- %endif
- ##################################################
- # end requirement
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/checkpamuserdb/actor.py b/repos/system_upgrade/el9toel10/actors/pamuserdb/checkpamuserdb/actor.py
-new file mode 100644
-index 00000000..8fada645
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/checkpamuserdb/actor.py
-@@ -0,0 +1,18 @@
-+from leapp.actors import Actor
-+from leapp.libraries.actor import checkpamuserdb
-+from leapp.models import PamUserDbLocation, Report
-+from leapp.tags import ChecksPhaseTag, IPUWorkflowTag
-+
-+
-+class CheckPamUserDb(Actor):
-+    """
-+    Create report with the location of pam_userdb databases
-+    """
-+
-+    name = 'check_pam_user_db'
-+    consumes = (PamUserDbLocation,)
-+    produces = (Report,)
-+    tags = (ChecksPhaseTag, IPUWorkflowTag)
-+
-+    def process(self):
-+        checkpamuserdb.process()
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/checkpamuserdb/libraries/checkpamuserdb.py b/repos/system_upgrade/el9toel10/actors/pamuserdb/checkpamuserdb/libraries/checkpamuserdb.py
-new file mode 100644
-index 00000000..05cc71a9
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/checkpamuserdb/libraries/checkpamuserdb.py
-@@ -0,0 +1,28 @@
-+from leapp import reporting
-+from leapp.exceptions import StopActorExecutionError
-+from leapp.libraries.stdlib import api
-+from leapp.models import PamUserDbLocation
-+
-+FMT_LIST_SEPARATOR = "\n    - "
-+
-+
-+def process():
-+    msg = next(api.consume(PamUserDbLocation), None)
-+    if not msg:
-+        raise StopActorExecutionError('Expected PamUserDbLocation, but got None')
-+
-+    if msg.locations:
-+        reporting.create_report([
-+            reporting.Title('pam_userdb databases will be converted to GDBM'),
-+            reporting.Summary(
-+                'On RHEL 10, GDMB is used by pam_userdb as it\'s backend database,'
-+                ' replacing BerkeleyDB. Existing pam_userdb databases will be'
-+                ' converted to GDBM. The following databases will be converted:'
-+                '{sep}{locations}'.format(sep=FMT_LIST_SEPARATOR, locations=FMT_LIST_SEPARATOR.join(msg.locations))),
-+            reporting.Severity(reporting.Severity.INFO),
-+            reporting.Groups([reporting.Groups.SECURITY, reporting.Groups.AUTHENTICATION])
-+        ])
-+    else:
-+        api.current_logger().debug(
-+            'No pam_userdb databases were located, thus nothing will be converted'
-+        )
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/checkpamuserdb/tests/test_checkpamuserdb.py b/repos/system_upgrade/el9toel10/actors/pamuserdb/checkpamuserdb/tests/test_checkpamuserdb.py
-new file mode 100644
-index 00000000..2e11106b
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/checkpamuserdb/tests/test_checkpamuserdb.py
-@@ -0,0 +1,43 @@
-+import pytest
-+
-+from leapp import reporting
-+from leapp.exceptions import StopActorExecutionError
-+from leapp.libraries.actor import checkpamuserdb
-+from leapp.libraries.common.testutils import create_report_mocked, logger_mocked
-+from leapp.libraries.stdlib import api
-+from leapp.models import PamUserDbLocation
-+
-+
-+def test_process_no_msg(monkeypatch):
-+    def consume_mocked(*args, **kwargs):
-+        yield None
-+
-+    monkeypatch.setattr(api, 'consume', consume_mocked)
-+
-+    with pytest.raises(StopActorExecutionError):
-+        checkpamuserdb.process()
-+
-+
-+def test_process_no_location(monkeypatch):
-+    def consume_mocked(*args, **kwargs):
-+        yield PamUserDbLocation(locations=[])
-+
-+    monkeypatch.setattr(api, 'current_logger', logger_mocked())
-+    monkeypatch.setattr(api, 'consume', consume_mocked)
-+
-+    checkpamuserdb.process()
-+    assert (
-+        'No pam_userdb databases were located, thus nothing will be converted'
-+        in api.current_logger.dbgmsg
-+    )
-+
-+
-+def test_process_locations(monkeypatch):
-+    def consume_mocked(*args, **kwargs):
-+        yield PamUserDbLocation(locations=['/tmp/db1', '/tmp/db2'])
-+
-+    monkeypatch.setattr(reporting, "create_report", create_report_mocked())
-+    monkeypatch.setattr(api, 'consume', consume_mocked)
-+
-+    checkpamuserdb.process()
-+    assert reporting.create_report.called == 1
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/convertpamuserdb/actor.py b/repos/system_upgrade/el9toel10/actors/pamuserdb/convertpamuserdb/actor.py
-new file mode 100644
-index 00000000..5f8525b6
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/convertpamuserdb/actor.py
-@@ -0,0 +1,18 @@
-+from leapp.actors import Actor
-+from leapp.libraries.actor import convertpamuserdb
-+from leapp.models import PamUserDbLocation
-+from leapp.tags import IPUWorkflowTag, PreparationPhaseTag
-+
-+
-+class ConvertPamUserDb(Actor):
-+    """
-+    Convert the pam_userdb databases to GDBM
-+    """
-+
-+    name = 'convert_pam_user_db'
-+    consumes = (PamUserDbLocation,)
-+    produces = ()
-+    tags = (PreparationPhaseTag, IPUWorkflowTag)
-+
-+    def process(self):
-+        convertpamuserdb.process()
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/convertpamuserdb/libraries/convertpamuserdb.py b/repos/system_upgrade/el9toel10/actors/pamuserdb/convertpamuserdb/libraries/convertpamuserdb.py
-new file mode 100644
-index 00000000..e55b4102
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/convertpamuserdb/libraries/convertpamuserdb.py
-@@ -0,0 +1,27 @@
-+from leapp.exceptions import StopActorExecutionError
-+from leapp.libraries.stdlib import api, CalledProcessError, run
-+from leapp.models import PamUserDbLocation
-+
-+
-+def _convert_db(db_path):
-+    cmd = ['db_converter', '--src', f'{db_path}.db', '--dest', f'{db_path}.gdbm']
-+    try:
-+        run(cmd)
-+    except (CalledProcessError, OSError) as e:
-+        # As the db_converter does not remove the original DB after conversion or upon failure,
-+        # interrupt the upgrade, keeping the original DBs.
-+        # If all DBs are successfully converted, the leftover DBs are removed in the removeoldpamuserdb actor.
-+        raise StopActorExecutionError(
-+            'Cannot convert pam_userdb database.',
-+            details={'details': '{}: {}'.format(str(e), e.stderr)}
-+        )
-+
-+
-+def process():
-+    msg = next(api.consume(PamUserDbLocation), None)
-+    if not msg:
-+        raise StopActorExecutionError('Expected PamUserDbLocation, but got None')
-+
-+    if msg.locations:
-+        for location in msg.locations:
-+            _convert_db(location)
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/convertpamuserdb/tests/test_convertpamuserdb.py b/repos/system_upgrade/el9toel10/actors/pamuserdb/convertpamuserdb/tests/test_convertpamuserdb.py
-new file mode 100644
-index 00000000..46505492
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/convertpamuserdb/tests/test_convertpamuserdb.py
-@@ -0,0 +1,39 @@
-+import os
-+
-+import pytest
-+
-+from leapp.exceptions import StopActorExecutionError
-+from leapp.libraries.actor import convertpamuserdb
-+from leapp.libraries.common.testutils import logger_mocked
-+from leapp.libraries.stdlib import api, CalledProcessError
-+
-+CUR_DIR = os.path.dirname(os.path.abspath(__file__))
-+
-+
-+def test_convert_db_success(monkeypatch):
-+    location = os.path.join(CUR_DIR, '/files/db1')
-+
-+    def run_mocked(cmd, **kwargs):
-+        assert cmd == ['db_converter', '--src', f'{location}.db', '--dest', f'{location}.gdbm']
-+
-+    monkeypatch.setattr(api, 'current_logger', logger_mocked())
-+    monkeypatch.setattr(convertpamuserdb, 'run', run_mocked)
-+    convertpamuserdb._convert_db(location)
-+    assert len(api.current_logger.errmsg) == 0
-+
-+
-+def test_convert_db_failure(monkeypatch):
-+    location = os.path.join(CUR_DIR, '/files/db1')
-+
-+    def run_mocked(cmd, **kwargs):
-+        raise CalledProcessError(
-+            message='A Leapp Command Error occurred.',
-+            command=cmd,
-+            result={'exit_code': 1}
-+        )
-+
-+    monkeypatch.setattr(api, 'current_logger', logger_mocked())
-+    monkeypatch.setattr(convertpamuserdb, 'run', run_mocked)
-+    with pytest.raises(StopActorExecutionError) as err:
-+        convertpamuserdb._convert_db(location)
-+    assert str(err.value) == 'Cannot convert pam_userdb database.'
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/removeoldpamuserdb/actor.py b/repos/system_upgrade/el9toel10/actors/pamuserdb/removeoldpamuserdb/actor.py
-new file mode 100644
-index 00000000..39a00855
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/removeoldpamuserdb/actor.py
-@@ -0,0 +1,18 @@
-+from leapp.actors import Actor
-+from leapp.libraries.actor import removeoldpamuserdb
-+from leapp.models import PamUserDbLocation
-+from leapp.tags import ApplicationsPhaseTag, IPUWorkflowTag
-+
-+
-+class RemoveOldPamUserDb(Actor):
-+    """
-+    Remove old pam_userdb databases
-+    """
-+
-+    name = 'remove_old_pam_user_db'
-+    consumes = (PamUserDbLocation,)
-+    produces = ()
-+    tags = (ApplicationsPhaseTag, IPUWorkflowTag)
-+
-+    def process(self):
-+        removeoldpamuserdb.process()
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/removeoldpamuserdb/libraries/removeoldpamuserdb.py b/repos/system_upgrade/el9toel10/actors/pamuserdb/removeoldpamuserdb/libraries/removeoldpamuserdb.py
-new file mode 100644
-index 00000000..5fc4cb4d
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/removeoldpamuserdb/libraries/removeoldpamuserdb.py
-@@ -0,0 +1,25 @@
-+from leapp.exceptions import StopActorExecutionError
-+from leapp.libraries.stdlib import api, CalledProcessError, run
-+from leapp.models import PamUserDbLocation
-+
-+
-+def _remove_db(db_path):
-+    cmd = ['rm', '-f', f'{db_path}.db']
-+    try:
-+        run(cmd)
-+    except (CalledProcessError, OSError) as e:
-+        api.current_logger().error(
-+            'Failed to remove {}.db: {}'.format(
-+                db_path, e
-+            )
-+        )
-+
-+
-+def process():
-+    msg = next(api.consume(PamUserDbLocation), None)
-+    if not msg:
-+        raise StopActorExecutionError('Expected PamUserDbLocation, but got None')
-+
-+    if msg.locations:
-+        for location in msg.locations:
-+            _remove_db(location)
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/removeoldpamuserdb/tests/test_removeoldpamuserdb.py b/repos/system_upgrade/el9toel10/actors/pamuserdb/removeoldpamuserdb/tests/test_removeoldpamuserdb.py
-new file mode 100644
-index 00000000..2c1d5c75
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/removeoldpamuserdb/tests/test_removeoldpamuserdb.py
-@@ -0,0 +1,38 @@
-+import os
-+
-+from leapp.libraries.actor import removeoldpamuserdb
-+from leapp.libraries.common.testutils import logger_mocked
-+from leapp.libraries.stdlib import api, CalledProcessError
-+
-+CUR_DIR = os.path.dirname(os.path.abspath(__file__))
-+
-+
-+def test_remove_db_success(monkeypatch):
-+    location = os.path.join(CUR_DIR, '/files/db1')
-+
-+    def run_mocked(cmd, **kwargs):
-+        assert cmd == ['rm', '-f', f'{location}.db']
-+
-+    monkeypatch.setattr(api, 'current_logger', logger_mocked())
-+    monkeypatch.setattr(removeoldpamuserdb, 'run', run_mocked)
-+    removeoldpamuserdb._remove_db(location)
-+    assert len(api.current_logger.errmsg) == 0
-+
-+
-+def test_remove_db_failure(monkeypatch):
-+    location = os.path.join(CUR_DIR, '/files/db1')
-+
-+    def run_mocked(cmd, **kwargs):
-+        raise CalledProcessError(
-+            message='A Leapp Command Error occurred.',
-+            command=cmd,
-+            result={'exit_code': 1}
-+        )
-+
-+    monkeypatch.setattr(api, 'current_logger', logger_mocked())
-+    monkeypatch.setattr(removeoldpamuserdb, 'run', run_mocked)
-+    removeoldpamuserdb._remove_db(location)
-+    assert (
-+        'Failed to remove /files/db1.db'
-+        not in api.current_logger.errmsg
-+    )
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/actor.py b/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/actor.py
-new file mode 100644
-index 00000000..b6b35f1a
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/actor.py
-@@ -0,0 +1,18 @@
-+from leapp.actors import Actor
-+from leapp.libraries.actor import scanpamuserdb
-+from leapp.models import PamUserDbLocation
-+from leapp.tags import FactsPhaseTag, IPUWorkflowTag
-+
-+
-+class ScanPamUserDb(Actor):
-+    """
-+    Scan the PAM service folder for the location of pam_userdb databases
-+    """
-+
-+    name = 'scan_pam_user_db'
-+    consumes = ()
-+    produces = (PamUserDbLocation,)
-+    tags = (FactsPhaseTag, IPUWorkflowTag)
-+
-+    def process(self):
-+        self.produce(scanpamuserdb.parse_pam_config_folder('/etc/pam.d/'))
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/libraries/scanpamuserdb.py b/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/libraries/scanpamuserdb.py
-new file mode 100644
-index 00000000..0f668c02
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/libraries/scanpamuserdb.py
-@@ -0,0 +1,29 @@
-+import os
-+import re
-+
-+from leapp.models import PamUserDbLocation
-+
-+
-+def _parse_pam_config_file(conf_file):
-+    with open(conf_file, 'r') as file:
-+        for line in file:
-+            if 'pam_userdb' in line:
-+                match = re.search(r'db=(\S+)', line)
-+                if match:
-+                    return match.group(1)
-+
-+    return None
-+
-+
-+def parse_pam_config_folder(conf_folder):
-+    locations = set()
-+
-+    for file_name in os.listdir(conf_folder):
-+        file_path = os.path.join(conf_folder, file_name)
-+
-+        if os.path.isfile(file_path):
-+            location = _parse_pam_config_file(file_path)
-+            if location is not None:
-+                locations.add(location)
-+
-+    return PamUserDbLocation(locations=list(locations))
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/files/pam_userdb_basic b/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/files/pam_userdb_basic
-new file mode 100644
-index 00000000..f115147b
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/files/pam_userdb_basic
-@@ -0,0 +1 @@
-+auth   required    pam_userdb.so    db=/tmp/db1
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/files/pam_userdb_complete b/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/files/pam_userdb_complete
-new file mode 100644
-index 00000000..84e40b48
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/files/pam_userdb_complete
-@@ -0,0 +1,9 @@
-+auth        required                                     pam_env.so
-+auth        required                                     pam_faildelay.so delay=2000000
-+auth        sufficient                                   pam_fprintd.so
-+auth        [default=1 ignore=ignore success=ok]         pam_usertype.so isregular
-+auth        [default=1 ignore=ignore success=ok]         pam_localuser.so
-+auth        required                                     pam_userdb.so db=/tmp/db2
-+auth        [default=1 ignore=ignore success=ok]         pam_usertype.so isregular
-+auth        sufficient                                   pam_sss.so forward_pass
-+auth        required                                     pam_deny.so
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/files/pam_userdb_missing b/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/files/pam_userdb_missing
-new file mode 100644
-index 00000000..764947fc
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/files/pam_userdb_missing
-@@ -0,0 +1 @@
-+auth        sufficient                                   pam_unix.so nullok
-diff --git a/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/test_scanpamuserdb.py b/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/test_scanpamuserdb.py
-new file mode 100644
-index 00000000..3b752d87
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/pamuserdb/scanpamuserdb/tests/test_scanpamuserdb.py
-@@ -0,0 +1,27 @@
-+import os
-+
-+import pytest
-+
-+from leapp.libraries.actor import scanpamuserdb
-+
-+CUR_DIR = os.path.dirname(os.path.abspath(__file__))
-+
-+
-+@pytest.mark.parametrize(
-+    "inp,exp_out",
-+    [
-+        ("files/pam_userdb_missing", None),
-+        ("files/pam_userdb_basic", "/tmp/db1"),
-+        ("files/pam_userdb_complete", "/tmp/db2"),
-+    ],
-+)
-+def test_parse_pam_config_file(inp, exp_out):
-+    file = scanpamuserdb._parse_pam_config_file(os.path.join(CUR_DIR, inp))
-+    assert file == exp_out
-+
-+
-+def test_parse_pam_config_folder():
-+    msg = scanpamuserdb.parse_pam_config_folder(os.path.join(CUR_DIR, "files/"))
-+    assert len(msg.locations) == 2
-+    assert "/tmp/db1" in msg.locations
-+    assert "/tmp/db2" in msg.locations
-diff --git a/repos/system_upgrade/el9toel10/models/pamuserdblocation.py b/repos/system_upgrade/el9toel10/models/pamuserdblocation.py
-new file mode 100644
-index 00000000..d15b2041
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/models/pamuserdblocation.py
-@@ -0,0 +1,14 @@
-+from leapp.models import fields, Model
-+from leapp.topics import SystemInfoTopic
-+
-+
-+class PamUserDbLocation(Model):
-+    """
-+    Provides a list of all database files for pam_userdb
-+    """
-+    topic = SystemInfoTopic
-+
-+    locations = fields.List(fields.String(), default=[])
-+    """
-+    The list with the full path to the database files.
-+    """
--- 
-2.47.0
-

SOURCES/0009-Replace-mirror.centos.org-with-vault.centos.org-Cent.patch

@@ -1,31 +0,0 @@
-From d6e57eec3ded2887008055442ba906a92c572a01 Mon Sep 17 00:00:00 2001
-From: Matej Matuska <mmatuska@redhat.com>
-Date: Thu, 10 Oct 2024 14:03:36 +0200
-Subject: [PATCH 09/40] Replace mirror.centos.org with vault.centos.org Centos
- 7 Containerfile
-
-As mirror.centos.org is dead, replace mirrorlist with baseurl pointing
-to vault.centos.org in utils/container-builds/Containerfile.centos7.
----
- utils/container-builds/Containerfile.centos7 | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/utils/container-builds/Containerfile.centos7 b/utils/container-builds/Containerfile.centos7
-index 70ac3df1..af00eddb 100644
---- a/utils/container-builds/Containerfile.centos7
-+++ b/utils/container-builds/Containerfile.centos7
-@@ -2,6 +2,11 @@ FROM centos:7
- 
- VOLUME /repo
- 
-+# mirror.centos.org is dead, comment out mirrorlist and set baseurl to vault.centos.org
-+RUN sed -i s/mirror.centos.org/vault.centos.org/ /etc/yum.repos.d/CentOS-*.repo
-+RUN sed -i s/^#\s*baseurl=http/baseurl=http/ /etc/yum.repos.d/CentOS-*.repo
-+RUN sed -i s/^mirrorlist=http/#mirrorlist=http/ /etc/yum.repos.d/CentOS-*.repo
-+
- RUN yum update -y && \
-     yum install -y rpm-build python-devel make git
- 
--- 
-2.47.0
-

SOURCES/0010-kernelcmdlineconfig-Add-Report-to-produces-tuple.patch

@@ -1,35 +0,0 @@
-From b997e4eeb835809d1fbfd1a0b9a6114c133bf0b4 Mon Sep 17 00:00:00 2001
-From: Matej Matuska <mmatuska@redhat.com>
-Date: Thu, 10 Oct 2024 15:28:48 +0200
-Subject: [PATCH 10/40] kernelcmdlineconfig: Add Report to produces tuple
-
-The missing `leapp.reporting.Report` class is added to
-kernelcmdlineconfig actor `produces` tuple.
----
- .../system_upgrade/common/actors/kernelcmdlineconfig/actor.py  | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/repos/system_upgrade/common/actors/kernelcmdlineconfig/actor.py b/repos/system_upgrade/common/actors/kernelcmdlineconfig/actor.py
-index b44fd835..3585a14e 100644
---- a/repos/system_upgrade/common/actors/kernelcmdlineconfig/actor.py
-+++ b/repos/system_upgrade/common/actors/kernelcmdlineconfig/actor.py
-@@ -4,6 +4,7 @@ from leapp.actors import Actor
- from leapp.exceptions import StopActorExecutionError
- from leapp.libraries.actor import kernelcmdlineconfig
- from leapp.models import FirmwareFacts, InstalledTargetKernelInfo, KernelCmdlineArg, TargetKernelCmdlineArgTasks
-+from leapp.reporting import Report
- from leapp.tags import FinalizationPhaseTag, IPUWorkflowTag
- 
- 
-@@ -14,7 +15,7 @@ class KernelCmdlineConfig(Actor):
- 
-     name = 'kernelcmdlineconfig'
-     consumes = (KernelCmdlineArg, InstalledTargetKernelInfo, FirmwareFacts, TargetKernelCmdlineArgTasks)
--    produces = ()
-+    produces = (Report,)
-     tags = (FinalizationPhaseTag, IPUWorkflowTag)
- 
-     def process(self):
--- 
-2.47.0
-

SOURCES/0011-kernelcmdlineconfig-Use-args-from-first-entry-when-m.patch

@@ -1,204 +0,0 @@
-From c2c96affa7b20c82969419ce49b65cbf646a0c32 Mon Sep 17 00:00:00 2001
-From: Matej Matuska <mmatuska@redhat.com>
-Date: Fri, 18 Oct 2024 12:43:19 +0200
-Subject: [PATCH 11/40] kernelcmdlineconfig: Use args from first entry when
- multiple entries are listed
-
-Instead of erroring out when grubby lists multiple entries for the
-default kernel, always use the `args=` and `root=` from the first one and create
-a post-upgrade report. The report instruct user to ensure those are the
-correct ones or to correct them.
-
-This can happen, for example, if MAKEDEBUG=yes is set in
-/etc/sysconfing/kernel.
-
-Jira: RHEL-46911
----
- .../libraries/kernelcmdlineconfig.py          | 79 ++++++++++++++++---
- .../tests/test_kernelcmdlineconfig.py         | 48 ++++++++++-
- 2 files changed, 116 insertions(+), 11 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py b/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
-index 6b261c3b..19c50f3c 100644
---- a/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
-+++ b/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
-@@ -109,10 +109,55 @@ def _extract_grubby_value(record):
-     return matches.group(2)
- 
- 
-+def report_multple_entries_for_default_kernel():
-+    if use_cmdline_file():
-+        report_hint = (
-+            'After the system has been rebooted into the new version of RHEL,'
-+            ' check that configured default kernel cmdline arguments in /etc/kernel/cmdline '
-+            ' are correct. In case that different arguments are expected, update the file as needed.'
-+        )
-+    else:
-+        report_hint = (
-+            'After the system has been rebooted into the new version of RHEL,'
-+            ' check that configured default kernel cmdline arguments are set as expected, using'
-+            ' the `grub2-editenv list` command. '
-+            ' If different default arguments are expected, update them using grub2-editenv.\n'
-+            ' For example, consider that current booted kernel has correct kernel cmdline'
-+            ' arguments and /proc/cmdline contains:\n\n'
-+            '    BOOT_IMAGE=(hd0,msdos1)/vmlinuz-4.18.0-425.3.1.el8.x86_64'
-+            ' root=/dev/mapper/rhel_ibm--root ro console=tty0'
-+            ' console=ttyS0,115200 rd_NO_PLYMOUTH\n\n'
-+            ' then run the following grub2-editenv command:\n\n'
-+            '    # grub2-editenv - set "kernelopts=root=/dev/mapper/rhel_ibm--root'
-+            ' ro console=tty0 console=ttyS0,115200 rd_NO_PLYMOUTH"'
-+        )
-+
-+    reporting.create_report([
-+        reporting.Title('Ensure that expected default kernel cmdline arguments are set'),
-+        reporting.Summary(
-+            'During the upgrade we needed to modify the kernel command line arguments.'
-+            ' However, multiple bootloader entries with different arguments were found for the default'
-+            ' kernel (perhaps MAKEDEBUG=yes is set in /etc/sysconfig/kernel).'
-+            ' Leapp used the arguments from the first found entry of the target kernel'
-+            ' and set it as the new default kernel cmdline arguments for kernels installed in the future.'
-+        ),
-+        reporting.Remediation(hint=report_hint),
-+        reporting.Severity(reporting.Severity.HIGH),
-+        reporting.Groups([
-+            reporting.Groups.BOOT,
-+            reporting.Groups.KERNEL,
-+            reporting.Groups.POST,
-+        ]),
-+        reporting.RelatedResource('file', '/etc/kernel/cmdline'),
-+    ])
-+
-+
- def retrieve_args_for_default_kernel(kernel_info):
-     # Copy the args for the default kernel to all kernels.
-     kernel_args = None
-     kernel_root = None
-+    detected_multiple_entries = False
-+
-     cmd = ['grubby', '--info', kernel_info.kernel_img_path]
-     output = stdlib.run(cmd, split=False)
-     for record in output['stdout'].splitlines():
-@@ -122,19 +167,30 @@ def retrieve_args_for_default_kernel(kernel_info):
-             temp_kernel_args = _extract_grubby_value(record)
- 
-             if kernel_args:
--                api.current_logger().warning('Grubby output is malformed:'
--                                             ' `args=` is listed more than once.')
-                 if kernel_args != temp_kernel_args:
--                    raise ReadOfKernelArgsError('Grubby listed `args=` multiple'
--                                                ' times with different values.')
--            kernel_args = _extract_grubby_value(record)
-+                    api.current_logger().warning(
-+                        'Grubby output listed `args=` multiple times with different values,'
-+                        ' continuing with the first result'
-+                    )
-+                    detected_multiple_entries = True
-+                else:
-+                    api.current_logger().warning('Grubby output listed `args=` more than once')
-+            else:
-+                kernel_args = temp_kernel_args
-         elif record.startswith('root='):
--            api.current_logger().warning('Grubby output is malformed:'
--                                         ' `root=` is listed more than once.')
-+            temp_kernel_root = _extract_grubby_value(record)
-+
-             if kernel_root:
--                raise ReadOfKernelArgsError('Grubby listed `root=` multiple'
--                                            ' times with different values')
--            kernel_root = _extract_grubby_value(record)
-+                if kernel_root != temp_kernel_root:
-+                    api.current_logger().warning(
-+                        'Grubby output listed `root=` multiple times with different values,'
-+                        ' continuing with the first result'
-+                    )
-+                    detected_multiple_entries = True
-+                else:
-+                    api.current_logger().warning('Grubby output listed `root=` more than once')
-+            else:
-+                kernel_root = temp_kernel_root
- 
-     if not kernel_args or not kernel_root:
-         raise ReadOfKernelArgsError(
-@@ -142,6 +198,9 @@ def retrieve_args_for_default_kernel(kernel_info):
-             ' kernels: root={}, args={}'.format(kernel_root, kernel_args)
-         )
- 
-+    if detected_multiple_entries:
-+        report_multple_entries_for_default_kernel()
-+
-     return kernel_root, kernel_args
- 
- 
-diff --git a/repos/system_upgrade/common/actors/kernelcmdlineconfig/tests/test_kernelcmdlineconfig.py b/repos/system_upgrade/common/actors/kernelcmdlineconfig/tests/test_kernelcmdlineconfig.py
-index ffe4b046..e5759a7b 100644
---- a/repos/system_upgrade/common/actors/kernelcmdlineconfig/tests/test_kernelcmdlineconfig.py
-+++ b/repos/system_upgrade/common/actors/kernelcmdlineconfig/tests/test_kernelcmdlineconfig.py
-@@ -4,11 +4,12 @@ from collections import namedtuple
- 
- import pytest
- 
-+from leapp import reporting
- from leapp.exceptions import StopActorExecutionError
- from leapp.libraries import stdlib
- from leapp.libraries.actor import kernelcmdlineconfig
- from leapp.libraries.common.config import architecture
--from leapp.libraries.common.testutils import CurrentActorMocked
-+from leapp.libraries.common.testutils import create_report_mocked, CurrentActorMocked
- from leapp.libraries.stdlib import api
- from leapp.models import InstalledTargetKernelInfo, KernelCmdlineArg, TargetKernelCmdlineArgTasks
- 
-@@ -183,6 +184,51 @@ def test_kernelcmdline_config_no_version(monkeypatch):
-     assert not mocked_run.commands
- 
- 
-+SECOND_KERNEL_ARGS = (
-+    'ro rootflags=subvol=root'
-+    ' resume=/dev/mapper/luks-2c0df999-81ec-4a35-a1f9-b93afee8c6ad'
-+    ' rd.luks.uuid=luks-90a6412f-c588-46ca-9118-5aca35943d25'
-+    ' rd.luks.uuid=luks-2c0df999-81ec-4a35-a1f9-b93afee8c6ad'
-+)
-+SECOND_KERNEL_ROOT = 'UUID=1aa15850-2685-418d-95a6-f7266a2de83b'
-+
-+
-+@pytest.mark.parametrize(
-+    'second_grubby_output',
-+    (
-+        TEMPLATE_GRUBBY_INFO_OUTPUT.format(SECOND_KERNEL_ARGS, SECOND_KERNEL_ROOT),
-+        TEMPLATE_GRUBBY_INFO_OUTPUT.format(SAMPLE_KERNEL_ARGS, SECOND_KERNEL_ROOT),
-+        TEMPLATE_GRUBBY_INFO_OUTPUT.format(SECOND_KERNEL_ARGS, SAMPLE_KERNEL_ROOT),
-+    )
-+)
-+def test_kernelcmdline_config_mutiple_args(monkeypatch, second_grubby_output):
-+    kernel_img_path = '/boot/vmlinuz-X'
-+    kernel_info = InstalledTargetKernelInfo(pkg_nevra=TARGET_KERNEL_NEVRA,
-+                                            uname_r='',
-+                                            kernel_img_path=kernel_img_path,
-+                                            initramfs_path='/boot/initramfs-X')
-+
-+    # For this test, we need to check we get the proper report if grubby --info
-+    # outputs multiple different `root=` or `args=`
-+    # and that the first ones are used
-+    grubby_info_output = "\n".join((SAMPLE_GRUBBY_INFO_OUTPUT, second_grubby_output))
-+
-+    mocked_run = MockedRun(
-+        outputs={" ".join(("grubby", "--info", kernel_img_path)): grubby_info_output,
-+                 }
-+    )
-+    monkeypatch.setattr(stdlib, 'run', mocked_run)
-+    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked())
-+    monkeypatch.setattr(reporting, "create_report", create_report_mocked())
-+
-+    root, args = kernelcmdlineconfig.retrieve_args_for_default_kernel(kernel_info)
-+    assert root == SAMPLE_KERNEL_ROOT
-+    assert args == SAMPLE_KERNEL_ARGS
-+    assert reporting.create_report.called == 1
-+    expected_title = 'Ensure that expected default kernel cmdline arguments are set'
-+    assert expected_title in reporting.create_report.report_fields['title']
-+
-+
- def test_kernelcmdline_config_malformed_args(monkeypatch):
-     kernel_img_path = '/boot/vmlinuz-X'
-     kernel_info = InstalledTargetKernelInfo(pkg_nevra=TARGET_KERNEL_NEVRA,
--- 
-2.47.0
-

