Add ELevate and TuxCare keys fingerprint as known

Bump the package release

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/deps-pkgs-13.tar.gz
-SOURCES/leapp-repository-0.22.0.tar.gz
+SOURCES/deps-pkgs-9.tar.gz
+SOURCES/leapp-repository-0.19.0.tar.gz

.leapp-repository.metadata

@@ -1,2 +1,2 @@
-3590b33b4a79ebe62f5cfa0eeca7efb41d526498 SOURCES/deps-pkgs-13.tar.gz
-e23b32573b375337b079dd7a0dc07e9232851b1c SOURCES/leapp-repository-0.22.0.tar.gz
+02499ccd70d4a8e6ce9ad29bd286a317d5e0b57b SOURCES/deps-pkgs-9.tar.gz
+79402ad1aa427e43bdce143f4c0641dda383eb5d SOURCES/leapp-repository-0.19.0.tar.gz

SOURCES/0001-RHSM-Adjust-the-switch-to-container-mode-for-new-RHS.patch

@@ -0,0 +1,37 @@
+From b6e409e1055b5d8b7f27e5df9eae096eb592a9c7 Mon Sep 17 00:00:00 2001
+From: Petr Stodulka <pstodulk@redhat.com>
+Date: Fri, 27 Oct 2023 13:34:38 +0200
+Subject: [PATCH] RHSM: Adjust the switch to container mode for new RHSM
+
+RHSM in RHEL 8.9+ & RHEL 9.3+ requires newly for the switch to the
+container mode existence and content under /etc/pki/entitlement-host,
+which in our case should by symlink to /etc/pki/entitlement.
+
+So currently we need for the correct switch 2 symlinks:
+  * /etc/pki/rhsm-host        -> /etc/pki/rhsm
+  * /etc/pki/entitlement-host -> /etc/pki/entitlement
+
+Technically we need that only for RHEL 8.9+ but discussing it with
+RHSM SST, we can do this change unconditionally for any RHEL system
+as older versions of RHSM do not check /etc/pki/entitlement-host.
+
+jira: RHEL-14839
+---
+ repos/system_upgrade/common/libraries/rhsm.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/repos/system_upgrade/common/libraries/rhsm.py b/repos/system_upgrade/common/libraries/rhsm.py
+index 4a5b0eb0..18842021 100644
+--- a/repos/system_upgrade/common/libraries/rhsm.py
++++ b/repos/system_upgrade/common/libraries/rhsm.py
+@@ -334,6 +334,7 @@ def set_container_mode(context):
+         return
+     try:
+         context.call(['ln', '-s', '/etc/rhsm', '/etc/rhsm-host'])
++        context.call(['ln', '-s', '/etc/pki/entitlement', '/etc/pki/entitlement-host'])
+     except CalledProcessError:
+         raise StopActorExecutionError(
+                 message='Cannot set the container mode for the subscription-manager.')
+-- 
+2.41.0
+

