rpms/sos
6
0
Fork 1
Code Issues Pull Requests Releases Activity

import UBI sos-4.10.0-4.el10_0

Browse Source
This commit is contained in:
eabdullin 2025-10-06 05:17:49 +00:00
parent cb9dbdb93f
commit 40d080d051
7 changed files with 287 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
sos-4.9.2.tar.gz
sos-4.10.0.tar.gz
sos-audit-0.3-1.tgz

101
0001-cleaner-Make-cleaner-s-obfuscate_file-properly-worki.patch Normal file
View File

@ -0,0 +1,101 @@
From 3efc8888852225396ebb4f0f9ae95edf4e5badfa Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Wed, 20 Aug 2025 20:07:05 +0200
Subject: [PATCH] [cleaner] Make cleaner's obfuscate_file properly working
The fix is three-fold:
- obfuscate_file must clean file content and not filename
- cleaner's main_archive must be populated by parsers first
- obfuscate_file dont need short_name as it is always called with
implicit value of short_name that cleaner will strip itself
Closes: #4109
Closes: #4110
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
sos/cleaner/__init__.py | 7 ++++---
sos/collector/__init__.py | 9 +++------
sos/report/__init__.py | 9 +++------
3 files changed, 10 insertions(+), 15 deletions(-)
diff --git a/sos/cleaner/__init__.py b/sos/cleaner/__init__.py
index 4a1470b5..dcd60c66 100644
--- a/sos/cleaner/__init__.py
+++ b/sos/cleaner/__init__.py
@@ -537,7 +537,7 @@ third party.
logfile.write(line)
if archive:
- self.obfuscate_file(log_name, short_name="sos_logs/cleaner.log")
+ self.obfuscate_file(log_name)
self.archive.add_file(log_name, dest="sos_logs/cleaner.log")
def get_new_checksum(self, archive_path):
@@ -678,6 +678,7 @@ third party.
for prepper in self.get_preppers():
for archive in self.report_paths:
self._prepare_archive_with_prepper(archive, prepper)
+ self.main_archive.set_parsers(self.parsers)
def obfuscate_report(self, archive): # pylint: disable=too-many-branches
"""Individually handle each archive or directory we've discovered by
@@ -784,8 +785,8 @@ third party.
self.ui_log.info("Exception while processing "
f"{archive.archive_name}: {err}")
- def obfuscate_file(self, filename, short_name):
- self.main_archive.obfuscate_filename(filename, short_name)
+ def obfuscate_file(self, filename):
+ self.main_archive.obfuscate_arc_files([filename])
def obfuscate_symlinks(self, archive):
"""Iterate over symlinks in the archive and obfuscate their names.
diff --git a/sos/collector/__init__.py b/sos/collector/__init__.py
index 7a414501..e6b55f20 100644
--- a/sos/collector/__init__.py
+++ b/sos/collector/__init__.py
@@ -1405,16 +1405,13 @@ this utility or remote systems that it connects to.
if do_clean:
_dir = os.path.join(self.tmpdir, self.archive._name)
cleaner.obfuscate_file(
- os.path.join(_dir, 'sos_logs', 'sos.log'),
- short_name='sos.log'
+ os.path.join(_dir, 'sos_logs', 'sos.log')
)
cleaner.obfuscate_file(
- os.path.join(_dir, 'sos_logs', 'ui.log'),
- short_name='ui.log'
+ os.path.join(_dir, 'sos_logs', 'ui.log')
)
cleaner.obfuscate_file(
- os.path.join(_dir, 'sos_reports', 'manifest.json'),
- short_name='manifest.json'
+ os.path.join(_dir, 'sos_reports', 'manifest.json')
)
arc_name = self.archive.finalize(method=None)
diff --git a/sos/report/__init__.py b/sos/report/__init__.py
index 074afcff..9fb94d6a 100644
--- a/sos/report/__init__.py
+++ b/sos/report/__init__.py
@@ -1571,13 +1571,10 @@ class SoSReport(SoSComponent):
# Now, separately clean the log files that cleaner also wrote to
if do_clean:
_dir = os.path.join(self.tmpdir, self.archive._name)
- cleaner.obfuscate_file(os.path.join(_dir, 'sos_logs', 'sos.log'),
- short_name='sos.log')
- cleaner.obfuscate_file(os.path.join(_dir, 'sos_logs', 'ui.log'),
- short_name='ui.log')
+ cleaner.obfuscate_file(os.path.join(_dir, 'sos_logs', 'sos.log'))
+ cleaner.obfuscate_file(os.path.join(_dir, 'sos_logs', 'ui.log'))
cleaner.obfuscate_file(
- os.path.join(_dir, 'sos_reports', 'manifest.json'),
- short_name='manifest.json'
+ os.path.join(_dir, 'sos_reports', 'manifest.json')
)
# Now, just (optionally) pack the report and print work outcome; let
--
2.49.0