SOURCES/0012-check_microarch-refactor-to-handle-possible-future-r.patch

@@ -1,216 +0,0 @@
-From 053137c50d1b060f9e6e6e45d82196b1045391b7 Mon Sep 17 00:00:00 2001
-From: mhecko <mhecko@redhat.com>
-Date: Thu, 4 Apr 2024 14:22:48 +0200
-Subject: [PATCH 12/40] check_microarch: refactor to handle possible future
- reqs
-
----
- .../actors/checkmicroarchitecture/actor.py    |  0
- .../libraries/checkmicroarchitecture.py       | 73 +++++++++++++++++++
- .../tests/test_checkmicroarchitecture.py      | 21 ++++--
- .../libraries/checkmicroarchitecture.py       | 46 ------------
- 4 files changed, 87 insertions(+), 53 deletions(-)
- rename repos/system_upgrade/{el8toel9 => common}/actors/checkmicroarchitecture/actor.py (100%)
- create mode 100644 repos/system_upgrade/common/actors/checkmicroarchitecture/libraries/checkmicroarchitecture.py
- rename repos/system_upgrade/{el8toel9 => common}/actors/checkmicroarchitecture/tests/test_checkmicroarchitecture.py (79%)
- delete mode 100644 repos/system_upgrade/el8toel9/actors/checkmicroarchitecture/libraries/checkmicroarchitecture.py
-
-diff --git a/repos/system_upgrade/el8toel9/actors/checkmicroarchitecture/actor.py b/repos/system_upgrade/common/actors/checkmicroarchitecture/actor.py
-similarity index 100%
-rename from repos/system_upgrade/el8toel9/actors/checkmicroarchitecture/actor.py
-rename to repos/system_upgrade/common/actors/checkmicroarchitecture/actor.py
-diff --git a/repos/system_upgrade/common/actors/checkmicroarchitecture/libraries/checkmicroarchitecture.py b/repos/system_upgrade/common/actors/checkmicroarchitecture/libraries/checkmicroarchitecture.py
-new file mode 100644
-index 00000000..cc617203
---- /dev/null
-+++ b/repos/system_upgrade/common/actors/checkmicroarchitecture/libraries/checkmicroarchitecture.py
-@@ -0,0 +1,73 @@
-+from collections import namedtuple
-+
-+from leapp import reporting
-+from leapp.libraries.common.config.architecture import ARCH_X86_64, matches_architecture
-+from leapp.libraries.common.config.version import get_target_major_version
-+from leapp.libraries.stdlib import api
-+from leapp.models import CPUInfo
-+
-+X86_64_BASELINE_FLAGS = ['cmov', 'cx8', 'fpu', 'fxsr', 'mmx', 'syscall', 'sse', 'sse2']
-+X86_64_V2_FLAGS = ['cx16', 'lahf_lm', 'popcnt', 'pni', 'sse4_1', 'sse4_2', 'ssse3']
-+
-+MicroarchInfo = namedtuple('MicroarchInfo', ('required_flags', 'extra_report_fields', 'microarch_ver'))
-+
-+
-+def _inhibit_upgrade(missing_flags, target_rhel, microarch_ver, extra_report_fields=None):
-+    title = 'Current x86-64 microarchitecture is unsupported in {0}'.format(target_rhel)
-+    summary = ('{0} has a higher CPU requirement than older versions, it now requires a CPU '
-+               'compatible with {1} instruction set or higher.\n\n'
-+               'Missings flags detected are: {2}\n'.format(target_rhel, microarch_ver, ', '.join(missing_flags)))
-+
-+    report_fields = [
-+        reporting.Title(title),
-+        reporting.Summary(summary),
-+        reporting.Severity(reporting.Severity.HIGH),
-+        reporting.Groups([reporting.Groups.INHIBITOR]),
-+        reporting.Groups([reporting.Groups.SANITY]),
-+        reporting.Remediation(hint=('If case of using virtualization, virtualization platforms often allow '
-+                                    'configuring a minimum denominator CPU model for compatibility when migrating '
-+                                    'between different CPU models. Ensure that minimum requirements are not below '
-+                                    'that of {0}\n').format(target_rhel)),
-+    ]
-+
-+    if extra_report_fields:
-+        report_fields += extra_report_fields
-+
-+    reporting.create_report(report_fields)
-+
-+
-+def process():
-+    """
-+    Check whether the processor matches the required microarchitecture.
-+    """
-+
-+    if not matches_architecture(ARCH_X86_64):
-+        api.current_logger().info('Architecture not x86-64. Skipping microarchitecture test.')
-+        return
-+
-+    cpuinfo = next(api.consume(CPUInfo))
-+
-+    rhel9_microarch_article = reporting.ExternalLink(
-+        title='Building Red Hat Enterprise Linux 9 for the x86-64-v2 microarchitecture level',
-+        url='https://red.ht/rhel-9-intel-microarchitectures'
-+    )
-+
-+    rhel_major_to_microarch_reqs = {
-+        '9': MicroarchInfo(microarch_ver='x86-64-v2',
-+                           required_flags=(X86_64_BASELINE_FLAGS + X86_64_V2_FLAGS),
-+                           extra_report_fields=[rhel9_microarch_article]),
-+    }
-+
-+    microarch_info = rhel_major_to_microarch_reqs.get(get_target_major_version())
-+    if not microarch_info:
-+        api.current_logger().info('No known microarchitecture requirements are known for target RHEL%s.',
-+                                  get_target_major_version())
-+        return
-+
-+    missing_flags = [flag for flag in microarch_info.required_flags if flag not in cpuinfo.flags]
-+    api.current_logger().debug('Required flags missing: %s', missing_flags)
-+    if missing_flags:
-+        _inhibit_upgrade(missing_flags,
-+                         'RHEL{0}'.format(get_target_major_version()),
-+                         microarch_info.microarch_ver,
-+                         extra_report_fields=microarch_info.extra_report_fields)
-diff --git a/repos/system_upgrade/el8toel9/actors/checkmicroarchitecture/tests/test_checkmicroarchitecture.py b/repos/system_upgrade/common/actors/checkmicroarchitecture/tests/test_checkmicroarchitecture.py
-similarity index 79%
-rename from repos/system_upgrade/el8toel9/actors/checkmicroarchitecture/tests/test_checkmicroarchitecture.py
-rename to repos/system_upgrade/common/actors/checkmicroarchitecture/tests/test_checkmicroarchitecture.py
-index b7c850d9..b0624f2b 100644
---- a/repos/system_upgrade/el8toel9/actors/checkmicroarchitecture/tests/test_checkmicroarchitecture.py
-+++ b/repos/system_upgrade/common/actors/checkmicroarchitecture/tests/test_checkmicroarchitecture.py
-@@ -25,7 +25,13 @@ def test_not_x86_64_passes(monkeypatch, arch):
-     assert not reporting.create_report.called
- 
- 
--def test_valid_microarchitecture(monkeypatch):
-+@pytest.mark.parametrize(
-+    ('target_ver', 'cpu_flags'),
-+    [
-+        ('9.0', checkmicroarchitecture.X86_64_BASELINE_FLAGS + checkmicroarchitecture.X86_64_V2_FLAGS)
-+    ]
-+)
-+def test_valid_microarchitecture(monkeypatch, target_ver, cpu_flags):
-     """
-     Test no report is generated on a valid microarchitecture
-     """
-@@ -33,9 +39,8 @@ def test_valid_microarchitecture(monkeypatch):
-     monkeypatch.setattr(reporting, "create_report", create_report_mocked())
-     monkeypatch.setattr(api, 'current_logger', logger_mocked())
- 
--    required_flags = checkmicroarchitecture.X86_64_BASELINE_FLAGS + checkmicroarchitecture.X86_64_V2_FLAGS
--    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(arch=ARCH_X86_64,
--                                                                 msgs=[CPUInfo(flags=required_flags)]))
-+    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(arch=ARCH_X86_64, dst_ver=target_ver,
-+                                                                 msgs=[CPUInfo(flags=cpu_flags)]))
- 
-     checkmicroarchitecture.process()
- 
-@@ -43,14 +48,16 @@ def test_valid_microarchitecture(monkeypatch):
-     assert not reporting.create_report.called
- 
- 
--def test_invalid_microarchitecture(monkeypatch):
-+@pytest.mark.parametrize('target_ver', ['9.0'])
-+def test_invalid_microarchitecture(monkeypatch, target_ver):
-     """
-     Test report is generated on x86-64 architecture with invalid microarchitecture and the upgrade is inhibited
-     """
- 
-     monkeypatch.setattr(reporting, "create_report", create_report_mocked())
-     monkeypatch.setattr(api, 'current_logger', logger_mocked())
--    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(arch=ARCH_X86_64, msgs=[CPUInfo()]))
-+    monkeypatch.setattr(api, 'current_actor',
-+                        CurrentActorMocked(arch=ARCH_X86_64, msgs=[CPUInfo()], dst_ver=target_ver))
- 
-     checkmicroarchitecture.process()
- 
-@@ -60,6 +67,6 @@ def test_invalid_microarchitecture(monkeypatch):
-     assert 'Architecture not x86-64. Skipping microarchitecture test.' not in api.current_logger().infomsg
-     assert reporting.create_report.called == 1
-     assert 'microarchitecture is unsupported' in produced_title
--    assert 'RHEL9 has a higher CPU requirement' in produced_summary
-+    assert 'has a higher CPU requirement' in produced_summary
-     assert reporting.create_report.report_fields['severity'] == reporting.Severity.HIGH
-     assert is_inhibitor(reporting.create_report.report_fields)
-diff --git a/repos/system_upgrade/el8toel9/actors/checkmicroarchitecture/libraries/checkmicroarchitecture.py b/repos/system_upgrade/el8toel9/actors/checkmicroarchitecture/libraries/checkmicroarchitecture.py
-deleted file mode 100644
-index 9c083d7e..00000000
---- a/repos/system_upgrade/el8toel9/actors/checkmicroarchitecture/libraries/checkmicroarchitecture.py
-+++ /dev/null
-@@ -1,46 +0,0 @@
--from leapp import reporting
--from leapp.libraries.common.config.architecture import ARCH_X86_64, matches_architecture
--from leapp.libraries.stdlib import api
--from leapp.models import CPUInfo
--
--X86_64_BASELINE_FLAGS = ['cmov', 'cx8', 'fpu', 'fxsr', 'mmx', 'syscall', 'sse', 'sse2']
--X86_64_V2_FLAGS = ['cx16', 'lahf_lm', 'popcnt', 'pni', 'sse4_1', 'sse4_2', 'ssse3']
--
--
--def _inhibit_upgrade(missing_flags):
--    title = 'Current x86-64 microarchitecture is unsupported in RHEL9'
--    summary = ('RHEL9 has a higher CPU requirement than older versions, it now requires a CPU '
--               'compatible with x86-64-v2 instruction set or higher.\n\n'
--               'Missings flags detected are: {}\n'.format(', '.join(missing_flags)))
--
--    reporting.create_report([
--        reporting.Title(title),
--        reporting.Summary(summary),
--        reporting.ExternalLink(title='Building Red Hat Enterprise Linux 9 for the x86-64-v2 microarchitecture level',
--                               url='https://red.ht/rhel-9-intel-microarchitectures'),
--        reporting.Severity(reporting.Severity.HIGH),
--        reporting.Groups([reporting.Groups.INHIBITOR]),
--        reporting.Groups([reporting.Groups.SANITY]),
--        reporting.Remediation(hint=('If case of using virtualization, virtualization platforms often allow '
--                                    'configuring a minimum denominator CPU model for compatibility when migrating '
--                                    'between different CPU models. Ensure that minimum requirements are not below '
--                                    'that of RHEL9\n')),
--    ])
--
--
--def process():
--    """
--    Check whether the processor matches the required microarchitecture.
--    """
--
--    if not matches_architecture(ARCH_X86_64):
--        api.current_logger().info('Architecture not x86-64. Skipping microarchitecture test.')
--        return
--
--    cpuinfo = next(api.consume(CPUInfo))
--
--    required_flags = X86_64_BASELINE_FLAGS + X86_64_V2_FLAGS
--    missing_flags = [flag for flag in required_flags if flag not in cpuinfo.flags]
--    api.current_logger().debug('Required flags missing: %s', missing_flags)
--    if missing_flags:
--        _inhibit_upgrade(missing_flags)
--- 
-2.47.0
-

SOURCES/0013-check_microarch-add-rhel10-requirements.patch

@@ -1,133 +0,0 @@
-From d3ebc990ba65801fbed2aaf1dce8329698667d1c Mon Sep 17 00:00:00 2001
-From: Michal Hecko <mhecko@redhat.com>
-Date: Wed, 28 Aug 2024 12:18:40 +0200
-Subject: [PATCH 13/40] check_microarch: add rhel10 requirements
-
----
- .../actors/checkmicroarchitecture/actor.py    | 13 ++++++++++--
- .../libraries/checkmicroarchitecture.py       |  8 +++++--
- .../tests/test_checkmicroarchitecture.py      | 21 ++++++++++++++-----
- 3 files changed, 33 insertions(+), 9 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/checkmicroarchitecture/actor.py b/repos/system_upgrade/common/actors/checkmicroarchitecture/actor.py
-index 98ffea80..bb342f2f 100644
---- a/repos/system_upgrade/common/actors/checkmicroarchitecture/actor.py
-+++ b/repos/system_upgrade/common/actors/checkmicroarchitecture/actor.py
-@@ -17,7 +17,8 @@ class CheckMicroarchitecture(Actor):
-     levels.
- 
-     RHEL9 has a higher CPU requirement than older versions, it now requires a
--    CPU compatible with ``x86-64-v2`` instruction set or higher.
-+    CPU compatible with ``x86-64-v2`` instruction set or higher. Similarly,
-+    RHEL10 requires at least ``x86-64-v3`` instruction set.
- 
-     .. table:: Required CPU features by microarchitecure level with a
-                corresponding flag as shown by ``lscpu``.
-@@ -43,7 +44,15 @@ class CheckMicroarchitecture(Actor):
-         |            | SSE4_2      | sse4_2             |
-         |            | SSSE3       | ssse3              |
-         +------------+-------------+--------------------+
--        | ...        |             |                    |
-+        | x86-64-v3  | AVX         | avx                |
-+        |            | AVX2        | avx2               |
-+        |            | BMI1        | bmi1               |
-+        |            | BMI2        | bmi2               |
-+        |            | F16C        | f16c               |
-+        |            | FMA         | fma                |
-+        |            | LZCNT       | abm                |
-+        |            | MOVBE       | movbe              |
-+        |            | OSXSAVE     | xsave              |
-         +------------+-------------+--------------------+
- 
-     Note: To get the corresponding flag for the CPU feature consult the file
-diff --git a/repos/system_upgrade/common/actors/checkmicroarchitecture/libraries/checkmicroarchitecture.py b/repos/system_upgrade/common/actors/checkmicroarchitecture/libraries/checkmicroarchitecture.py
-index cc617203..94e85e3e 100644
---- a/repos/system_upgrade/common/actors/checkmicroarchitecture/libraries/checkmicroarchitecture.py
-+++ b/repos/system_upgrade/common/actors/checkmicroarchitecture/libraries/checkmicroarchitecture.py
-@@ -8,6 +8,7 @@ from leapp.models import CPUInfo
- 
- X86_64_BASELINE_FLAGS = ['cmov', 'cx8', 'fpu', 'fxsr', 'mmx', 'syscall', 'sse', 'sse2']
- X86_64_V2_FLAGS = ['cx16', 'lahf_lm', 'popcnt', 'pni', 'sse4_1', 'sse4_2', 'ssse3']
-+X86_64_V3_FLAGS = ['avx2', 'bmi1', 'bmi2', 'f16c', 'fma', 'abm', 'movbe', 'xsave']
- 
- MicroarchInfo = namedtuple('MicroarchInfo', ('required_flags', 'extra_report_fields', 'microarch_ver'))
- 
-@@ -16,7 +17,7 @@ def _inhibit_upgrade(missing_flags, target_rhel, microarch_ver, extra_report_fie
-     title = 'Current x86-64 microarchitecture is unsupported in {0}'.format(target_rhel)
-     summary = ('{0} has a higher CPU requirement than older versions, it now requires a CPU '
-                'compatible with {1} instruction set or higher.\n\n'
--               'Missings flags detected are: {2}\n'.format(target_rhel, microarch_ver, ', '.join(missing_flags)))
-+               'Missings flags detected are: {2}\n').format(target_rhel, microarch_ver, ', '.join(missing_flags))
- 
-     report_fields = [
-         reporting.Title(title),
-@@ -24,7 +25,7 @@ def _inhibit_upgrade(missing_flags, target_rhel, microarch_ver, extra_report_fie
-         reporting.Severity(reporting.Severity.HIGH),
-         reporting.Groups([reporting.Groups.INHIBITOR]),
-         reporting.Groups([reporting.Groups.SANITY]),
--        reporting.Remediation(hint=('If case of using virtualization, virtualization platforms often allow '
-+        reporting.Remediation(hint=('If a case of using virtualization, virtualization platforms often allow '
-                                     'configuring a minimum denominator CPU model for compatibility when migrating '
-                                     'between different CPU models. Ensure that minimum requirements are not below '
-                                     'that of {0}\n').format(target_rhel)),
-@@ -56,6 +57,9 @@ def process():
-         '9': MicroarchInfo(microarch_ver='x86-64-v2',
-                            required_flags=(X86_64_BASELINE_FLAGS + X86_64_V2_FLAGS),
-                            extra_report_fields=[rhel9_microarch_article]),
-+        '10': MicroarchInfo(microarch_ver='x86-64-v3',
-+                            required_flags=(X86_64_BASELINE_FLAGS + X86_64_V2_FLAGS + X86_64_V3_FLAGS),
-+                            extra_report_fields=[]),
-     }
- 
-     microarch_info = rhel_major_to_microarch_reqs.get(get_target_major_version())
-diff --git a/repos/system_upgrade/common/actors/checkmicroarchitecture/tests/test_checkmicroarchitecture.py b/repos/system_upgrade/common/actors/checkmicroarchitecture/tests/test_checkmicroarchitecture.py
-index b0624f2b..eeca8be0 100644
---- a/repos/system_upgrade/common/actors/checkmicroarchitecture/tests/test_checkmicroarchitecture.py
-+++ b/repos/system_upgrade/common/actors/checkmicroarchitecture/tests/test_checkmicroarchitecture.py
-@@ -25,10 +25,15 @@ def test_not_x86_64_passes(monkeypatch, arch):
-     assert not reporting.create_report.called
- 
- 
-+ENTIRE_V2_FLAG_SET = checkmicroarchitecture.X86_64_BASELINE_FLAGS + checkmicroarchitecture.X86_64_V2_FLAGS
-+ENTIRE_V3_FLAG_SET = ENTIRE_V2_FLAG_SET + checkmicroarchitecture.X86_64_V3_FLAGS
-+
-+
- @pytest.mark.parametrize(
-     ('target_ver', 'cpu_flags'),
-     [
--        ('9.0', checkmicroarchitecture.X86_64_BASELINE_FLAGS + checkmicroarchitecture.X86_64_V2_FLAGS)
-+        ('9.0', ENTIRE_V2_FLAG_SET),
-+        ('10.0', ENTIRE_V3_FLAG_SET)
-     ]
- )
- def test_valid_microarchitecture(monkeypatch, target_ver, cpu_flags):
-@@ -48,16 +53,22 @@ def test_valid_microarchitecture(monkeypatch, target_ver, cpu_flags):
-     assert not reporting.create_report.called
- 
- 
--@pytest.mark.parametrize('target_ver', ['9.0'])
--def test_invalid_microarchitecture(monkeypatch, target_ver):
-+@pytest.mark.parametrize(
-+    ('target_ver', 'cpu_flags'),
-+    (
-+        ('9.0', checkmicroarchitecture.X86_64_BASELINE_FLAGS),
-+        ('10.0', ENTIRE_V2_FLAG_SET),
-+    )
-+)
-+def test_invalid_microarchitecture(monkeypatch, target_ver, cpu_flags):
-     """
-     Test report is generated on x86-64 architecture with invalid microarchitecture and the upgrade is inhibited
-     """
--
-+    cpu_info = CPUInfo(flags=cpu_flags)
-     monkeypatch.setattr(reporting, "create_report", create_report_mocked())
-     monkeypatch.setattr(api, 'current_logger', logger_mocked())
-     monkeypatch.setattr(api, 'current_actor',
--                        CurrentActorMocked(arch=ARCH_X86_64, msgs=[CPUInfo()], dst_ver=target_ver))
-+                        CurrentActorMocked(arch=ARCH_X86_64, msgs=[cpu_info], dst_ver=target_ver))
- 
-     checkmicroarchitecture.process()
- 
--- 
-2.47.0
-

SOURCES/0014-Skip-checking-files-under-.-directory-hash-dir.patch

@@ -1,44 +0,0 @@
-From a14793892bafaad0802844cbb56be3be3220eb47 Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Wed, 25 Sep 2024 17:29:02 +0200
-Subject: [PATCH 14/40] Skip checking files under .../directory-hash/ dir
-
-* The main reason for this change is to improve performance and
-reduce flood of logs for the content that does not seem to be important
-to check for the upgrade process.
-
-The directory has been relatively recently added to ca-certificates
-rpm on EL 9+ systems mostly to improve performance of OpenSSL and
-the content does not seem to be important for the IPU process.
-The high number of files takes too much time to evaluate and causes
-flood of logs that are not important.
-
-This is updated solution that we drop originally: 60f500e59bb92
----
- .../targetuserspacecreator/libraries/userspacegen.py   | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py b/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
-index cd2d7d6e..d7698056 100644
---- a/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
-+++ b/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
-@@ -311,6 +311,16 @@ def _get_files_owned_by_rpms(context, dirpath, pkgs=None, recursive=False):
-     searchdir = context.full_path(dirpath)
-     if recursive:
-         for root, _, files in os.walk(searchdir):
-+            if '/directory-hash/' in root:
-+                # tl;dr; for the performance improvement
-+                # The directory has been relatively recently added to ca-certificates
-+                # rpm on EL 9+ systems and the content does not seem to be important
-+                # for the IPU process. Also, it contains high number of files and
-+                # their processing floods the output and slows down IPU.
-+                # So skipping it entirely.
-+                # This is updated solution that we drop originally: 60f500e59bb92
-+                api.current_logger().debug('SKIP files in the {} directory: Not important for the IPU.'.format(root))
-+                continue
-             for filename in files:
-                 relpath = os.path.relpath(os.path.join(root, filename), searchdir)
-                 file_list.append(relpath)
--- 
-2.47.0
-

SOURCES/0015-lib-overlay-cap-the-max-size-of-disk-images.patch

@@ -1,66 +0,0 @@
-From cef2825778eb63f95e13cf48b1683bc98c32c21b Mon Sep 17 00:00:00 2001
-From: Michal Hecko <mhecko@redhat.com>
-Date: Fri, 25 Oct 2024 16:33:38 +0200
-Subject: [PATCH 15/40] lib(overlay): cap the max size of disk images
-
-On systems with large disks (e.g. 16TB) with lots of free space, leapp
-might attemt to create files larger than the max file size of the
-underlying FS. Attempting to create such large files causes leapp
-to crash. This patch caps the max image size to 1TB, based on empirical
-evidence that more free space is not needed for the upgrade RPM
-transaction.
-
-Jira-ref: RHEL-57064
----
- .../common/libraries/overlaygen.py            | 28 +++++++++++++++++++
- 1 file changed, 28 insertions(+)
-
-diff --git a/repos/system_upgrade/common/libraries/overlaygen.py b/repos/system_upgrade/common/libraries/overlaygen.py
-index c1ac9ad3..867e3559 100644
---- a/repos/system_upgrade/common/libraries/overlaygen.py
-+++ b/repos/system_upgrade/common/libraries/overlaygen.py
-@@ -68,6 +68,27 @@ or close to that size, stay always with this minimal protected size defined by
- this constant.
- """
- 
-+_MAX_DISK_IMAGE_SIZE_MB = 2**20  # 1*TB
-+"""
-+Maximum size of the created (sparse) images.
-+
-+Defaults to 1TB. If a disk with capacity larger than _MAX_DISK_IMAGE_SIZE_MB
-+is mounted on the system, the corresponding image used to store overlay
-+modifications will be capped to _MAX_DISK_IMAGE_SIZE_MB.
-+
-+Engineering rationale:
-+   This constant was introduced to prevent leapp from creating files that are
-+   virtually larger than the maximum file size supported by the file system.
-+   E.g. if the source system hosts /var/lib/leapp on EXT4, then we cannot
-+   create a file larger than 16TB.
-+   We create these "disk images" to be able to verify the system has enough
-+   disk space to perform the RPM upgrade transaction. From our experience,
-+   we are not aware of any system which could have installed so much content
-+   by RPMs that we would need 1TB of the free space on a single FS. Therefore,
-+   we consider this value as safe while preventing us from exceeding FS
-+   limits.
-+"""
-+
- 
- MountPoints = namedtuple('MountPoints', ['fs_file', 'fs_vfstype'])
- 
-@@ -287,6 +308,13 @@ def _prepare_required_mounts(scratch_dir, mounts_dir, storage_info, scratch_rese
-         disk_size = _get_fspace(mountpoint, convert_to_mibs=True, coefficient=0.95)
-         if mountpoint == scratch_mp:
-             disk_size = scratch_disk_size
-+
-+        if disk_size > _MAX_DISK_IMAGE_SIZE_MB:
-+            msg = ('Image for overlayfs corresponding to the disk mounted at %s would ideally have %d MB, '
-+                   'but we truncate it to %d MB to avoid bumping to max file limits.')
-+            api.current_logger().info(msg, mountpoint, disk_size, _MAX_DISK_IMAGE_SIZE_MB)
-+            disk_size = _MAX_DISK_IMAGE_SIZE_MB
-+
-         image = _create_mount_disk_image(disk_images_directory, mountpoint, disk_size)
-         result[mountpoint] = mounting.LoopMount(
-             source=image,
--- 
-2.47.0
-

SOURCES/0016-Raise-proper-error-when-ModelViolationError-occurs.patch

@@ -1,168 +0,0 @@
-From ec078243771f8ef43853bd242175a612fe84f95b Mon Sep 17 00:00:00 2001
-From: tomasfratrik <tomasfratrik8@gmail.com>
-Date: Wed, 17 Jul 2024 12:12:50 +0200
-Subject: [PATCH 16/40] Raise proper error when ModelViolationError occurs
-
-This error occurs when repo file has invalid definition, specifically
-when the 'name' entry of the config files is invalid. Also add tests.
-
-Jira: RHEL-19249
----
- .../systemfacts/libraries/systemfacts.py      | 13 ++++++++-
- .../systemfacts/tests/test_systemfacts.py     | 24 ++++++++++++++++-
- .../common/libraries/repofileutils.py         | 17 +++++++++++-
- .../libraries/tests/test_repofileutils.py     | 27 +++++++++++++++++++
- 4 files changed, 78 insertions(+), 3 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py b/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py
-index d1eeb28c..f16cea1d 100644
---- a/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py
-+++ b/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py
-@@ -217,7 +217,18 @@ def get_sysctls_status():
- 
- def get_repositories_status():
-     """ Get a basic information about YUM repositories installed in the system """
--    return RepositoriesFacts(repositories=repofileutils.get_parsed_repofiles())
-+    try:
-+        return RepositoriesFacts(repositories=repofileutils.get_parsed_repofiles())
-+    except repofileutils.InvalidRepoDefinition as e:
-+        raise StopActorExecutionError(
-+            message=str(e),
-+            details={
-+                'hint': 'For more directions on how to resolve the issue, see: {url}.'
-+                        .format(
-+                            url='https://access.redhat.com/solutions/6969001'
-+                        )
-+            }
-+        )
- 
- 
- def get_selinux_status():
-diff --git a/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts.py b/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts.py
-index badf174c..5831b979 100644
---- a/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts.py
-+++ b/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts.py
-@@ -3,7 +3,16 @@ import pwd
- 
- import pytest
- 
--from leapp.libraries.actor.systemfacts import _get_system_groups, _get_system_users, anyendswith, anyhasprefix, aslist
-+from leapp.exceptions import StopActorExecutionError
-+from leapp.libraries.actor.systemfacts import (
-+    _get_system_groups,
-+    _get_system_users,
-+    anyendswith,
-+    anyhasprefix,
-+    aslist,
-+    get_repositories_status
-+)
-+from leapp.libraries.common import repofileutils
- from leapp.libraries.common.testutils import logger_mocked
- from leapp.libraries.stdlib import api
- from leapp.snactor.fixture import current_actor_libraries
-@@ -116,3 +125,16 @@ def test_get_system_groups(monkeypatch, etc_group_names, skipped_group_names):
-                 assert group_name not in api.current_logger().dbgmsg[0]
-     else:
-         assert not api.current_logger().dbgmsg
-+
-+
-+def test_failed_parsed_repofiles(monkeypatch):
-+    def _raise_invalidrepo_error():
-+        raise repofileutils.InvalidRepoDefinition(msg='mocked error',
-+                                                  repofile='/etc/yum.repos.d/mock.repo',
-+                                                  repoid='mocked repoid')
-+
-+    monkeypatch.setattr(repofileutils, 'get_parsed_repofiles', _raise_invalidrepo_error)
-+    monkeypatch.setattr(api, 'current_logger', logger_mocked())
-+
-+    with pytest.raises(StopActorExecutionError):
-+        get_repositories_status()
-diff --git a/repos/system_upgrade/common/libraries/repofileutils.py b/repos/system_upgrade/common/libraries/repofileutils.py
-index a563be52..cab3c42b 100644
---- a/repos/system_upgrade/common/libraries/repofileutils.py
-+++ b/repos/system_upgrade/common/libraries/repofileutils.py
-@@ -11,6 +11,16 @@ except ImportError:
-     api.current_logger().warning('repofileutils.py: failed to import dnf')
- 
- 
-+class InvalidRepoDefinition(Exception):
-+    """Raised when a repository definition is invalid."""
-+    def __init__(self, msg, repofile, repoid):
-+        message = 'Invalid repository definition: {repoid} in: {repofile}: {msg}'.format(
-+                    repoid=repoid, repofile=repofile, msg=msg)
-+        super(InvalidRepoDefinition, self).__init__(message)
-+        self.repofile = repofile
-+        self.repoid = repoid
-+
-+
- def _parse_repository(repoid, repo_data):
-     def asbool(x):
-         return x == '1'
-@@ -33,12 +43,17 @@ def parse_repofile(repofile):
-     :param repofile: Path to the repo file
-     :type repofile: str
-     :rtype: RepositoryFile
-+    :raises InvalidRepoDefinition: If the repository definition is invalid,
-+        this can for example occur if 'name' field in repository is missing or it is invalid.
-     """
-     data = []
-     with open(repofile, mode='r') as fp:
-         cp = utils.parse_config(fp, strict=False)
-         for repoid in cp.sections():
--            data.append(_parse_repository(repoid, dict(cp.items(repoid))))
-+            try:
-+                data.append(_parse_repository(repoid, dict(cp.items(repoid))))
-+            except fields.ModelViolationError as e:
-+                raise InvalidRepoDefinition(e, repofile=repofile, repoid=repoid)
-     return RepositoryFile(file=repofile, data=data)
- 
- 
-diff --git a/repos/system_upgrade/common/libraries/tests/test_repofileutils.py b/repos/system_upgrade/common/libraries/tests/test_repofileutils.py
-index 51cc1c11..42c7e49e 100644
---- a/repos/system_upgrade/common/libraries/tests/test_repofileutils.py
-+++ b/repos/system_upgrade/common/libraries/tests/test_repofileutils.py
-@@ -1,7 +1,10 @@
- import json
- import os
- 
-+import pytest
-+
- from leapp.libraries.common import repofileutils
-+from leapp.models.fields import ModelViolationError
- 
- CUR_DIR = os.path.dirname(os.path.abspath(__file__))
- 
-@@ -12,6 +15,30 @@ def test_invert_dict():
-     assert inv_dict == {'a': [1], 'b': [1, 2]}
- 
- 
-+@pytest.mark.parametrize(
-+    ('repoid', 'data'),
-+    (
-+        ('missing-name', {'baseurl': 'http://example.com', 'enabled': '1', 'gpgcheck': '1'}),
-+        (None, {'name': 'name', 'baseurl': 'http://example.com', 'enabled': '1', 'gpgcheck': '1'}),
-+        ('name-none', {'name': None, 'baseurl': 'http://example.com', 'enabled': '1', 'gpgcheck': '1'}),
-+        ('baseurl-true', {'name': 'valid', 'baseurl': True, 'enabled': '1', 'gpgcheck': '1'}),
-+    )
-+)
-+def test__parse_repository_missing_name(repoid, data):
-+    with pytest.raises(ModelViolationError):
-+        repofileutils._parse_repository(repoid, data)
-+
-+
-+def test_parse_repofile_error(monkeypatch):
-+    def _parse_repository_mocked(*args, **kwargs):
-+        raise ModelViolationError('')
-+
-+    monkeypatch.setattr(repofileutils, '_parse_repository', _parse_repository_mocked)
-+
-+    with pytest.raises(repofileutils.InvalidRepoDefinition):
-+        repofileutils.parse_repofile(os.path.join(CUR_DIR, 'sample_repos.txt'))
-+
-+
- def test_parse_repofile():
-     repofile = repofileutils.parse_repofile(os.path.join(CUR_DIR, 'sample_repos.txt'))
- 
--- 
-2.47.0
-

SOURCES/0017-InhibitWhenLuks-simplify-the-logic.patch

@@ -1,56 +0,0 @@
-From f84c6f808a821d3ccd09a4a8278cef9c09984a28 Mon Sep 17 00:00:00 2001
-From: Daniel Zatovic <daniel.zatovic@gmail.com>
-Date: Wed, 3 Apr 2024 23:25:06 +0200
-Subject: [PATCH 17/40] InhibitWhenLuks: simplify the logic
-
----
- .../common/actors/inhibitwhenluks/actor.py    | 35 +++++++------------
- 1 file changed, 13 insertions(+), 22 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/inhibitwhenluks/actor.py b/repos/system_upgrade/common/actors/inhibitwhenluks/actor.py
-index d3ff2d2e..40b845b0 100644
---- a/repos/system_upgrade/common/actors/inhibitwhenluks/actor.py
-+++ b/repos/system_upgrade/common/actors/inhibitwhenluks/actor.py
-@@ -24,26 +24,17 @@ class InhibitWhenLuks(Actor):
-             ceph_info = next(self.consume(CephInfo))
-             if ceph_info:
-                 ceph_vol = ceph_info.encrypted_volumes[:]
--                for storage_info in self.consume(StorageInfo):
--                    for blk in storage_info.lsblk:
--                        if blk.tp == 'crypt' and blk.name not in ceph_vol:
--                            create_report([
--                                reporting.Title('LUKS encrypted partition detected'),
--                                reporting.Summary('Upgrading system with encrypted partitions is not supported'),
--                                reporting.Severity(reporting.Severity.HIGH),
--                                reporting.Groups([reporting.Groups.BOOT, reporting.Groups.ENCRYPTION]),
--                                reporting.Groups([reporting.Groups.INHIBITOR]),
--                            ])
--                            break
-         except StopIteration:
--            for storage_info in self.consume(StorageInfo):
--                for blk in storage_info.lsblk:
--                    if blk.tp == 'crypt':
--                        create_report([
--                            reporting.Title('LUKS encrypted partition detected'),
--                            reporting.Summary('Upgrading system with encrypted partitions is not supported'),
--                            reporting.Severity(reporting.Severity.HIGH),
--                            reporting.Groups([reporting.Groups.BOOT, reporting.Groups.ENCRYPTION]),
--                            reporting.Groups([reporting.Groups.INHIBITOR]),
--                        ])
--                        break
-+            pass
-+
-+        for storage_info in self.consume(StorageInfo):
-+            for blk in storage_info.lsblk:
-+                if blk.tp == 'crypt' and blk.name not in ceph_vol:
-+                    create_report([
-+                        reporting.Title('LUKS encrypted partition detected'),
-+                        reporting.Summary('Upgrading system with encrypted partitions is not supported'),
-+                        reporting.Severity(reporting.Severity.HIGH),
-+                        reporting.Groups([reporting.Groups.BOOT, reporting.Groups.ENCRYPTION]),
-+                        reporting.Groups([reporting.Groups.INHIBITOR]),
-+                    ])
-+                    break
--- 
-2.47.0
-