SOURCES/0002-Do-not-create-dangling-symlinks-for-containerized-RH.patch

@@ -0,0 +1,62 @@
+From d1f28cbd143f2dce85f7f175308437954847aba8 Mon Sep 17 00:00:00 2001
+From: Petr Stodulka <pstodulk@redhat.com>
+Date: Thu, 2 Nov 2023 14:20:11 +0100
+Subject: [PATCH] Do not create dangling symlinks for containerized RHSM
+
+When setting RHSM into the container mode, we are creating symlinks
+to /etc/rhsm and /etc/pki/entitlement directories. However, this
+creates dangling symlinks if RHSM is not installed or user manually
+removes one of these dirs.
+
+If any of these directories is missing, skip other actions and
+log the warning. Usually it means that RHSM is not actually used
+or installed at all, so in these cases we can do the skip. The
+only corner case when system could use RHSM without
+/etc/pki/entitlement is when RHSM is configured to put these
+certificate on a different path, and we do not support nor cover
+such a scenario as we are not scanning the RHSM configuration at
+all.
+
+This also solves the problems on systems that does not have RHSM
+available at all.
+---
+ repos/system_upgrade/common/libraries/rhsm.py | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/repos/system_upgrade/common/libraries/rhsm.py b/repos/system_upgrade/common/libraries/rhsm.py
+index 18842021..eb388829 100644
+--- a/repos/system_upgrade/common/libraries/rhsm.py
++++ b/repos/system_upgrade/common/libraries/rhsm.py
+@@ -325,6 +325,11 @@ def set_container_mode(context):
+     could be affected and the generated repo file in the container could be
+     affected as well (e.g. when the release is set, using rhsm, on the host).
+ 
++    We want to put RHSM into the container mode always when /etc/rhsm and
++    /etc/pki/entitlement directories exists, even when leapp is executed with
++    --no-rhsm option. If any of these directories are missing, skip other
++    actions - most likely RHSM is not installed in such a case.
++
+     :param context: An instance of a mounting.IsolatedActions class
+     :type context: mounting.IsolatedActions class
+     """
+@@ -332,6 +337,17 @@ def set_container_mode(context):
+         api.current_logger().error('Trying to set RHSM into the container mode'
+                                    'on host. Skipping the action.')
+         return
++    # TODO(pstodulk): check "rhsm identity" whether system is registered
++    # and the container mode should be required
++    if (not os.path.exists(context.full_path('/etc/rhsm'))
++            or not os.path.exists(context.full_path('/etc/pki/entitlement'))):
++        api.current_logger().warning(
++            'Cannot set the container mode for the subscription-manager as'
++            ' one of required directories is missing. Most likely RHSM is not'
++            ' installed. Skipping other actions.'
++        )
++        return
++
+     try:
+         context.call(['ln', '-s', '/etc/rhsm', '/etc/rhsm-host'])
+         context.call(['ln', '-s', '/etc/pki/entitlement', '/etc/pki/entitlement-host'])
+-- 
+2.41.0
+

SPECS/leapp-repository.spec

@@ -2,24 +2,14 @@
 %global repositorydir %{leapp_datadir}/repositories
 %global custom_repositorydir %{leapp_datadir}/custom-repositories
 
-%define leapp_repo_deps  10
+%define leapp_repo_deps  9
 
 %if 0%{?rhel} == 7
     %define leapp_python_sitelib %{python2_sitelib}
     %define lpr_name leapp-upgrade-el7toel8
-    %define repo_shortname el7toel8
-    %define next_major_ver 8
 %else
     %define leapp_python_sitelib %{python3_sitelib}
-    %if 0%{?rhel} == 8
-        %define lpr_name leapp-upgrade-el8toel9
-        %define repo_shortname el8toel9
-        %define next_major_ver 9
-    %else
-        %define lpr_name leapp-upgrade-el9toel10
-        %define repo_shortname el9toel10
-        %define next_major_ver 10
-    %endif
+    %define lpr_name leapp-upgrade-el8toel9
 
     # This drops autogenerated deps on
     #    - /usr/libexec/platform-python  (rhel-8 buildroot)
@@ -50,22 +40,25 @@ py2_byte_compile "%1" "%2"}
 # to create such an rpm. Instead, we are going to introduce new naming for
 # RHEL 8+ packages to be consistent with other leapp projects in future.
 
+Epoch:		1
 Name:           leapp-repository
-Version:        0.22.0
-Release:        1%{?dist}
+Version:        0.19.0
+Release:        7.1%{?dist}
 Summary:        Repositories for leapp
 
 License:        ASL 2.0
 URL:            https://oamg.github.io/leapp/
 Source0:        https://github.com/oamg/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source1:        deps-pkgs-13.tar.gz
+Source1:        deps-pkgs-9.tar.gz
 
 # NOTE: Our packages must be noarch. Do no drop this in any way.
 BuildArch:      noarch
 
 ### PATCHES HERE
 # Patch0001:    filename.patch
-
+Patch0001:      0001-RHSM-Adjust-the-switch-to-container-mode-for-new-RHS.patch
+Patch0002:      0002-Do-not-create-dangling-symlinks-for-containerized-RH.patch
+Patch0003:	leapp-repository-0.19.0-elevate.patch
 
