rpms/leapp-repository
7
0
Fork 1
Code Issues Pull Requests 1 Releases Activity
d9029cec24
leapp-repository/0070-load-obsoleted-gpg-keys-from-gpg-signatures.json.patch
Toshio Kuratomi d9029cec24 CTC2 candidate 1 (Release for 8.10/9.5) 
- Improve set_systemd_services_states logging
- [IPU 7 -> 8] Fix detection of bootable device on RAID
- Fix detection of valid sshd config with internal-sftp subsystem in Leapp
- Handle a false positive GPG check error when TargetUserSpaceInfo is missing
- Fix failing "update-ca-trust" command caused by missing util-linux package
- Improve report when a system is unsupported
- Fix handling of versions in RHUI configuration for ELS and SAP upgrades
- Add missing RHUI GCP config info for RHEL for SAP

- Resolves: RHEL-33902, RHEL-30573, RHEL-43978, RHEL-39046, RHEL-39047, RHEL-39049
2024-07-25 00:55:43 -07:00

130 lines
5.3 KiB
Diff
Raw Blame History

From 7e5a5e7088695bcdd4b822b9a057de8cd221d19c Mon Sep 17 00:00:00 2001
From: Evgeni Golov <evgeni@golov.de>
Date: Mon, 27 May 2024 09:25:20 +0200
Subject: [PATCH 70/92] load obsoleted gpg keys from gpg-signatures.json
---
.../libraries/removeobsoleterpmgpgkeys.py | 16 ++++------------
.../tests/test_removeobsoleterpmgpgkeys.py | 5 +++++
.../files/distro/centos/gpg-signatures.json | 3 ++-
.../files/distro/rhel/gpg-signatures.json | 11 ++++++++++-
.../system_upgrade/common/libraries/distro.py | 18 ++++++++++++++++++
5 files changed, 39 insertions(+), 14 deletions(-)
create mode 100644 repos/system_upgrade/common/libraries/distro.py
diff --git a/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py b/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py
index 1cc5d64f..6e84c2e9 100644
--- a/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py
+++ b/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py
@@ -1,27 +1,19 @@
from leapp.libraries.common.config.version import get_target_major_version
+from leapp.libraries.common.distro import get_distribution_data
from leapp.libraries.common.rpms import has_package
from leapp.libraries.stdlib import api
from leapp.models import DNFWorkaround, InstalledRPM
-# maps target version to keys obsoleted in that version
-OBSOLETED_KEYS_MAP = {
- 7: [],
- 8: [
- "gpg-pubkey-2fa658e0-45700c69",
- "gpg-pubkey-37017186-45761324",
- "gpg-pubkey-db42a60e-37ea5438",
- ],
- 9: ["gpg-pubkey-d4082792-5b32db75"],
-}
-
def _get_obsolete_keys():
"""
Return keys obsoleted in target and previous versions
"""
+ distribution = api.current_actor().configuration.os_release.release_id
+ obsoleted_keys_map = get_distribution_data(distribution).get('obsoleted-keys', {})
keys = []
for version in range(7, int(get_target_major_version()) + 1):
- for key in OBSOLETED_KEYS_MAP[version]:
+ for key in obsoleted_keys_map[str(version)]:
name, version, release = key.rsplit("-", 2)
if has_package(InstalledRPM, name, version=version, release=release):
keys.append(key)
diff --git a/repos/system_upgrade/common/actors/removeobsoletegpgkeys/tests/test_removeobsoleterpmgpgkeys.py b/repos/system_upgrade/common/actors/removeobsoletegpgkeys/tests/test_removeobsoleterpmgpgkeys.py
index 1d487815..4d9a0e84 100644
--- a/repos/system_upgrade/common/actors/removeobsoletegpgkeys/tests/test_removeobsoleterpmgpgkeys.py
+++ b/repos/system_upgrade/common/actors/removeobsoletegpgkeys/tests/test_removeobsoleterpmgpgkeys.py
@@ -1,3 +1,5 @@
+import os
+
import pytest
from leapp.libraries.actor import removeobsoleterpmgpgkeys
@@ -67,6 +69,9 @@ def test_get_obsolete_keys(monkeypatch, version, expected):
),
)
+ cur_dir = os.path.dirname(os.path.abspath(__file__))
+ monkeypatch.setattr(api, 'get_common_folder_path', lambda folder: os.path.join(cur_dir, '../../../files/', folder))
+
keys = removeobsoleterpmgpgkeys._get_obsolete_keys()
assert set(keys) == set(expected)
diff --git a/repos/system_upgrade/common/files/distro/centos/gpg-signatures.json b/repos/system_upgrade/common/files/distro/centos/gpg-signatures.json
index cf7f819d..547b13e7 100644
--- a/repos/system_upgrade/common/files/distro/centos/gpg-signatures.json
+++ b/repos/system_upgrade/common/files/distro/centos/gpg-signatures.json
@@ -3,5 +3,6 @@
"24c6a8a7f4a80eb5",
"05b555b38483c65d",
"4eb84e71f2ee9d55"
- ]
+ ],
+ "obsoleted-keys": {}
}
diff --git a/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json b/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json
index 64d9ed12..0d40e001 100644
--- a/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json
+++ b/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json
@@ -5,5 +5,14 @@
"938a80caf21541eb",
"fd372689897da07a",
"45689c882fa658e0"
- ]
+ ],
+ "obsoleted-keys": {
+ "7": [],
+ "8": [
+ "gpg-pubkey-2fa658e0-45700c69",
+ "gpg-pubkey-37017186-45761324",
+ "gpg-pubkey-db42a60e-37ea5438"
+ ],
+ "9": ["gpg-pubkey-d4082792-5b32db75"]
+ }
}
diff --git a/repos/system_upgrade/common/libraries/distro.py b/repos/system_upgrade/common/libraries/distro.py
new file mode 100644
index 00000000..2ed5eacd
--- /dev/null
+++ b/repos/system_upgrade/common/libraries/distro.py
@@ -0,0 +1,18 @@
+import json
+import os
+
+from leapp.exceptions import StopActorExecutionError
+from leapp.libraries.stdlib import api
+
+
+def get_distribution_data(distribution):
+ distributions_path = api.get_common_folder_path('distro')
+
+ distribution_config = os.path.join(distributions_path, distribution, 'gpg-signatures.json')
+ if os.path.exists(distribution_config):
+ with open(distribution_config) as distro_config_file:
+ return json.load(distro_config_file)
+ else:
+ raise StopActorExecutionError(
+ 'Cannot find distribution signature configuration.',
+ details={'Problem': 'Distribution {} was not found in {}.'.format(distribution, distributions_path)})
--
2.42.0
Reference in New Issue View Git Blame Copy Permalink