SOURCES/0018-StorageScanner-Add-parent-device-name-to-lsblk.patch

@@ -1,271 +0,0 @@
-From 03fc6743b8916f23f6a213e3f0fc3020ee141b96 Mon Sep 17 00:00:00 2001
-From: Daniel Zatovic <daniel.zatovic@gmail.com>
-Date: Wed, 3 Apr 2024 23:42:45 +0200
-Subject: [PATCH 18/40] StorageScanner: Add parent device name to lsblk
-
-Modify the StorageInfo model to include path and name of the parent
-device. Use StorageScanner to collect this information.
-
-Morover fix lsblk test, there should be a full device path in "lsblk
--pbnr" output (just names were used in the original test).
----
- .../tests/test_inhibitwhenluks.py             | 12 +--
- .../libraries/storagescanner.py               | 29 +++++--
- .../tests/unit_test_storagescanner.py         | 78 +++++++++++++++----
- .../common/models/storageinfo.py              |  2 +
- .../tests/unit_test_vdoconversionscanner.py   |  4 +-
- 5 files changed, 95 insertions(+), 30 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/inhibitwhenluks/tests/test_inhibitwhenluks.py b/repos/system_upgrade/common/actors/inhibitwhenluks/tests/test_inhibitwhenluks.py
-index fee50f9d..405a3429 100644
---- a/repos/system_upgrade/common/actors/inhibitwhenluks/tests/test_inhibitwhenluks.py
-+++ b/repos/system_upgrade/common/actors/inhibitwhenluks/tests/test_inhibitwhenluks.py
-@@ -5,8 +5,8 @@ from leapp.utils.report import is_inhibitor
- 
- 
- def test_actor_with_luks(current_actor_context):
--    with_luks = [LsblkEntry(name='luks-132', kname='kname1', maj_min='253:0', rm='0',
--                            size='10G', bsize=10*(1 << 39), ro='0', tp='crypt', mountpoint='')]
-+    with_luks = [LsblkEntry(name='luks-132', kname='kname1', maj_min='253:0', rm='0', size='10G', bsize=10*(1 << 39),
-+                            ro='0', tp='crypt', mountpoint='', parent_name='', parent_path='')]
- 
-     current_actor_context.feed(StorageInfo(lsblk=with_luks))
-     current_actor_context.run()
-@@ -16,8 +16,8 @@ def test_actor_with_luks(current_actor_context):
- 
- 
- def test_actor_with_luks_ceph_only(current_actor_context):
--    with_luks = [LsblkEntry(name='luks-132', kname='kname1', maj_min='253:0', rm='0',
--                            size='10G', bsize=10*(1 << 39), ro='0', tp='crypt', mountpoint='')]
-+    with_luks = [LsblkEntry(name='luks-132', kname='kname1', maj_min='253:0', rm='0', size='10G', bsize=10*(1 << 39),
-+                            ro='0', tp='crypt', mountpoint='', parent_name='', parent_path='')]
-     ceph_volume = ['luks-132']
-     current_actor_context.feed(StorageInfo(lsblk=with_luks))
-     current_actor_context.feed(CephInfo(encrypted_volumes=ceph_volume))
-@@ -26,8 +26,8 @@ def test_actor_with_luks_ceph_only(current_actor_context):
- 
- 
- def test_actor_without_luks(current_actor_context):
--    without_luks = [LsblkEntry(name='sda1', kname='sda1', maj_min='8:0', rm='0',
--                               size='10G', bsize=10*(1 << 39), ro='0', tp='part', mountpoint='/boot')]
-+    without_luks = [LsblkEntry(name='sda1', kname='sda1', maj_min='8:0', rm='0', size='10G', bsize=10*(1 << 39),
-+                               ro='0', tp='part', mountpoint='/boot', parent_name='', parent_path='')]
- 
-     current_actor_context.feed(StorageInfo(lsblk=without_luks))
-     current_actor_context.run()
-diff --git a/repos/system_upgrade/common/actors/storagescanner/libraries/storagescanner.py b/repos/system_upgrade/common/actors/storagescanner/libraries/storagescanner.py
-index f15f0d87..cad6bd32 100644
---- a/repos/system_upgrade/common/actors/storagescanner/libraries/storagescanner.py
-+++ b/repos/system_upgrade/common/actors/storagescanner/libraries/storagescanner.py
-@@ -164,18 +164,31 @@ def _get_mount_info(path):
-             )
- 
- 
-+def _get_lsblk_info_for_devpath(dev_path):
-+    lsblk_cmd = ['lsblk', '-nr', '--output', 'NAME,KNAME,SIZE', dev_path]
-+    lsblk_info_for_devpath = next(_get_cmd_output(lsblk_cmd, ' ', 3), None)
-+
-+    return lsblk_info_for_devpath
-+
-+
- @aslist
- def _get_lsblk_info():
-     """ Collect storage info from lsblk command """
--    cmd = ['lsblk', '-pbnr', '--output', 'NAME,MAJ:MIN,RM,SIZE,RO,TYPE,MOUNTPOINT']
--    for entry in _get_cmd_output(cmd, ' ', 7):
--        dev_path, maj_min, rm, bsize, ro, tp, mountpoint = entry
--        lsblk_cmd = ['lsblk', '-nr', '--output', 'NAME,KNAME,SIZE', dev_path]
--        lsblk_info_for_devpath = next(_get_cmd_output(lsblk_cmd, ' ', 3), None)
-+    cmd = ['lsblk', '-pbnr', '--output', 'NAME,MAJ:MIN,RM,SIZE,RO,TYPE,MOUNTPOINT,PKNAME']
-+    for entry in _get_cmd_output(cmd, ' ', 8):
-+        dev_path, maj_min, rm, bsize, ro, tp, mountpoint, parent_path = entry
-+
-+        lsblk_info_for_devpath = _get_lsblk_info_for_devpath(dev_path)
-         if not lsblk_info_for_devpath:
-             return
--
-         name, kname, size = lsblk_info_for_devpath
-+
-+        parent_name = ""
-+        if parent_path:
-+            parent_info = _get_lsblk_info_for_devpath(parent_path)
-+            if parent_info:
-+                parent_name, _, _ = parent_info
-+
-         yield LsblkEntry(
-             name=name,
-             kname=kname,
-@@ -185,7 +198,9 @@ def _get_lsblk_info():
-             bsize=int(bsize),
-             ro=ro,
-             tp=tp,
--            mountpoint=mountpoint)
-+            mountpoint=mountpoint,
-+            parent_name=parent_name,
-+            parent_path=parent_path)
- 
- 
- @aslist
-diff --git a/repos/system_upgrade/common/actors/storagescanner/tests/unit_test_storagescanner.py b/repos/system_upgrade/common/actors/storagescanner/tests/unit_test_storagescanner.py
-index 4dc11ea4..456e40ec 100644
---- a/repos/system_upgrade/common/actors/storagescanner/tests/unit_test_storagescanner.py
-+++ b/repos/system_upgrade/common/actors/storagescanner/tests/unit_test_storagescanner.py
-@@ -255,13 +255,18 @@ def test_get_lsblk_info(monkeypatch):
-     bytes_per_gb = 1 << 30
- 
-     def get_cmd_output_mocked(cmd, delim, expected_len):
--        if cmd == ['lsblk', '-pbnr', '--output', 'NAME,MAJ:MIN,RM,SIZE,RO,TYPE,MOUNTPOINT']:
-+        if cmd == ['lsblk', '-pbnr', '--output', 'NAME,MAJ:MIN,RM,SIZE,RO,TYPE,MOUNTPOINT,PKNAME']:
-             output_lines_split_on_whitespace = [
--                ['vda', '252:0', '0', str(40 * bytes_per_gb), '0', 'disk', ''],
--                ['vda1', '252:1', '0', str(1 * bytes_per_gb), '0', 'part', '/boot'],
--                ['vda2', '252:2', '0', str(39 * bytes_per_gb), '0', 'part', ''],
--                ['rhel_ibm--p8--kvm--03--guest--02-root', '253:0', '0', str(38 * bytes_per_gb), '0', 'lvm', '/'],
--                ['rhel_ibm--p8--kvm--03--guest--02-swap', '253:1', '0', str(1 * bytes_per_gb), '0', 'lvm', '[SWAP]']
-+                ['/dev/vda', '252:0', '0', str(40 * bytes_per_gb), '0', 'disk', '', ''],
-+                ['/dev/vda1', '252:1', '0', str(1 * bytes_per_gb), '0', 'part', '/boot', ''],
-+                ['/dev/vda2', '252:2', '0', str(39 * bytes_per_gb), '0', 'part', '', ''],
-+                ['/dev/mapper/rhel_ibm--p8--kvm--03--guest--02-root', '253:0', '0', str(38 * bytes_per_gb), '0', 'lvm',
-+                    '/', ''],
-+                ['/dev/mapper/rhel_ibm--p8--kvm--03--guest--02-swap', '253:1', '0', str(1 * bytes_per_gb), '0', 'lvm',
-+                    '[SWAP]', ''],
-+                ['/dev/mapper/luks-01b60fff-a2a8-4c03-893f-056bfc3f06f6', '254:0', '0', str(38 * bytes_per_gb), '0',
-+                    'crypt', '', '/dev/nvme0n1p1'],
-+                ['/dev/nvme0n1p1', '259:1', '0', str(39 * bytes_per_gb), '0', 'part', '', '/dev/nvme0n1'],
-             ]
-             for output_line_parts in output_lines_split_on_whitespace:
-                 yield output_line_parts
-@@ -269,11 +274,17 @@ def test_get_lsblk_info(monkeypatch):
-             # We cannot have the output in a list, since the command is called per device. Therefore, we have to map
-             # each device path to its output.
-             output_lines_split_on_whitespace_per_device = {
--                'vda': ['vda', 'vda', '40G'],
--                'vda1': ['vda1', 'vda1', '1G'],
--                'vda2': ['vda2', 'vda2', '39G'],
--                'rhel_ibm--p8--kvm--03--guest--02-root': ['rhel_ibm--p8--kvm--03--guest--02-root', 'kname1', '38G'],
--                'rhel_ibm--p8--kvm--03--guest--02-swap': ['rhel_ibm--p8--kvm--03--guest--02-swap', 'kname2', '1G']
-+                '/dev/vda': ['vda', 'vda', '40G'],
-+                '/dev/vda1': ['vda1', 'vda1', '1G'],
-+                '/dev/vda2': ['vda2', 'vda2', '39G'],
-+                '/dev/mapper/rhel_ibm--p8--kvm--03--guest--02-root':
-+                    ['rhel_ibm--p8--kvm--03--guest--02-root', 'kname1', '38G'],
-+                '/dev/mapper/rhel_ibm--p8--kvm--03--guest--02-swap':
-+                    ['rhel_ibm--p8--kvm--03--guest--02-swap', 'kname2', '1G'],
-+                '/dev/mapper/luks-01b60fff-a2a8-4c03-893f-056bfc3f06f6':
-+                    ['luks-01b60fff-a2a8-4c03-893f-056bfc3f06f6', 'dm-0', '38G'],
-+                '/dev/nvme0n1p1': ['nvme0n1p1', 'nvme0n1p1', '39G'],
-+                '/dev/nvme0n1': ['nvme0n1', 'nvme0n1', '40G'],
-             }
-             dev_path = cmd[4]
-             if dev_path not in output_lines_split_on_whitespace_per_device:
-@@ -294,7 +305,9 @@ def test_get_lsblk_info(monkeypatch):
-             bsize=40 * bytes_per_gb,
-             ro='0',
-             tp='disk',
--            mountpoint=''),
-+            mountpoint='',
-+            parent_name='',
-+            parent_path=''),
-         LsblkEntry(
-             name='vda1',
-             kname='vda1',
-@@ -304,7 +317,9 @@ def test_get_lsblk_info(monkeypatch):
-             bsize=1 * bytes_per_gb,
-             ro='0',
-             tp='part',
--            mountpoint='/boot'),
-+            mountpoint='/boot',
-+            parent_name='',
-+            parent_path=''),
-         LsblkEntry(
-             name='vda2',
-             kname='vda2',
-@@ -314,7 +329,9 @@ def test_get_lsblk_info(monkeypatch):
-             bsize=39 * bytes_per_gb,
-             ro='0',
-             tp='part',
--            mountpoint=''),
-+            mountpoint='',
-+            parent_name='',
-+            parent_path=''),
-         LsblkEntry(
-             name='rhel_ibm--p8--kvm--03--guest--02-root',
-             kname='kname1',
-@@ -324,7 +341,9 @@ def test_get_lsblk_info(monkeypatch):
-             bsize=38 * bytes_per_gb,
-             ro='0',
-             tp='lvm',
--            mountpoint='/'),
-+            mountpoint='/',
-+            parent_name='',
-+            parent_path=''),
-         LsblkEntry(
-             name='rhel_ibm--p8--kvm--03--guest--02-swap',
-             kname='kname2',
-@@ -334,7 +353,34 @@ def test_get_lsblk_info(monkeypatch):
-             bsize=1 * bytes_per_gb,
-             ro='0',
-             tp='lvm',
--            mountpoint='[SWAP]')]
-+            mountpoint='[SWAP]',
-+            parent_name='',
-+            parent_path=''),
-+        LsblkEntry(
-+            name='luks-01b60fff-a2a8-4c03-893f-056bfc3f06f6',
-+            kname='dm-0',
-+            maj_min='254:0',
-+            rm='0',
-+            size='38G',
-+            bsize=38 * bytes_per_gb,
-+            ro='0',
-+            tp='crypt',
-+            mountpoint='',
-+            parent_name='nvme0n1p1',
-+            parent_path='/dev/nvme0n1p1'),
-+        LsblkEntry(
-+            name='nvme0n1p1',
-+            kname='nvme0n1p1',
-+            maj_min='259:1',
-+            rm='0',
-+            size='39G',
-+            bsize=39 * bytes_per_gb,
-+            ro='0',
-+            tp='part',
-+            mountpoint='',
-+            parent_name='nvme0n1',
-+            parent_path='/dev/nvme0n1'),
-+        ]
- 
-     actual = storagescanner._get_lsblk_info()
-     assert expected == actual
-diff --git a/repos/system_upgrade/common/models/storageinfo.py b/repos/system_upgrade/common/models/storageinfo.py
-index 5bb9caac..71e7459d 100644
---- a/repos/system_upgrade/common/models/storageinfo.py
-+++ b/repos/system_upgrade/common/models/storageinfo.py
-@@ -43,6 +43,8 @@ class LsblkEntry(Model):
-     ro = fields.String()
-     tp = fields.String()
-     mountpoint = fields.String()
-+    parent_name = fields.String()
-+    parent_path = fields.String()
- 
- 
- class PvsEntry(Model):
-diff --git a/repos/system_upgrade/el8toel9/actors/vdoconversionscanner/tests/unit_test_vdoconversionscanner.py b/repos/system_upgrade/el8toel9/actors/vdoconversionscanner/tests/unit_test_vdoconversionscanner.py
-index 0745c91d..4d6ef0dc 100644
---- a/repos/system_upgrade/el8toel9/actors/vdoconversionscanner/tests/unit_test_vdoconversionscanner.py
-+++ b/repos/system_upgrade/el8toel9/actors/vdoconversionscanner/tests/unit_test_vdoconversionscanner.py
-@@ -26,7 +26,9 @@ def _lsblk_entry(prefix, number, types, size='128G', bsize=2 ** 37):
-         bsize=bsize,
-         ro='0',
-         tp=types[random.randint(0, len(types) - 1)],
--        mountpoint='')
-+        mountpoint='',
-+        parent_name='',
-+        parent_path='')
- 
- 
- @aslist
--- 
-2.47.0
-

SOURCES/0020-InhibitWhenLuks-allow-upgrades-for-LUKS2-bound-to-Cl.patch

@@ -1,455 +0,0 @@
-From ad241f701b39a81d132105f1a301f2f5546f498a Mon Sep 17 00:00:00 2001
-From: Daniel Zatovic <daniel.zatovic@gmail.com>
-Date: Tue, 6 Aug 2024 17:26:58 +0200
-Subject: [PATCH 20/40] InhibitWhenLuks: allow upgrades for LUKS2 bound to
- Clevis TPM2 token
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-So far, upgrades with encrypted drives were not supported. Encrypted
-drives require interactively typing unlock passphrases, which is not
-suitable for automatic upgrades using Leapp. We add a feature, where
-systems with all drives configured with automatic unlock method can be
-upgraded.
-
-Currently, we only support drives configured with Clevis/TPM2 token,
-because networking is not configured during Leapp upgrade (excluding
-NBDE).
-
-We consume LuksDumps message to decide whether the upgrade process
-should be inhibited. If there is at least one LUKS2 device without
-Clevis TPM2 binding, we inhibit the upgrade because we cannot tell if
-the device is not a part of a more complex storage stack and the failure
-to unlock the device migt cause boot problem.
-
-Co-authored-by: Petr Stodůlka <pstodulk@redhat.com>
----
- .../common/actors/inhibitwhenluks/actor.py    |  38 ++--
- .../libraries/inhibitwhenluks.py              | 164 +++++++++++++++++
- .../tests/test_inhibitwhenluks.py             | 169 ++++++++++++++++--
- 3 files changed, 329 insertions(+), 42 deletions(-)
- create mode 100644 repos/system_upgrade/common/actors/inhibitwhenluks/libraries/inhibitwhenluks.py
-
-diff --git a/repos/system_upgrade/common/actors/inhibitwhenluks/actor.py b/repos/system_upgrade/common/actors/inhibitwhenluks/actor.py
-index 40b845b0..65607167 100644
---- a/repos/system_upgrade/common/actors/inhibitwhenluks/actor.py
-+++ b/repos/system_upgrade/common/actors/inhibitwhenluks/actor.py
-@@ -1,40 +1,24 @@
--from leapp import reporting
- from leapp.actors import Actor
--from leapp.models import CephInfo, StorageInfo
--from leapp.reporting import create_report, Report
-+from leapp.libraries.actor.inhibitwhenluks import check_invalid_luks_devices
-+from leapp.models import CephInfo, LuksDumps, StorageInfo, TargetUserSpaceUpgradeTasks, UpgradeInitramfsTasks
-+from leapp.reporting import Report
- from leapp.tags import ChecksPhaseTag, IPUWorkflowTag
- 
- 
- class InhibitWhenLuks(Actor):
-     """
--    Check if any encrypted partitions is in use. If yes, inhibit the upgrade process.
-+    Check if any encrypted partitions are in use and whether they are supported for the upgrade.
- 
--    Upgrading system with encrypted partition is not supported.
-+    Upgrading EL7 system with encrypted partition is not supported (but ceph OSDs).
-+    For EL8+ it's ok if the discovered used encrypted storage has LUKS2 format
-+    and it's bounded to clevis-tpm2 token (so it can be automatically unlocked
-+    during the process).
-     """
- 
-     name = 'check_luks_and_inhibit'
--    consumes = (StorageInfo, CephInfo)
--    produces = (Report,)
-+    consumes = (CephInfo, LuksDumps, StorageInfo)
-+    produces = (Report, TargetUserSpaceUpgradeTasks, UpgradeInitramfsTasks)
-     tags = (ChecksPhaseTag, IPUWorkflowTag)
- 
-     def process(self):
--        # If encrypted Ceph volumes present, check if there are more encrypted disk in lsblk than Ceph vol
--        ceph_vol = []
--        try:
--            ceph_info = next(self.consume(CephInfo))
--            if ceph_info:
--                ceph_vol = ceph_info.encrypted_volumes[:]
--        except StopIteration:
--            pass
--
--        for storage_info in self.consume(StorageInfo):
--            for blk in storage_info.lsblk:
--                if blk.tp == 'crypt' and blk.name not in ceph_vol:
--                    create_report([
--                        reporting.Title('LUKS encrypted partition detected'),
--                        reporting.Summary('Upgrading system with encrypted partitions is not supported'),
--                        reporting.Severity(reporting.Severity.HIGH),
--                        reporting.Groups([reporting.Groups.BOOT, reporting.Groups.ENCRYPTION]),
--                        reporting.Groups([reporting.Groups.INHIBITOR]),
--                    ])
--                    break
-+        check_invalid_luks_devices()
-diff --git a/repos/system_upgrade/common/actors/inhibitwhenluks/libraries/inhibitwhenluks.py b/repos/system_upgrade/common/actors/inhibitwhenluks/libraries/inhibitwhenluks.py
-new file mode 100644
-index 00000000..57a94e9d
---- /dev/null
-+++ b/repos/system_upgrade/common/actors/inhibitwhenluks/libraries/inhibitwhenluks.py
-@@ -0,0 +1,164 @@
-+from leapp import reporting
-+from leapp.libraries.common.config.version import get_source_major_version
-+from leapp.libraries.stdlib import api
-+from leapp.models import (
-+    CephInfo,
-+    DracutModule,
-+    LuksDumps,
-+    StorageInfo,
-+    TargetUserSpaceUpgradeTasks,
-+    UpgradeInitramfsTasks
-+)
-+from leapp.reporting import create_report
-+
-+# https://red.ht/clevis-tpm2-luks-auto-unlock-rhel8
-+# https://red.ht/clevis-tpm2-luks-auto-unlock-rhel9
-+# https://red.ht/convert-to-luks2-rhel8
-+# https://red.ht/convert-to-luks2-rhel9
-+CLEVIS_DOC_URL_FMT = 'https://red.ht/clevis-tpm2-luks-auto-unlock-rhel{}'
-+LUKS2_CONVERT_DOC_URL_FMT = 'https://red.ht/convert-to-luks2-rhel{}'
-+
-+FMT_LIST_SEPARATOR = '\n    - '
-+
-+
-+def _formatted_list_output(input_list, sep=FMT_LIST_SEPARATOR):
-+    return ['{}{}'.format(sep, item) for item in input_list]
-+
-+
-+def _at_least_one_tpm_token(luks_dump):
-+    return any([token.token_type == "clevis-tpm2" for token in luks_dump.tokens])
-+
-+
-+def _get_ceph_volumes():
-+    ceph_info = next(api.consume(CephInfo), None)
-+    return ceph_info.encrypted_volumes[:] if ceph_info else []
-+
-+
-+def apply_obsoleted_check_ipu_7_8():
-+    ceph_vol = _get_ceph_volumes()
-+    for storage_info in api.consume(StorageInfo):
-+        for blk in storage_info.lsblk:
-+            if blk.tp == 'crypt' and blk.name not in ceph_vol:
-+                create_report([
-+                    reporting.Title('LUKS encrypted partition detected'),
-+                    reporting.Summary('Upgrading system with encrypted partitions is not supported'),
-+                    reporting.Severity(reporting.Severity.HIGH),
-+                    reporting.Groups([reporting.Groups.BOOT, reporting.Groups.ENCRYPTION]),
-+                    reporting.Groups([reporting.Groups.INHIBITOR]),
-+                ])
-+                break
-+
-+
-+def report_inhibitor(luks1_partitions, no_tpm2_partitions):
-+    source_major_version = get_source_major_version()
-+    clevis_doc_url = CLEVIS_DOC_URL_FMT.format(source_major_version)
-+    luks2_convert_doc_url = LUKS2_CONVERT_DOC_URL_FMT.format(source_major_version)
-+    summary = (
-+        'We have detected LUKS encrypted volumes that do not meet current'
-+        ' criteria to be able to proceed the in-place upgrade process.'
-+        ' Right now the upgrade process requires for encrypted storage to be'
-+        ' in LUKS2 format configured with Clevis TPM 2.0.'
-+    )
-+
-+    report_hints = []
-+
-+    if luks1_partitions:
-+
-+        summary += (
-+            '\n\nSince RHEL 8 the default format for LUKS encryption is LUKS2.'
-+            ' Despite the old LUKS1 format is still supported on RHEL systems'
-+            ' it has some limitations in comparison to LUKS2.'
-+            ' Only the LUKS2 format is supported for upgrades.'
-+            ' The following LUKS1 partitions have been discovered on your system:{}'
-+            .format(''.join(_formatted_list_output(luks1_partitions)))
-+        )
-+        report_hints.append(reporting.Remediation(
-+            hint=(
-+                'Convert your LUKS1 encrypted devices to LUKS2 and bind it to TPM2 using clevis.'
-+                ' If this is not possible in your case consider clean installation'
-+                ' of the target RHEL system instead.'
-+            )
-+        ))
-+        report_hints.append(reporting.ExternalLink(
-+            url=luks2_convert_doc_url,
-+            title='LUKS versions in RHEL: Conversion'
-+        ))
-+
-+    if no_tpm2_partitions:
-+        summary += (
-+            '\n\nCurrently we require the process to be non-interactive and'
-+            ' offline. For this reason we require automatic unlock of'
-+            ' encrypted devices during the upgrade process.'
-+            ' Currently we support automatic unlocking during the upgrade only'
-+            ' for volumes bound to Clevis TPM2 token.'
-+            ' The following LUKS2 devices without Clevis TPM2 token '
-+            ' have been discovered on your system: {}'
-+            .format(''.join(_formatted_list_output(no_tpm2_partitions)))
-+        )
-+
-+        report_hints.append(reporting.Remediation(
-+            hint=(
-+                'Add Clevis TPM2 binding to LUKS devices.'
-+                ' If some LUKS devices use still the old LUKS1 format, convert'
-+                ' them to LUKS2 prior to binding.'
-+            )
-+        ))
-+        report_hints.append(reporting.ExternalLink(
-+                url=clevis_doc_url,
-+                title='Configuring manual enrollment of LUKS-encrypted volumes by using a TPM 2.0 policy'
-+            )
-+        )
-+    create_report([
-+        reporting.Title('Detected LUKS devices unsuitable for in-place upgrade.'),
-+        reporting.Summary(summary),
-+        reporting.Severity(reporting.Severity.HIGH),
-+        reporting.Groups([reporting.Groups.BOOT, reporting.Groups.ENCRYPTION]),
-+        reporting.Groups([reporting.Groups.INHIBITOR]),
-+    ] + report_hints)
-+
-+
-+def check_invalid_luks_devices():
-+    if get_source_major_version() == '7':
-+        # NOTE: keeping unchanged behaviour for IPU 7 -> 8
-+        apply_obsoleted_check_ipu_7_8()
-+        return
-+
-+    luks_dumps = next(api.consume(LuksDumps), None)
-+    if not luks_dumps:
-+        api.current_logger().debug('No LUKS volumes detected. Skipping.')
-+        return
-+
-+    luks1_partitions = []
-+    no_tpm2_partitions = []
-+    ceph_vol = _get_ceph_volumes()
-+    for luks_dump in luks_dumps.dumps:
-+        # if the device is managed by ceph, don't inhibit
-+        if luks_dump.device_name in ceph_vol:
-+            api.current_logger().debug('Skipping LUKS CEPH volume: {}'.format(luks_dump.device_name))
-+            continue
-+
-+        if luks_dump.version == 1:
-+            luks1_partitions.append(luks_dump.device_name)
-+        elif luks_dump.version == 2 and not _at_least_one_tpm_token(luks_dump):
-+            no_tpm2_partitions.append(luks_dump.device_name)
-+
-+        if luks1_partitions or no_tpm2_partitions:
-+            report_inhibitor(luks1_partitions, no_tpm2_partitions)
-+        else:
-+            required_crypt_rpms = [
-+                'clevis',
-+                'clevis-dracut',
-+                'clevis-systemd',
-+                'clevis-udisks2',
-+                'clevis-luks',
-+                'cryptsetup',
-+                'tpm2-tss',
-+                'tpm2-tools',
-+                'tpm2-abrmd'
-+            ]
-+            api.produce(TargetUserSpaceUpgradeTasks(install_rpms=required_crypt_rpms))
-+            api.produce(UpgradeInitramfsTasks(include_dracut_modules=[
-+                    DracutModule(name='clevis'),
-+                    DracutModule(name='clevis-pin-tpm2')
-+                ])
-+            )
-diff --git a/repos/system_upgrade/common/actors/inhibitwhenluks/tests/test_inhibitwhenluks.py b/repos/system_upgrade/common/actors/inhibitwhenluks/tests/test_inhibitwhenluks.py
-index 405a3429..d559b54c 100644
---- a/repos/system_upgrade/common/actors/inhibitwhenluks/tests/test_inhibitwhenluks.py
-+++ b/repos/system_upgrade/common/actors/inhibitwhenluks/tests/test_inhibitwhenluks.py
-@@ -1,34 +1,173 @@
--from leapp.models import CephInfo, LsblkEntry, StorageInfo
-+"""
-+Unit tests for inhibitwhenluks actor
-+
-+Skip isort as it's kind of broken when mixing grid import and one line imports
-+
-+isort:skip_file
-+"""
-+
-+from leapp.libraries.common.config import version
-+from leapp.models import (
-+    CephInfo,
-+    LsblkEntry,
-+    LuksDump,
-+    LuksDumps,
-+    LuksToken,
-+    StorageInfo,
-+    TargetUserSpaceUpgradeTasks,
-+    UpgradeInitramfsTasks
-+)
- from leapp.reporting import Report
- from leapp.snactor.fixture import current_actor_context
- from leapp.utils.report import is_inhibitor
- 
-+_REPORT_TITLE_UNSUITABLE = 'Detected LUKS devices unsuitable for in-place upgrade.'
- 
--def test_actor_with_luks(current_actor_context):
--    with_luks = [LsblkEntry(name='luks-132', kname='kname1', maj_min='253:0', rm='0', size='10G', bsize=10*(1 << 39),
--                            ro='0', tp='crypt', mountpoint='', parent_name='', parent_path='')]
- 
--    current_actor_context.feed(StorageInfo(lsblk=with_luks))
-+def test_actor_with_luks1_notpm(monkeypatch, current_actor_context):
-+    monkeypatch.setattr(version, 'get_source_major_version', lambda: '8')
-+    luks_dump = LuksDump(
-+        version=1,
-+        uuid='dd09e6d4-b595-4f1c-80b8-fd47540e6464',
-+        device_path='/dev/sda',
-+        device_name='sda')
-+    current_actor_context.feed(LuksDumps(dumps=[luks_dump]))
-+    current_actor_context.feed(CephInfo(encrypted_volumes=[]))
-     current_actor_context.run()
-     assert current_actor_context.consume(Report)
-     report_fields = current_actor_context.consume(Report)[0].report
-     assert is_inhibitor(report_fields)
-+    assert not current_actor_context.consume(TargetUserSpaceUpgradeTasks)
-+    assert not current_actor_context.consume(UpgradeInitramfsTasks)
- 
-+    assert report_fields['title'] == _REPORT_TITLE_UNSUITABLE
-+    assert 'LUKS1 partitions have been discovered' in report_fields['summary']
-+    assert luks_dump.device_name in report_fields['summary']
- 
--def test_actor_with_luks_ceph_only(current_actor_context):
--    with_luks = [LsblkEntry(name='luks-132', kname='kname1', maj_min='253:0', rm='0', size='10G', bsize=10*(1 << 39),
--                            ro='0', tp='crypt', mountpoint='', parent_name='', parent_path='')]
--    ceph_volume = ['luks-132']
--    current_actor_context.feed(StorageInfo(lsblk=with_luks))
--    current_actor_context.feed(CephInfo(encrypted_volumes=ceph_volume))
-+
-+def test_actor_with_luks2_notpm(monkeypatch, current_actor_context):
-+    monkeypatch.setattr(version, 'get_source_major_version', lambda: '8')
-+    luks_dump = LuksDump(
-+        version=2,
-+        uuid='27b57c75-9adf-4744-ab04-9eb99726a301',
-+        device_path='/dev/sda',
-+        device_name='sda')
-+    current_actor_context.feed(LuksDumps(dumps=[luks_dump]))
-+    current_actor_context.feed(CephInfo(encrypted_volumes=[]))
-+    current_actor_context.run()
-+    assert current_actor_context.consume(Report)
-+    report_fields = current_actor_context.consume(Report)[0].report
-+    assert is_inhibitor(report_fields)
-+    assert not current_actor_context.consume(TargetUserSpaceUpgradeTasks)
-+    assert not current_actor_context.consume(UpgradeInitramfsTasks)
-+
-+    assert report_fields['title'] == _REPORT_TITLE_UNSUITABLE
-+    assert 'LUKS2 devices without Clevis TPM2 token' in report_fields['summary']
-+    assert luks_dump.device_name in report_fields['summary']
-+
-+
-+def test_actor_with_luks2_invalid_token(monkeypatch, current_actor_context):
-+    monkeypatch.setattr(version, 'get_source_major_version', lambda: '8')
-+    luks_dump = LuksDump(
-+        version=2,
-+        uuid='dc1dbe37-6644-4094-9839-8fc5dcbec0c6',
-+        device_path='/dev/sda',
-+        device_name='sda',
-+        tokens=[LuksToken(token_id=0, keyslot=1, token_type='clevis')])
-+    current_actor_context.feed(LuksDumps(dumps=[luks_dump]))
-+    current_actor_context.feed(CephInfo(encrypted_volumes=[]))
-+    current_actor_context.run()
-+    assert current_actor_context.consume(Report)
-+    report_fields = current_actor_context.consume(Report)[0].report
-+    assert is_inhibitor(report_fields)
-+
-+    assert report_fields['title'] == _REPORT_TITLE_UNSUITABLE
-+    assert 'LUKS2 devices without Clevis TPM2 token' in report_fields['summary']
-+    assert luks_dump.device_name in report_fields['summary']
-+    assert not current_actor_context.consume(TargetUserSpaceUpgradeTasks)
-+    assert not current_actor_context.consume(UpgradeInitramfsTasks)
-+
-+
-+def test_actor_with_luks2_clevis_tpm_token(monkeypatch, current_actor_context):
-+    monkeypatch.setattr(version, 'get_source_major_version', lambda: '8')
-+    luks_dump = LuksDump(
-+        version=2,
-+        uuid='83050bd9-61c6-4ff0-846f-bfd3ac9bfc67',
-+        device_path='/dev/sda',
-+        device_name='sda',
-+        tokens=[LuksToken(token_id=0, keyslot=1, token_type='clevis-tpm2')])
-+    current_actor_context.feed(LuksDumps(dumps=[luks_dump]))
-+    current_actor_context.feed(CephInfo(encrypted_volumes=[]))
-     current_actor_context.run()
-     assert not current_actor_context.consume(Report)
- 
-+    upgrade_tasks = current_actor_context.consume(TargetUserSpaceUpgradeTasks)
-+    assert len(upgrade_tasks) == 1
-+    assert set(upgrade_tasks[0].install_rpms) == set([
-+                'clevis',
-+                'clevis-dracut',
-+                'clevis-systemd',
-+                'clevis-udisks2',
-+                'clevis-luks',
-+                'cryptsetup',
-+                'tpm2-tss',
-+                'tpm2-tools',
-+                'tpm2-abrmd'
-+            ])
-+    assert current_actor_context.consume(UpgradeInitramfsTasks)
- 
--def test_actor_without_luks(current_actor_context):
--    without_luks = [LsblkEntry(name='sda1', kname='sda1', maj_min='8:0', rm='0', size='10G', bsize=10*(1 << 39),
--                               ro='0', tp='part', mountpoint='/boot', parent_name='', parent_path='')]
- 
--    current_actor_context.feed(StorageInfo(lsblk=without_luks))
-+def test_actor_with_luks2_ceph(monkeypatch, current_actor_context):
-+    monkeypatch.setattr(version, 'get_source_major_version', lambda: '8')
-+    ceph_volume = ['sda']
-+    current_actor_context.feed(CephInfo(encrypted_volumes=ceph_volume))
-+    luks_dump = LuksDump(
-+        version=2,
-+        uuid='0edb8c11-1a04-4abd-a12d-93433ee7b8d8',
-+        device_path='/dev/sda',
-+        device_name='sda',
-+        tokens=[LuksToken(token_id=0, keyslot=1, token_type='clevis')])
-+    current_actor_context.feed(LuksDumps(dumps=[luks_dump]))
-     current_actor_context.run()
-     assert not current_actor_context.consume(Report)
-+
-+    # make sure we don't needlessly include clevis packages, when there is no clevis token
-+    assert not current_actor_context.consume(TargetUserSpaceUpgradeTasks)
-+
-+
-+LSBLK_ENTRY = LsblkEntry(
-+    name="luks-whatever",
-+    kname="dm-0",
-+    maj_min="252:1",
-+    rm="0",
-+    size="1G",
-+    bsize=1073741824,
-+    ro="0",
-+    tp="crypt",
-+    mountpoint="/",
-+    parent_name="",
-+    parent_path=""
-+)
-+
-+
-+def test_inhibitor_on_el7(monkeypatch, current_actor_context):
-+    # NOTE(pstodulk): consider it good enough as el7 stuff is going to be removed
-+    # soon.
-+    monkeypatch.setattr(version, 'get_source_major_version', lambda: '7')
-+
-+    luks_dump = LuksDump(
-+        version=2,
-+        uuid='83050bd9-61c6-4ff0-846f-bfd3ac9bfc67',
-+        device_path='/dev/sda',
-+        device_name='sda',
-+        tokens=[LuksToken(token_id=0, keyslot=1, token_type='clevis-tpm2')])
-+    current_actor_context.feed(LuksDumps(dumps=[luks_dump]))
-+    current_actor_context.feed(CephInfo(encrypted_volumes=[]))
-+
-+    current_actor_context.feed(StorageInfo(lsblk=[LSBLK_ENTRY]))
-+    current_actor_context.run()
-+    assert current_actor_context.consume(Report)
-+
-+    report_fields = current_actor_context.consume(Report)[0].report
-+    assert is_inhibitor(report_fields)
-+    assert report_fields['title'] == 'LUKS encrypted partition detected'
--- 
-2.47.0
-

SOURCES/0021-Rename-inhibitwhenluks-actor-to-checkluks.patch

@@ -1,57 +0,0 @@
-From 8e5fe75e4ee76eb62eb51001c28f1f1443f0a563 Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Fri, 18 Oct 2024 07:13:42 +0200
-Subject: [PATCH 21/40] Rename inhibitwhenluks actor to checkluks
-
-The actor nowadays does more then just inhibiting the upgrade when
-LUKS is detected. Let's rename it to respect current behaviour.
----
- .../common/actors/{inhibitwhenluks => checkluks}/actor.py   | 6 +++---
- .../inhibitwhenluks.py => checkluks/libraries/checkluks.py} | 0
- .../tests/test_checkluks.py}                                | 0
- 3 files changed, 3 insertions(+), 3 deletions(-)
- rename repos/system_upgrade/common/actors/{inhibitwhenluks => checkluks}/actor.py (85%)
- rename repos/system_upgrade/common/actors/{inhibitwhenluks/libraries/inhibitwhenluks.py => checkluks/libraries/checkluks.py} (100%)
- rename repos/system_upgrade/common/actors/{inhibitwhenluks/tests/test_inhibitwhenluks.py => checkluks/tests/test_checkluks.py} (100%)
-
-diff --git a/repos/system_upgrade/common/actors/inhibitwhenluks/actor.py b/repos/system_upgrade/common/actors/checkluks/actor.py
-similarity index 85%
-rename from repos/system_upgrade/common/actors/inhibitwhenluks/actor.py
-rename to repos/system_upgrade/common/actors/checkluks/actor.py
-index 65607167..607fd040 100644
---- a/repos/system_upgrade/common/actors/inhibitwhenluks/actor.py
-+++ b/repos/system_upgrade/common/actors/checkluks/actor.py
-@@ -1,11 +1,11 @@
- from leapp.actors import Actor
--from leapp.libraries.actor.inhibitwhenluks import check_invalid_luks_devices
-+from leapp.libraries.actor.checkluks import check_invalid_luks_devices
- from leapp.models import CephInfo, LuksDumps, StorageInfo, TargetUserSpaceUpgradeTasks, UpgradeInitramfsTasks
- from leapp.reporting import Report
- from leapp.tags import ChecksPhaseTag, IPUWorkflowTag
- 
- 
--class InhibitWhenLuks(Actor):
-+class CheckLuks(Actor):
-     """
-     Check if any encrypted partitions are in use and whether they are supported for the upgrade.
- 
-@@ -15,7 +15,7 @@ class InhibitWhenLuks(Actor):
-     during the process).
-     """
- 
--    name = 'check_luks_and_inhibit'
-+    name = 'check_luks'
-     consumes = (CephInfo, LuksDumps, StorageInfo)
-     produces = (Report, TargetUserSpaceUpgradeTasks, UpgradeInitramfsTasks)
-     tags = (ChecksPhaseTag, IPUWorkflowTag)
-diff --git a/repos/system_upgrade/common/actors/inhibitwhenluks/libraries/inhibitwhenluks.py b/repos/system_upgrade/common/actors/checkluks/libraries/checkluks.py
-similarity index 100%
-rename from repos/system_upgrade/common/actors/inhibitwhenluks/libraries/inhibitwhenluks.py
-rename to repos/system_upgrade/common/actors/checkluks/libraries/checkluks.py
-diff --git a/repos/system_upgrade/common/actors/inhibitwhenluks/tests/test_inhibitwhenluks.py b/repos/system_upgrade/common/actors/checkluks/tests/test_checkluks.py
-similarity index 100%
-rename from repos/system_upgrade/common/actors/inhibitwhenluks/tests/test_inhibitwhenluks.py
-rename to repos/system_upgrade/common/actors/checkluks/tests/test_checkluks.py
--- 
-2.47.0
-