72
0002-openstack_nova-Improve-scrubbing.patch Normal file
View File

@ -0,0 +1,72 @@
From 6378a4ee9fa3eeaf384bd87fc87e24a0c5608658 Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Tue, 19 Aug 2025 09:08:15 +0200
Subject: [PATCH] [openstack_nova] Improve scrubbing
Improve postproc obfuscation in two ways:
- apply postproc also to /var/lib/openstack/config/nova on RedHatNova
- obfuscate just password from transport_url, not the whole URL
Closes: #4108
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
sos/report/plugins/openstack_nova.py | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/sos/report/plugins/openstack_nova.py b/sos/report/plugins/openstack_nova.py
index 728aed1e..2635866e 100644
--- a/sos/report/plugins/openstack_nova.py
+++ b/sos/report/plugins/openstack_nova.py
@@ -29,6 +29,7 @@ class OpenStackNova(Plugin):
var_puppet_gen = "/var/lib/config-data/puppet-generated/nova"
service_name = "openstack-nova-api.service"
apachepkg = None
+ postproc_dirs = ["/etc/nova/",]
def setup(self):
@@ -141,12 +142,13 @@ class OpenStackNova(Plugin):
self.add_copy_spec(specs)
def apply_regex_sub(self, regexp, subst):
- """ Apply regex substitution """
- self.do_path_regex_sub("/etc/nova/*", regexp, subst)
- for npath in ['', '_libvirt', '_metadata', '_placement']:
- self.do_path_regex_sub(
- f"{self.var_puppet_gen}{npath}/etc/nova/*",
- regexp, subst)
+ """ Apply regex substitution to all sensitive dirs """
+ for _dir in self.postproc_dirs:
+ self.do_path_regex_sub(f"{_dir}/*", regexp, subst)
+ for npath in ['', '_libvirt', '_metadata', '_placement']:
+ self.do_path_regex_sub(
+ f"{self.var_puppet_gen}{npath}{_dir}/*",
+ regexp, subst)
def postproc(self):
protect_keys = [
@@ -155,10 +157,9 @@ class OpenStackNova(Plugin):
"xenapi_connection_password", "password", "host_password",
"vnc_password", "admin_password", "connection_password",
"memcache_secret_key", "s3_secret_key",
- "metadata_proxy_shared_secret", "fixed_key", "transport_url",
- "rbd_secret_uuid"
+ "metadata_proxy_shared_secret", "fixed_key", "rbd_secret_uuid"
]
- connection_keys = ["connection", "sql_connection"]
+ connection_keys = ["connection", "sql_connection", "transport_url"]
join_con_keys = "|".join(connection_keys)
@@ -214,6 +215,7 @@ class RedHatNova(OpenStackNova, RedHatPlugin):
apachepkg = "httpd"
nova = False
packages = ('openstack-selinux',)
+ postproc_dirs = ["/etc/nova/", "/var/lib/openstack/config/nova"]
def setup(self):
super().setup()
--
2.49.0

36
0003-component-Fix-regression-57bbc89-in-toolbox-containe.patch Normal file
View File

@ -0,0 +1,36 @@
From c0e514894b2c35c2b36f247f8b84dd4311034fb6 Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Fri, 12 Sep 2025 11:36:02 +0200
Subject: [PATCH] [component] Fix regression 57bbc89 in toolbox containers
57bbc89 commit set tmpdir to source the dir from Policy. Which means
HOST sysroot directory is newly applied already in
LinuxPolicy._container_init method.
Removed lines mimic the same in a worse way, so let drop them here.
Resolves: #4116
Closes: #4118
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
sos/component.py | 3 ---
1 file changed, 3 deletions(-)
diff --git a/sos/component.py b/sos/component.py
index a110c270..3e53fe3d 100644
--- a/sos/component.py
+++ b/sos/component.py
@@ -170,9 +170,6 @@ class SoSComponent():
else:
tmpdir = os.getenv('TMPDIR', None) or self.policy.get_tmp_dir(None)
- if os.getenv('HOST', None) and os.getenv('container', None):
- tmpdir = os.path.join(os.getenv('HOST'), tmpdir.lstrip('/'))
-
# no standard library method exists for this, so call out to stat to
# avoid bringing in a dependency on psutil
self.tmpfstype = shell_out(
--
2.49.0