 %description
 %{summary}
@@ -94,24 +87,14 @@ Obsoletes:      leapp-repository-sos-plugin <= 0.10.0
 Conflicts:      leapp-upgrade-el8toel9
 
 %else
-######### RHEL 8+ (and newer) ############
+######### RHEL 8 ############
 BuildRequires:  python3-devel
 Requires:       python3-leapp
 
-# NOTE(pstodulk): else if / elif has been implemented quite late. as we still
-# want to build on RHEL 7 too, go in the old way. Ref:
-# https://github.com/rpm-software-management/rpm/issues/311
-%if 0%{?rhel} == 8
-######### RHEL 8 ############
-
 # Same as the conflict above - we want to be sure our packages are untouched
 # during the whole IPU process
 Conflicts:      leapp-upgrade-el7toel8
-Conflicts:      leapp-upgrade-el9toel10
-%else
-######### RHEL 9 ############
-Conflicts:      leapp-upgrade-el8toel9
-%endif
+
 %endif
 
 # IMPORTANT: every time the requirements are changed, increment number by one
@@ -120,7 +103,7 @@ Requires:       leapp-repository-dependencies = %{leapp_repo_deps}
 
 # IMPORTANT: this is capability provided by the leapp framework rpm.
 # Check that 'version' instead of the real framework rpm version.
-Requires:       leapp-framework >= 6.0
+Requires:       leapp-framework >= 5.0
 
 # Since we provide sub-commands for the leapp utility, we expect the leapp
 # tool to be installed as well.
@@ -169,16 +152,6 @@ Provides:  leapp-repository-dependencies = %{leapp_repo_deps}
 ##################################################
 Requires:   dnf >= 4
 Requires:   pciutils
-
-# required to be able to format disk images with XFS file systems (default)
-Requires:   xfsprogs
-
-# required to be able to format disk images with Ext4 file systems
-# NOTE: this is not happening by default, but we can expact that many customers
-# will want to / need to do this - especially on RHEL 7 now. Adding this deps
-# as the best trade-off to resolve this problem.
-Requires:   e2fsprogs
-
 %if 0%{?rhel} && 0%{?rhel} == 7
 # Required to gather system facts about SELinux
 Requires:   libselinux-python
@@ -211,12 +184,6 @@ Requires:   dracut
 Requires:   NetworkManager-libnm
 Requires:   python3-gobject-base
 
-%endif
-
-%if 0%{?rhel} && 0%{?rhel} == 9
-############# RHEL 9 dependencies (when the source system is RHEL 9) ##########
-# Required to convert pam_userdb database from BerkeleyDB to GDBM
-Requires:   libdb-utils
 %endif
 ##################################################
 # end requirement
@@ -233,10 +200,17 @@ Requires:   libdb-utils
 
 # APPLY PATCHES HERE
 # %%patch0001 -p1
+%patch0001 -p1
+%patch0002 -p1
+%patch0003 -p1
 
 
 %build
-cp -a leapp*deps*el%{next_major_ver}.noarch.rpm repos/system_upgrade/%{repo_shortname}/files/bundled-rpms/
+%if 0%{?rhel} == 7
+cp -a leapp*deps*el8.noarch.rpm repos/system_upgrade/el7toel8/files/bundled-rpms/
+%else
+cp -a leapp*deps*el9.noarch.rpm repos/system_upgrade/el8toel9/files/bundled-rpms/
+%endif
 
 
 %install
@@ -244,15 +218,11 @@ install -m 0755 -d %{buildroot}%{custom_repositorydir}
 install -m 0755 -d %{buildroot}%{repositorydir}
 cp -r repos/* %{buildroot}%{repositorydir}/
 install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/repos.d/
-# NOTE(pstodulk): drop transaction dir and its content if replaced by config files before RHEL 10
 install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/transaction/
 install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/files/
 install -m 0644 etc/leapp/transaction/* %{buildroot}%{_sysconfdir}/leapp/transaction
 install -m 0644 etc/leapp/files/* %{buildroot}%{_sysconfdir}/leapp/files
 