SOURCES/0022-Fix-IPU-being-blocked-by-resource-limitations.patch

@@ -1,172 +0,0 @@
-From 5e6d176ab685f2e85ac1aea9533b04d46f25e9b7 Mon Sep 17 00:00:00 2001
-From: tomasfratrik <tomasfratrik8@gmail.com>
-Date: Tue, 18 Jun 2024 10:22:35 +0200
-Subject: [PATCH 22/40] Fix IPU being blocked by resource limitations
-
-First resource limit is maximum number of open file descriptors limit,
-second one being limit for maximum writable file size. Plus add unit
-tests.
-
-Resolves: RHEL-26459 and RHEL-16881
----
- commands/command_utils.py            | 38 ++++++++++++++++++
- commands/preupgrade/__init__.py      |  2 +
- commands/tests/test_upgrade_paths.py | 60 ++++++++++++++++++++++++++++
- commands/upgrade/__init__.py         |  3 ++
- 4 files changed, 103 insertions(+)
-
-diff --git a/commands/command_utils.py b/commands/command_utils.py
-index 4f6f99eb..2810a542 100644
---- a/commands/command_utils.py
-+++ b/commands/command_utils.py
-@@ -1,6 +1,7 @@
- import json
- import os
- import re
-+import resource
- 
- from leapp.exceptions import CommandError
- from leapp.utils import path
-@@ -140,3 +141,40 @@ def vet_upgrade_path(args):
-                     flavor=flavor,
-                     choices=','.join(supported_target_versions)))
-     return (target_release, flavor)
-+
-+
-+def set_resource_limits():
-+    """
-+    Set resource limits for the maximum number of open file descriptors and the maximum writable file size.
-+
-+    :raises: `CommandError` if the resource limits cannot be set
-+    """
-+
-+    def set_resource_limit(resource_type, soft, hard):
-+        rtype_string = (
-+            'open file descriptors' if resource_type == resource.RLIMIT_NOFILE
-+            else 'writable file size' if resource_type == resource.RLIMIT_FSIZE
-+            else 'unknown resource'
-+        )
-+        try:
-+            resource.setrlimit(resource_type, (soft, hard))
-+        except ValueError as err:
-+            raise CommandError(
-+                'Failure occurred while attempting to set soft limit higher than the hard limit. '
-+                'Resource type: {}, error: {}'.format(rtype_string, err)
-+            )
-+        except OSError as err:
-+            raise CommandError(
-+                'Failed to set resource limit. Resource type: {}, error: {}'.format(rtype_string, err)
-+            )
-+
-+    soft_nofile, _ = resource.getrlimit(resource.RLIMIT_NOFILE)
-+    soft_fsize, _ = resource.getrlimit(resource.RLIMIT_FSIZE)
-+    nofile_limit = 1024*16
-+    fsize_limit = resource.RLIM_INFINITY
-+
-+    if soft_nofile < nofile_limit:
-+        set_resource_limit(resource.RLIMIT_NOFILE, nofile_limit, nofile_limit)
-+
-+    if soft_fsize != fsize_limit:
-+        set_resource_limit(resource.RLIMIT_FSIZE, fsize_limit, fsize_limit)
-diff --git a/commands/preupgrade/__init__.py b/commands/preupgrade/__init__.py
-index 5a89069f..a9fa40e0 100644
---- a/commands/preupgrade/__init__.py
-+++ b/commands/preupgrade/__init__.py
-@@ -59,6 +59,8 @@ def preupgrade(args, breadcrumbs):
-     except LeappError as exc:
-         raise CommandError(exc.message)
- 
-+    command_utils.set_resource_limits()
-+
-     workflow = repositories.lookup_workflow('IPUWorkflow')()
-     util.warn_if_unsupported(configuration)
-     util.process_whitelist_experimental(repositories, workflow, configuration, logger)
-diff --git a/commands/tests/test_upgrade_paths.py b/commands/tests/test_upgrade_paths.py
-index 53f081a5..f1312f66 100644
---- a/commands/tests/test_upgrade_paths.py
-+++ b/commands/tests/test_upgrade_paths.py
-@@ -1,3 +1,5 @@
-+import resource
-+
- import mock
- import pytest
- 
-@@ -50,3 +52,61 @@ def test_vet_upgrade_path(mock_open, monkeypatch):
-     monkeypatch.setenv('LEAPP_DEVEL_TARGET_RELEASE', '9.0')
-     args = mock.Mock(target='1.2')
-     assert command_utils.vet_upgrade_path(args) == ('9.0', 'default')
-+
-+
-+def _mock_getrlimit_factory(nofile_limits=(1024, 4096), fsize_limits=(1024, 4096)):
-+    """
-+    Factory function to create a mock `getrlimit` function with configurable return values.
-+    The default param values are lower than the expected values.
-+
-+    :param nofile_limits: Tuple representing (soft, hard) limits for `RLIMIT_NOFILE`
-+    :param fsize_limits: Tuple representing (soft, hard) limits for `RLIMIT_FSIZE`
-+    :return: A mock `getrlimit` function
-+    """
-+    def mock_getrlimit(resource_type):
-+        if resource_type == resource.RLIMIT_NOFILE:
-+            return nofile_limits
-+        if resource_type == resource.RLIMIT_FSIZE:
-+            return fsize_limits
-+        return (0, 0)
-+
-+    return mock_getrlimit
-+
-+
-+@pytest.mark.parametrize("nofile_limits, fsize_limits, expected_calls", [
-+    # Case where both limits need to be increased
-+    ((1024, 4096), (1024, 4096), [
-+        (resource.RLIMIT_NOFILE, (1024*16, 1024*16)),
-+        (resource.RLIMIT_FSIZE, (resource.RLIM_INFINITY, resource.RLIM_INFINITY))
-+    ]),
-+    # Case where neither limit needs to be changed
-+    ((1024*16, 1024*16), (resource.RLIM_INFINITY, resource.RLIM_INFINITY), [])
-+])
-+def test_set_resource_limits_increase(monkeypatch, nofile_limits, fsize_limits, expected_calls):
-+    setrlimit_called = []
-+
-+    def mock_setrlimit(resource_type, limits):
-+        setrlimit_called.append((resource_type, limits))
-+
-+    monkeypatch.setattr(resource, "getrlimit", _mock_getrlimit_factory(nofile_limits, fsize_limits))
-+    monkeypatch.setattr(resource, "setrlimit", mock_setrlimit)
-+
-+    command_utils.set_resource_limits()
-+
-+    assert setrlimit_called == expected_calls
-+
-+
-+@pytest.mark.parametrize("errortype, expected_message", [
-+    (OSError, "Failed to set resource limit"),
-+    (ValueError, "Failure occurred while attempting to set soft limit higher than the hard limit")
-+])
-+def test_set_resource_limits_exceptions(monkeypatch, errortype, expected_message):
-+    monkeypatch.setattr(resource, "getrlimit", _mock_getrlimit_factory())
-+
-+    def mock_setrlimit(*args, **kwargs):
-+        raise errortype("mocked error")
-+
-+    monkeypatch.setattr(resource, "setrlimit", mock_setrlimit)
-+
-+    with pytest.raises(CommandError, match=expected_message):
-+        command_utils.set_resource_limits()
-diff --git a/commands/upgrade/__init__.py b/commands/upgrade/__init__.py
-index 1e15b59c..c7487fde 100644
---- a/commands/upgrade/__init__.py
-+++ b/commands/upgrade/__init__.py
-@@ -89,6 +89,9 @@ def upgrade(args, breadcrumbs):
-         repositories = util.load_repositories()
-     except LeappError as exc:
-         raise CommandError(exc.message)
-+
-+    command_utils.set_resource_limits()
-+
-     workflow = repositories.lookup_workflow('IPUWorkflow')(auto_reboot=args.reboot)
-     util.process_whitelist_experimental(repositories, workflow, configuration, logger)
-     util.warn_if_unsupported(configuration)
--- 
-2.47.0
-

SOURCES/0023-feature-add-possibility-to-use-net.naming-scheme.patch

@@ -1,675 +0,0 @@
-From e1bdf2c02dd193cdd7a2da95e2a3cfa5e6e1e8b3 Mon Sep 17 00:00:00 2001
-From: mhecko <mhecko@redhat.com>
-Date: Mon, 29 Apr 2024 11:16:46 +0200
-Subject: [PATCH 23/40] feature: add possibility to use net.naming-scheme
-
-Leapp writes .link files to prevent interfaces being renamed
-after booting to post-upgrade system. This patch adds a less
-error-prone approach that uses net.naming-scheme kernel param.
-The naming-scheme tells udev what hardware properties to use
-when composing a device name. Moreover, possible values of this
-parameter are coarse-grained "profiles", that tell udev to
-behave as if it did on RHEL8.0.
-
-The functionality is enabled by setting LEAPP_USE_NET_NAMING_SCHEME
-environmental variable to 1. If the feature is enabled, the .link
-file generation is disabled. A kernel parameter `net.naming-scheme=`
-is added to the upgrade boot entry and the post-upgrade entry.
-The value of the parameter will be `rhel-<source_major>.0`. Note
-that the minor source version is *not used*. Using also source major
-version instead of 0 causes the device names to change slightly,
-so we use 0. Moreover, an extra RPM named `rhel-net-naming-sysattrs`
-is installed to the target system and target userspace container.
-The RPM provides definitions of the "profiles" for net.naming-scheme.
-
-The feature is available only for 8>9 and higher. Attempting to
-upgrade 7>8 with LEAPP_USE_NET_NAMING_SCHEME=1 will ignore
-the value of LEAPP_USE_NET_NAMING_SCHEME.
-
-Add a possibility to use the net.naming-scheme cmdline argument
-to make immutable network interface names during the upgrade.
-The feature can be used only for 8>9 upgrades and higher.
-To enable the feature, use LEAPP_USE_NET_NAMING_SCHEME=1.
-
-Jira-ref: RHEL-23473
----
- .../actors/addupgradebootentry/actor.py       | 10 +-
- .../libraries/addupgradebootentry.py          | 78 ++++++++++-----
- .../tests/unit_test_addupgradebootentry.py    | 47 ++++-----
- .../actors/kernelcmdlineconfig/actor.py       | 16 +++-
- .../libraries/kernelcmdlineconfig.py          | 12 ++-
- .../libraries/persistentnetnamesconfig.py     |  5 +-
- .../common/models/kernelcmdlineargs.py        | 21 ++++
- .../actors/emit_net_naming_scheme/actor.py    | 28 ++++++
- .../libraries/emit_net_naming.py              | 63 ++++++++++++
- .../tests/test_emit_net_naming_scheme.py      | 95 +++++++++++++++++++
- 10 files changed, 318 insertions(+), 57 deletions(-)
- create mode 100644 repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/actor.py
- create mode 100644 repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/libraries/emit_net_naming.py
- create mode 100644 repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/tests/test_emit_net_naming_scheme.py
-
-diff --git a/repos/system_upgrade/common/actors/addupgradebootentry/actor.py b/repos/system_upgrade/common/actors/addupgradebootentry/actor.py
-index f400ebf8..e4ecf39e 100644
---- a/repos/system_upgrade/common/actors/addupgradebootentry/actor.py
-+++ b/repos/system_upgrade/common/actors/addupgradebootentry/actor.py
-@@ -8,11 +8,13 @@ from leapp.models import (
-     FirmwareFacts,
-     GrubConfigError,
-     KernelCmdline,
-+    LateTargetKernelCmdlineArgTasks,
-     LiveImagePreparationInfo,
-     LiveModeArtifacts,
-     LiveModeConfig,
-     TargetKernelCmdlineArgTasks,
--    TransactionDryRun
-+    TransactionDryRun,
-+    UpgradeKernelCmdlineArgTasks
- )
- from leapp.tags import InterimPreparationPhaseTag, IPUWorkflowTag
- 
-@@ -33,9 +35,11 @@ class AddUpgradeBootEntry(Actor):
-         LiveModeArtifacts,
-         LiveModeConfig,
-         KernelCmdline,
--        TransactionDryRun
-+        TransactionDryRun,
-+        TargetKernelCmdlineArgTasks,
-+        UpgradeKernelCmdlineArgTasks
-     )
--    produces = (TargetKernelCmdlineArgTasks,)
-+    produces = (LateTargetKernelCmdlineArgTasks,)
-     tags = (IPUWorkflowTag, InterimPreparationPhaseTag)
- 
-     def process(self):
-diff --git a/repos/system_upgrade/common/actors/addupgradebootentry/libraries/addupgradebootentry.py b/repos/system_upgrade/common/actors/addupgradebootentry/libraries/addupgradebootentry.py
-index 553ffc35..b236e39b 100644
---- a/repos/system_upgrade/common/actors/addupgradebootentry/libraries/addupgradebootentry.py
-+++ b/repos/system_upgrade/common/actors/addupgradebootentry/libraries/addupgradebootentry.py
-@@ -9,14 +9,16 @@ from leapp.models import (
-     BootContent,
-     KernelCmdline,
-     KernelCmdlineArg,
-+    LateTargetKernelCmdlineArgTasks,
-     LiveImagePreparationInfo,
-     LiveModeArtifacts,
-     LiveModeConfig,
--    TargetKernelCmdlineArgTasks
-+    TargetKernelCmdlineArgTasks,
-+    UpgradeKernelCmdlineArgTasks
- )
- 
- 
--def collect_boot_args(livemode_enabled):
-+def collect_upgrade_kernel_args(livemode_enabled):
-     args = {
-         'enforcing': '0',
-         'rd.plymouth': '0',
-@@ -34,7 +36,10 @@ def collect_boot_args(livemode_enabled):
-         livemode_args = construct_cmdline_args_for_livemode()
-         args.update(livemode_args)
- 
--    return args
-+    upgrade_kernel_args = collect_set_of_kernel_args_from_msgs(UpgradeKernelCmdlineArgTasks, 'to_add')
-+    args.update(upgrade_kernel_args)
-+
-+    return set(args.items())
- 
- 
- def collect_undesired_args(livemode_enabled):
-@@ -43,11 +48,11 @@ def collect_undesired_args(livemode_enabled):
-         args = dict(zip(('ro', 'rhgb', 'quiet'), itertools.repeat(None)))
-         args['rd.lvm.lv'] = _get_rdlvm_arg_values()
- 
--    return args
-+    return set(args.items())
- 
- 
--def format_grubby_args_from_args_dict(args_dict):
--    """ Format the given args dictionary in a form required by grubby's --args. """
-+def format_grubby_args_from_args_set(args_dict):
-+    """ Format the given args set in a form required by grubby's --args. """
- 
-     def fmt_single_arg(arg_pair):
-         key, value = arg_pair
-@@ -65,7 +70,7 @@ def format_grubby_args_from_args_dict(args_dict):
-         else:
-             yield (key, value)  # Just a single (key, value) pair
- 
--    arg_sequence = itertools.chain(*(flatten_arguments(arg_pair) for arg_pair in args_dict.items()))
-+    arg_sequence = itertools.chain(*(flatten_arguments(arg_pair) for arg_pair in args_dict))
- 
-     # Sorting should be fine as only values can be None, but we cannot have a (key, None) and (key, value) in
-     # the dictionary at the same time.
-@@ -78,7 +83,7 @@ def format_grubby_args_from_args_dict(args_dict):
- def figure_out_commands_needed_to_add_entry(kernel_path, initramfs_path, args_to_add, args_to_remove):
-     boot_entry_modification_commands = []
- 
--    args_to_add_str = format_grubby_args_from_args_dict(args_to_add)
-+    args_to_add_str = format_grubby_args_from_args_set(args_to_add)
- 
-     create_entry_cmd = [
-         '/usr/sbin/grubby',
-@@ -93,7 +98,7 @@ def figure_out_commands_needed_to_add_entry(kernel_path, initramfs_path, args_to
- 
-     # We need to update root= param separately, since we cannot do it during --add-kernel with --copy-default.
-     # This is likely a bug in grubby.
--    root_param_value = args_to_add.get('root', None)
-+    root_param_value = dict(args_to_add).get('root', None)
-     if root_param_value:
-         enforce_root_param_for_the_entry_cmd = [
-             '/usr/sbin/grubby',
-@@ -103,7 +108,7 @@ def figure_out_commands_needed_to_add_entry(kernel_path, initramfs_path, args_to
-         boot_entry_modification_commands.append(enforce_root_param_for_the_entry_cmd)
- 
-     if args_to_remove:
--        args_to_remove_str = format_grubby_args_from_args_dict(args_to_remove)
-+        args_to_remove_str = format_grubby_args_from_args_set(args_to_remove)
-         remove_undesired_args_cmd = [
-             '/usr/sbin/grubby',
-             '--update-kernel', kernel_path,
-@@ -113,18 +118,55 @@ def figure_out_commands_needed_to_add_entry(kernel_path, initramfs_path, args_to
-     return boot_entry_modification_commands
- 
- 
-+def collect_set_of_kernel_args_from_msgs(msg_type, arg_list_field_name):
-+    cmdline_modification_msgs = api.consume(msg_type)
-+    lists_of_args_to_add = (getattr(msg, arg_list_field_name, []) for msg in cmdline_modification_msgs)
-+    args = itertools.chain(*lists_of_args_to_add)
-+    return set((arg.key, arg.value) for arg in args)
-+
-+
-+def emit_removal_of_args_meant_only_for_upgrade_kernel(added_upgrade_kernel_args):
-+    """
-+    Emit message requesting removal of upgrade kernel args that should not be on the target kernel.
-+
-+    Target kernel args are created by copying the args of the booted (upgrade) kernel. Therefore,
-+    we need to explicitly modify the target kernel cmdline, removing what should not have been copied.
-+    """
-+    target_args_to_add = collect_set_of_kernel_args_from_msgs(TargetKernelCmdlineArgTasks, 'to_add')
-+    actual_kernel_args = collect_set_of_kernel_args_from_msgs(KernelCmdline, 'parameters')
-+
-+    # actual_kernel_args should not be changed during upgrade, unless explicitly removed by
-+    # TargetKernelCmdlineArgTasks.to_remove, but that is handled by some other upgrade component. We just want
-+    # to make sure we remove what was not on the source system and that we don't overwrite args to be added to target.
-+    args_not_present_on_target_kernel = added_upgrade_kernel_args - actual_kernel_args - target_args_to_add
-+
-+    # We remove only what we've added and what will not be already removed by someone else.
-+    args_to_remove = [KernelCmdlineArg(key=arg[0], value=arg[1]) for arg in args_not_present_on_target_kernel]
-+
-+    if args_to_remove:
-+        msg = ('Following upgrade kernel args were added, but they should not be present '
-+               'on target cmdline: `%s`, requesting removal.')
-+        api.current_logger().info(msg, args_not_present_on_target_kernel)
-+        args_sorted = sorted(args_to_remove, key=lambda arg: arg.key)
-+        api.produce(LateTargetKernelCmdlineArgTasks(to_remove=args_sorted))
-+
-+
- def add_boot_entry(configs=None):
-     kernel_dst_path, initram_dst_path = get_boot_file_paths()
-+
-     _remove_old_upgrade_boot_entry(kernel_dst_path, configs=configs)
- 
-     livemode_enabled = next(api.consume(LiveImagePreparationInfo), None) is not None
- 
--    cmdline_args = collect_boot_args(livemode_enabled)
-+    # We have to keep the desired and unwanted args separate and modify cmline in two separate grubby calls. Merging
-+    # these sets and trying to execute only a single command would leave the unwanted cmdline args present  if they
-+    # are present on the original system.
-+    added_cmdline_args = collect_upgrade_kernel_args(livemode_enabled)
-     undesired_cmdline_args = collect_undesired_args(livemode_enabled)
- 
-     commands_to_run = figure_out_commands_needed_to_add_entry(kernel_dst_path,
-                                                               initram_dst_path,
--                                                              args_to_add=cmdline_args,
-+                                                              args_to_add=added_cmdline_args,
-                                                               args_to_remove=undesired_cmdline_args)
- 
-     def run_commands_adding_entry(extra_command_suffix=None):
-@@ -146,16 +188,8 @@ def add_boot_entry(configs=None):
-             # See https://bugzilla.redhat.com/show_bug.cgi?id=1764306
-             run(['/usr/sbin/zipl'])
- 
--        if 'debug' in cmdline_args:
--            # The kernelopts for target kernel are generated based on the cmdline used in the upgrade initramfs,
--            # therefore, if we enabled debug above, and the original system did not have the debug kernelopt, we
--            # need to explicitly remove it from the target os boot entry.
--            # NOTE(mhecko): This will also unconditionally remove debug kernelopt if the source system used it.
--            api.produce(TargetKernelCmdlineArgTasks(to_remove=[KernelCmdlineArg(key='debug')]))
--
--        # NOTE(mmatuska): This will remove the option even if the source system had it set.
--        # However enforcing=0 shouldn't be set persistently anyway.
--        api.produce(TargetKernelCmdlineArgTasks(to_remove=[KernelCmdlineArg(key='enforcing', value='0')]))
-+        effective_upgrade_kernel_args = added_cmdline_args - undesired_cmdline_args
-+        emit_removal_of_args_meant_only_for_upgrade_kernel(effective_upgrade_kernel_args)
- 
-     except CalledProcessError as e:
-         raise StopActorExecutionError(
-diff --git a/repos/system_upgrade/common/actors/addupgradebootentry/tests/unit_test_addupgradebootentry.py b/repos/system_upgrade/common/actors/addupgradebootentry/tests/unit_test_addupgradebootentry.py
-index c4f5232b..2f58ba9e 100644
---- a/repos/system_upgrade/common/actors/addupgradebootentry/tests/unit_test_addupgradebootentry.py
-+++ b/repos/system_upgrade/common/actors/addupgradebootentry/tests/unit_test_addupgradebootentry.py
-@@ -12,6 +12,7 @@ from leapp.models import (
-     BootContent,
-     KernelCmdline,
-     KernelCmdlineArg,
-+    LateTargetKernelCmdlineArgTasks,
-     LiveModeArtifacts,
-     LiveModeConfig,
-     TargetKernelCmdlineArgTasks
-@@ -82,8 +83,10 @@ def test_add_boot_entry(monkeypatch, run_args, arch):
-     assert addupgradebootentry.run.args[0] == run_args.args_remove
-     assert addupgradebootentry.run.args[1] == run_args.args_add
-     assert api.produce.model_instances == [
--        TargetKernelCmdlineArgTasks(to_remove=[KernelCmdlineArg(key='debug')]),
--        TargetKernelCmdlineArgTasks(to_remove=[KernelCmdlineArg(key='enforcing', value='0')])
-+        LateTargetKernelCmdlineArgTasks(to_remove=[KernelCmdlineArg(key='debug'),
-+                                                   KernelCmdlineArg(key='enforcing', value='0'),
-+                                                   KernelCmdlineArg(key='plymouth.enable', value='0'),
-+                                                   KernelCmdlineArg(key='rd.plymouth', value='0')])
-     ]
- 
-     if run_args.args_zipl:
-@@ -103,16 +106,16 @@ def test_debug_kernelopt_removal_task_production(monkeypatch, is_leapp_invoked_w
-                         CurrentActorMocked(envars={'LEAPP_DEBUG': str(int(is_leapp_invoked_with_debug))}))
- 
-     addupgradebootentry.add_boot_entry()
-+    assert len(api.produce.model_instances) == 1
- 
--    expected_produced_messages = []
--    if is_leapp_invoked_with_debug:
--        expected_produced_messages = [TargetKernelCmdlineArgTasks(to_remove=[KernelCmdlineArg(key='debug')])]
--
--    expected_produced_messages.append(
--        TargetKernelCmdlineArgTasks(to_remove=[KernelCmdlineArg(key='enforcing', value='0')])
--    )
-+    produced_msg = api.produce.model_instances[0]
-+    assert isinstance(produced_msg, LateTargetKernelCmdlineArgTasks)
- 
--    assert api.produce.model_instances == expected_produced_messages
-+    debug_kernel_cmline_arg = KernelCmdlineArg(key='debug')
-+    if is_leapp_invoked_with_debug:
-+        assert debug_kernel_cmline_arg in produced_msg.to_remove
-+    else:
-+        assert debug_kernel_cmline_arg not in produced_msg.to_remove
- 
- 
- def test_add_boot_entry_configs(monkeypatch):
-@@ -132,8 +135,10 @@ def test_add_boot_entry_configs(monkeypatch):
-     assert addupgradebootentry.run.args[2] == run_args_add + ['-c', CONFIGS[0]]
-     assert addupgradebootentry.run.args[3] == run_args_add + ['-c', CONFIGS[1]]
-     assert api.produce.model_instances == [
--        TargetKernelCmdlineArgTasks(to_remove=[KernelCmdlineArg(key='debug')]),
--        TargetKernelCmdlineArgTasks(to_remove=[KernelCmdlineArg(key='enforcing', value='0')]),
-+        LateTargetKernelCmdlineArgTasks(to_remove=[KernelCmdlineArg(key='debug'),
-+                                                   KernelCmdlineArg(key='enforcing', value='0'),
-+                                                   KernelCmdlineArg(key='plymouth.enable', value='0'),
-+                                                   KernelCmdlineArg(key='rd.plymouth', value='0')])
-     ]
- 
- 
-@@ -183,7 +188,7 @@ def test_fix_grub_config_error(monkeypatch, error_type, test_file_name):
-         (False, False),
-     )
- )
--def test_collect_boot_args(monkeypatch, is_debug_enabled, network_enablement_type):
-+def test_collect_upgrade_kernel_args(monkeypatch, is_debug_enabled, network_enablement_type):
-     env_vars = {'LEAPP_DEBUG': str(int(is_debug_enabled))}
-     if network_enablement_type:
-         env_vars['LEAPP_DEVEL_INITRAM_NETWORK'] = network_enablement_type
-@@ -192,7 +197,8 @@ def test_collect_boot_args(monkeypatch, is_debug_enabled, network_enablement_typ
-     monkeypatch.setattr(addupgradebootentry, 'construct_cmdline_args_for_livemode',
-                         lambda *args: {'livemodearg': 'value'})
- 
--    args = addupgradebootentry.collect_boot_args(livemode_enabled=True)
-+    arg_set = addupgradebootentry.collect_upgrade_kernel_args(livemode_enabled=True)
-+    args = dict(arg_set)
- 
-     assert args['enforcing'] == '0'
-     assert args['rd.plymouth'] == '0'
-@@ -320,16 +326,3 @@ def test_get_device_uuid(monkeypatch):
-     uuid = addupgradebootentry._get_device_uuid(path)
- 
-     assert uuid == 'MY_UUID1'
--
--
--@pytest.mark.parametrize(
--    ('args', 'expected_result'),
--    (
--        ([('argA', 'val'), ('argB', 'valB'), ('argC', None), ], 'argA=val argB=valB argC'),
--        ([('argA', ('val1', 'val2'))], 'argA=val1 argA=val2')
--    )
--)
--def test_format_grubby_args_from_args_dict(args, expected_result):
--    actual_result = addupgradebootentry.format_grubby_args_from_args_dict(dict(args))
--
--    assert actual_result == expected_result
-diff --git a/repos/system_upgrade/common/actors/kernelcmdlineconfig/actor.py b/repos/system_upgrade/common/actors/kernelcmdlineconfig/actor.py
-index 3585a14e..6d5f39dd 100644
---- a/repos/system_upgrade/common/actors/kernelcmdlineconfig/actor.py
-+++ b/repos/system_upgrade/common/actors/kernelcmdlineconfig/actor.py
-@@ -3,7 +3,13 @@ import os
- from leapp.actors import Actor
- from leapp.exceptions import StopActorExecutionError
- from leapp.libraries.actor import kernelcmdlineconfig
--from leapp.models import FirmwareFacts, InstalledTargetKernelInfo, KernelCmdlineArg, TargetKernelCmdlineArgTasks
-+from leapp.models import (
-+    FirmwareFacts,
-+    InstalledTargetKernelInfo,
-+    KernelCmdlineArg,
-+    LateTargetKernelCmdlineArgTasks,
-+    TargetKernelCmdlineArgTasks
-+)
- from leapp.reporting import Report
- from leapp.tags import FinalizationPhaseTag, IPUWorkflowTag
- 
-@@ -14,7 +20,13 @@ class KernelCmdlineConfig(Actor):
-     """
- 
-     name = 'kernelcmdlineconfig'
--    consumes = (KernelCmdlineArg, InstalledTargetKernelInfo, FirmwareFacts, TargetKernelCmdlineArgTasks)
-+    consumes = (
-+        KernelCmdlineArg,
-+        InstalledTargetKernelInfo,
-+        FirmwareFacts,
-+        LateTargetKernelCmdlineArgTasks,
-+        TargetKernelCmdlineArgTasks
-+    )
-     produces = (Report,)
-     tags = (FinalizationPhaseTag, IPUWorkflowTag)
- 
-diff --git a/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py b/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
-index 19c50f3c..98b8b95b 100644
---- a/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
-+++ b/repos/system_upgrade/common/actors/kernelcmdlineconfig/libraries/kernelcmdlineconfig.py
-@@ -1,3 +1,4 @@
-+import itertools
- import re
- 
- from leapp import reporting
-@@ -5,7 +6,12 @@ from leapp.exceptions import StopActorExecutionError
- from leapp.libraries import stdlib
- from leapp.libraries.common.config import architecture, version
- from leapp.libraries.stdlib import api
--from leapp.models import InstalledTargetKernelInfo, KernelCmdlineArg, TargetKernelCmdlineArgTasks
-+from leapp.models import (
-+    InstalledTargetKernelInfo,
-+    KernelCmdlineArg,
-+    LateTargetKernelCmdlineArgTasks,
-+    TargetKernelCmdlineArgTasks
-+)
- 
- KERNEL_CMDLINE_FILE = "/etc/kernel/cmdline"
- 
-@@ -71,7 +77,9 @@ def retrieve_arguments_to_modify():
-     kernelargs_msgs_to_add = list(api.consume(KernelCmdlineArg))
-     kernelargs_msgs_to_remove = []
- 
--    for target_kernel_arg_task in api.consume(TargetKernelCmdlineArgTasks):
-+    modification_msgs = itertools.chain(api.consume(TargetKernelCmdlineArgTasks),
-+                                        api.consume(LateTargetKernelCmdlineArgTasks))
-+    for target_kernel_arg_task in modification_msgs:
-         kernelargs_msgs_to_add.extend(target_kernel_arg_task.to_add)
-         kernelargs_msgs_to_remove.extend(target_kernel_arg_task.to_remove)
- 
-diff --git a/repos/system_upgrade/common/actors/persistentnetnamesconfig/libraries/persistentnetnamesconfig.py b/repos/system_upgrade/common/actors/persistentnetnamesconfig/libraries/persistentnetnamesconfig.py
-index dc5196ea..2f12742a 100644
---- a/repos/system_upgrade/common/actors/persistentnetnamesconfig/libraries/persistentnetnamesconfig.py
-+++ b/repos/system_upgrade/common/actors/persistentnetnamesconfig/libraries/persistentnetnamesconfig.py
-@@ -2,7 +2,7 @@ import errno
- import os
- import re
- 
--from leapp.libraries.common.config import get_env
-+from leapp.libraries.common.config import get_env, version
- from leapp.libraries.stdlib import api
- from leapp.models import (
-     InitrdIncludes,
-@@ -39,6 +39,9 @@ def generate_link_file(interface):
- 
- @suppress_deprecation(InitrdIncludes)
- def process():
-+    if get_env('LEAPP_USE_NET_NAMING_SCHEMES', '0') == '1' and version.get_target_major_version() != '8':
-+        api.current_logger().info('Skipping generation of .link files renaming NICs as LEAPP_USE_NET_NAMING_SCHEMES=1')
-+        return
- 
-     if get_env('LEAPP_NO_NETWORK_RENAMING', '0') == '1':
-         api.current_logger().info(
-diff --git a/repos/system_upgrade/common/models/kernelcmdlineargs.py b/repos/system_upgrade/common/models/kernelcmdlineargs.py
-index e3568a0a..fafd2853 100644
---- a/repos/system_upgrade/common/models/kernelcmdlineargs.py
-+++ b/repos/system_upgrade/common/models/kernelcmdlineargs.py
-@@ -24,6 +24,27 @@ class TargetKernelCmdlineArgTasks(Model):
-     to_remove = fields.List(fields.Model(KernelCmdlineArg), default=[])
- 
- 
-+class LateTargetKernelCmdlineArgTasks(Model):
-+    """
-+    Desired modifications of the target kernel args produced later in the upgrade process.
-+
-+    Defined to prevent loops in the actor dependency graph.
-+    """
-+    topic = SystemInfoTopic
-+
-+    to_add = fields.List(fields.Model(KernelCmdlineArg), default=[])
-+    to_remove = fields.List(fields.Model(KernelCmdlineArg), default=[])
-+
-+
-+class UpgradeKernelCmdlineArgTasks(Model):
-+    """
-+    Modifications of the upgrade kernel cmdline.
-+    """
-+    topic = SystemInfoTopic
-+
-+    to_add = fields.List(fields.Model(KernelCmdlineArg), default=[])
-+
-+
- class KernelCmdline(Model):
-     """
-     Kernel command line parameters the system was booted with
-diff --git a/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/actor.py b/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/actor.py
-new file mode 100644
-index 00000000..769fe20b
---- /dev/null
-+++ b/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/actor.py
-@@ -0,0 +1,28 @@
-+from leapp.actors import Actor
-+from leapp.libraries.actor import emit_net_naming as emit_net_naming_lib
-+from leapp.models import (
-+    KernelCmdline,
-+    RpmTransactionTasks,
-+    TargetKernelCmdlineArgTasks,
-+    TargetUserSpaceUpgradeTasks,
-+    UpgradeKernelCmdlineArgTasks
-+)
-+from leapp.tags import ChecksPhaseTag, IPUWorkflowTag
-+
-+
-+class EmitNetNamingScheme(Actor):
-+    """
-+    Emit necessary modifications of the upgrade environment and target command line to use net.naming-scheme.
-+    """
-+    name = 'emit_net_naming_scheme'
-+    consumes = (KernelCmdline,)
-+    produces = (
-+        RpmTransactionTasks,
-+        TargetKernelCmdlineArgTasks,
-+        TargetUserSpaceUpgradeTasks,
-+        UpgradeKernelCmdlineArgTasks,
-+    )
-+    tags = (ChecksPhaseTag, IPUWorkflowTag)
-+
-+    def process(self):
-+        emit_net_naming_lib.emit_msgs_to_use_net_naming_schemes()
-diff --git a/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/libraries/emit_net_naming.py b/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/libraries/emit_net_naming.py
-new file mode 100644
-index 00000000..65abdd4d
---- /dev/null
-+++ b/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/libraries/emit_net_naming.py
-@@ -0,0 +1,63 @@
-+from leapp.exceptions import StopActorExecutionError
-+from leapp.libraries.common.config import get_env, version
-+from leapp.libraries.stdlib import api
-+from leapp.models import (
-+    KernelCmdline,
-+    KernelCmdlineArg,
-+    RpmTransactionTasks,
-+    TargetKernelCmdlineArgTasks,
-+    TargetUserSpaceUpgradeTasks,
-+    UpgradeKernelCmdlineArgTasks
-+)
-+
-+NET_NAMING_SYSATTRS_RPM_NAME = 'rhel-net-naming-sysattrs'
-+
-+
-+def is_net_scheme_compatible_with_current_cmdline():
-+    kernel_cmdline = next(api.consume(KernelCmdline), None)
-+    if not kernel_cmdline:
-+        # Super unlikely
-+        raise StopActorExecutionError('Did not receive any KernelCmdline messages.')
-+
-+    allows_predictable_names = True
-+    already_has_a_net_naming_scheme = False
-+    for param in kernel_cmdline.parameters:
-+        if param.key == 'net.ifnames':
-+            if param.value == '0':
-+                allows_predictable_names = False
-+            elif param.value == '1':
-+                allows_predictable_names = True
-+        if param.key == 'net.naming-scheme':
-+            # We assume that the kernel cmdline does not contain invalid entries, namely,
-+            # that the net.naming-scheme refers to a valid scheme.
-+            already_has_a_net_naming_scheme = True
-+
-+    is_compatible = allows_predictable_names and not already_has_a_net_naming_scheme
-+
-+    msg = ('Should net.naming-scheme be added to kernel cmdline: %s. '
-+           'Reason: allows_predictable_names=%s, already_has_a_net_naming_scheme=%s')
-+    api.current_logger().info(msg, 'yes' if is_compatible else 'no',
-+                              allows_predictable_names,
-+                              already_has_a_net_naming_scheme)
-+
-+    return is_compatible
-+
-+
-+def emit_msgs_to_use_net_naming_schemes():
-+    if get_env('LEAPP_USE_NET_NAMING_SCHEMES', '0') != '1' and version.get_target_major_version() != '8':
-+        return
-+
-+    # The package should be installed regardless of whether we will modify the cmdline -
-+    # if the cmdline already contains net.naming-scheme, then the package will be useful
-+    # in both, the upgrade environment and on the target system.
-+    pkgs_to_install = [NET_NAMING_SYSATTRS_RPM_NAME]
-+    api.produce(TargetUserSpaceUpgradeTasks(install_rpms=pkgs_to_install))
-+    api.produce(RpmTransactionTasks(to_install=pkgs_to_install))
-+
-+    if not is_net_scheme_compatible_with_current_cmdline():
-+        return
-+
-+    naming_scheme = 'rhel-{0}.0'.format(version.get_source_major_version())
-+    cmdline_args = [KernelCmdlineArg(key='net.naming-scheme', value=naming_scheme)]
-+    api.produce(UpgradeKernelCmdlineArgTasks(to_add=cmdline_args))
-+    api.produce(TargetKernelCmdlineArgTasks(to_add=cmdline_args))
-diff --git a/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/tests/test_emit_net_naming_scheme.py b/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/tests/test_emit_net_naming_scheme.py
-new file mode 100644
-index 00000000..7a5eeba5
---- /dev/null
-+++ b/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/tests/test_emit_net_naming_scheme.py
-@@ -0,0 +1,95 @@
-+import pytest
-+
-+from leapp.libraries.actor import emit_net_naming as emit_net_naming_lib
-+from leapp.libraries.common.testutils import CurrentActorMocked, produce_mocked
-+from leapp.libraries.stdlib import api
-+from leapp.models import (
-+    KernelCmdline,
-+    KernelCmdlineArg,
-+    RpmTransactionTasks,
-+    TargetKernelCmdlineArgTasks,
-+    TargetUserSpaceUpgradeTasks,
-+    UpgradeKernelCmdlineArgTasks
-+)
-+
-+
-+@pytest.mark.parametrize(
-+    ('kernel_args', 'should_be_compatible'),
-+    [
-+        ([KernelCmdlineArg(key='net.naming-scheme', value='rhel-8.10')], False),
-+        ([KernelCmdlineArg(key='net.ifnames', value='1')], True),
-+        ([KernelCmdlineArg(key='net.ifnames', value='0')], False),
-+        (
-+            [
-+                KernelCmdlineArg(key='net.naming-scheme', value='rhel-8.10'),
-+                KernelCmdlineArg(key='net.ifname', value='0'),
-+                KernelCmdlineArg(key='root', value='/dev/vda1')
-+            ],
-+            False
-+        ),
-+        ([KernelCmdlineArg(key='root', value='/dev/vda1')], True),
-+    ]
-+)
-+def test_is_net_scheme_compatible_with_current_cmdline(monkeypatch, kernel_args, should_be_compatible):
-+    kernel_cmdline = KernelCmdline(parameters=kernel_args)
-+
-+    def mocked_consume(msg_type):
-+        yield {KernelCmdline: kernel_cmdline}[msg_type]
-+
-+    monkeypatch.setattr(api, 'consume', mocked_consume)
-+
-+    assert emit_net_naming_lib.is_net_scheme_compatible_with_current_cmdline() == should_be_compatible, \
-+        [(arg.key, arg.value) for arg in kernel_cmdline.parameters]
-+
-+
-+@pytest.mark.parametrize(
-+    ('is_net_scheme_enabled', 'is_current_cmdline_compatible'),
-+    [
-+        (True, True),
-+        (True, False),
-+        (False, True)
-+    ]
-+)
-+def test_emit_msgs_to_use_net_naming_schemes(monkeypatch, is_net_scheme_enabled, is_current_cmdline_compatible):
-+    envvar_value = '1' if is_net_scheme_enabled else '0'
-+
-+    mocked_actor = CurrentActorMocked(src_ver='8.10',
-+                                      dst_ver='9.5',
-+                                      envars={'LEAPP_USE_NET_NAMING_SCHEMES': envvar_value})
-+    monkeypatch.setattr(api, 'current_actor', mocked_actor)
-+
-+    monkeypatch.setattr(api, 'produce', produce_mocked())
-+    monkeypatch.setattr(emit_net_naming_lib,
-+                        'is_net_scheme_compatible_with_current_cmdline',
-+                        lambda: is_current_cmdline_compatible)
-+
-+    emit_net_naming_lib.emit_msgs_to_use_net_naming_schemes()
-+
-+    def ensure_one_msg_of_type_produced(produced_messages, msg_type):
-+        msgs = (msg for msg in produced_messages if isinstance(msg, msg_type))
-+        msg = next(msgs)
-+        assert not next(msgs, None), 'More than one message of type {type} produced'.format(type=type)
-+        return msg
-+
-+    produced_messages = api.produce.model_instances
-+    if is_net_scheme_enabled:
-+        userspace_tasks = ensure_one_msg_of_type_produced(produced_messages, TargetUserSpaceUpgradeTasks)
-+        assert userspace_tasks.install_rpms == [emit_net_naming_lib.NET_NAMING_SYSATTRS_RPM_NAME]
-+
-+        rpm_tasks = ensure_one_msg_of_type_produced(produced_messages, RpmTransactionTasks)
-+        assert rpm_tasks.to_install == [emit_net_naming_lib.NET_NAMING_SYSATTRS_RPM_NAME]
-+    else:
-+        assert not api.produce.called
-+        return
-+
-+    upgrade_cmdline_mods = (msg for msg in produced_messages if isinstance(msg, UpgradeKernelCmdlineArgTasks))
-+    target_cmdline_mods = (msg for msg in produced_messages if isinstance(msg, TargetKernelCmdlineArgTasks))
-+
-+    if is_current_cmdline_compatible:
-+        # We should emit cmdline modifications - both UpgradeKernelCmdlineArgTasks and TargetKernelCmdlineArgTasks
-+        # should be produced
-+        assert next(upgrade_cmdline_mods, None)
-+        assert next(target_cmdline_mods, None)
-+    else:
-+        assert not next(upgrade_cmdline_mods, None)
-+        assert not next(target_cmdline_mods, None)
--- 
-2.47.0
-