49
0004-revert-PR4092.patch Normal file
View File

@ -0,0 +1,49 @@
--- a/sos/upload/targets/__init__.py 2025-09-16 19:57:27.294642506 +0200
+++ b/sos/upload/targets/__init__.py 2025-09-16 19:59:44.498573843 +0200
@@ -465,7 +465,7 @@
self.upload_password or
self._upload_password)
- def upload_sftp(self, user=None, password=None, user_dir=None):
+ def upload_sftp(self, user=None, password=None):
"""Attempts to upload the archive to an SFTP location.
Due to the lack of well maintained, secure, and generally widespread
@@ -540,13 +540,10 @@
raise Exception("Unable to connect via SFTP to "
f"{self.get_upload_url_string()}")
- # certain implementations require file to be put in the user dir
- put_cmd = (
- f"put {self.upload_archive_name} "
- f"{f'{user_dir}/' if user_dir else ''}"
- f"{self._get_sftp_upload_name()}"
- )
+ put_cmd = (f'put {self.upload_archive_name} '
+ f'{self._get_sftp_upload_name()}')
ret.sendline(put_cmd)
+
put_expects = [
'100%',
pexpect.TIMEOUT,
--- a/sos/upload/targets/redhat.py 2025-09-16 19:57:36.804628207 +0200
+++ b/sos/upload/targets/redhat.py 2025-09-16 20:00:52.578728154 +0200
@@ -145,7 +145,7 @@
return fname
# pylint: disable=too-many-branches
- def upload_sftp(self, user=None, password=None, user_dir=None):
+ def upload_sftp(self, user=None, password=None):
"""Override the base upload_sftp to allow for setting an on-demand
generated anonymous login for the RH SFTP server if a username and
password are not given
@@ -217,8 +217,7 @@
f"{anon.status_code}): {anon.json()}"
)
if _user and _token:
- return super().upload_sftp(user=_user, password=_token,
- user_dir=_user)
+ return super().upload_sftp(user=_user, password=_token)
raise Exception("Could not retrieve valid or anonymous credentials")
def check_file_too_big(self, archive):

29
sos.spec
View File

@ -4,8 +4,8 @@
Summary: A set of tools to gather troubleshooting information from a system
Name: sos
Version: 4.9.2
Release: 1%{?dist}
Version: 4.10.0
Release: 4%{?dist}
Group: Applications/System
Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz
Source1: sos-audit-%{auditversion}.tgz
@ -22,6 +22,10 @@ Recommends: python3-pexpect
Recommends: python3-pyyaml
Conflicts: vdsm < 4.40
Obsoletes: sos-collector <= 1.9
Patch1: 0001-cleaner-Make-cleaner-s-obfuscate_file-properly-worki.patch
Patch2: 0002-openstack_nova-Improve-scrubbing.patch
Patch3: 0003-component-Fix-regression-57bbc89-in-toolbox-containe.patch
Patch4: 0004-revert-PR4092.patch
%description
Sos is a set of tools that gathers information about system
@ -32,6 +36,10 @@ support technicians and developers.
%prep
%setup -qn %{name}-%{version}
%setup -T -D -a1 -q
%patch -P 1 -p1
%patch -P 2 -p1
%patch -P 3 -p1
%patch -P 4 -p1
%build
%py3_build
@ -103,6 +111,23 @@ of the system. Currently storage and filesystem commands are audited.
%changelog
* Tue Sep 23 2025 Jan Jansky <jjansky@redhat.com> = 4.10.0-4
- Update to 4.10.0-4
Resolves: RHEL-113793
* Wed Sep 17 2025 Jan Jansky <jjansky@redhat.com> = 4.10.0-3
- Update to 4.10.0-3
Resolves: RHEL-113793
* Wed Sep 17 2025 Jan Jansky <jjansky@redhat.com> = 4.10.0-2
- Update to 4.10.0-2
Resolves: RHEL-113793
* Thu Aug 21 2025 Jan Jansky <jjansky@redhat.com> = 4.10.0-1
- Update to 4.10.0
Resolves: RHEL-110504
Resolves: RHEL-110505
* Fri Jul 04 2025 Jan Jansky <jjansky@redhat.com> = 4.9.2-1
- Update to 4.9.2
Resolves: RHEL-101721

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (sos-4.9.2.tar.gz) = 9e2269ae0fd4eb93c468a5bf86df05482d5b21a2d70be2377cd380e0637026da4b73f2036eb8f60ab9f644ccbc0f591818477ac1ba0e96943e219f68ac2da910
SHA512 (sos-4.10.0.tar.gz) = 696fd51aeb474ab3118346b998b36a03cb0e6a68a75dbec0295dbce47fd5a71d0b3f9c778b21fac550592b3081870452f7a37a164f19f25046747ecce22821b4
SHA512 (sos-audit-0.3-1.tgz) = 24c7bfec7e47a082ca1f2a96c5ad455c692d81dcc4339877de5bd324719609d91bc0ef6ddb95485fb75b81f90f8a7cc58370ada6f626c275bab36e9e2a409330