-# uncomment to install existing configs if any exists
-#install -m 0644 etc/leapp/actor_conf.d/* %%{buildroot}%%{_sysconfdir}/leapp/actor_conf.d
-
 # install CLI commands for the leapp utility on the expected path
 install -m 0755 -d %{buildroot}%{leapp_python_sitelib}/leapp/cli/
 cp -r commands %{buildroot}%{leapp_python_sitelib}/leapp/cli/
@@ -260,10 +230,11 @@ rm -rf %{buildroot}%{leapp_python_sitelib}/leapp/cli/commands/tests
 
 # Remove irrelevant repositories - We don't want to ship them for the particular
 # RHEL version
-for i in el7toel8 el8toel9 el9toel10;
-do
-    [ "$i" != "%{repo_shortname}" ] && rm -rf %{buildroot}%{repositorydir}/system_upgrade/$i
-done
+%if 0%{?rhel} == 7
+rm -rf %{buildroot}%{repositorydir}/system_upgrade/el8toel9
+%else
+rm -rf %{buildroot}%{repositorydir}/system_upgrade/el7toel8
+%endif
 
 # remove component/unit tests, Makefiles, ... stuff that related to testing only
 rm -rf %{buildroot}%{repositorydir}/common/actors/testactor
@@ -271,9 +242,6 @@ find %{buildroot}%{repositorydir}/common -name "test.py" -delete
 rm -rf `find %{buildroot}%{repositorydir} -name "tests" -type d`
 find %{buildroot}%{repositorydir} -name "Makefile" -delete
 find %{buildroot} -name "*.py.orig" -delete
-# .gitkeep file is used to have a directory in the repo. but we do not want these
-# files in the resulting RPM
-find %{buildroot} -name .gitkeep -delete
 
 for DIRECTORY in $(find  %{buildroot}%{repositorydir}/  -mindepth 1 -maxdepth 1 -type d);
 do
@@ -302,159 +270,31 @@ done;
 %dir %{custom_repositorydir}
 %dir %{leapp_python_sitelib}/leapp/cli/commands
 %config %{_sysconfdir}/leapp/files/*
-# uncomment to package installed configs
-#%%config %%{_sysconfdir}/leapp/actor_conf.d/*
 %{_sysconfdir}/leapp/repos.d/*
 %{_sysconfdir}/leapp/transaction/*
 %{repositorydir}/*
 %{leapp_python_sitelib}/leapp/cli/commands/*
-
+%exclude %{_sysconfdir}/leapp/files/repomap.json
+%exclude %{_sysconfdir}/leapp/files/pes-events.json
+%exclude %{_sysconfdir}/leapp/files/device_driver_deprecation_data.json
+%exclude %{leapp_datadir}/repositories/system_upgrade/common/files/rpm-gpg/*/*
 
 %files -n %{lpr_name}-deps
 # no files here
 
 %changelog
-* Fri Feb 14 2025 Petr Stodulka <pstodulk@redhat.com> - 0.22.0-1
-- Rebase to new upstream 0.22.0
-- Minor updates in generated reports
-- Resolves: RHEL-67621, RHEL-67719, RHEL-16881
+* Wed Jul 24 2024 Yuriy Kohut <ykohut@almalinux.org> - 1:0.19.0-7.1
+- Add ELevate and TuxCare keys fingerprint as known
 
-* Wed Jan 29 2025 Petr Stodulka <pstodulk@redhat.com> - 0.21.0-6
-- Raise an inhibitor if unsupported target version supplied instead of error
-- Prevent a possible crash with LiveMode when adding the upgrade boot entry on systems with LVM
-- Fix the bootloader workaround for upgrades on ARM machines - covering also differences on AWS
-- Resolves: RHEL-67621, RHEL-51072, RHEL-41193
+* Fri Jun 21 2024 Yuriy Kohut <ykohut@almalinux.org> - 1:0.19.0-7
+- Implement Vendors support
 