SOURCES/0024-prevent-the-feature-for-being-used-outside-8-9.patch

@@ -1,26 +0,0 @@
-From b4b535454b74c05682ecf0d3059decbd2c9530e0 Mon Sep 17 00:00:00 2001
-From: Michal Hecko <mhecko@redhat.com>
-Date: Wed, 6 Nov 2024 22:23:37 +0100
-Subject: [PATCH 24/40] prevent the feature for being used outside 8>9
-
----
- .../libraries/persistentnetnamesconfig.py                      | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/repos/system_upgrade/common/actors/persistentnetnamesconfig/libraries/persistentnetnamesconfig.py b/repos/system_upgrade/common/actors/persistentnetnamesconfig/libraries/persistentnetnamesconfig.py
-index 2f12742a..b2c7f5ff 100644
---- a/repos/system_upgrade/common/actors/persistentnetnamesconfig/libraries/persistentnetnamesconfig.py
-+++ b/repos/system_upgrade/common/actors/persistentnetnamesconfig/libraries/persistentnetnamesconfig.py
-@@ -39,7 +39,8 @@ def generate_link_file(interface):
- 
- @suppress_deprecation(InitrdIncludes)
- def process():
--    if get_env('LEAPP_USE_NET_NAMING_SCHEMES', '0') == '1' and version.get_target_major_version() != '8':
-+    if get_env('LEAPP_USE_NET_NAMING_SCHEMES', '0') == '1' and version.get_target_major_version() == '9':
-+        # We can use this only for 8>9, for now
-         api.current_logger().info('Skipping generation of .link files renaming NICs as LEAPP_USE_NET_NAMING_SCHEMES=1')
-         return
- 
--- 
-2.47.0
-

SOURCES/0025-fix-condition-on-when-net-naming-is-emitted.patch

@@ -1,28 +0,0 @@
-From e43a8922e06d72212e8e2a8b51747c668147182c Mon Sep 17 00:00:00 2001
-From: Michal Hecko <mhecko@redhat.com>
-Date: Wed, 6 Nov 2024 22:26:01 +0100
-Subject: [PATCH 25/40] fix condition on when net naming is emitted
-
----
- .../emit_net_naming_scheme/libraries/emit_net_naming.py      | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/libraries/emit_net_naming.py b/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/libraries/emit_net_naming.py
-index 65abdd4d..726bb459 100644
---- a/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/libraries/emit_net_naming.py
-+++ b/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/libraries/emit_net_naming.py
-@@ -44,7 +44,10 @@ def is_net_scheme_compatible_with_current_cmdline():
- 
- 
- def emit_msgs_to_use_net_naming_schemes():
--    if get_env('LEAPP_USE_NET_NAMING_SCHEMES', '0') != '1' and version.get_target_major_version() != '8':
-+    is_env_var_set = get_env('LEAPP_USE_NET_NAMING_SCHEMES', '0') == '1'
-+    is_upgrade_8to9 = version.get_target_major_version() == '9'
-+    is_net_naming_enabled_and_permitted = is_env_var_set and is_upgrade_8to9
-+    if not is_net_naming_enabled_and_permitted:
-         return
- 
-     # The package should be installed regardless of whether we will modify the cmdline -
--- 
-2.47.0
-

SOURCES/0026-scangrubdevpartitionlayout-Skip-warning-msgs.patch

@@ -1,56 +0,0 @@
-From 0bf07d1546ccdc6d4a9e6f4936a98b4d6ca27789 Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Tue, 12 Nov 2024 09:10:50 +0100
-Subject: [PATCH 26/40] scangrubdevpartitionlayout: Skip warning msgs
-
-The fdisk output can contain warning msgs when a partition is not
-aligned on physical sector boundary, like:
-    Partition 4 does not start on physical sector boundary.
-We know that in case of MBR the line we expect to parse always
-starts with canonical path. So let's skip all lines which does
-not start with '/'.
-
-jira: https://issues.redhat.com/browse/RHEL-50947
----
- .../libraries/scan_layout.py                           | 10 ++++++++++
- .../tests/test_scan_partition_layout.py                |  3 +++
- 2 files changed, 13 insertions(+)
-
-diff --git a/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/libraries/scan_layout.py b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/libraries/scan_layout.py
-index 83d02656..7f4a2a59 100644
---- a/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/libraries/scan_layout.py
-+++ b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/libraries/scan_layout.py
-@@ -68,6 +68,16 @@ def get_partition_layout(device):
- 
-     partitions = []
-     for partition_line in table_iter:
-+        if not partition_line.startswith('/'):
-+            # the output can contain warning msg when a partition is not aligned
-+            # on physical sector boundary, like:
-+            # ~~~
-+            # Partition 4 does not start on physical sector boundary.
-+            # ~~~
-+            # We know that in case of MBR the line we expect to parse always
-+            # starts with canonical path. So let's use this condition.
-+            # See https://issues.redhat.com/browse/RHEL-50947
-+            continue
-         # Fields:               Device     Boot   Start      End  Sectors Size Id Type
-         # The line looks like: `/dev/vda1  *       2048  2099199  2097152   1G 83 Linux`
-         part_info = split_on_space_segments(partition_line)
-diff --git a/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/tests/test_scan_partition_layout.py b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/tests/test_scan_partition_layout.py
-index 743ca71f..9c32e16f 100644
---- a/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/tests/test_scan_partition_layout.py
-+++ b/repos/system_upgrade/el7toel8/actors/scangrubdevpartitionlayout/tests/test_scan_partition_layout.py
-@@ -49,6 +49,9 @@ def test_get_partition_layout(monkeypatch, devices, fs):
-             part_line = '{0}   *     {1}     2099199     1048576   83  {2}'.format(part.name, part.start_offset, fs)
-             fdisk_output.append(part_line)
- 
-+        # add a problematic warning msg to test:
-+        # https://issues.redhat.com/browse/RHEL-50947
-+        fdisk_output.append('Partition 3 does not start on physical sector boundary.')
-         device_to_fdisk_output[device.name] = fdisk_output
- 
-     def mocked_run(cmd, *args, **kwargs):
--- 
-2.47.0
-

SOURCES/0028-Add-el9toel10-actor-to-handle-symlink-directory-with.patch

@@ -1,115 +0,0 @@
-From 866a4b9f163c3aec31736ac0ce25f564fe016cb4 Mon Sep 17 00:00:00 2001
-From: Jarek Prokop <jprokop@redhat.com>
-Date: Tue, 5 Nov 2024 10:15:28 +0100
-Subject: [PATCH 28/40] Add el9toel10 actor to handle symlink -> directory with
- ruby IRB.
-
-The `/usr/share/ruby/irb` path is a symlink in RHEL 9,
-but a regular directory in RHEL 10.
-This puts us back in line with RHEL 8 and Fedora in terms of the
-path's file type regarding the rubygem-irb package.
-
-Since this was not handled on RPM level, handle it as actor again.
-This was copied and adjusted from same-named el8->el9 actor.
-
-We do not care about the validity or target of the symlink, we just
-remove it to allow DNF create the correct directory on upgrade.
-
-Without this workaround, the upgrade will fail in transaction test with
-reports of file conflicts on the directory path.
-
-Users should not expect to ever retain anything in this directory.
----
- .../actors/registerrubyirbadjustment/actor.py | 31 +++++++++++++++++++
- .../test_register_ruby_irb_adjustments.py     | 11 +++++++
- .../el9toel10/tools/handlerubyirbsymlink      | 22 +++++++++++++
- 3 files changed, 64 insertions(+)
- create mode 100644 repos/system_upgrade/el9toel10/actors/registerrubyirbadjustment/actor.py
- create mode 100644 repos/system_upgrade/el9toel10/actors/registerrubyirbadjustment/tests/test_register_ruby_irb_adjustments.py
- create mode 100755 repos/system_upgrade/el9toel10/tools/handlerubyirbsymlink
-
-diff --git a/repos/system_upgrade/el9toel10/actors/registerrubyirbadjustment/actor.py b/repos/system_upgrade/el9toel10/actors/registerrubyirbadjustment/actor.py
-new file mode 100644
-index 00000000..4fbec7ff
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/registerrubyirbadjustment/actor.py
-@@ -0,0 +1,31 @@
-+from leapp.actors import Actor
-+from leapp.models import DNFWorkaround
-+from leapp.tags import FactsPhaseTag, IPUWorkflowTag
-+
-+
-+class RegisterRubyIRBAdjustment(Actor):
-+    """
-+    Register a workaround to allow rubygem-irb's symlink -> directory conversion.
-+
-+    The /usr/share/ruby/irb has been moved from a symlink to a directory
-+    in RHEL 10 and this conversion was not handled on the RPM level.
-+    This leads to DNF reporting package file conflicts when a major upgrade
-+    is attempted and rubygem-irb is installed.
-+
-+    Register "handlerubyirbsymlink" script that removes the symlink prior
-+    to DNF upgrade and allows it to create the expected directory in place of
-+    the removed symlink.
-+    """
-+
-+    name = 'register_ruby_irb_adjustment'
-+    consumes = ()
-+    produces = (DNFWorkaround,)
-+    tags = (IPUWorkflowTag, FactsPhaseTag)
-+
-+    def process(self):
-+        self.produce(
-+            DNFWorkaround(
-+                display_name='IRB directory fix',
-+                script_path=self.get_tool_path('handlerubyirbsymlink'),
-+            )
-+        )
-diff --git a/repos/system_upgrade/el9toel10/actors/registerrubyirbadjustment/tests/test_register_ruby_irb_adjustments.py b/repos/system_upgrade/el9toel10/actors/registerrubyirbadjustment/tests/test_register_ruby_irb_adjustments.py
-new file mode 100644
-index 00000000..fc341646
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/actors/registerrubyirbadjustment/tests/test_register_ruby_irb_adjustments.py
-@@ -0,0 +1,11 @@
-+import os.path
-+
-+from leapp.models import DNFWorkaround
-+
-+
-+def test_register_ruby_irb_adjustments(current_actor_context):
-+    current_actor_context.run()
-+    assert len(current_actor_context.consume(DNFWorkaround)) == 1
-+    assert current_actor_context.consume(DNFWorkaround)[0].display_name == 'IRB directory fix'
-+    assert os.path.basename(current_actor_context.consume(DNFWorkaround)[0].script_path) == 'handlerubyirbsymlink'
-+    assert os.path.exists(current_actor_context.consume(DNFWorkaround)[0].script_path)
-diff --git a/repos/system_upgrade/el9toel10/tools/handlerubyirbsymlink b/repos/system_upgrade/el9toel10/tools/handlerubyirbsymlink
-new file mode 100755
-index 00000000..e9ac40fe
---- /dev/null
-+++ b/repos/system_upgrade/el9toel10/tools/handlerubyirbsymlink
-@@ -0,0 +1,22 @@
-+#!/usr/bin/bash -e
-+
-+# just in case of hidden files.. not sure why would someone do that, it's more
-+# like forgotten cache file possibility, but rather do that..
-+shopt -s dotglob
-+
-+handle_dir() {
-+    # Check that $1 is a symlink then unlink it so that RPM
-+    # can freely create the directory.
-+    if [ ! -L "$1" ]; then
-+        return
-+    fi
-+
-+    # There is no configuration or anything that the user should ever customize
-+    # and expect to retain.
-+    unlink "$1"
-+
-+    return 0
-+}
-+
-+
-+handle_dir /usr/share/ruby/irb
--- 
-2.47.0
-

SOURCES/0029-Expand-on-the-actor-docstring-for-the-el8-el9-rubyge.patch

@@ -1,40 +0,0 @@
-From 81a3297516fbbd120b0fb870de36f1a1b290dd21 Mon Sep 17 00:00:00 2001
-From: Jarek Prokop <jprokop@redhat.com>
-Date: Wed, 6 Nov 2024 15:21:14 +0100
-Subject: [PATCH 29/40] Expand on the actor docstring for the el8->el9
- rubygem-irb symlink fix.
-
-In RHEL 10, the directory is a regular directory again.
-
-The 2 actors are separate over creating a common solution for both.
-Expand in the docstring on the reason for the el8->el9 actor to
-differentiate them apart.
----
- .../actors/registerrubyirbadjustment/actor.py         | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/repos/system_upgrade/el8toel9/actors/registerrubyirbadjustment/actor.py b/repos/system_upgrade/el8toel9/actors/registerrubyirbadjustment/actor.py
-index ac4d1e6f..a33d8831 100644
---- a/repos/system_upgrade/el8toel9/actors/registerrubyirbadjustment/actor.py
-+++ b/repos/system_upgrade/el8toel9/actors/registerrubyirbadjustment/actor.py
-@@ -5,7 +5,16 @@ from leapp.tags import FactsPhaseTag, IPUWorkflowTag
- 
- class RegisterRubyIRBAdjustment(Actor):
-     """
--    Registers a workaround which will adjust the Ruby IRB directories during the upgrade.
-+    Register a workaround to allow rubygem-irb's directory -> symlink conversion.
-+
-+    The /usr/share/ruby/irb has been moved from a directory to a symlink
-+    in RHEL 9 and this conversion was not handled on RPM level.
-+    This leads to DNF reporting package file conflicts when a major upgrade
-+    is attempted and rubygem-irb (or ruby-irb) is installed.
-+
-+    Register "handlerubyirbsymlink" script that removes the directory prior
-+    to DNF upgrade and allows it to create the expected symlink in place of
-+    the removed directory.
-     """
- 
-     name = 'register_ruby_irb_adjustment'
--- 
-2.47.0
-

SOURCES/0031-Packaging-Require-leapp-framework-6.x-update-leapp-d.patch

@@ -1,56 +0,0 @@
-From 89afbe8cb41f874f32acddc1e1696132f3531677 Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Fri, 8 Nov 2024 17:40:01 +0100
-Subject: [PATCH 31/40] Packaging: Require leapp-framework 6.x + update leapp
- deps
-
-The leapp actors configuration feature is present since
-leapp-framework 6.0. Update the dependencies to ensure the correct
-version of the framework is installed on the system.
-
-Also, leapp requirements have been updated - requiring python3-PyYAML
-as it requires YAML parser, bumping leapp-framework-dependencies to 6.
-Address the change in leapp-deps metapackage to satisfy leapp
-dependencies during the upgrade process.
----
- packaging/leapp-repository.spec                | 2 +-
- packaging/other_specs/leapp-el7toel8-deps.spec | 3 ++-
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/packaging/leapp-repository.spec b/packaging/leapp-repository.spec
-index 0d63ba02..570d0df2 100644
---- a/packaging/leapp-repository.spec
-+++ b/packaging/leapp-repository.spec
-@@ -120,7 +120,7 @@ Requires:       leapp-repository-dependencies = %{leapp_repo_deps}
- 
- # IMPORTANT: this is capability provided by the leapp framework rpm.
- # Check that 'version' instead of the real framework rpm version.
--Requires:       leapp-framework >= 5.0, leapp-framework < 6
-+Requires:       leapp-framework >= 6.0, leapp-framework < 7
- 
- # Since we provide sub-commands for the leapp utility, we expect the leapp
- # tool to be installed as well.
-diff --git a/packaging/other_specs/leapp-el7toel8-deps.spec b/packaging/other_specs/leapp-el7toel8-deps.spec
-index d9e94faa..2c662a37 100644
---- a/packaging/other_specs/leapp-el7toel8-deps.spec
-+++ b/packaging/other_specs/leapp-el7toel8-deps.spec
-@@ -14,7 +14,7 @@
- 
- 
- %define leapp_repo_deps  10
--%define leapp_framework_deps 5
-+%define leapp_framework_deps 6
- 
- # NOTE: the Version contains the %{rhel} macro just for the convenience to
- # have always upgrade path between newer and older deps packages. So for
-@@ -112,6 +112,7 @@ Requires:   python3
- Requires:   python3-six
- Requires:   python3-setuptools
- Requires:   python3-requests
-+Requires:   python3-PyYAML
- 
- 
- %description -n %{ldname}
--- 
-2.47.0
-

SOURCES/0032-spec-create-etc-leapp-actor_conf.d.patch

@@ -1,48 +0,0 @@
-From 36b93e4a2504f72e5a371a75a23e7cd2c695b84b Mon Sep 17 00:00:00 2001
-From: Michal Hecko <mhecko@redhat.com>
-Date: Sun, 6 Oct 2024 21:01:13 +0200
-Subject: [PATCH 32/40] spec: create /etc/leapp/actor_conf.d
-
-Add additional build steps to the specfile that create the actor
-configuration directory. The directory is owned by the package, so
-it gets removed when the user uninstalls leapp.
-
-Also prepared some comment lines for future when we will want to
-include some configuration files as part of the rpm.
----
- etc/leapp/actor_conf.d/.gitkeep | 0
- packaging/leapp-repository.spec | 7 +++++++
- 2 files changed, 7 insertions(+)
- create mode 100644 etc/leapp/actor_conf.d/.gitkeep
-
-diff --git a/etc/leapp/actor_conf.d/.gitkeep b/etc/leapp/actor_conf.d/.gitkeep
-new file mode 100644
-index 00000000..e69de29b
-diff --git a/packaging/leapp-repository.spec b/packaging/leapp-repository.spec
-index 570d0df2..828355bf 100644
---- a/packaging/leapp-repository.spec
-+++ b/packaging/leapp-repository.spec
-@@ -250,6 +250,11 @@ install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/files/
- install -m 0644 etc/leapp/transaction/* %{buildroot}%{_sysconfdir}/leapp/transaction
- install -m 0644 etc/leapp/files/* %{buildroot}%{_sysconfdir}/leapp/files
- 
-+# Actor configuration dir
-+install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/actor_conf.d/
-+# uncomment to install existing configs
-+#install -m 0644 etc/leapp/actor_conf.d/* %%{buildroot}%%{_sysconfdir}/leapp/actor_conf.d
-+
- # install CLI commands for the leapp utility on the expected path
- install -m 0755 -d %{buildroot}%{leapp_python_sitelib}/leapp/cli/
- cp -r commands %{buildroot}%{leapp_python_sitelib}/leapp/cli/
-@@ -295,6 +300,8 @@ done;
- %dir %{custom_repositorydir}
- %dir %{leapp_python_sitelib}/leapp/cli/commands
- %config %{_sysconfdir}/leapp/files/*
-+# uncomment to package installed configs
-+#%%config %%{_sysconfdir}/leapp/actor_conf.d/*
- %{_sysconfdir}/leapp/repos.d/*
- %{_sysconfdir}/leapp/transaction/*
- %{repositorydir}/*
--- 
-2.47.0
-

SOURCES/0033-spec-drop-.gitkeep-files-from-the-RPM.patch

@@ -1,31 +0,0 @@
-From 87db66c863104fea824a4406732cbe233ffee412 Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Wed, 13 Nov 2024 15:05:50 +0100
-Subject: [PATCH 33/40] spec: drop .gitkeep files from the RPM
-
-We have several .gitkeep files in the repo as we want to have some
-directories present in git however these directories are empty
-otherwise. This is common hack to achieve this, but we do not want
-to have these files really in the resulting RPMs. So we just remove
-them.
----
- packaging/leapp-repository.spec | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/packaging/leapp-repository.spec b/packaging/leapp-repository.spec
-index 828355bf..2bb52505 100644
---- a/packaging/leapp-repository.spec
-+++ b/packaging/leapp-repository.spec
-@@ -272,6 +272,9 @@ rm -rf %{buildroot}%{repositorydir}/common/actors/testactor
- find %{buildroot}%{repositorydir}/common -name "test.py" -delete
- rm -rf `find %{buildroot}%{repositorydir} -name "tests" -type d`
- find %{buildroot}%{repositorydir} -name "Makefile" -delete
-+# .gitkeep file is used to have a directory in the repo. but we do not want these
-+# files in the resulting RPM
-+find %{buildroot} -name .gitkeep -delete
- 
- for DIRECTORY in $(find  %{buildroot}%{repositorydir}/  -mindepth 1 -maxdepth 1 -type d);
- do
--- 
-2.47.0
-

SOURCES/0034-cli-load-actor-configuration.patch

@@ -1,95 +0,0 @@
-From 140a0bbb689814041fa6a03ee2b703e70a20f2f2 Mon Sep 17 00:00:00 2001
-From: Michal Hecko <mhecko@redhat.com>
-Date: Sun, 10 Nov 2024 13:54:20 +0100
-Subject: [PATCH 34/40] cli: load actor configuration
-
-Load actor configuration when running `leapp upgrade` or `leapp
-preupgrade`. The configuration is loaded, saved to leapp's DB,
-and remains available to all actors via framework's global variable.
----
- commands/command_utils.py       | 32 +++++++++++++++++++++++++++++++-
- commands/preupgrade/__init__.py |  3 +++
- commands/upgrade/__init__.py    |  3 +++
- 3 files changed, 37 insertions(+), 1 deletion(-)
-
-diff --git a/commands/command_utils.py b/commands/command_utils.py
-index 2810a542..190f5f03 100644
---- a/commands/command_utils.py
-+++ b/commands/command_utils.py
-@@ -1,10 +1,12 @@
-+import hashlib
- import json
- import os
- import re
- import resource
- 
-+from leapp.actors import config as actor_config
- from leapp.exceptions import CommandError
--from leapp.utils import path
-+from leapp.utils import audit, path
- 
- HANA_BASE_PATH = '/hana/shared'
- HANA_SAPCONTROL_PATH_X86_64 = 'exe/linuxx86_64/hdb/sapcontrol'
-@@ -178,3 +180,31 @@ def set_resource_limits():
- 
-     if soft_fsize != fsize_limit:
-         set_resource_limit(resource.RLIMIT_FSIZE, fsize_limit, fsize_limit)
-+
-+
-+def load_actor_configs_and_store_it_in_db(context, repositories, framework_cfg):
-+    """
-+    Load actor configuration so that actor's can access it and store it into leapp db.
-+
-+    :param context: Current execution context
-+    :param repositories: Discovered repositories
-+    :param framework_cfg: Leapp's configuration
-+    """
-+    # Read the Actor Config and validate it against the schemas saved in the
-+    # configuration.
-+
-+    actor_config_schemas = tuple(actor.config_schemas for actor in repositories.actors)
-+    actor_config_schemas = actor_config.normalize_schemas(actor_config_schemas)
-+    actor_config_path = framework_cfg.get('actor_config', 'path')
-+
-+    # Note: actor_config.load() stores the loaded actor config into a global
-+    # variable which can then be accessed by functions in that file.  Is this
-+    # the right way to store that information?
-+    actor_cfg = actor_config.load(actor_config_path, actor_config_schemas)
-+
-+    # Dump the collected configuration, checksum it and store it inside the DB
-+    config_text = json.dumps(actor_cfg)
-+    config_text_hash = hashlib.sha256(config_text.encode('utf-8')).hexdigest()
-+    config_data = audit.ActorConfigData(config=config_text, hash_id=config_text_hash)
-+    db_config = audit.ActorConfig(config=config_data, context=context)
-+    db_config.store()
-diff --git a/commands/preupgrade/__init__.py b/commands/preupgrade/__init__.py
-index a9fa40e0..631eca6b 100644
---- a/commands/preupgrade/__init__.py
-+++ b/commands/preupgrade/__init__.py
-@@ -62,6 +62,9 @@ def preupgrade(args, breadcrumbs):
-     command_utils.set_resource_limits()
- 
-     workflow = repositories.lookup_workflow('IPUWorkflow')()
-+
-+    command_utils.load_actor_configs_and_store_it_in_db(context, repositories, cfg)
-+
-     util.warn_if_unsupported(configuration)
-     util.process_whitelist_experimental(repositories, workflow, configuration, logger)
-     with beautify_actor_exception():
-diff --git a/commands/upgrade/__init__.py b/commands/upgrade/__init__.py
-index c7487fde..3dedd438 100644
---- a/commands/upgrade/__init__.py
-+++ b/commands/upgrade/__init__.py
-@@ -93,6 +93,9 @@ def upgrade(args, breadcrumbs):
-     command_utils.set_resource_limits()
- 
-     workflow = repositories.lookup_workflow('IPUWorkflow')(auto_reboot=args.reboot)
-+
-+    command_utils.load_actor_configs_and_store_it_in_db(context, repositories, cfg)
-+
-     util.process_whitelist_experimental(repositories, workflow, configuration, logger)
-     util.warn_if_unsupported(configuration)
-     with beautify_actor_exception():
--- 
-2.47.0
-

SOURCES/0035-configs-common-introduce-RHUI-configuration.patch

@@ -1,157 +0,0 @@
-From f3d38325fb525bca427a2b00e2bfb73b9297c36a Mon Sep 17 00:00:00 2001
-From: Michal Hecko <mhecko@redhat.com>
-Date: Sun, 10 Nov 2024 14:35:26 +0100
-Subject: [PATCH 35/40] configs(common): introduce RHUI configuration
-
-Introduce a common configuration definition for RHUI related decisions.
-The configuration has an atomic nature - if the user wants to overwrite
-leapp's decisions, he/she must overwrite all of them. Essentially, all
-fields of the RHUI_SETUPS cloud map entry can be configured. Almost no
-non-empty defaults are provided, as no reasonable defaults can be given.
-This is due to all setup parameters are different from provider to
-provider. Therefore, default values are empty values, so that it can
-later be detected by an actor whether all fields of the RHUI config
-has been filled.
-
-Jira ref: RHEL-56251
----
- repos/system_upgrade/common/configs/rhui.py | 127 ++++++++++++++++++++
- 1 file changed, 127 insertions(+)
- create mode 100644 repos/system_upgrade/common/configs/rhui.py
-
-diff --git a/repos/system_upgrade/common/configs/rhui.py b/repos/system_upgrade/common/configs/rhui.py
-new file mode 100644
-index 00000000..ade9bab9
---- /dev/null
-+++ b/repos/system_upgrade/common/configs/rhui.py
-@@ -0,0 +1,127 @@
-+"""
-+Configuration keys for RHUI.
-+
-+In case of RHUI in private regions it usual that publicly known RHUI data
-+is not valid. In such cases it's possible to provide the correct expected
-+RHUI data to correct the in-place upgrade process.
-+"""
-+
-+from leapp.actors.config import Config
-+from leapp.models import fields
-+
-+RHUI_CONFIG_SECTION = 'rhui'
-+
-+
-+# @Note(mhecko): We use to distinguish config instantiated from default values that we should ignore
-+# #              Maybe we could make all config values None and detect it that way, but then we cannot
-+# #              give the user an example how the config should look like.
-+class RhuiUseConfig(Config):
-+    section = RHUI_CONFIG_SECTION
-+    name = "use_config"
-+    type_ = fields.Boolean()
-+    default = False
-+    description = """
-+        Use values provided in the configuration file to override leapp's decisions.
-+    """
-+
-+
-+class RhuiSourcePkgs(Config):
-+    section = RHUI_CONFIG_SECTION
-+    name = "source_clients"
-+    type_ = fields.List(fields.String())
-+    default = []
-+    description = """
-+        The name of the source RHUI client RPMs (to be removed from the system).
-+    """
-+
-+
-+class RhuiTargetPkgs(Config):
-+    section = RHUI_CONFIG_SECTION
-+    name = "target_clients"
-+    type_ = fields.List(fields.String())
-+    default = []
-+    description = """
-+        The name of the target RHUI client RPM (to be installed on the system).
-+    """
-+
-+
-+class RhuiCloudProvider(Config):
-+    section = RHUI_CONFIG_SECTION
-+    name = "cloud_provider"
-+    type_ = fields.String()
-+    default = ""
-+    description = """
-+        Cloud provider name that should be used internally by leapp.
-+
-+        Leapp recognizes the following cloud providers:
-+            - azure
-+            - aws
-+            - google
-+
-+        Cloud provider information is used for triggering some provider-specific modifications. The value also
-+        influences how leapp determines target repositories to enable.
-+    """
-+
-+
-+# @Note(mhecko): We likely don't need this. We need the variant primarily to grab files from a correct directory
-+# in leapp-rhui-<provider> folders.
-+class RhuiCloudVariant(Config):
-+    section = RHUI_CONFIG_SECTION
-+    name = "image_variant"
-+    type_ = fields.String()
-+    default = "ordinary"
-+    description = """
-+        RHEL variant of the source system - is the source system SAP-specific image?
-+
-+        Leapp recognizes the following cloud providers:
-+            - ordinary    # The source system has not been deployed from a RHEL with SAP image
-+            - sap         # RHEL SAP images
-+            - sap-apps    # RHEL SAP Apps images (Azure only)
-+            - sap-ha      # RHEL HA Apps images (HA only)
-+
-+        Cloud provider information is used for triggering some provider-specific modifications. The value also
-+        influences how leapp determines target repositories to enable.
-+
-+        Default:
-+            "ordinary"
-+    """
-+
-+
-+class RhuiUpgradeFiles(Config):
-+    section = RHUI_CONFIG_SECTION
-+    name = "upgrade_files"
-+    type_ = fields.StringMap(fields.String())
-+    default = dict()
-+    description = """
-+        A mapping from source file paths to the destination where should they be
-+        placed in the upgrade container.
-+
-+        Typically, these files should be provided by leapp-rhui-<PROVIDER> packages.
-+
-+        These files are needed to facilitate access to target repositories. Typical examples are: repofile(s),
-+        certificates and keys.
-+    """
-+
-+
-+class RhuiTargetRepositoriesToUse(Config):
-+    section = RHUI_CONFIG_SECTION
-+    name = "rhui_target_repositories_to_use"
-+    type_ = fields.List(fields.String())
-+    description = """
-+        List of target repositories enabled during the upgrade. Similar to executing leapp with --enablerepo.
-+
-+        The repositories to be enabled need to be either in the repofiles listed in the `upgrade_files` field,
-+        or in repofiles present on the source system.
-+    """
-+    default = list()
-+
-+
-+all_rhui_cfg = (
-+    RhuiTargetPkgs,
-+    RhuiUpgradeFiles,
-+    RhuiTargetRepositoriesToUse,
-+    RhuiCloudProvider,
-+    RhuiCloudVariant,
-+    RhuiSourcePkgs,
-+    RhuiUseConfig
-+)
--- 
-2.47.0
-