-* Fri Jan 17 2025 Petr Stodulka <pstodulk@redhat.com> - 0.21.0-5
-- Fix pes events scanner crashing when there are duplicate packages in the received instructions
-- Fix pes events scanner not respecting user’s transaction configuration
-- Fix storage scanner crashing when command outputs contain colon character
-- Activate LVM VGs with `--sysinit` option to correct the use in the upgrade initramfs
-- Minor improvements in preupgrade reports
-- Resolves: RHEL-67621, RHEL-34570, RHEL-44596, RHEL-50076
+* Wed Apr 24 2024 Yuriy Kohut <ykohut@almalinux.org> - 1:0.19.0-6
+- Enable CentOS Stream release 8 to 9 elevation
+- Update actor.py to support NVMe device enumeration
 
-* Tue Nov 19 2024 Matej Matuska <mmatuska@redhat.com> - 0.21.0-4
-- Use net.naming-scheme by default
-- Resolves: RHEL-23473
-
-* Mon Nov 18 2024 Petr Stodulka <pstodulk@redhat.com> - 0.21.0-3
-- Introduce upgrade path 8.10 -> 9.6
-- Require leapp-framework 6.0+
-- Update leapp-deps package to satisfy leapp-framework-dependencies 6
-- Add possibility to use net.naming-scheme during the upgrade
-- Cap max size of the sparse files to 1TiB for storage with large amount of free space
-- Enable upgrade for systems with LUKS bound to Clevis with TPM 2.0 token
-- Adjust resource limitations for leapp to be able to perform the upgrade
-- Fix problems with the bootloader when upgrading to RHEL 9.6 on ARM
-- Fix the report when handling broken parsing of kernel cmdline
-- Generate proper error message instead of ModelViolationError when parsing invalid repository definition
-- Handle default kernel cmdline when multiple boot entries for the default kernel are defined
-- Introduce a possibility to configure leapp actors covering RHUI on clouds
-- Skip checking of (PKI) `directory-hash` dir to speedup the upgrade process and clean logs
-- Update leapp upgrade data files
-- Resolves: RHEL-67621, RHEL-57064, RHEL-56251, RHEL-50686, RHEL-41193
-- Resolves: RHEL-34570, RHEL-26459, RHEL-23473, RHEL-16881, RHEL-3294
-
-* Mon Aug 19 2024 Petr Stodulka <pstodulk@redhat.com> - 0.21.0-2
-- Updated SPEC file to drop leapp repositories unrelated to IPU 8 -> 9
-- Resolves: RHEL-27847
-
-* Fri Aug 16 2024 Toshio Kuratomi <toshio@fedoraproject.org> - 0.21.0-1
-- Rebase to new upstream 0.21.0
-- Updated leapp data files.
-- Inhibit the upgrade to RHEL 9.5 on ARM architecture due to
-  incompatibility between the RHEL 8 bootloader and RHEL 9.5 kernel.
-- Introduce experimental upgrades in 'live' mode for the testing.
-- Resolves: RHEL-27847, RHEL-52993, RHEL-45280, RHEL-49748, RHEL-52186
-
-* Wed Jul 24 2024 Toshio Kuratomi <toshio@fedoraproject.org> - 0.20.0-5
-- Improve set_systemd_services_states logging
-- [IPU 7 -> 8] Fix detection of bootable device on RAID
-- Fix detection of valid sshd config with internal-sftp subsystem in Leapp
-- Handle a false positive GPG check error when TargetUserSpaceInfo is missing
-- Fix failing "update-ca-trust" command caused by missing util-linux package
-- Improve report when a system is unsupported
-- Fix handling of versions in RHUI configuration for ELS and SAP upgrades
-- Add missing RHUI GCP config info for RHEL for SAP
-- Fix upgrade on aarch64 via RHUI on AWS
-- Resolves: RHEL-33902, RHEL-38909, RHEL-30573, RHEL-43978, RHEL-39046, RHEL-39047, RHEL-39049
-
-* Thu May 30 2024 Petr Stodulka <pstodulk@redhat.com> - 0.20.0-4
-- Enable new upgrade path RHEL 8.10 -> 9.5
-- Minor updates in reports
-- Add information about leapp invocation to leapp.db
-- Resolves: RHEL-27847
-
-* Mon May 13 2024 Toshio Kuratomi <toshio@fedoraproject.org> - 0.20.0-3
-- Do not terminate the upgrade dracut module execution if
-  /sysroot/root/tmp_leapp_py3/.leapp_upgrade_failed exists
-- Several minor improvements in messages printed in console output
-- Several minor improvements in report and error messages