SOURCES/0036-check_rhui-read-RHUI-configuration.patch

@@ -1,457 +0,0 @@
-From a03e8e5d10c1d6f3cdae216fafa0d7f0d0896494 Mon Sep 17 00:00:00 2001
-From: Michal Hecko <mhecko@redhat.com>
-Date: Sun, 10 Nov 2024 14:36:07 +0100
-Subject: [PATCH 36/40] check_rhui: read RHUI configuration
-
-Extend the check_rhui actor to read user-provided RHUI configuration.
-If the provided configuration values say that the user wants to
-overrwrite leapp's decisions, then the patch checks whether all values
-are provided. If so, corresponding RHUIInfo message is produced. The
-only implemented safe-guards are those that prevent the user from
-accidentaly specifying a non-existing file to be copied into the
-scrach container during us preparing to download target userspace
-content. If the user provides only some of the configuration values
-the upgrade is terminated early with an error, providing quick feedback
-about misconfiguration. The patch has been designed to allow development
-of upgrades on previously unknown clouds (clouds without an entry in
-RHUI_SETUPS).
-
-Jira ref: RHEL-56251
----
- .../common/actors/cloud/checkrhui/actor.py    |   4 +
- .../cloud/checkrhui/libraries/checkrhui.py    | 102 +++++++++-
- .../tests/component_test_checkrhui.py         | 178 ++++++++++++++++--
- 3 files changed, 265 insertions(+), 19 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/cloud/checkrhui/actor.py b/repos/system_upgrade/common/actors/cloud/checkrhui/actor.py
-index 593e73e5..933ffcb3 100644
---- a/repos/system_upgrade/common/actors/cloud/checkrhui/actor.py
-+++ b/repos/system_upgrade/common/actors/cloud/checkrhui/actor.py
-@@ -1,4 +1,5 @@
- from leapp.actors import Actor
-+from leapp.configs.common.rhui import all_rhui_cfg
- from leapp.libraries.actor import checkrhui as checkrhui_lib
- from leapp.models import (
-     CopyFile,
-@@ -8,6 +9,7 @@ from leapp.models import (
-     RequiredTargetUserspacePackages,
-     RHUIInfo,
-     RpmTransactionTasks,
-+    TargetRepositories,
-     TargetUserSpacePreupgradeTasks
- )
- from leapp.reporting import Report
-@@ -21,6 +23,7 @@ class CheckRHUI(Actor):
-     """
- 
-     name = 'checkrhui'
-+    config_schemas = all_rhui_cfg
-     consumes = (InstalledRPM,)
-     produces = (
-         KernelCmdlineArg,
-@@ -28,6 +31,7 @@ class CheckRHUI(Actor):
-         RequiredTargetUserspacePackages,
-         Report, DNFPluginTask,
-         RpmTransactionTasks,
-+        TargetRepositories,
-         TargetUserSpacePreupgradeTasks,
-         CopyFile,
-     )
-diff --git a/repos/system_upgrade/common/actors/cloud/checkrhui/libraries/checkrhui.py b/repos/system_upgrade/common/actors/cloud/checkrhui/libraries/checkrhui.py
-index 3b217917..64e36e08 100644
---- a/repos/system_upgrade/common/actors/cloud/checkrhui/libraries/checkrhui.py
-+++ b/repos/system_upgrade/common/actors/cloud/checkrhui/libraries/checkrhui.py
-@@ -2,17 +2,29 @@ import itertools
- import os
- from collections import namedtuple
- 
-+import leapp.configs.common.rhui as rhui_config_lib
- from leapp import reporting
-+from leapp.configs.common.rhui import (  # Import all config fields so we are not using their name attributes directly
-+    RhuiCloudProvider,
-+    RhuiCloudVariant,
-+    RhuiSourcePkgs,
-+    RhuiTargetPkgs,
-+    RhuiTargetRepositoriesToUse,
-+    RhuiUpgradeFiles,
-+    RhuiUseConfig
-+)
- from leapp.exceptions import StopActorExecutionError
- from leapp.libraries.common import rhsm, rhui
- from leapp.libraries.common.config import version
- from leapp.libraries.stdlib import api
- from leapp.models import (
-     CopyFile,
-+    CustomTargetRepository,
-     DNFPluginTask,
-     InstalledRPM,
-     RHUIInfo,
-     RpmTransactionTasks,
-+    TargetRepositories,
-     TargetRHUIPostInstallTasks,
-     TargetRHUIPreInstallTasks,
-     TargetRHUISetupInfo,
-@@ -291,11 +303,11 @@ def produce_rhui_info_to_setup_target(rhui_family, source_setup_desc, target_set
-     api.produce(rhui_info)
- 
- 
--def produce_rpms_to_install_into_target(source_setup, target_setup):
--    to_install = sorted(target_setup.clients - source_setup.clients)
--    to_remove = sorted(source_setup.clients - target_setup.clients)
-+def produce_rpms_to_install_into_target(source_clients, target_clients):
-+    to_install = sorted(target_clients - source_clients)
-+    to_remove = sorted(source_clients - target_clients)
- 
--    api.produce(TargetUserSpacePreupgradeTasks(install_rpms=sorted(target_setup.clients)))
-+    api.produce(TargetUserSpacePreupgradeTasks(install_rpms=sorted(target_clients)))
-     if to_install or to_remove:
-         api.produce(RpmTransactionTasks(to_install=to_install, to_remove=to_remove))
- 
-@@ -316,7 +328,85 @@ def inform_about_upgrade_with_rhui_without_no_rhsm():
-     return False
- 
- 
-+def emit_rhui_setup_tasks_based_on_config(rhui_config_dict):
-+    config_upgrade_files = rhui_config_dict[RhuiUpgradeFiles.name]
-+
-+    nonexisting_files_to_copy = []
-+    for source_path in config_upgrade_files:
-+        if not os.path.exists(source_path):
-+            nonexisting_files_to_copy.append(source_path)
-+
-+    if nonexisting_files_to_copy:
-+        details_lines = ['The following files were not found:']
-+        # Use .format and put backticks around paths so that weird unicode spaces will be easily seen
-+        details_lines.extend('  - `{0}`'.format(path) for path in nonexisting_files_to_copy)
-+        details = '\n'.join(details_lines)
-+
-+        reason = 'RHUI config lists nonexisting files in its `{0}` field.'.format(RhuiUpgradeFiles.name)
-+        raise StopActorExecutionError(reason, details={'details': details})
-+
-+    files_to_copy_into_overlay = [CopyFile(src=key, dst=value) for key, value in config_upgrade_files.items()]
-+    preinstall_tasks = TargetRHUIPreInstallTasks(files_to_copy_into_overlay=files_to_copy_into_overlay)
-+
-+    target_client_setup_info = TargetRHUISetupInfo(
-+        preinstall_tasks=preinstall_tasks,
-+        postinstall_tasks=TargetRHUIPostInstallTasks(),
-+        bootstrap_target_client=False,  # We don't need to install the client into overlay - user provided all files
-+    )
-+
-+    rhui_info = RHUIInfo(
-+        provider=rhui_config_dict[RhuiCloudProvider.name],
-+        variant=rhui_config_dict[RhuiCloudVariant.name],
-+        src_client_pkg_names=rhui_config_dict[RhuiSourcePkgs.name],
-+        target_client_pkg_names=rhui_config_dict[RhuiTargetPkgs.name],
-+        target_client_setup_info=target_client_setup_info
-+    )
-+    api.produce(rhui_info)
-+
-+
-+def request_configured_repos_to_be_enabled(rhui_config):
-+    config_repos_to_enable = rhui_config[RhuiTargetRepositoriesToUse.name]
-+    custom_repos = [CustomTargetRepository(repoid=repoid) for repoid in config_repos_to_enable]
-+    if custom_repos:
-+        target_repos = TargetRepositories(custom_repos=custom_repos, rhel_repos=[])
-+        api.produce(target_repos)
-+
-+
-+def stop_with_err_if_config_missing_fields(config):
-+    required_fields = [
-+        RhuiTargetRepositoriesToUse,
-+        RhuiCloudProvider,
-+        # RhuiCloudVariant, <- this is not required
-+        RhuiSourcePkgs,
-+        RhuiTargetPkgs,
-+        RhuiUpgradeFiles,
-+    ]
-+
-+    missing_fields = tuple(field for field in required_fields if not config[field.name])
-+    if missing_fields:
-+        field_names = (field.name for field in missing_fields)
-+        missing_fields_str = ', '.join(field_names)
-+        details = 'The following required RHUI config fields are missing or they are set to an empty value: {}'
-+        details = details.format(missing_fields_str)
-+        raise StopActorExecutionError('Provided RHUI config is missing values for required fields.',
-+                                      details={'details': details})
-+
-+
- def process():
-+    rhui_config = api.current_actor().config[rhui_config_lib.RHUI_CONFIG_SECTION]
-+
-+    if rhui_config[RhuiUseConfig.name]:
-+        api.current_logger().info('Skipping RHUI upgrade auto-configuration - using provided config instead.')
-+        stop_with_err_if_config_missing_fields(rhui_config)
-+        emit_rhui_setup_tasks_based_on_config(rhui_config)
-+
-+        src_clients = set(rhui_config[RhuiSourcePkgs.name])
-+        target_clients = set(rhui_config[RhuiTargetPkgs.name])
-+        produce_rpms_to_install_into_target(src_clients, target_clients)
-+
-+        request_configured_repos_to_be_enabled(rhui_config)
-+        return
-+
-     installed_rpm = itertools.chain(*[installed_rpm_msg.items for installed_rpm_msg in api.consume(InstalledRPM)])
-     installed_pkgs = {rpm.name for rpm in installed_rpm}
- 
-@@ -342,7 +432,9 @@ def process():
-     # Instruction on how to access the target content
-     produce_rhui_info_to_setup_target(src_rhui_setup.family, src_rhui_setup.description, target_setup_desc)
- 
--    produce_rpms_to_install_into_target(src_rhui_setup.description, target_setup_desc)
-+    source_clients = src_rhui_setup.description.clients
-+    target_clients = target_setup_desc.clients
-+    produce_rpms_to_install_into_target(source_clients, target_clients)
- 
-     if src_rhui_setup.family.provider == rhui.RHUIProvider.AWS:
-         # We have to disable Amazon-id plugin in the initramdisk phase as there is no network
-diff --git a/repos/system_upgrade/common/actors/cloud/checkrhui/tests/component_test_checkrhui.py b/repos/system_upgrade/common/actors/cloud/checkrhui/tests/component_test_checkrhui.py
-index 27e70eea..3ac9c1b8 100644
---- a/repos/system_upgrade/common/actors/cloud/checkrhui/tests/component_test_checkrhui.py
-+++ b/repos/system_upgrade/common/actors/cloud/checkrhui/tests/component_test_checkrhui.py
-@@ -1,30 +1,43 @@
--from collections import namedtuple
-+import itertools
-+import os
-+from collections import defaultdict
- from enum import Enum
- 
- import pytest
- 
- from leapp import reporting
-+from leapp.configs.common.rhui import (
-+    all_rhui_cfg,
-+    RhuiCloudProvider,
-+    RhuiCloudVariant,
-+    RhuiSourcePkgs,
-+    RhuiTargetPkgs,
-+    RhuiTargetRepositoriesToUse,
-+    RhuiUpgradeFiles,
-+    RhuiUseConfig
-+)
- from leapp.exceptions import StopActorExecutionError
- from leapp.libraries.actor import checkrhui as checkrhui_lib
- from leapp.libraries.common import rhsm, rhui
--from leapp.libraries.common.config import mock_configs, version
- from leapp.libraries.common.rhui import mk_rhui_setup, RHUIFamily
--from leapp.libraries.common.testutils import create_report_mocked, CurrentActorMocked, produce_mocked
-+from leapp.libraries.common.testutils import (
-+    _make_default_config,
-+    create_report_mocked,
-+    CurrentActorMocked,
-+    produce_mocked
-+)
- from leapp.libraries.stdlib import api
- from leapp.models import (
--    CopyFile,
-     InstalledRPM,
--    RequiredTargetUserspacePackages,
-     RHUIInfo,
-     RPM,
-     RpmTransactionTasks,
-+    TargetRepositories,
-     TargetRHUIPostInstallTasks,
-     TargetRHUIPreInstallTasks,
-     TargetRHUISetupInfo,
-     TargetUserSpacePreupgradeTasks
- )
--from leapp.reporting import Report
--from leapp.snactor.fixture import current_actor_context
- 
- RH_PACKAGER = 'Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>'
- 
-@@ -95,7 +108,8 @@ def mk_cloud_map(variants):
-     ]
- )
- def test_determine_rhui_src_variant(monkeypatch, extra_pkgs, rhui_setups, expected_result):
--    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(src_ver='7.9'))
-+    actor = CurrentActorMocked(src_ver='7.9', config=_make_default_config(all_rhui_cfg))
-+    monkeypatch.setattr(api, 'current_actor', actor)
-     installed_pkgs = {'zip', 'zsh', 'bash', 'grubby'}.union(set(extra_pkgs))
- 
-     if expected_result and not isinstance(expected_result, RHUIFamily):  # An exception
-@@ -167,7 +181,8 @@ def test_google_specific_customization(provider, should_mutate):
- )
- def test_aws_specific_customization(monkeypatch, rhui_family, target_major, should_mutate):
-     dst_ver = '{major}.0'.format(major=target_major)
--    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(dst_ver=dst_ver))
-+    actor = CurrentActorMocked(dst_ver=dst_ver, config=_make_default_config(all_rhui_cfg))
-+    monkeypatch.setattr(api, 'current_actor', actor)
- 
-     setup_info = mk_setup_info()
-     checkrhui_lib.customize_rhui_setup_for_aws(rhui_family, setup_info)
-@@ -215,12 +230,12 @@ def produce_rhui_info_to_setup_target(monkeypatch):
- 
- 
- def test_produce_rpms_to_install_into_target(monkeypatch):
--    source_rhui_setup = mk_rhui_setup(clients={'src_pkg'}, leapp_pkg='leapp_pkg')
--    target_rhui_setup = mk_rhui_setup(clients={'target_pkg'}, leapp_pkg='leapp_pkg')
-+    source_clients = {'src_pkg'}
-+    target_clients = {'target_pkg'}
- 
-     monkeypatch.setattr(api, 'produce', produce_mocked())
- 
--    checkrhui_lib.produce_rpms_to_install_into_target(source_rhui_setup, target_rhui_setup)
-+    checkrhui_lib.produce_rpms_to_install_into_target(source_clients, target_clients)
- 
-     assert len(api.produce.model_instances) == 2
-     userspace_tasks, target_rpm_tasks = api.produce.model_instances[0], api.produce.model_instances[1]
-@@ -276,7 +291,8 @@ def test_process(monkeypatch, extra_installed_pkgs, skip_rhsm, expected_action):
-     installed_rpms = InstalledRPM(items=installed_pkgs)
- 
-     monkeypatch.setattr(api, 'produce', produce_mocked())
--    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(src_ver='7.9', msgs=[installed_rpms]))
-+    actor = CurrentActorMocked(src_ver='7.9', msgs=[installed_rpms], config=_make_default_config(all_rhui_cfg))
-+    monkeypatch.setattr(api, 'current_actor', actor)
-     monkeypatch.setattr(reporting, 'create_report', create_report_mocked())
-     monkeypatch.setattr(rhsm, 'skip_rhsm', lambda: skip_rhsm)
-     monkeypatch.setattr(rhui, 'RHUI_SETUPS', known_setups)
-@@ -315,7 +331,8 @@ def test_unknown_target_rhui_setup(monkeypatch, is_target_setup_known):
-     installed_rpms = InstalledRPM(items=installed_pkgs)
- 
-     monkeypatch.setattr(api, 'produce', produce_mocked())
--    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(src_ver='7.9', msgs=[installed_rpms]))
-+    actor = CurrentActorMocked(src_ver='7.9', msgs=[installed_rpms], config=_make_default_config(all_rhui_cfg))
-+    monkeypatch.setattr(api, 'current_actor', actor)
-     monkeypatch.setattr(reporting, 'create_report', create_report_mocked())
-     monkeypatch.setattr(rhsm, 'skip_rhsm', lambda: True)
-     monkeypatch.setattr(rhui, 'RHUI_SETUPS', known_setups)
-@@ -374,3 +391,136 @@ def test_select_chronologically_closest(monkeypatch, setups, desired_minor, expe
-     setup = setups[0]
- 
-     assert setup == expected_setup
-+
-+
-+def test_config_overwrites_everything(monkeypatch):
-+    rhui_config = {
-+        RhuiUseConfig.name: True,
-+        RhuiSourcePkgs.name: ['client_source'],
-+        RhuiTargetPkgs.name: ['client_target'],
-+        RhuiCloudProvider.name: 'aws',
-+        RhuiUpgradeFiles.name: {
-+            '/root/file.repo': '/etc/yum.repos.d/'
-+        },
-+        RhuiTargetRepositoriesToUse.name: [
-+            'repoid_to_use'
-+        ]
-+    }
-+    all_config = {'rhui': rhui_config}
-+
-+    actor = CurrentActorMocked(config=all_config)
-+    monkeypatch.setattr(api, 'current_actor', actor)
-+
-+    function_calls = defaultdict(int)
-+
-+    def mk_function_probe(fn_name):
-+        def probe(*args, **kwargs):
-+            function_calls[fn_name] += 1
-+        return probe
-+
-+    monkeypatch.setattr(checkrhui_lib,
-+                        'emit_rhui_setup_tasks_based_on_config',
-+                        mk_function_probe('emit_rhui_setup_tasks_based_on_config'))
-+    monkeypatch.setattr(checkrhui_lib,
-+                        'stop_with_err_if_config_missing_fields',
-+                        mk_function_probe('stop_with_err_if_config_missing_fields'))
-+    monkeypatch.setattr(checkrhui_lib,
-+                        'produce_rpms_to_install_into_target',
-+                        mk_function_probe('produce_rpms_to_install_into_target'))
-+    monkeypatch.setattr(checkrhui_lib,
-+                        'request_configured_repos_to_be_enabled',
-+                        mk_function_probe('request_configured_repos_to_be_enabled'))
-+
-+    checkrhui_lib.process()
-+
-+    expected_function_calls = {
-+        'emit_rhui_setup_tasks_based_on_config': 1,
-+        'stop_with_err_if_config_missing_fields': 1,
-+        'produce_rpms_to_install_into_target': 1,
-+        'request_configured_repos_to_be_enabled': 1,
-+    }
-+
-+    assert function_calls == expected_function_calls
-+
-+
-+def test_request_configured_repos_to_be_enabled(monkeypatch):
-+    monkeypatch.setattr(api, 'produce', produce_mocked())
-+
-+    rhui_config = {
-+        RhuiUseConfig.name: True,
-+        RhuiSourcePkgs.name: ['client_source'],
-+        RhuiTargetPkgs.name: ['client_target'],
-+        RhuiCloudProvider.name: 'aws',
-+        RhuiUpgradeFiles.name: {
-+            '/root/file.repo': '/etc/yum.repos.d/'
-+        },
-+        RhuiTargetRepositoriesToUse.name: [
-+            'repoid1',
-+            'repoid2',
-+            'repoid3',
-+        ]
-+    }
-+
-+    checkrhui_lib.request_configured_repos_to_be_enabled(rhui_config)
-+
-+    assert api.produce.called
-+    assert len(api.produce.model_instances) == 1
-+
-+    target_repos = api.produce.model_instances[0]
-+    assert isinstance(target_repos, TargetRepositories)
-+    assert not target_repos.rhel_repos
-+
-+    custom_repoids = sorted(custom_repo_model.repoid for custom_repo_model in target_repos.custom_repos)
-+    assert custom_repoids == ['repoid1', 'repoid2', 'repoid3']
-+
-+
-+@pytest.mark.parametrize(
-+    ('upgrade_files', 'existing_files'),
-+    (
-+        (['/root/a', '/root/b'], ['/root/a', '/root/b']),
-+        (['/root/a', '/root/b'], ['/root/b']),
-+        (['/root/a', '/root/b'], []),
-+    )
-+)
-+def test_missing_files_in_config(monkeypatch, upgrade_files, existing_files):
-+    upgrade_files_map = dict((source_path, '/tmp/dummy') for source_path in upgrade_files)
-+
-+    rhui_config = {
-+        RhuiUseConfig.name: True,
-+        RhuiSourcePkgs.name: ['client_source'],
-+        RhuiTargetPkgs.name: ['client_target'],
-+        RhuiCloudProvider.name: 'aws',
-+        RhuiCloudVariant.name: 'ordinary',
-+        RhuiUpgradeFiles.name: upgrade_files_map,
-+        RhuiTargetRepositoriesToUse.name: [
-+            'repoid_to_use'
-+        ]
-+    }
-+
-+    monkeypatch.setattr(os.path, 'exists', lambda path: path in existing_files)
-+    monkeypatch.setattr(api, 'produce', produce_mocked())
-+
-+    should_error = (len(upgrade_files) != len(existing_files))
-+    if should_error:
-+        with pytest.raises(StopActorExecutionError):
-+            checkrhui_lib.emit_rhui_setup_tasks_based_on_config(rhui_config)
-+    else:
-+        checkrhui_lib.emit_rhui_setup_tasks_based_on_config(rhui_config)
-+        assert api.produce.called
-+        assert len(api.produce.model_instances) == 1
-+
-+        rhui_info = api.produce.model_instances[0]
-+        assert isinstance(rhui_info, RHUIInfo)
-+        assert rhui_info.provider == 'aws'
-+        assert rhui_info.variant == 'ordinary'
-+        assert rhui_info.src_client_pkg_names == ['client_source']
-+        assert rhui_info.target_client_pkg_names == ['client_target']
-+
-+        setup_info = rhui_info.target_client_setup_info
-+        assert not setup_info.bootstrap_target_client
-+
-+        _copies_to_perform = setup_info.preinstall_tasks.files_to_copy_into_overlay
-+        copies_to_perform = sorted((copy.src, copy.dst) for copy in _copies_to_perform)
-+        expected_copies = sorted(zip(upgrade_files, itertools.repeat('/tmp/dummy')))
-+
-+        assert copies_to_perform == expected_copies
--- 
-2.47.0
-

SOURCES/0037-testutils-add-support-for-configs.patch

@@ -1,53 +0,0 @@
-From a206a7f02c68f50ab50c9f547669d3a4178c4bd2 Mon Sep 17 00:00:00 2001
-From: Michal Hecko <mhecko@redhat.com>
-Date: Wed, 16 Oct 2024 17:38:36 +0200
-Subject: [PATCH 37/40] testutils: add support for configs
-
-Extend the CurrentActorMocked class to accept a `config` value,
-allowing developers to mock actors that rely on configuration.
-A library function `_make_default_config` is also introduced,
-allowing to instantiate default configs from config schemas.
----
- repos/system_upgrade/common/libraries/testutils.py | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/repos/system_upgrade/common/libraries/testutils.py b/repos/system_upgrade/common/libraries/testutils.py
-index c538af1a..afeb360a 100644
---- a/repos/system_upgrade/common/libraries/testutils.py
-+++ b/repos/system_upgrade/common/libraries/testutils.py
-@@ -4,6 +4,7 @@ import os
- from collections import namedtuple
- 
- from leapp import reporting
-+from leapp.actors.config import _normalize_config, normalize_schemas
- from leapp.libraries.common.config import architecture
- from leapp.models import EnvVar
- from leapp.utils.deprecation import deprecated
-@@ -67,9 +68,15 @@ class logger_mocked(object):
-         return self
- 
- 
-+def _make_default_config(actor_config_schema):
-+    """ Make a config dict populated with default values. """
-+    merged_schema = normalize_schemas((actor_config_schema, ))
-+    return _normalize_config({}, merged_schema)  # Will fill default values during normalization
-+
-+
- class CurrentActorMocked(object):  # pylint:disable=R0904
-     def __init__(self, arch=architecture.ARCH_X86_64, envars=None, kernel='3.10.0-957.43.1.el7.x86_64',
--                 release_id='rhel', src_ver='7.8', dst_ver='8.1', msgs=None, flavour='default'):
-+                 release_id='rhel', src_ver='7.8', dst_ver='8.1', msgs=None, flavour='default', config=None):
-         envarsList = [EnvVar(name=k, value=v) for k, v in envars.items()] if envars else []
-         version = namedtuple('Version', ['source', 'target'])(src_ver, dst_ver)
-         release = namedtuple('OS_release', ['release_id', 'version_id'])(release_id, src_ver)
-@@ -82,6 +89,7 @@ class CurrentActorMocked(object):  # pylint:disable=R0904
-             'configuration', ['architecture', 'kernel', 'leapp_env_vars', 'os_release', 'version', 'flavour']
-         )(arch, kernel, envarsList, release, version, flavour)
-         self._msgs = msgs or []
-+        self.config = {} if config is None else config
- 
-     def __call__(self):
-         return self
--- 
-2.47.0
-

SOURCES/0038-userspacegen-rhui-remove-repofiles-only-if-now-owned.patch

@@ -1,70 +0,0 @@
-From 0147bc268607e5931ebca95e3253087ec71a3c66 Mon Sep 17 00:00:00 2001
-From: Michal Hecko <mhecko@redhat.com>
-Date: Sun, 20 Oct 2024 16:08:49 +0200
-Subject: [PATCH 38/40] userspacegen(rhui): remove repofiles only if now owned
- by an RPM
-
-We copy files into the target userspace when setting up target
-repository content. If this file is named equally as some of the
-files installed by the target RHUI client installed during early
-phases of target userspace setup process, we would delete it in
-cleanup. Therefore, if we copy a repofile named /etc/yum.repos.d/X.repo
-and the target client also owns a file /etc/yum.repos.d/X.repo, we
-would remove it, making the container loose access to target content.
-This patch prevents us from blindly deleting files, keeping files that
-are owned by some RPM (usually that would be the target RHUI client).
----
- .../libraries/userspacegen.py                 | 30 ++++++++++++++-----
- 1 file changed, 22 insertions(+), 8 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py b/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
-index d7698056..12736ab7 100644
---- a/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
-+++ b/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
-@@ -1120,6 +1120,27 @@ def _get_target_userspace():
-     return constants.TARGET_USERSPACE.format(get_target_major_version())
- 
- 
-+def _remove_injected_repofiles_from_our_rhui_packages(target_userspace_ctx, rhui_setup_info):
-+    target_userspace_path = _get_target_userspace()
-+    for copy in rhui_setup_info.preinstall_tasks.files_to_copy_into_overlay:
-+        dst_in_container = get_copy_location_from_copy_in_task(target_userspace_path, copy)
-+        dst_in_container = dst_in_container.strip('/')
-+        dst_in_host = os.path.join(target_userspace_path, dst_in_container)
-+
-+        if os.path.isfile(dst_in_host) and dst_in_host.endswith('.repo'):
-+            # The repofile might have been replaced by a new one provided by the RHUI client if names collide
-+            # Performance: Do the query here and not earlier, because we would be running rpm needlessly
-+            try:
-+                path_with_root = '/' + dst_in_container
-+                target_userspace_ctx.call(['rpm', '-q', '--whatprovides', path_with_root])
-+                api.current_logger().debug('Repofile {0} kept as it is owned by some RPM.'.format(dst_in_host))
-+            except CalledProcessError:
-+                # rpm exists with 1 if the file is not owned by any RPM. We might be catching all kinds of other
-+                # problems here, but still better than always removing repofiles.
-+                api.current_logger().debug('Removing repofile - not owned by any RPM: {0}'.format(dst_in_host))
-+                os.remove(dst_in_host)
-+
-+
- def _create_target_userspace(context, indata, packages, files, target_repoids):
-     """Create the target userspace."""
-     target_path = _get_target_userspace()
-@@ -1139,14 +1160,7 @@ def _create_target_userspace(context, indata, packages, files, target_repoids):
-         )
-         setup_info = indata.rhui_info.target_client_setup_info
-         if not setup_info.bootstrap_target_client:
--            target_userspace_path = _get_target_userspace()
--            for copy in setup_info.preinstall_tasks.files_to_copy_into_overlay:
--                dst_in_container = get_copy_location_from_copy_in_task(target_userspace_path, copy)
--                dst_in_container = dst_in_container.strip('/')
--                dst_in_host = os.path.join(target_userspace_path, dst_in_container)
--                if os.path.isfile(dst_in_host) and dst_in_host.endswith('.repo'):
--                    api.current_logger().debug('Removing repofile: {0}'.format(dst_in_host))
--                    os.remove(dst_in_host)
-+            _remove_injected_repofiles_from_our_rhui_packages(context, setup_info)
- 
-     # and do not forget to set the rhsm into the container mode again
-     with mounting.NspawnActions(_get_target_userspace()) as target_context:
--- 
-2.47.0
-

SOURCES/0039-Enable-IPU-for-EL-9.6-and-drop-EL-8.8-9.2.patch

@@ -1,857 +0,0 @@
-From c2f2895bb570a75eb2aaa7b84a2bcd9dcd537b0e Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Thu, 14 Nov 2024 14:24:15 +0100
-Subject: [PATCH 39/40] Enable IPU for EL 9.6 (and drop EL 8.8/9.2)
-
-* Add product certificates for RHEL 9.6
-* Introduce upgrade path 8.10 -> 9.6
-* Drop IPUs related to EL 8.8 and 9.2
-  * This will not be supported in this release.
-  * Keeping for now still IPU 8.10 -> 9.5 as it is a fresh release
-    so it has a value for us to run tests there. We will drop it
-    later during this lifecycle (CTC-2?).
-* Drop EL 8.8 from the list of supported versions
-* Update tests in packit
-  * Note that tests for 9.6 could be failing for a while until
-    composes are created.
-
-jira: RHEL-67621
----
- .packit.yaml                                  | 257 +++++-------------
- .../common/files/prod-certs/9.6/279.pem       |  37 +++
- .../common/files/prod-certs/9.6/362.pem       |  37 +++
- .../common/files/prod-certs/9.6/363.pem       |  37 +++
- .../common/files/prod-certs/9.6/419.pem       |  36 +++
- .../common/files/prod-certs/9.6/433.pem       |  37 +++
- .../common/files/prod-certs/9.6/479.pem       |  36 +++
- .../common/files/prod-certs/9.6/486.pem       |  37 +++
- .../common/files/prod-certs/9.6/72.pem        |  36 +++
- .../common/files/upgrade_paths.json           |  18 +-
- .../common/libraries/config/version.py        |   2 +-
- 11 files changed, 363 insertions(+), 207 deletions(-)
- create mode 100644 repos/system_upgrade/common/files/prod-certs/9.6/279.pem
- create mode 100644 repos/system_upgrade/common/files/prod-certs/9.6/362.pem
- create mode 100644 repos/system_upgrade/common/files/prod-certs/9.6/363.pem
- create mode 100644 repos/system_upgrade/common/files/prod-certs/9.6/419.pem
- create mode 100644 repos/system_upgrade/common/files/prod-certs/9.6/433.pem
- create mode 100644 repos/system_upgrade/common/files/prod-certs/9.6/479.pem
- create mode 100644 repos/system_upgrade/common/files/prod-certs/9.6/486.pem
- create mode 100644 repos/system_upgrade/common/files/prod-certs/9.6/72.pem
-
-diff --git a/.packit.yaml b/.packit.yaml
-index fbfd0eea..48c3cbbb 100644
---- a/.packit.yaml
-+++ b/.packit.yaml
-@@ -145,104 +145,6 @@ jobs:
- # ######################### Individual tests ########################### #
- # ###################################################################### #
- 
--# Tests: 7.9 -> 8.8
--- &sanity-79to88-aws
--  <<: *sanity-abstract-7to8-aws
--  trigger: pull_request
--  identifier: sanity-7.9to8.8-aws
--  tf_extra_params:
--    test:
--      tmt:
--        plan_filter: 'tag:7to8 & tag:upgrade_happy_path & enabled:true'
--    environments:
--      - tmt:
--          context:
--            distro: "rhel-7.9"
--            distro_target: "rhel-8.8"
--        settings:
--          provisioning:
--            post_install_script: "#!/bin/sh\nsudo sed -i s/.*ssh-rsa/ssh-rsa/ /root/.ssh/authorized_keys"
--            tags:
--              BusinessUnit: sst_upgrades@leapp_upstream_test
--  env:
--    SOURCE_RELEASE: "7.9"
--    TARGET_RELEASE: "8.8"
--    RHUI: "aws"
--    LEAPPDATA_BRANCH: "upstream"
--    LEAPP_NO_RHSM: "1"
--    USE_CUSTOM_REPOS: rhui
--
--- &sanity-79to88
--  <<: *sanity-abstract-7to8
--  trigger: pull_request
--  identifier: sanity-7.9to8.8
--  tf_extra_params:
--    test:
--      tmt:
--        plan_filter: 'tag:7to8 & tag:sanity & enabled:true'
--    environments:
--      - tmt:
--          context:
--            distro: "rhel-7.9"
--            distro_target: "rhel-8.8"
--        settings:
--          provisioning:
--            tags:
--              BusinessUnit: sst_upgrades@leapp_upstream_test
--  env:
--    SOURCE_RELEASE: "7.9"
--    TARGET_RELEASE: "8.8"
--
--- &beaker-minimal-79to88
--  <<: *beaker-minimal-7to8-abstract-ondemand
--  trigger: pull_request
--  labels:
--    - beaker-minimal
--    - beaker-minimal-7.9to8.8
--    - 7.9to8.8
--  identifier: sanity-7.9to8.8-beaker-minimal-ondemand
--  tf_extra_params:
--    test:
--      tmt:
--        plan_filter: 'tag:7to8 & tag:partitioning & enabled:true'
--    environments:
--      - tmt:
--          context:
--            distro: "rhel-7.9"
--            distro_target: "rhel-8.8"
--        settings:
--          provisioning:
--            tags:
--              BusinessUnit: sst_upgrades@leapp_upstream_test
--  env:
--    SOURCE_RELEASE: "7.9"
--    TARGET_RELEASE: "8.8"
--
--- &kernel-rt-79to88
--  <<: *kernel-rt-abstract-7to8-ondemand
--  trigger: pull_request
--  labels:
--    - kernel-rt
--    - kernel-rt-7.9to8.8
--    - 7.9to8.8
--  identifier: sanity-7.9to8.8-kernel-rt-ondemand
--  tf_extra_params:
--    test:
--      tmt:
--         plan_filter: 'tag:7to8 & tag:kernel-rt & enabled:true'
--    environments:
--      - tmt:
--          context:
--            distro: "rhel-7.9"
--            distro_target: "rhel-8.8"
--        settings:
--          provisioning:
--            tags:
--              BusinessUnit: sst_upgrades@leapp_upstream_test
--  env:
--    SOURCE_RELEASE: "7.9"
--    TARGET_RELEASE: "8.8"
--
- # Tests: 7.9 -> 8.10
- - &sanity-79to810
-   <<: *sanity-abstract-7to8
-@@ -397,14 +299,11 @@ jobs:
- # ######################### Individual tests ########################### #
- # ###################################################################### #
- 
--# Tests: 8.8 -> 9.2
--- &sanity-88to92
-+# Tests: 8.10 -> 9.4
-+- &sanity-810to94
-   <<: *sanity-abstract-8to9
-   trigger: pull_request
--  targets:
--    epel-8-x86_64:
--      distros: [RHEL-8.8.0-Nightly]
--  identifier: sanity-8.8to9.2
-+  identifier: sanity-8.10to9.4
-   tf_extra_params:
-     test:
-       tmt:
-@@ -412,108 +311,74 @@ jobs:
-     environments:
-       - tmt:
-           context:
--            distro: "rhel-8.8"
--            distro_target: "rhel-9.2"
--        settings:
--          provisioning:
--            tags:
--              BusinessUnit: sst_upgrades@leapp_upstream_test
--  env:
--    SOURCE_RELEASE: "8.8"
--    TARGET_RELEASE: "9.2"
--    RHSM_REPOS_EUS: "eus"
--
--- &sanity-88to92-aws
--  <<: *sanity-abstract-8to9-aws
--  trigger: pull_request
--  targets:
--    epel-8-x86_64:
--      distros: [RHEL-8.8-rhui]
--  identifier: sanity-8.8to9.2-aws
--  tf_extra_params:
--    test:
--      tmt:
--        plan_filter: 'tag:8to9 & tag:rhui-tier[0] & enabled:true'
--    environments:
--      - tmt:
--          context:
--            distro: "rhel-8.8"
--            distro_target: "rhel-9.2"
-+            distro: "rhel-8.10"
-+            distro_target: "rhel-9.4"
-         settings:
-           provisioning:
--            post_install_script: "#!/bin/sh\nsudo sed -i s/.*ssh-rsa/ssh-rsa/ /root/.ssh/authorized_keys"
-             tags:
-               BusinessUnit: sst_upgrades@leapp_upstream_test
-   env:
--    SOURCE_RELEASE: "8.8"
--    TARGET_RELEASE: "9.2"
--    RHUI_HYPERSCALER: aws
-+    SOURCE_RELEASE: "8.10"
-+    TARGET_RELEASE: "9.4"
- 
--- &beaker-minimal-88to92
-+# On-demand minimal beaker tests
-+- &beaker-minimal-810to94
-   <<: *beaker-minimal-8to9-abstract-ondemand
-   trigger: pull_request
-   labels:
-     - beaker-minimal
--    - beaker-minimal-8.8to9.2
--    - 8.8to9.2
--  targets:
--    epel-8-x86_64:
--      distros: [RHEL-8.8.0-Nightly]
--  identifier: sanity-8.8to9.2-beaker-minimal-ondemand
-+    - beaker-minimal-8.10to9.4
-+    - 8.10to9.4
-+  identifier: sanity-8.10to9.4-beaker-minimal-ondemand
-   tf_extra_params:
-     test:
-       tmt:
--        plan_filter: 'tag:8to9 &tag:partitioning & enabled:true'
-+        plan_filter: 'tag:8to9 & tag:partitioning & enabled:true'
-     environments:
-       - tmt:
-           context:
--            distro: "rhel-8.8"
--            distro_target: "rhel-9.2"
-+            distro: "rhel-8.10"
-+            distro_target: "rhel-9.4"
-         settings:
-           provisioning:
--            post_install_script: "#!/bin/sh\nsudo sed -i s/.*ssh-rsa/ssh-rsa/ /root/.ssh/authorized_keys"
-             tags:
-               BusinessUnit: sst_upgrades@leapp_upstream_test
-   env:
--    SOURCE_RELEASE: "8.8"
--    TARGET_RELEASE: "9.2"
--    RHSM_REPOS_EUS: "eus"
-+    SOURCE_RELEASE: "8.10"
-+    TARGET_RELEASE: "9.4"
- 
--- &kernel-rt-88to92
-+# On-demand kernel-rt tests
-+- &kernel-rt-810to94
-   <<: *kernel-rt-abstract-8to9-ondemand
-   trigger: pull_request
-   labels:
-     - kernel-rt
--    - kernel-rt-8.8to9.2
--    - 8.8to9.2
--  identifier: sanity-8.8to9.2-kernel-rt-ondemand
--  targets:
--    epel-8-x86_64:
--      distros: [RHEL-8.8.0-Nightly]
-+    - kernel-rt-8.10to9.4
-+    - 8.10to9.4
-+  identifier: sanity-8.10to9.4-kernel-rt-ondemand
-   tf_extra_params:
-     test:
-       tmt:
--        plan_filter: 'tag:8to9 & tag:kernel-rt & enabled:true'
-+         plan_filter: 'tag:8to9 & tag:kernel-rt & enabled:true'
-     environments:
-       - tmt:
-           context:
--            distro: "rhel-8.8"
--            distro_target: "rhel-9.2"
-+            distro: "rhel-8.10"
-+            distro_target: "rhel-9.4"
-         settings:
-           provisioning:
-             tags:
-               BusinessUnit: sst_upgrades@leapp_upstream_test
-   env:
--    SOURCE_RELEASE: "8.8"
--    TARGET_RELEASE: "9.2"
--    RHSM_REPOS_EUS: "eus"
-+    SOURCE_RELEASE: "8.10"
-+    TARGET_RELEASE: "9.4"
- 
- 
--# Tests: 8.10 -> 9.4
--- &sanity-810to94
-+# Tests: 8.10 -> 9.5
-+- &sanity-810to95
-   <<: *sanity-abstract-8to9
-   trigger: pull_request
--  identifier: sanity-8.10to9.4
-+  identifier: sanity-8.10to9.5
-   tf_extra_params:
-     test:
-       tmt:
-@@ -522,24 +387,24 @@ jobs:
-       - tmt:
-           context:
-             distro: "rhel-8.10"
--            distro_target: "rhel-9.4"
-+            distro_target: "rhel-9.5"
-         settings:
-           provisioning:
-             tags:
-               BusinessUnit: sst_upgrades@leapp_upstream_test
-   env:
-     SOURCE_RELEASE: "8.10"
--    TARGET_RELEASE: "9.4"
-+    TARGET_RELEASE: "9.5"
- 
- # On-demand minimal beaker tests
--- &beaker-minimal-810to94
-+- &beaker-minimal-810to95
-   <<: *beaker-minimal-8to9-abstract-ondemand
-   trigger: pull_request
-   labels:
-     - beaker-minimal
--    - beaker-minimal-8.10to9.4
--    - 8.10to9.4
--  identifier: sanity-8.10to9.4-beaker-minimal-ondemand
-+    - beaker-minimal-8.10to9.5
-+    - 8.10to9.5
-+  identifier: sanity-8.10to9.5-beaker-minimal-ondemand
-   tf_extra_params:
-     test:
-       tmt:
-@@ -548,24 +413,24 @@ jobs:
-       - tmt:
-           context:
-             distro: "rhel-8.10"
--            distro_target: "rhel-9.4"
-+            distro_target: "rhel-9.5"
-         settings:
-           provisioning:
-             tags:
-               BusinessUnit: sst_upgrades@leapp_upstream_test
-   env:
-     SOURCE_RELEASE: "8.10"
--    TARGET_RELEASE: "9.4"
-+    TARGET_RELEASE: "9.5"
- 
- # On-demand kernel-rt tests
--- &kernel-rt-810to94
-+- &kernel-rt-810to95
-   <<: *kernel-rt-abstract-8to9-ondemand
-   trigger: pull_request
-   labels:
-     - kernel-rt
--    - kernel-rt-8.10to9.4
--    - 8.10to9.4
--  identifier: sanity-8.10to9.4-kernel-rt-ondemand
-+    - kernel-rt-8.10to9.5
-+    - 8.10to9.5
-+  identifier: sanity-8.10to9.5-kernel-rt-ondemand
-   tf_extra_params:
-     test:
-       tmt:
-@@ -574,21 +439,21 @@ jobs:
-       - tmt:
-           context:
-             distro: "rhel-8.10"
--            distro_target: "rhel-9.4"
-+            distro_target: "rhel-9.5"
-         settings:
-           provisioning:
-             tags:
-               BusinessUnit: sst_upgrades@leapp_upstream_test
-   env:
-     SOURCE_RELEASE: "8.10"
--    TARGET_RELEASE: "9.4"
-+    TARGET_RELEASE: "9.5"
- 
- 
--# Tests: 8.10 -> 9.5
--- &sanity-810to95
-+# Tests: 8.10 -> 9.6
-+- &sanity-810to96
-   <<: *sanity-abstract-8to9
-   trigger: pull_request
--  identifier: sanity-8.10to9.5
-+  identifier: sanity-8.10to9.6
-   tf_extra_params:
-     test:
-       tmt:
-@@ -597,24 +462,24 @@ jobs:
-       - tmt:
-           context:
-             distro: "rhel-8.10"
--            distro_target: "rhel-9.5"
-+            distro_target: "rhel-9.6"
-         settings:
-           provisioning:
-             tags:
-               BusinessUnit: sst_upgrades@leapp_upstream_test
-   env:
-     SOURCE_RELEASE: "8.10"
--    TARGET_RELEASE: "9.5"
-+    TARGET_RELEASE: "9.6"
- 
- # On-demand minimal beaker tests
--- &beaker-minimal-810to95
-+- &beaker-minimal-810to96
-   <<: *beaker-minimal-8to9-abstract-ondemand
-   trigger: pull_request
-   labels:
-     - beaker-minimal
--    - beaker-minimal-8.10to9.5
--    - 8.10to9.5
--  identifier: sanity-8.10to9.5-beaker-minimal-ondemand
-+    - beaker-minimal-8.10to9.6
-+    - 8.10to9.6
-+  identifier: sanity-8.10to9.6-beaker-minimal-ondemand
-   tf_extra_params:
-     test:
-       tmt:
-@@ -623,24 +488,24 @@ jobs:
-       - tmt:
-           context:
-             distro: "rhel-8.10"
--            distro_target: "rhel-9.5"
-+            distro_target: "rhel-9.6"
-         settings:
-           provisioning:
-             tags:
-               BusinessUnit: sst_upgrades@leapp_upstream_test
-   env:
-     SOURCE_RELEASE: "8.10"
--    TARGET_RELEASE: "9.5"
-+    TARGET_RELEASE: "9.6"
- 
- # On-demand kernel-rt tests
--- &kernel-rt-810to95
-+- &kernel-rt-810to96
-   <<: *kernel-rt-abstract-8to9-ondemand
-   trigger: pull_request
-   labels:
-     - kernel-rt
--    - kernel-rt-8.10to9.5
--    - 8.10to9.5
--  identifier: sanity-8.10to9.5-kernel-rt-ondemand
-+    - kernel-rt-8.10to9.6
-+    - 8.10to9.6
-+  identifier: sanity-8.10to9.6-kernel-rt-ondemand
-   tf_extra_params:
-     test:
-       tmt:
-@@ -649,11 +514,11 @@ jobs:
-       - tmt:
-           context:
-             distro: "rhel-8.10"
--            distro_target: "rhel-9.5"
-+            distro_target: "rhel-9.6"
-         settings:
-           provisioning:
-             tags:
-               BusinessUnit: sst_upgrades@leapp_upstream_test
-   env:
-     SOURCE_RELEASE: "8.10"
--    TARGET_RELEASE: "9.5"
-+    TARGET_RELEASE: "9.6"
-diff --git a/repos/system_upgrade/common/files/prod-certs/9.6/279.pem b/repos/system_upgrade/common/files/prod-certs/9.6/279.pem
-new file mode 100644
-index 00000000..a9ef267b
---- /dev/null
-+++ b/repos/system_upgrade/common/files/prod-certs/9.6/279.pem
-@@ -0,0 +1,37 @@
-+-----BEGIN CERTIFICATE-----
-+MIIGZTCCBE2gAwIBAgIJALDxRLt/tVEiMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
-+VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
-+YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
-+IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
-+ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDgxMjE5MDIwNVoXDTQ0MDgx
-+MjE5MDIwNVowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFs1MzUwNTA4
-+OC05ZTk5LTQyODItYmE4OS1mMjhhNjAwZWNhZWFdMIICIjANBgkqhkiG9w0BAQEF
-+AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
-+sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
-+8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
-+RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
-+5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
-+xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
-+QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
-+yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
-+1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
-+5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
-+ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
-+AwEAAaOB7jCB6zAJBgNVHRMEAjAAMEMGDCsGAQQBkggJAYIXAQQzDDFSZWQgSGF0
-+IEVudGVycHJpc2UgTGludXggZm9yIFBvd2VyLCBsaXR0bGUgZW5kaWFuMBUGDCsG
-+AQQBkggJAYIXAgQFDAM5LjYwGQYMKwYBBAGSCAkBghcDBAkMB3BwYzY0bGUwJwYM
-+KwYBBAGSCAkBghcEBBcMFXJoZWwtOSxyaGVsLTktcHBjNjRsZTAdBgNVHQ4EFgQU
-+YeogtTV8r2dkOv9rCOYQeNDNH5UwHwYDVR0jBBgwFoAUlv27HEBA/0CErbIfCybB
-+w2pv1nwwDQYJKoZIhvcNAQELBQADggIBACRmyYbMhmuV+w4E+Hlonlt0mooB6EF6
-+h/xknuBRw/saSL+7sLfbItaxWH5euxDc/5XvII2t0Jjl+GDnAjI75xrTuN3gT88Z
-+9wd1kvDVqt46GI6VKVH1SujJoJpGenfhTVwenATZwdq260RgYgM3Zv1d3I4Lu/GY
-+65T//j0/8tBmgqMc6BRvIrDa1wtVUbEwH3b/jwZoeitps1hKIH9yKZV79HZ7WVdb
-+otDtsAk7VKZGRjGdvYsfWZrjmyyyc5wX2AemzpnhSm1kkGvOAjSMsJ0QcrSu/5vj
-+AAK64J1tDA93WKsAqDnK7tUOx6qwICllbgVmKWl/02JH8ELs/sJnsWBEigfdZmTh
-+/3Q8DPNni7scYkJ5Vs0tL8pke29C1bgAYjoBiQgf/ffNunTOWgdkdFHbd9I3+aLh
-+pO7qqkndEkl85xkQJrZWO35NvPD4NAwnsDrIP0oJg5mYNTB11C5SlHhllT/Iu374
-+8afWtoHaB50vsqM2dtvh/UsCyGynWYc93TLsU6a4gBl19D7VAx0fiOwdD+CyweUp
-+xcos6MIIuFAFUIVpD+/3w499Lw9m5dcfApl6HCyQgAoafXCJjM/aXsSsSWr2d9TF
-+c6S/uA2egh4fUv8zYnlZKUvCTu8kn4Lv439wW0xyIEB/sD/gXk9e8H9KkUuKDExx
-+yTSjzqnPM82N
-+-----END CERTIFICATE-----
-diff --git a/repos/system_upgrade/common/files/prod-certs/9.6/362.pem b/repos/system_upgrade/common/files/prod-certs/9.6/362.pem
-new file mode 100644
-index 00000000..d7c1a6be
---- /dev/null
-+++ b/repos/system_upgrade/common/files/prod-certs/9.6/362.pem
-@@ -0,0 +1,37 @@
-+-----BEGIN CERTIFICATE-----
-+MIIGdDCCBFygAwIBAgIJALDxRLt/tVE4MA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
-+VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
-+YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
-+IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
-+ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDgxMjE5MDIyNFoXDTQ0MDgx
-+MjE5MDIyNFowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFs2MjBmNzkx
-+MC0xNDk5LTRmMzAtYTk3NS1hYWFiOGQyMWE1NmNdMIICIjANBgkqhkiG9w0BAQEF
-+AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
-+sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
-+8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
-+RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
-+5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
-+xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
-+QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
-+yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
-+1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
-+5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
-+ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
-+AwEAAaOB/TCB+jAJBgNVHRMEAjAAMEgGDCsGAQQBkggJAYJqAQQ4DDZSZWQgSGF0
-+IEVudGVycHJpc2UgTGludXggZm9yIFBvd2VyLCBsaXR0bGUgZW5kaWFuIEJldGEw
-+GgYMKwYBBAGSCAkBgmoCBAoMCDkuNiBCZXRhMBkGDCsGAQQBkggJAYJqAwQJDAdw
-+cGM2NGxlMCwGDCsGAQQBkggJAYJqBAQcDBpyaGVsLTkscmhlbC05LWJldGEtcHBj
-+NjRsZTAdBgNVHQ4EFgQUYeogtTV8r2dkOv9rCOYQeNDNH5UwHwYDVR0jBBgwFoAU
-+lv27HEBA/0CErbIfCybBw2pv1nwwDQYJKoZIhvcNAQELBQADggIBADzaMxiligMU
-+vVUxGdlKgceVXcZR6TC/nACDxyRFm7JGKYC0Ncxum2RWQ10mMD1HM1xa0NVz3BLO
-+a+VrZ3MGTpKuWQgN0TKIzjykxxfJMip8AVYx6UvQ4SxxZWFIVPuC0XYfYc2pOV5A
-+OcO63O+R7QVvLpZ3q7tX3uAXCfWWvJkoJ+MzKCl3lEmeKAcaikcums+aOd/JwTSo
-+bt5ExLgC4J1cvevH+IBCUbmN1r+xrkHNiNWjys0MIo1JsPmi1A1kDeORXPN4xXvH
-+x69z9SuHrUd2iFXpMfezqZsmiaa/FP6UOKwpDyEqZGE+/aT/RBza9BeYX74vDpFI
-+h0vMtx3lHE+PGh7a6kfXV2GL4IP7w5MbdZQIJ/ZS4oT/zG3E2wRnGD4+oQ3Bm/TV
-+Or0IHnafxXYXgsQ6bsMsZN7BRZ8VfaEdM3IVRqVyPVWzo0kYkHZcnVQpabmCWPjc
-+NUwMJDni3LfjxKreHLDQBEkwX4XoZnSq/xMHO6ppe0sZ2XgAOsw/B92ekTTEdoKZ
-+dEQBkqv2FRUbMoILnNVWJp4yGMOPcTl7hrlcJjKRvKs1hKWkQKN6g4YDHCglkVfH
-+ltDGkolsUYFvoygoi8VCCDfz7whn6pXmzlpk1VkzE+V1R88Tf5ygrSNWETOZMU/B
-+5P07jdNriEBCZaCPq7T8odOt1cKZpVdg
-+-----END CERTIFICATE-----
-diff --git a/repos/system_upgrade/common/files/prod-certs/9.6/363.pem b/repos/system_upgrade/common/files/prod-certs/9.6/363.pem
-new file mode 100644
-index 00000000..f75b478d
---- /dev/null
-+++ b/repos/system_upgrade/common/files/prod-certs/9.6/363.pem
-@@ -0,0 +1,37 @@
-+-----BEGIN CERTIFICATE-----
-+MIIGZjCCBE6gAwIBAgIJALDxRLt/tVE3MA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
-+VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
-+YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
-+IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
-+ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDgxMjE5MDIyNFoXDTQ0MDgx
-+MjE5MDIyNFowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFs1MDE5NmU1
-+ZC1lNDgzLTQwNDAtYjcwYS03NDg5NDliZTRjZmFdMIICIjANBgkqhkiG9w0BAQEF
-+AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
-+sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
-+8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
-+RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
-+5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
-+xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
-+QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
-+yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
-+1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
-+5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
-+ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
-+AwEAAaOB7zCB7DAJBgNVHRMEAjAAMDoGDCsGAQQBkggJAYJrAQQqDChSZWQgSGF0
-+IEVudGVycHJpc2UgTGludXggZm9yIEFSTSA2NCBCZXRhMBoGDCsGAQQBkggJAYJr
-+AgQKDAg5LjYgQmV0YTAZBgwrBgEEAZIICQGCawMECQwHYWFyY2g2NDAsBgwrBgEE
-+AZIICQGCawQEHAwacmhlbC05LHJoZWwtOS1iZXRhLWFhcmNoNjQwHQYDVR0OBBYE
-+FGHqILU1fK9nZDr/awjmEHjQzR+VMB8GA1UdIwQYMBaAFJb9uxxAQP9AhK2yHwsm
-+wcNqb9Z8MA0GCSqGSIb3DQEBCwUAA4ICAQBiaXwTsDt1Kz79ZJ3TnNDuX3IntXuS
-+DxIGAhpgJ+ynaSULh8xL6pq5L6EtYnVzpO6T+j2ADbJlLkIRV0fMD6MMZo4YQtHH
-+NofoNgJoYI4uXcCKYS2vIUw+0Br7qx8BPTb5jP+VRl9LU8W299nYOTp+vY7GQ0Ny
-+hT66G+FJfo5CqHZpMTGgJbpjoP3DMpXZcARBnjQ0LhvjvcalGmPP4//tcPNwft6r
-+ei8fxBvpmCXDS9/vXwiEf6jEidqq1Q6bCdL20Y1ZPY13oUEYFqrf8PhexlV1yoD4
-+F4gEbVHPQ4yvH3D6xIAFE4959+H+dgMfXqn9gkUvnTMdyfzcUYGLTAib3zb4eW/J
-+anzwfBAcssBzjU1v/txWMRlZI1GJFNtboAixnRksj1epE848J3bjtiw3R/Z5grFn
-+dieJwjfM4AEDrpRmA5tDnv5z73k1djJbacL7fTIyTuSnDbjH2J5PtCAvWTLYq/kP
-+h8E3sJ9zXP2nJMBRgQiZJY98bPKLT63ngRScI+CZs1fLvaoCq0o+qkcfnDEja3aH
-+TQYXHVZblA4TYnD8Vh8gKwCt8+1WF5C9BGcMmKvozuuIaIJgT21V+DLzfTESpZz7
-+lcPKk/3dBFtFGOdA4SQ4o/dxItJ0Eay1SlOI9xL9KgTNqv6ftA+9kxZ0MSPwO7eG
-+b5Am4gNTK734uQ==
-+-----END CERTIFICATE-----
-diff --git a/repos/system_upgrade/common/files/prod-certs/9.6/419.pem b/repos/system_upgrade/common/files/prod-certs/9.6/419.pem
-new file mode 100644
-index 00000000..e2d3ee5b
---- /dev/null
-+++ b/repos/system_upgrade/common/files/prod-certs/9.6/419.pem
-@@ -0,0 +1,36 @@
-+-----BEGIN CERTIFICATE-----
-+MIIGVzCCBD+gAwIBAgIJALDxRLt/tVEhMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
-+VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
-+YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
-+IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
-+ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDgxMjE5MDIwNVoXDTQ0MDgx
-+MjE5MDIwNVowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFtkN2E2ZDhi
-+Mi0yZjMzLTRhYzMtYmM5Ni1mMjU5MTNmZTQxNWNdMIICIjANBgkqhkiG9w0BAQEF
-+AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
-+sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
-+8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
-+RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
-+5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
-+xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
-+QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
-+yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
-+1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
-+5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
-+ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
-+AwEAAaOB4DCB3TAJBgNVHRMEAjAAMDUGDCsGAQQBkggJAYMjAQQlDCNSZWQgSGF0
-+IEVudGVycHJpc2UgTGludXggZm9yIEFSTSA2NDAVBgwrBgEEAZIICQGDIwIEBQwD
-+OS42MBkGDCsGAQQBkggJAYMjAwQJDAdhYXJjaDY0MCcGDCsGAQQBkggJAYMjBAQX
-+DBVyaGVsLTkscmhlbC05LWFhcmNoNjQwHQYDVR0OBBYEFGHqILU1fK9nZDr/awjm
-+EHjQzR+VMB8GA1UdIwQYMBaAFJb9uxxAQP9AhK2yHwsmwcNqb9Z8MA0GCSqGSIb3
-+DQEBCwUAA4ICAQCJqWcTJezGVGxsNvFkbsrvbHhJBuBMeDZZuOLaXaQVyfNwYRS2
-+2k/oUhhQQMfiDiaLkz7yz0Zw5clC/K5G6Sg9+nWDA57lsZuNV5CnSBYOJf2jY2fK
-+ue/1M75Y4fJAKtBxpvkFaIaKyMQ/0VC67OFYtbBZEOuwIpQh9aPFHnrh2WnpcUvJ
-+B93O0fsRjHK30E7jF8ncNmhevMLvVlxH0JjfbvcU3dGG964K41tFiozshvnAGFce
-+kFzxVVYQL3ZKycqonwFr3BbzgKwx5EXUFBg/ax694aijeeVA6yuQXWJvV42IjUeW
-+vn+dvRrHh2fv4MXuyc+oljbXaEZE7m9gtWBtUEBHqWoQz6rQ25uZylnK+SDWE5bt
-+xM+1qGUSf90VvyFO3fu1qeVVr0LbnMAgO9YnJjLRQax0mgj3tZTRvM72W4hfBy36
-+ndYnJE2le5xYWVl1Hd29dil70cokj5hN8nQI9eStfcOvs9Vw2ngIL/H3+QTRS/NO
-+l7MHQXbriLAaHavED6B50dEfw8pQXybEju4Rs+nDgm5hdE7FjbVflVQejSjyHIMd
-+AQnwrDSMPRezCJFHQeB0t7oaHpAHECc2zBpvcvy7qCN2Z08h6jdzfrp15UDkHEcy
-+Qa9dtYRUthI3pjGGu7WTPwX9y0veot3EZRnEzeIprIsHcMKfmkMg4HRJ3A==
-+-----END CERTIFICATE-----
-diff --git a/repos/system_upgrade/common/files/prod-certs/9.6/433.pem b/repos/system_upgrade/common/files/prod-certs/9.6/433.pem
-new file mode 100644
-index 00000000..ac588c1c
---- /dev/null
-+++ b/repos/system_upgrade/common/files/prod-certs/9.6/433.pem
-@@ -0,0 +1,37 @@
-+-----BEGIN CERTIFICATE-----
-+MIIGaTCCBFGgAwIBAgIJALDxRLt/tVE5MA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
-+VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
-+YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
-+IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
-+ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDgxMjE5MDIyNFoXDTQ0MDgx
-+MjE5MDIyNFowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFs4NzcwNzQ4
-+MS02MGEwLTQwYTUtYWVhMi0xNjNmODUyMzI3ZTFdMIICIjANBgkqhkiG9w0BAQEF
-+AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
-+sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
-+8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
-+RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
-+5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
-+xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
-+QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
-+yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
-+1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
-+5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
-+ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
-+AwEAAaOB8jCB7zAJBgNVHRMEAjAAMEEGDCsGAQQBkggJAYMxAQQxDC9SZWQgSGF0
-+IEVudGVycHJpc2UgTGludXggZm9yIElCTSB6IFN5c3RlbXMgQmV0YTAaBgwrBgEE
-+AZIICQGDMQIECgwIOS42IEJldGEwFwYMKwYBBAGSCAkBgzEDBAcMBXMzOTB4MCoG
-+DCsGAQQBkggJAYMxBAQaDBhyaGVsLTkscmhlbC05LWJldGEtczM5MHgwHQYDVR0O
-+BBYEFGHqILU1fK9nZDr/awjmEHjQzR+VMB8GA1UdIwQYMBaAFJb9uxxAQP9AhK2y
-+HwsmwcNqb9Z8MA0GCSqGSIb3DQEBCwUAA4ICAQC57eNKMpTQuIEEoYXkhD0oYkgD
-+RzDFyqKZgyK0IdOy6t0d9GcMY/nI/uYQltUC+HWBUJWYkHc84xjfP3ITfuHWP8KP
-+3qdXLPwTDcNVUGtLgXIfEz4FEM4OVwfM2X0jIcLfkDmZzffWjHgBpAUfZM6fBvXl
-+soPJ+s4/vIUFNbVtcJh9iw4glt/GFBOX/bNPV9kniAAYuyabW43X7GxfREJY18Db
-++Fv7c+z2eM4fQFpLkSEZwsNN68G4OHDC7tWsYtCRocipWGs6lN5MBNXC0q90ds5O
-+kOLRfHKOLFqbZnBNdgSOlsf+ENH3exUhoDvZE0gnAVALABVv6PCtsHn2rPLonsrB
-+l9ZKqCVVDpQMDXmZC79XKB0nVrNQ7qYorCVnYqnTAkuvw4BuXpKASaSCDSRWLQN0
-+H89phUM64VnyPD5pBTw+YJURDm8cwD5e6HaXhKzG1ca9PWL+RVxedB4Rl2VG00fE
-+QUBbHZktH+H1P3MtqALB7IUav4IuBgdF27W55GExCgshRuyV6/VHmYiD+L52XxCH
-+71mdWTp6JR1/hMYKPLhc5/ESBoMpqMXa4UWIOtMWiafWaDS4Cib+uyIIzCgqW8ee
-+t+yQtCs7MUUd6t87XP7/TTQJe6e0JsyDnME9br0E4g57Y8cXjOILGg/ihqBFOGt1
-+vhbX7w/YRjVpwJhi9w==
-+-----END CERTIFICATE-----
-diff --git a/repos/system_upgrade/common/files/prod-certs/9.6/479.pem b/repos/system_upgrade/common/files/prod-certs/9.6/479.pem
-new file mode 100644
-index 00000000..c2bac3ee
---- /dev/null
-+++ b/repos/system_upgrade/common/files/prod-certs/9.6/479.pem
-@@ -0,0 +1,36 @@
-+-----BEGIN CERTIFICATE-----
-+MIIGVTCCBD2gAwIBAgIJALDxRLt/tVEkMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
-+VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
-+YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
-+IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
-+ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDgxMjE5MDIwNVoXDTQ0MDgx
-+MjE5MDIwNVowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFtjZWRlZTRi
-+My0xOGFhLTQwMzMtYjE3OS01OTkwMjk2OGFkZjhdMIICIjANBgkqhkiG9w0BAQEF
-+AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
-+sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
-+8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
-+RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
-+5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
-+xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
-+QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
-+yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
-+1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
-+5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
-+ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
-+AwEAAaOB3jCB2zAJBgNVHRMEAjAAMDUGDCsGAQQBkggJAYNfAQQlDCNSZWQgSGF0
-+IEVudGVycHJpc2UgTGludXggZm9yIHg4Nl82NDAVBgwrBgEEAZIICQGDXwIEBQwD
-+OS42MBgGDCsGAQQBkggJAYNfAwQIDAZ4ODZfNjQwJgYMKwYBBAGSCAkBg18EBBYM
-+FHJoZWwtOSxyaGVsLTkteDg2XzY0MB0GA1UdDgQWBBRh6iC1NXyvZ2Q6/2sI5hB4
-+0M0flTAfBgNVHSMEGDAWgBSW/bscQED/QIStsh8LJsHDam/WfDANBgkqhkiG9w0B
-+AQsFAAOCAgEADoQWjROe9jPuYIB5cW7URXgDPVK3cpGnlKxEINdXT+dL7N2qNijy
-+BcV0+SCHmswZ+F7OTozyGzGbJCrSHZrvF2lp2L8YddvkIFsWqrPkseU/0/oog5Qf
-+ULA5WzV12u0Ra/DWinhUq6NZWLAt/FvJ7+WHPdJ7B0WsiA751l7crvfKfen93Xzb
-+0eakHrotcPi9YH/Jez8xjs4Wc3ra/7CbLqpsHuWzgzwJabiuLaf5PK95VVedzQIx
-+lT+N6JydFIkXkofQJwTptPTh9lDbZDe33/dg5zX3l9CAQK7JYZKYoUzLirM2LO7s
-+TGejW1mKGB+O23bQBGRkLoD4kbY17UMCFcKD7mZSO6laoOBOk8NYUxTDjT4e3cUB
-+dHw5YVrj+BSHzgOGpc1KrmuBiOWZrZf4iaFuz4Kr88tL6TT6IH5UmfP3fuvvMyXs
-+OWqTAfr/CPeJjLhjmbEagkS0kpgkyXodY8sq2Ph5vpn0o1QYNfy6KRtD/m6YaF7G
-+SDkWEY5li338SROIFV6X8lKEzHMfQZzhqQWoJWQlFuAdByKrxz8x1RJZTkIT82h6
-+uM/GO3v5xT5UXXa2x1X0JtS9rPGdnmAKQLJJz07s+2WCRqCFuBxJsV+aWCRLsab4
-+jpo1NG0RH0KorjvBBMLx8bVSbl4YFJdOcomlRVrsC2iMUwl+PH5Ah4g=
-+-----END CERTIFICATE-----
-diff --git a/repos/system_upgrade/common/files/prod-certs/9.6/486.pem b/repos/system_upgrade/common/files/prod-certs/9.6/486.pem
-new file mode 100644
-index 00000000..e130d5dc
---- /dev/null
-+++ b/repos/system_upgrade/common/files/prod-certs/9.6/486.pem
-@@ -0,0 +1,37 @@
-+-----BEGIN CERTIFICATE-----
-+MIIGZDCCBEygAwIBAgIJALDxRLt/tVE6MA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
-+VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
-+YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
-+IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
-+ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDgxMjE5MDIyNFoXDTQ0MDgx
-+MjE5MDIyNFowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFsyMTM1ODk1
-+Yi1mMDRiLTRlNjUtOWYzMC04MmRlYmQ0Njc0NjNdMIICIjANBgkqhkiG9w0BAQEF
-+AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
-+sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
-+8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
-+RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
-+5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
-+xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
-+QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
-+yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
-+1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
-+5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
-+ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
-+AwEAAaOB7TCB6jAJBgNVHRMEAjAAMDoGDCsGAQQBkggJAYNmAQQqDChSZWQgSGF0
-+IEVudGVycHJpc2UgTGludXggZm9yIHg4Nl82NCBCZXRhMBoGDCsGAQQBkggJAYNm
-+AgQKDAg5LjYgQmV0YTAYBgwrBgEEAZIICQGDZgMECAwGeDg2XzY0MCsGDCsGAQQB
-+kggJAYNmBAQbDBlyaGVsLTkscmhlbC05LWJldGEteDg2XzY0MB0GA1UdDgQWBBRh
-+6iC1NXyvZ2Q6/2sI5hB40M0flTAfBgNVHSMEGDAWgBSW/bscQED/QIStsh8LJsHD
-+am/WfDANBgkqhkiG9w0BAQsFAAOCAgEAHhaEBX5fhB2zweFT0SuLB3OB11aE3Tjy
-+q0dNxm8t3d5glgtratmAkPD+6Ct0gkdoGJ8GcBsFVzzM2ig236YOy8dCPVWBzLtd
-+Oni5DpjSqnMX6yq4PuSViF1w+9pCKPJqzQK/u/F0njkwdu0mAwc1fkiCR0B6oB7s
-+m1rHhuyC4PkAj5RYQ6+M4MpGfce0HSpUCzlnAlHYgjvmT3qCUvlEYLPg4/Z+wihZ
-+1xdhhhoLNi43IdfmFQlTSNZqTwLB780qzHzi+UYgWg7wflTn8m1LAOlad5HWJFnE
-+y6JnX+c+vfzvxFBSZABKJsZY/YKIAV14g42XL8zhIpJHtdYnUaveo1M90UAvSECP
-+RAnPUIKWM1VYKfa2PpEC2/157KOQ4y7BUrAUlqs1qh8FoGCZYHMRmgYqHoycIvw+
-+gs1gH77O9EyOMMjwyQqBUnzylJfhjkEgINDIGbPEiQpI33TBniw5yMRZ74XWOoi3
-+rOIiaYxHBDpJ25LwbZsJOQUPmIKBTOpLK9N4IK7UvA7O8HCEEJz2+VLVf2svaoU1
-+fd7MUYh9aCjEocKRQknxScJLVBXcFRy0I+tfVQwkcLqWCOrp3qpNmYwhC+C0vYtR
-+/LZ58vf60+m+mKUmEJWF6X7QGFZptsc0ERme6sE1E41iNAIq3BsBMU/hQIVP50k4
-+T3KefQomWk4=
-+-----END CERTIFICATE-----
-diff --git a/repos/system_upgrade/common/files/prod-certs/9.6/72.pem b/repos/system_upgrade/common/files/prod-certs/9.6/72.pem
-new file mode 100644
-index 00000000..35927fbc
---- /dev/null
-+++ b/repos/system_upgrade/common/files/prod-certs/9.6/72.pem
-@@ -0,0 +1,36 @@
-+-----BEGIN CERTIFICATE-----
-+MIIGVjCCBD6gAwIBAgIJALDxRLt/tVEjMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
-+VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAUBgNVBAoMDVJlZCBI
-+YXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEuMCwGA1UEAwwlUmVk
-+IEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJ
-+ARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMB4XDTI0MDgxMjE5MDIwNVoXDTQ0MDgx
-+MjE5MDIwNVowRDFCMEAGA1UEAww5UmVkIEhhdCBQcm9kdWN0IElEIFs0ZDhmOTky
-+Yy04NDBjLTQ4MzYtODVkOS0zYWI5YjA1ZjViY2FdMIICIjANBgkqhkiG9w0BAQEF
-+AAOCAg8AMIICCgKCAgEAxj9J04z+Ezdyx1U33kFftLv0ntNS1BSeuhoZLDhs18yk
-+sepG7hXXtHh2CMFfLZmTjAyL9i1XsxykQpVQdXTGpUF33C2qBQHB5glYs9+d781x
-+8p8m8zFxbPcW82TIJXbgW3ErVh8vk5qCbG1cCAAHb+DWMq0EAyy1bl/JgAghYNGB
-+RvKJObTdCrdpYh02KUqBLkSPZHvo6DUJFN37MXDpVeQq9VtqRjpKLLwuEfXb0Y7I
-+5xEOrR3kYbOaBAWVt3mYZ1t0L/KfY2jVOdU5WFyyB9PhbMdLi1xE801j+GJrwcLa
-+xmqvj4UaICRzcPATP86zVM1BBQa+lilkRQes5HyjZzZDiGYudnXhbqmLo/n0cuXo
-+QBVVjhzRTMx71Eiiahmiw+U1vGqkHhQNxb13HtN1lcAhUCDrxxeMvrAjYdWpYlpI
-+yW3NssPWt1YUHidMBSAJ4KctIf91dyE93aStlxwC/QnyFsZOmcEsBzVCnz9GmWMl
-+1/6XzBS1yDUqByklx0TLH+z/sK9A+O2rZAy1mByCYwVxvbOZhnqGxAuToIS+A81v
-+5hCjsCiOScVB+cil30YBu0cH85RZ0ILNkHdKdrLLWW4wjphK2nBn2g2i3+ztf+nQ
-+ED2pQqZ/rhuW79jcyCZl9kXqe1wOdF0Cwah4N6/3LzIXEEKyEJxNqQwtNc2IVE8C
-+AwEAAaOB3zCB3DAJBgNVHRMEAjAAMDsGCysGAQQBkggJAUgBBCwMKlJlZCBIYXQg
-+RW50ZXJwcmlzZSBMaW51eCBmb3IgSUJNIHogU3lzdGVtczAUBgsrBgEEAZIICQFI
-+AgQFDAM5LjYwFgYLKwYBBAGSCAkBSAMEBwwFczM5MHgwJAYLKwYBBAGSCAkBSAQE
-+FQwTcmhlbC05LHJoZWwtOS1zMzkweDAdBgNVHQ4EFgQUYeogtTV8r2dkOv9rCOYQ
-+eNDNH5UwHwYDVR0jBBgwFoAUlv27HEBA/0CErbIfCybBw2pv1nwwDQYJKoZIhvcN
-+AQELBQADggIBANOzzfUKjlJsgJWUryjKfzPYISkCZXauHqBcST4N1HP1GA8tmMXi
-+bgh14+l7ZO8EloFvEGANsX2ffMfauuJx2NV6ks07NHWuM7W9kghDe5ZccrJCz88E
-+1zdvyWae5oSvTwfnvR/b63duOhs88u7NCQN2+n+pmJA0dPWbGTaIp3n4kJg8YKnd
-+O8Nct2doNS+1rrLpRmVKQy/E7fAXQzt1Bxqs2hORqbgffiSE9a+4akitY97GXRBm
-+nOO2DkyEW0xPtdy3zDvL7o7b1B0gdMOwqEolgGuDFsrfD+7ofpwOWjS+83gF6hMP
-+5YVD3sugu6xzCx6y7Yl/BfX4qvvT4YHtYob5rQA/t7JY4u4ryadkUxQLMEccMsyS
-+pKZQ8KFC5ZNJVK/ievkcBCsBlulbRftVJGF3TA2Hl2aBuMhGdUR5y/Q89WHUzeV6
-+U6AVzyEsvIJguswvKvFAyHwNuViCfFCkjNkJolvd/g03OSy1A7piQaU20QyltWmx
-+FILCR/DBUbCWIzKTfkLr93TbV2b1AH9uRW1SAGrftuevVXrNemWIwq1x/VgjDm3o
-+nk637pnEfZZzX8T2gO5z5yjlP0PR4s7hKkmp3TmAeG9015pFxPnD3AMI261srQ+c
-+KZBdIc5UseQo/4KvRKZ1CzxPh0WjJCzc/C/TKzIlEdELq/rnKGuqHKB9
-+-----END CERTIFICATE-----
-diff --git a/repos/system_upgrade/common/files/upgrade_paths.json b/repos/system_upgrade/common/files/upgrade_paths.json
-index 5399f148..cc9dcdb5 100644
---- a/repos/system_upgrade/common/files/upgrade_paths.json
-+++ b/repos/system_upgrade/common/files/upgrade_paths.json
-@@ -1,19 +1,17 @@
- {
-     "default": {
--        "7.9": ["8.8", "8.10"],
--        "8.8": ["9.2"],
--        "8.10": ["9.4", "9.5"],
-+        "7.9": ["8.10"],
-+        "8.10": ["9.4", "9.5", "9.6"],
-         "9.6": ["10.0"],
--        "7": ["8.8", "8.10"],
--        "8": ["9.2", "9.4", "9.5"],
-+        "7": ["8.10"],
-+        "8": ["9.4", "9.5", "9.6"],
-         "9": ["10.0"]
-     },
-     "saphana": {
--        "7.9": ["8.10", "8.8"],
--        "7": ["8.10", "8.8"],
--        "8.8": ["9.2"],
--        "8.10": ["9.4"],
--        "8": ["9.4", "9.2"],
-+        "7.9": ["8.10"],
-+        "7": ["8.10"],
-+        "8.10": ["9.6", "9.4"],
-+        "8": ["9.6", "9.4"],
-         "9.6": ["10.0"],
-         "9": ["10.0"]
-     }
-diff --git a/repos/system_upgrade/common/libraries/config/version.py b/repos/system_upgrade/common/libraries/config/version.py
-index 152d9112..d710a647 100644
---- a/repos/system_upgrade/common/libraries/config/version.py
-+++ b/repos/system_upgrade/common/libraries/config/version.py
-@@ -18,7 +18,7 @@ OP_MAP = {
- _SUPPORTED_VERSIONS = {
-     # Note: 'rhel-alt' is detected when on 'rhel' with kernel 4.x
-     '7': {'rhel': ['7.9'], 'rhel-alt': [], 'rhel-saphana': ['7.9']},
--    '8': {'rhel': ['8.8', '8.10'], 'rhel-saphana': ['8.8', '8.10']},
-+    '8': {'rhel': ['8.10'], 'rhel-saphana': ['8.10']},
-     '9': {'rhel': ['9.4', '9.5', '9.6'], 'rhel-saphana': ['9.4', '9.6']},
- }
- 
--- 
-2.47.0
-