-- Fix the parsing of the lscpu output
-- Fix evaluation of PES data
-- Target by default always "GA" channel repositories unless a different
-  channel is specified for the leapp execution
-- Fix creation of the post upgrade report about changes in states of systemd
-  services
-- Update the device driver deprecation data, fixing invalid fields for some
-  AMD CPUs
-- Update the default kernel cmdline
-- Wait for the storage initialization when /usr is on separate file system -
-  covering SAN
-- Resolves: RHEL-27847, RHEL-35240
-
-* Tue Feb 20 2024 Petr Stodulka <pstodulk@redhat.com> - 0.20.0-2
-- Fallback to original RHUI solution on AWS to fix issues caused by changes in RHUI client
-- Resolves: RHEL-16729
-
-* Tue Feb 13 2024 Toshio Kuratomi <toshio@fedoraproject.org> - 0.20.0-1
-- Rebase to new upstream v0.20.0.
-- Fix semanage import issue
-- Fix handling of libvirt's systemd services
-- Add a dracut breakpoint for the pre-upgrade step.
-- Drop obsoleted upgrade paths (obsoleted releases: 8.6, 8.9, 9.0, 9.3)
-- Resolves: RHEL-16729
-
-* Tue Jan 23 2024 Toshio Kuratomi <toshio@fedoraproject.org> - 0.19.0-10
-- Print nice error msg when device and driver deprecation data is malformed
-- Fix another cornercase when preserving symlinks to certificates in /etc/pki
-- Update the leapp upgrade data files - fixing upgrades with idm-tomcatjss
-- Resolves: RHEL-16729
-
-* Fri Jan 19 2024 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-9
-- Do not try to download data files anymore when missing as the service
-  is obsoleted since the data is part of installed packages
-- Update error messages and reports when installed upgrade data files
-  are malformed or missing to instruct user how to resolve it
-- Update the leapp upgrade data files - bump data stream to "3.0"
-- Resolves: RHEL-16729
-
-* Fri Jan 12 2024 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-7
-- Add detection of possible usage of OpenSSL IBMCA engine on IBM Z machines
-- Add detection of modified /etc/pki/tls/openssl.cnf file
-- Update the leapp upgrade data files
-- Fix handling of symlinks under /etc/pki with relative paths specified
-- Report custom actors and modifications of the upgrade tooling
-- Requires xfsprogs and e2fsprogs to ensure that Ext4 and XFS tools are installed
-- Bump leapp-repository-dependencies to 10
-- Resolves: RHEL-1774, RHEL-16729
-
-* Thu Nov 16 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-5
-- Enable new upgrade path for RHEL 8.10 -> RHEL 9.4 (including RHEL with SAP HANA)
-- Introduce generic transition of systemd services states during the IPU
-- Introduce possibility to upgrade with local repositories
-- Improve possibilities of upgrade when a proxy is configured in DNF configutation file
-- Fix handling of symlinks under /etc/pki when managing certificates
-- Fix the upgrade with custom https repositories
-- Default to the NO_RHSM mode when subscription-manager is not installed
-- Detect customized configuration of dynamic linker
-- Drop the invalid `tuv` target channel for the --channel option
-- Fix the issue of going out of bounds in the isccfg parser
-- Fix traceback when saving the rhsm facts results and the /etc/rhsm/facts directory doesn’t exist yet
-- Load all rpm repository substitutions that dnf knows about, not just "releasever" only
-- Simplify handling of upgrades on systems using RHUI, reducing the maintenance burden for cloud providers
-- Detect possible unexpected RPM GPG keys has been installed during RPM transaction
-- Resolves: RHEL-16729
+* Wed Jan 10 2024 Yuriy Kohut <ykohut@almalinux.org> - 1:0.19.0-5
+- AlmaLinux/CentOS/Oracle/Rocky/EuroLinux support (phase 1)
 
 * Thu Nov 02 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-4
 - Fix the upgrade for systems without subscription-manager package