SOURCES/0040-spec-drop-the-etc-leapp-actor_confid.d-dir.patch

@@ -1,29 +0,0 @@
-From f50e3474a619ed338c2514933303320d986e6ffe Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Thu, 14 Nov 2024 16:26:55 +0100
-Subject: [PATCH 40/40] spec: drop the /etc/leapp/actor_confid.d dir
-
-The directory should be provided by the framework. leapp-repository
-should provide only a content inside if any present.
----
- packaging/leapp-repository.spec | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/packaging/leapp-repository.spec b/packaging/leapp-repository.spec
-index 2bb52505..6676d907 100644
---- a/packaging/leapp-repository.spec
-+++ b/packaging/leapp-repository.spec
-@@ -250,9 +250,7 @@ install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/files/
- install -m 0644 etc/leapp/transaction/* %{buildroot}%{_sysconfdir}/leapp/transaction
- install -m 0644 etc/leapp/files/* %{buildroot}%{_sysconfdir}/leapp/files
- 
--# Actor configuration dir
--install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/actor_conf.d/
--# uncomment to install existing configs
-+# uncomment to install existing configs if any exists
- #install -m 0644 etc/leapp/actor_conf.d/* %%{buildroot}%%{_sysconfdir}/leapp/actor_conf.d
- 
- # install CLI commands for the leapp utility on the expected path
--- 
-2.47.0
-

SOURCES/0042-feat-net-naming-scheme-enable-by-default.patch

@@ -1,74 +0,0 @@
-From 3c3421a0f155fe3bdfaee74c5345e86874684a09 Mon Sep 17 00:00:00 2001
-From: Michal Hecko <mhecko@redhat.com>
-Date: Tue, 19 Nov 2024 10:56:50 +0100
-Subject: [PATCH 42/53] feat(net-naming-scheme): enable by default
-
-This commit enables the use of net.naming-scheme for 8>9 upgrades by
-default. The previously used environmental variablel
-LEAPP_USE_NET_NAMING_SCHEMES is replaced with
-LEAPP_DISABLE_NET_NAMING_SCHEMES with inverse semantics.
----
- .../libraries/persistentnetnamesconfig.py             | 11 ++++++++---
- .../libraries/emit_net_naming.py                      |  4 ++--
- .../tests/test_emit_net_naming_scheme.py              |  4 ++--
- 3 files changed, 12 insertions(+), 7 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/persistentnetnamesconfig/libraries/persistentnetnamesconfig.py b/repos/system_upgrade/common/actors/persistentnetnamesconfig/libraries/persistentnetnamesconfig.py
-index b2c7f5ff..c90d13f2 100644
---- a/repos/system_upgrade/common/actors/persistentnetnamesconfig/libraries/persistentnetnamesconfig.py
-+++ b/repos/system_upgrade/common/actors/persistentnetnamesconfig/libraries/persistentnetnamesconfig.py
-@@ -39,9 +39,14 @@ def generate_link_file(interface):
- 
- @suppress_deprecation(InitrdIncludes)
- def process():
--    if get_env('LEAPP_USE_NET_NAMING_SCHEMES', '0') == '1' and version.get_target_major_version() == '9':
--        # We can use this only for 8>9, for now
--        api.current_logger().info('Skipping generation of .link files renaming NICs as LEAPP_USE_NET_NAMING_SCHEMES=1')
-+    are_net_schemes_enabled = get_env('LEAPP_DISABLE_NET_NAMING_SCHEMES', '0') != '1'
-+    is_upgrade_8to9 = version.get_target_major_version() == '9'
-+
-+    if are_net_schemes_enabled and is_upgrade_8to9:
-+        # For 8>9 we are using net.naming_scheme kernel arg by default - do not generate link files
-+        msg = ('Skipping generation of .link files renaming NICs as net.naming-scheme '
-+               '{LEAPP_DISABLE_NET_NAMING_SCHEMES != 1} is enabled and upgrade is 8>9')
-+        api.current_logger().info(msg)
-         return
- 
-     if get_env('LEAPP_NO_NETWORK_RENAMING', '0') == '1':
-diff --git a/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/libraries/emit_net_naming.py b/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/libraries/emit_net_naming.py
-index 726bb459..bab62a56 100644
---- a/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/libraries/emit_net_naming.py
-+++ b/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/libraries/emit_net_naming.py
-@@ -44,9 +44,9 @@ def is_net_scheme_compatible_with_current_cmdline():
- 
- 
- def emit_msgs_to_use_net_naming_schemes():
--    is_env_var_set = get_env('LEAPP_USE_NET_NAMING_SCHEMES', '0') == '1'
-+    is_feature_enabled = get_env('LEAPP_DISABLE_NET_NAMING_SCHEMES', '0') != '1'
-     is_upgrade_8to9 = version.get_target_major_version() == '9'
--    is_net_naming_enabled_and_permitted = is_env_var_set and is_upgrade_8to9
-+    is_net_naming_enabled_and_permitted = is_feature_enabled and is_upgrade_8to9
-     if not is_net_naming_enabled_and_permitted:
-         return
- 
-diff --git a/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/tests/test_emit_net_naming_scheme.py b/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/tests/test_emit_net_naming_scheme.py
-index 7a5eeba5..acf72241 100644
---- a/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/tests/test_emit_net_naming_scheme.py
-+++ b/repos/system_upgrade/el8toel9/actors/emit_net_naming_scheme/tests/test_emit_net_naming_scheme.py
-@@ -51,11 +51,11 @@ def test_is_net_scheme_compatible_with_current_cmdline(monkeypatch, kernel_args,
-     ]
- )
- def test_emit_msgs_to_use_net_naming_schemes(monkeypatch, is_net_scheme_enabled, is_current_cmdline_compatible):
--    envvar_value = '1' if is_net_scheme_enabled else '0'
-+    envvar_value = '0' if is_net_scheme_enabled else '1'
- 
-     mocked_actor = CurrentActorMocked(src_ver='8.10',
-                                       dst_ver='9.5',
--                                      envars={'LEAPP_USE_NET_NAMING_SCHEMES': envvar_value})
-+                                      envars={'LEAPP_DISABLE_NET_NAMING_SCHEMES': envvar_value})
-     monkeypatch.setattr(api, 'current_actor', mocked_actor)
- 
-     monkeypatch.setattr(api, 'produce', produce_mocked())
--- 
-2.47.1
-

SOURCES/0043-Fix-unreadable-output-in-upgrade-log.patch

@@ -1,48 +0,0 @@
-From 1a0183b1a43e42891199efed9bd0891a24224142 Mon Sep 17 00:00:00 2001
-From: David Kubek <dkubek@redhat.com>
-Date: Wed, 8 Jan 2025 12:05:57 +0100
-Subject: [PATCH 43/53] Fix unreadable output in upgrade log
-
-This commit resolves an issue where unwanted escape sequences (e.g.,
-ANSI codes) appear in the output of certain commands like `dnf` during
-upgrades.
-
-The issue arises because, starting with version 242, `systemd-nspawn`
-introduced new pseudo-TTY capabilities (see the `Input/Output Options`
-section in `systemd-nspawn(1)`). As a result, commands run within
-container may include these escape sequences.
-
-To address this, pseudo-TTY support is explicitly disabled in
-`systemd-nspawn` for upgrades on RHEL9 and later.
-
-JIRA: RHEL-69829
----
- repos/system_upgrade/common/libraries/mounting.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/repos/system_upgrade/common/libraries/mounting.py b/repos/system_upgrade/common/libraries/mounting.py
-index a546e9d0..2eb19d31 100644
---- a/repos/system_upgrade/common/libraries/mounting.py
-+++ b/repos/system_upgrade/common/libraries/mounting.py
-@@ -5,7 +5,7 @@ import shutil
- from collections import namedtuple
- 
- from leapp.libraries.common.config import get_all_envs
--from leapp.libraries.common.config.version import get_source_major_version
-+from leapp.libraries.common.config.version import get_source_major_version, matches_source_version
- from leapp.libraries.stdlib import api, CalledProcessError, run
- 
- # Using ALWAYS_BIND will crash the upgrade process if the file does not exist.
-@@ -88,6 +88,9 @@ class IsolationType(object):
-                 # in such a case, just add line into the previous solution..
-                 # TODO: the same about --capability=all
-                 final_cmd += ['--keep-unit', '--capability=all']
-+            if matches_source_version('>= 9.0'):
-+                # Disable pseudo-TTY in container
-+                final_cmd += ['--pipe']
-             return final_cmd + ['-D', self.target] + binds + setenvs + cmd
- 
-     class CHROOT(_Implementation):
--- 
-2.47.1
-

SOURCES/0044-Remove-unmaintained-.gitlab-ci.yml-config-file.patch

@@ -1,53 +0,0 @@
-From c92dbb41fc3d3c3c77ae33a723ad9f961b8b8215 Mon Sep 17 00:00:00 2001
-From: dosas <dosas@users.noreply.github.com>
-Date: Thu, 9 Jan 2025 14:58:54 +0100
-Subject: [PATCH 44/53] Remove unmaintained .gitlab-ci.yml config file
-
----
- .gitlab-ci.yml | 34 ----------------------------------
- 1 file changed, 34 deletions(-)
- delete mode 100644 .gitlab-ci.yml
-
-diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
-deleted file mode 100644
-index 24e91dbb..00000000
---- a/.gitlab-ci.yml
-+++ /dev/null
-@@ -1,34 +0,0 @@
--stages:
--- build-initrd
--- build-srpm
--# - build-rpms
--
--build_initrd:
--    only:
--      -  master@leapp/leapp-actors-internal
--    stage: build-initrd
--    cache:
--        key: "${CI_PIPELINE_ID}"
--        paths:
--        - sources/dracut/upgrade-boot-files.tgz
--    script:
--    - 'export BASEDIR="$PWD"'
--    - helpers/docker/docker-run.sh
--    image: docker-registry.engineering.redhat.com/leapp-builds/leapp-initrd-rhel8-build:latest
--
--build_srpm:
--    only:
--      -  master@leapp/leapp-actors-internal
--    stage: build-srpm
--    dependencies:
--    - build_initrd
--    cache:
--        key: "${CI_PIPELINE_ID}"
--        paths:
--        - sources/dracut/upgrade-boot-files.tgz
--    script:
--    - dnf install -y git-core make rpm-build copr-cli
--    - export LEAPP_INITRD_SKIP=1
--    - make srpm
--    image: fedora:28
--
--- 
-2.47.1
-

SOURCES/0045-fix-pes_events_scanner-ensure-output-contains-no-dup.patch

@@ -1,55 +0,0 @@
-From e10968202016575ed4431f67a09ab7a3aef8dfcc Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Wed, 18 Sep 2024 00:40:25 +0200
-Subject: [PATCH 45/53] fix(pes_events_scanner): ensure output contains no
- duplicates
-
-RpmTransactionTasks messages have higher priority than instructions
-based on PES data. Previously, if multiple such messages existed
-with duplicate instructions, this could lead to the crash of
-the actor - especially in case when an existing package has been
-asked to be removed several times. Ensure the occurance of each
-instruction is unique (list -> set).
-
-jira: RHEL-50076
----
- .../libraries/pes_events_scanner.py             | 17 ++++++++++-------
- 1 file changed, 10 insertions(+), 7 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/peseventsscanner/libraries/pes_events_scanner.py b/repos/system_upgrade/common/actors/peseventsscanner/libraries/pes_events_scanner.py
-index f5cb2613..a798017f 100644
---- a/repos/system_upgrade/common/actors/peseventsscanner/libraries/pes_events_scanner.py
-+++ b/repos/system_upgrade/common/actors/peseventsscanner/libraries/pes_events_scanner.py
-@@ -78,19 +78,22 @@ def get_installed_pkgs():
- 
- def get_transaction_configuration():
-     """
--    Get pkgs to install, keep and remove from the user configuration files in /etc/leapp/transaction/.
-+    Get pkgs to install, keep and remove from RpmTransactionTasks messages.
- 
--    These configuration files have higher priority than PES data.
--    :return: RpmTransactionTasks model instance
-+    Note these messages reflects inputs from various actors and configuration
-+    files in /etc/leapp/transaction/. As these are explicit instruction, they
-+    have higher priority than instructions from PES data.
-+
-+    :return: TransactionConfiguration
-     """
--    transaction_configuration = TransactionConfiguration(to_install=[], to_remove=[], to_keep=[])
-+    transaction_configuration = TransactionConfiguration(to_install=set(), to_remove=set(), to_keep=set())
- 
-     _Pkg = partial(Package, repository=None, modulestream=None)
- 
-     for tasks in api.consume(RpmTransactionTasks):
--        transaction_configuration.to_install.extend(_Pkg(name=pkg_name) for pkg_name in tasks.to_install)
--        transaction_configuration.to_remove.extend(_Pkg(name=pkg_name) for pkg_name in tasks.to_remove)
--        transaction_configuration.to_keep.extend(_Pkg(name=pkg_name) for pkg_name in tasks.to_keep)
-+        transaction_configuration.to_install.update(_Pkg(name=pkg_name) for pkg_name in tasks.to_install)
-+        transaction_configuration.to_remove.update(_Pkg(name=pkg_name) for pkg_name in tasks.to_remove)
-+        transaction_configuration.to_keep.update(_Pkg(name=pkg_name) for pkg_name in tasks.to_keep)
-     return transaction_configuration
- 
- 
--- 
-2.47.1
-

SOURCES/0046-fix-pes_event_scanner-respect-user-s-trasaction-conf.patch

@@ -1,247 +0,0 @@
-From 49627082e79744d9b7831356f87c71e2e67add03 Mon Sep 17 00:00:00 2001
-From: Michal Hecko <mhecko@redhat.com>
-Date: Thu, 31 Oct 2024 18:13:49 +0100
-Subject: [PATCH 46/53] fix(pes_event_scanner): respect user's trasaction
- configuration
-
-Previously, pes_events_scanner used transaction configuration to
-only modify the way it initializes event application. As a consequence,
-if a user specified to_remove=['pkg'], then the information would
-not make it to pes_events_scanner's output. Similar situation would
-arise with to_install/to_keep. This patch adds a post-processing to
-explicitly add transaction configuration to the result of applying PES
-events.
----
- .../libraries/pes_events_scanner.py           | 64 +++++++++++++--
- .../tests/test_pes_event_scanner.py           | 78 +++++++++++++++----
- 2 files changed, 120 insertions(+), 22 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/peseventsscanner/libraries/pes_events_scanner.py b/repos/system_upgrade/common/actors/peseventsscanner/libraries/pes_events_scanner.py
-index a798017f..50336150 100644
---- a/repos/system_upgrade/common/actors/peseventsscanner/libraries/pes_events_scanner.py
-+++ b/repos/system_upgrade/common/actors/peseventsscanner/libraries/pes_events_scanner.py
-@@ -470,9 +470,8 @@ def replace_pesids_with_repoids_in_packages(packages, source_pkgs_repoids):
-     return packages_with_repoid.union(packages_without_pesid)
- 
- 
--def apply_transaction_configuration(source_pkgs):
-+def apply_transaction_configuration(source_pkgs, transaction_configuration):
-     source_pkgs_with_conf_applied = set(source_pkgs)
--    transaction_configuration = get_transaction_configuration()
- 
-     source_pkgs_with_conf_applied = source_pkgs.union(transaction_configuration.to_install)
- 
-@@ -504,6 +503,50 @@ def remove_leapp_related_events(events):
-     return res
- 
- 
-+def include_instructions_from_transaction_configuration(rpm_tasks, transaction_configuration, installed_pkgs):
-+    """
-+    Extend current rpm_tasks applying data from transaction_configuration
-+
-+    :param PESRpmTransactionTasks rpm_tasks: Currently calculated rpm tasks based on PES data.
-+    :param TransactionConfiguration transaction_configuration: Tasked configured by user manually.
-+    :param set(str) installed_pkgs: Set of distribution signed packages installed on the system.
-+    :returns: updated tasks respecting configuration changes made by user
-+    :rtype: PESRpmTransactionTasks
-+    """
-+    to_install_from_rpm_tasks = set() if not rpm_tasks else set(rpm_tasks.to_install)
-+    to_remove_from_rpm_tasks = set() if not rpm_tasks else set(rpm_tasks.to_remove)
-+    to_keep_from_rpm_tasks = set() if not rpm_tasks else set(rpm_tasks.to_keep)
-+
-+    # We don't want to try removing packages that are not installed - include only installed ones
-+    installed_pkgs_requested_to_be_removed = transaction_configuration.to_remove.intersection(installed_pkgs)
-+    pkgs_names_to_extend_to_remove_with = set(pkg.name for pkg in installed_pkgs_requested_to_be_removed)
-+
-+    # Add packages to 'to_install' only if they are not already requested to be installed by rpm_tasks
-+    pkgs_names_requested_to_be_installed = set(pkg.name for pkg in transaction_configuration.to_install)
-+    to_install_pkgs_names_missing_from_tasks = pkgs_names_requested_to_be_installed - to_install_from_rpm_tasks
-+
-+    pkg_names_user_wants_to_keep = {pkg.name for pkg in transaction_configuration.to_keep}
-+
-+    # Remove packages that were requested by rpm_tasks or by user, but exclude those that should be kept
-+    new_to_remove_set = (to_remove_from_rpm_tasks | pkgs_names_to_extend_to_remove_with) - pkg_names_user_wants_to_keep
-+    new_to_remove_list = sorted(new_to_remove_set)
-+
-+    new_to_install_list = sorted(to_install_from_rpm_tasks | to_install_pkgs_names_missing_from_tasks)
-+    new_to_keep_list = sorted(to_keep_from_rpm_tasks | pkg_names_user_wants_to_keep)
-+
-+    if not any((new_to_remove_list, new_to_keep_list, new_to_install_list)):  # Are all empty?
-+        return rpm_tasks  # We do not modify the original tasks
-+
-+    modules_to_enable = rpm_tasks.modules_to_enable if rpm_tasks else []
-+    modules_to_reset = rpm_tasks.modules_to_reset if rpm_tasks else []
-+
-+    return PESRpmTransactionTasks(to_install=new_to_install_list,
-+                                  to_remove=new_to_remove_list,
-+                                  to_keep=new_to_keep_list,
-+                                  modules_to_enable=modules_to_enable,
-+                                  modules_to_reset=modules_to_reset)
-+
-+
- def process():
-     # Retrieve data - installed_pkgs, transaction configuration, pes events
-     events = get_pes_events('/etc/leapp/files', 'pes-events.json')
-@@ -511,24 +554,27 @@ def process():
-         return
- 
-     releases = get_relevant_releases(events)
--    source_pkgs = get_installed_pkgs()
--    source_pkgs = apply_transaction_configuration(source_pkgs)
-+    installed_pkgs = get_installed_pkgs()
-+    transaction_configuration = get_transaction_configuration()
-+    pkgs_to_begin_computation_with = apply_transaction_configuration(installed_pkgs, transaction_configuration)
- 
-     # Keep track of what repoids have the source packages to be able to determine what are the PESIDs of the computed
-     # packages of the target system, so we can distinguish what needs to be repomapped
--    repoids_of_source_pkgs = {pkg.repository for pkg in source_pkgs}
-+    repoids_of_source_pkgs = {pkg.repository for pkg in pkgs_to_begin_computation_with}
- 
-     events = remove_leapp_related_events(events)
-     events = remove_undesired_events(events, releases)
- 
-     # Apply events - compute what packages should the target system have
--    target_pkgs, pkgs_to_demodularize = compute_packages_on_target_system(source_pkgs, events, releases)
-+    target_pkgs, pkgs_to_demodularize = compute_packages_on_target_system(pkgs_to_begin_computation_with,
-+                                                                          events, releases)
- 
-     # Packages coming out of the events have PESID as their repository, however, we need real repoid
-     target_pkgs = replace_pesids_with_repoids_in_packages(target_pkgs, repoids_of_source_pkgs)
- 
-     # Apply the desired repository blacklisting
--    blacklisted_repoids, target_pkgs = remove_new_packages_from_blacklisted_repos(source_pkgs, target_pkgs)
-+    blacklisted_repoids, target_pkgs = remove_new_packages_from_blacklisted_repos(pkgs_to_begin_computation_with,
-+                                                                                  target_pkgs)
- 
-     # Look at the target packages and determine what repositories to enable
-     target_repoids = sorted(set(p.repository for p in target_pkgs) - blacklisted_repoids - repoids_of_source_pkgs)
-@@ -536,6 +582,8 @@ def process():
-     api.produce(repos_to_enable)
- 
-     # Compare the packages on source system and the computed packages on target system and determine what to install
--    rpm_tasks = compute_rpm_tasks_from_pkg_set_diff(source_pkgs, target_pkgs, pkgs_to_demodularize)
-+    rpm_tasks = compute_rpm_tasks_from_pkg_set_diff(pkgs_to_begin_computation_with, target_pkgs, pkgs_to_demodularize)
-+    rpm_tasks = include_instructions_from_transaction_configuration(rpm_tasks, transaction_configuration,
-+                                                                    installed_pkgs)
-     if rpm_tasks:
-         api.produce(rpm_tasks)
-diff --git a/repos/system_upgrade/common/actors/peseventsscanner/tests/test_pes_event_scanner.py b/repos/system_upgrade/common/actors/peseventsscanner/tests/test_pes_event_scanner.py
-index 80ece770..9a499baa 100644
---- a/repos/system_upgrade/common/actors/peseventsscanner/tests/test_pes_event_scanner.py
-+++ b/repos/system_upgrade/common/actors/peseventsscanner/tests/test_pes_event_scanner.py
-@@ -9,9 +9,7 @@ from leapp.libraries.actor.pes_events_scanner import (
-     api,
-     compute_packages_on_target_system,
-     compute_rpm_tasks_from_pkg_set_diff,
--    get_installed_pkgs,
-     Package,
--    process,
-     reporting,
-     TransactionConfiguration
- )
-@@ -27,8 +25,8 @@ from leapp.models import (
-     RepositoriesSetupTasks,
-     RepositoryData,
-     RepositoryFile,
--    RHUIInfo,
--    RPM
-+    RPM,
-+    RpmTransactionTasks
- )
- 
- 
-@@ -286,17 +284,14 @@ def test_actor_performs(monkeypatch):
- def test_transaction_configuration_has_effect(monkeypatch):
-     _Pkg = partial(Package, repository=None, modulestream=None)
- 
--    def mocked_transaction_conf():
--        return TransactionConfiguration(
--            to_install=[_Pkg('pkg-a'), _Pkg('pkg-b')],
--            to_remove=[_Pkg('pkg-c'), _Pkg('pkg-d')],
--            to_keep=[]
--        )
--
--    monkeypatch.setattr(pes_events_scanner, 'get_transaction_configuration', mocked_transaction_conf)
-+    transaction_cfg = TransactionConfiguration(
-+        to_install=[_Pkg('pkg-a'), _Pkg('pkg-b')],
-+        to_remove=[_Pkg('pkg-c'), _Pkg('pkg-d')],
-+        to_keep=[]
-+    )
- 
-     packages = {_Pkg('pkg-a'), _Pkg('pkg-c')}
--    _result = pes_events_scanner.apply_transaction_configuration(packages)
-+    _result = pes_events_scanner.apply_transaction_configuration(packages, transaction_cfg)
-     result = {(p.name, p.repository, p.modulestream) for p in _result}
-     expected = {('pkg-a', None, None), ('pkg-b', None, None)}
- 
-@@ -340,7 +335,7 @@ def test_blacklisted_repoid_is_not_produced(monkeypatch):
- 
-     monkeypatch.setattr(pes_events_scanner, 'get_installed_pkgs', lambda: installed_pkgs)
-     monkeypatch.setattr(pes_events_scanner, 'get_pes_events', lambda folder, filename: events)
--    monkeypatch.setattr(pes_events_scanner, 'apply_transaction_configuration', lambda pkgs: pkgs)
-+    monkeypatch.setattr(pes_events_scanner, 'apply_transaction_configuration', lambda pkgs, transaction_cfg: pkgs)
-     monkeypatch.setattr(pes_events_scanner, 'get_blacklisted_repoids', lambda: {'blacklisted-rhel8'})
-     monkeypatch.setattr(pes_events_scanner, 'replace_pesids_with_repoids_in_packages',
-                         lambda pkgs, src_pkgs_repoids: pkgs)
-@@ -475,3 +470,58 @@ def test_remove_leapp_related_events(monkeypatch):
- 
-     out_events = pes_events_scanner.remove_leapp_related_events(in_events)
-     assert out_events == expected_out_events
-+
-+
-+def test_transaction_configuration_is_applied(monkeypatch):
-+    installed_pkgs = {
-+         Package(name='moved-in', repository='rhel7-base', modulestream=None),
-+         Package(name='split-in', repository='rhel7-base', modulestream=None),
-+         Package(name='pkg-not-in-events', repository='rhel7-base', modulestream=None),
-+    }
-+    monkeypatch.setattr(pes_events_scanner, 'get_installed_pkgs', lambda *args, **kwags: installed_pkgs)
-+
-+    Pkg = partial(Package, modulestream=None)
-+    events = [
-+        Event(1, Action.SPLIT,
-+              {Pkg('split-in', 'rhel7-base')},
-+              {Pkg('split-out0', 'rhel8-BaseOS'), Pkg('split-out1', 'rhel8-BaseOS')},
-+              (7, 9), (8, 0), []),
-+        Event(3, Action.MOVED,
-+              {Pkg('moved-in', 'rhel7-base')}, {Pkg('moved-out', 'rhel8-BaseOS')},
-+              (7, 9), (8, 0), []),
-+    ]
-+    monkeypatch.setattr(pes_events_scanner, 'get_pes_events', lambda *args, **kwargs: events)
-+    monkeypatch.setattr(pes_events_scanner, 'remove_leapp_related_events', lambda events: events)
-+    monkeypatch.setattr(pes_events_scanner, 'remove_undesired_events', lambda events, releases: events)
-+    monkeypatch.setattr(pes_events_scanner, '_get_enabled_modules', lambda *args: [])
-+    monkeypatch.setattr(pes_events_scanner, 'replace_pesids_with_repoids_in_packages',
-+                        lambda target_pkgs, repoids_of_source_pkgs: target_pkgs)
-+    monkeypatch.setattr(pes_events_scanner,
-+                        'remove_new_packages_from_blacklisted_repos',
-+                        lambda source_pkgs, target_pkgs: (set(), target_pkgs))
-+
-+    msgs = [
-+        RpmTransactionTasks(to_remove=['pkg-not-in-events']),
-+        RpmTransactionTasks(to_remove=['pkg-not-in-events', 'pkg-not-in-events']),
-+        RpmTransactionTasks(to_install=['pkg-to-install']),
-+        RpmTransactionTasks(to_keep=['keep-me']),
-+    ]
-+    mocked_actor = CurrentActorMocked(arch='x86_64', src_ver='7.9', dst_ver='8.8', msgs=msgs)
-+    monkeypatch.setattr(api, 'current_actor', mocked_actor)
-+
-+    monkeypatch.setattr(api, 'produce', produce_mocked())
-+
-+    pes_events_scanner.process()
-+
-+    assert api.produce.called == 2
-+
-+    produced_rpm_transaction_tasks = [
-+        msg for msg in api.produce.model_instances if isinstance(msg, PESRpmTransactionTasks)
-+    ]
-+
-+    assert len(produced_rpm_transaction_tasks) == 1
-+    rpm_transaction_tasks = produced_rpm_transaction_tasks[0]
-+    # It is important to see 'pkg-not-in-events' in the list - if the user says remove pkg A, we really remove it
-+    assert sorted(rpm_transaction_tasks.to_remove) == ['moved-in', 'pkg-not-in-events', 'split-in']
-+    assert sorted(rpm_transaction_tasks.to_install) == ['moved-out', 'pkg-to-install', 'split-out0', 'split-out1']
-+    assert sorted(rpm_transaction_tasks.to_keep) == ['keep-me']
--- 
-2.47.1
-

SOURCES/0047-IPU-9-10-obsolete-GPG-key-with-SHA1-signature.patch

@@ -1,36 +0,0 @@
-From 75b8b96f8b7b6705fe52135dab32cc6c8d886db3 Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Fri, 10 Jan 2025 15:16:05 +0100
-Subject: [PATCH 47/53] IPU 9 -> 10: obsolete GPG key with SHA1 signature
-
-When upgrading to RHEL 10, we have analogical problem as we had for
-IPU 8 -> 9 due to GPG keys with SHA1 signatures. The SHA1 algorithm
-is considered unsecure since RHEL 9 and all RPMs are required to be
-signed by keys with SHA2 signatures. The RHEL 9 GPG (auxiliary) key
-is unfortunately still signed with SHA1 and RHEL 10 tooling refuse
-to use it for any operations.
-
-To resolve this apply the same solution as we did in the past:
-* obsolete original key
-* install the target RHEL 10 GPG keys during the upgrade
-
-jira: RHEL-71517
----
- .../system_upgrade/common/files/distro/rhel/gpg-signatures.json | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json b/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json
-index 8a5471a8..3cc67f82 100644
---- a/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json
-+++ b/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json
-@@ -14,6 +14,6 @@
-             "gpg-pubkey-db42a60e-37ea5438"
-           ],
-         "9": ["gpg-pubkey-d4082792-5b32db75"],
--        "10": []
-+        "10": ["gpg-pubkey-fd431d51-4ae0493b"]
-     }
- }
--- 
-2.47.1
-

SOURCES/0048-Fix-storage-scanner-parsing-error.patch

@@ -1,49 +0,0 @@
-From d183370047ab5ef139825dfce7a1b4d6f987092f Mon Sep 17 00:00:00 2001
-From: tomasfratrik <tomasfratrik8@gmail.com>
-Date: Fri, 28 Jun 2024 14:27:41 +0200
-Subject: [PATCH 48/53] Fix storage scanner parsing error
-
-Fix storagescanner actor crash when parsing the output of,
-e.g., 'pvs -a', which used ':' as a separator and caused errors.
-The issue occurred because separator ':' is used to split the outputs of executed commands.
-This commit resolves the problem by changing the separator to '|'.
-
-Jira: RHEL-34570
----
- .../actors/storagescanner/libraries/storagescanner.py       | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/storagescanner/libraries/storagescanner.py b/repos/system_upgrade/common/actors/storagescanner/libraries/storagescanner.py
-index cad6bd32..cae38731 100644
---- a/repos/system_upgrade/common/actors/storagescanner/libraries/storagescanner.py
-+++ b/repos/system_upgrade/common/actors/storagescanner/libraries/storagescanner.py
-@@ -206,7 +206,7 @@ def _get_lsblk_info():
- @aslist
- def _get_pvs_info():
-     """ Collect storage info from pvs command """
--    for entry in _get_cmd_output(['pvs', '--noheadings', '--separator', r':'], ':', 6):
-+    for entry in _get_cmd_output(['pvs', '--noheadings', '--separator', r'|'], '|', 6):
-         pv, vg, fmt, attr, psize, pfree = entry
-         yield PvsEntry(
-             pv=pv,
-@@ -220,7 +220,7 @@ def _get_pvs_info():
- @aslist
- def _get_vgs_info():
-     """ Collect storage info from vgs command """
--    for entry in _get_cmd_output(['vgs', '--noheadings', '--separator', r':'], ':', 7):
-+    for entry in _get_cmd_output(['vgs', '--noheadings', '--separator', r'|'], '|', 7):
-         vg, pv, lv, sn, attr, vsize, vfree = entry
-         yield VgsEntry(
-             vg=vg,
-@@ -235,7 +235,7 @@ def _get_vgs_info():
- @aslist
- def _get_lvdisplay_info():
-     """ Collect storage info from lvdisplay command """
--    for entry in _get_cmd_output(['lvdisplay', '-C', '--noheadings', '--separator', r':'], ':', 12):
-+    for entry in _get_cmd_output(['lvdisplay', '-C', '--noheadings', '--separator', r'|'], '|', 12):
-         lv, vg, attr, lsize, pool, origin, data, meta, move, log, cpy_sync, convert = entry
-         yield LvdisplayEntry(
-             lv=lv,
--- 
-2.47.1
-

SOURCES/0049-Use-sysinit-when-calling-vgchange-from-mount_usr.sh.patch

@@ -1,54 +0,0 @@
-From a46f20841ef32b9de23553591dd7ae8ff5150eff Mon Sep 17 00:00:00 2001
-From: "Bryn M. Reeves" <bmr@redhat.com>
-Date: Tue, 14 Jan 2025 19:57:37 +0000
-Subject: [PATCH 49/53] Use --sysinit when calling vgchange from mount_usr.sh
-
-The mount_usr.sh script runs 'lvm vgchange': if there are logical
-volumes present that require monitoring (snapshots, thin pools, RAID,
-etc.) the command will attempt to launch dmeventd.
-
-Since dmeventd is not installed in the dracut initramfs this produces a
-warning and causes the lvm command to exit with non-zero exit status
-even though the volume group has been activated and LV block devices are
-available.
-
-This in turn triggers the retry logic in mount_usr.sh: once the retries
-are exhausted the script carries on and successfully initiates the
-upgrade process.
-
-The --sysinit switch is used by the LVM dracut modules for this reason.
-From vgchange(8):
-
-       --sysinit
-        Indicates  that  vgchange/lvchange  is being invoked from early
-        system initialisation scripts (e.g. rc.sysinit or an initrd),
-        before writable filesystems are available. As such, some
-        functionality needs to be disabled and this option acts as a
-        shortcut which selects an appropriate set of options. Currently,
-        this is equivalent to using  --ignorelockingfailure,
-        --ignoremonitoring,  --poll  n, and setting env var
-        LVM_SUPPRESS_LOCKING_FAILURE_MESSAGES.  vgchange/lvchange skip
-        autoactivation, and defer to pvscan autoactivation.
-
-Testing with this change I no longer see the long delay booting the
-upgrade initramfs when snapshot LVs are present.
----
- .../files/dracut/85sys-upgrade-redhat/mount_usr.sh              | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/mount_usr.sh b/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/mount_usr.sh
-index 84f4857d..9366ac13 100755
---- a/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/mount_usr.sh
-+++ b/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/mount_usr.sh
-@@ -107,7 +107,7 @@ try_to_mount_usr() {
- 
-   # In case we have the LVM command available try make it activate all partitions
-   if command -v lvm 2>/dev/null 1>/dev/null; then
--      lvm vgchange -a y || {
-+      lvm vgchange --sysinit -a y || {
-           warn "Detected problem when tried to activate LVM VG."
-           if [ "$_last_attempt" != "true" ]; then
-               # this is not last execution, retry
--- 
-2.47.1
-