rpms/sos
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Update to 4.10.2-1

Browse Source 
Resolves: RHEL-142635

Signed-off-by: Jan Jansky <jjansky@redhat.com>
This commit is contained in:
Jan Jansky 2026-01-22 11:28:58 +01:00
parent 930cd4e617
commit 6aa1fac3bd
10 changed files with 292 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -35,3 +35,4 @@ sos-2.2.tar.gz
/sos-4.9.2.tar.gz
/sos-4.10.0.tar.gz
/sos-4.10.1.tar.gz
/sos-4.10.2.tar.gz

36
0002-gcp-Catch-exceptions-when-PRODUCT_PATH-doesnt-exist.patch Normal file
View File

@ -0,0 +1,36 @@
From 178d7fb1296dbcb744867d1b8a29678d1a3b0820 Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Mon, 26 Jan 2026 12:14:19 +0100
Subject: [PATCH] [gcp] Catch exceptions when PRODUCT_PATH doesnt exist
Catch exceptions when /sys/devices/virtual/dmi/id/product_name does not
exist on a (rare) system, while user manually enabled gcp plugin.
Closes: #4215
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
sos/report/plugins/gcp.py | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/sos/report/plugins/gcp.py b/sos/report/plugins/gcp.py
index 24b50323..43ceec00 100644
--- a/sos/report/plugins/gcp.py
+++ b/sos/report/plugins/gcp.py
@@ -38,8 +38,11 @@ class GCP(Plugin, IndependentPlugin):
Checks if this plugin should be executed based on the presence of
GCE entry in sysfs.
"""
- with open(self.PRODUCT_PATH, encoding='utf-8') as sys_file:
- return "Google Compute Engine" in sys_file.read()
+ try:
+ with open(self.PRODUCT_PATH, encoding='utf-8') as sys_file:
+ return "Google Compute Engine" in sys_file.read()
+ except OSError:
+ return False
def setup(self):
"""
--
2.52.0

60
0002-pulpcore-RFE-export-table-contents-as-CSV.patch
View File

@ -1,60 +0,0 @@
From 6402b4240929b334c31a38a9c86e16e0b6a9e4dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Fern=C3=A1ndez=20Rodr=C3=ADguez?=
<pafernan@redhat.com>
Date: Fri, 21 Nov 2025 12:32:30 +0100
Subject: [PATCH] [pulpcore] RFE export table contents as CSV
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Resolves: #4152
Signed-off-by: Pablo Fernández Rodríguez <pafernan@redhat.com>
---
sos/report/plugins/pulpcore.py | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/sos/report/plugins/pulpcore.py b/sos/report/plugins/pulpcore.py
index ffd53e01..4b126e78 100644
--- a/sos/report/plugins/pulpcore.py
+++ b/sos/report/plugins/pulpcore.py
@@ -127,14 +127,15 @@ class PulpCore(Plugin, IndependentPlugin):
"AND table_schema = 'public' AND column_name NOT IN"
" ('args', 'kwargs', 'enc_args', 'enc_kwargs'))"
" TO STDOUT;")
- col_out = self.exec_cmd(self.build_query_cmd(_query), env=self.env,
+ col_out = self.exec_cmd(self.build_query_cmd(_query, csv=False),
+ env=self.env,
runas=self.runas,
container=self.in_container)
columns = col_out['output'] if col_out['status'] == 0 else '*'
_query = (f"select {columns} from {table} where pulp_last_updated"
f"> NOW() - interval '{task_days} days' order by"
" pulp_last_updated")
- _cmd = self.build_query_cmd(_query)
+ _cmd = self.build_query_cmd(_query, csv=True)
self.add_cmd_output(_cmd, env=self.env, suggest_filename=table,
runas=self.runas, container=self.in_container)
@@ -152,7 +153,8 @@ class PulpCore(Plugin, IndependentPlugin):
"pg_total_relation_size(reltoastrelid) AS toast_bytes "
"FROM pg_class c LEFT JOIN pg_namespace n ON "
"n.oid = c.relnamespace WHERE relkind = 'r') a) a order by "
- "total_bytes DESC"
+ "total_bytes DESC",
+ csv=False
)
self.add_cmd_output(_cmd, suggest_filename='pulpcore_db_tables_sizes',
env=self.env, runas=self.runas,
@@ -168,7 +170,7 @@ class PulpCore(Plugin, IndependentPlugin):
"""
if csv:
query = f"COPY ({query}) TO STDOUT " \
- "WITH (FORMAT 'csv', DELIMITER ',', HEADER)"
+ "WITH (FORMAT 'csv', DELIMITER ';', HEADER)"
_dbcmd = "psql --no-password -h %s -p %s -U %s -d %s -c %s"
return _dbcmd % (self.dbhost, self.dbport,
self.dbuser, self.dbname, quote(query))
--
2.51.1

124
0003-aap_containerized-Carry-forward-postproc-from-other.patch Normal file
View File

@ -0,0 +1,124 @@
From 0c237bcaf476c9b5a28165b9124e08163af707ab Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Fri, 30 Jan 2026 21:50:52 +0100
Subject: [PATCH] [aap_containerized] Carry forward postproc from other AAP
plugins
Secrets obfuscations from 2a46e99 commit must be reflected in
containerized plugin.
Further, fix a typo in a regexp, to properly obfuscate:
EMAIL_HOST_PASSWORD = 'FAKESECRET!!!'
in (both) controller's settings.
Closes: #4213
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
sos/report/plugins/aap_containerized.py | 37 +++++++++++++++++++------
sos/report/plugins/aap_controller.py | 4 +--
2 files changed, 30 insertions(+), 11 deletions(-)
diff --git a/sos/report/plugins/aap_containerized.py b/sos/report/plugins/aap_containerized.py
index 7baa5fb3..0c85d4b2 100644
--- a/sos/report/plugins/aap_containerized.py
+++ b/sos/report/plugins/aap_containerized.py
@@ -41,6 +41,7 @@ class AAPContainerized(Plugin, RedHatPlugin):
def setup(self):
# Check if username is passed as argument
username = self.get_option("username")
+ self.aap_directory_name = self.get_option("directory")
if not username:
self._log_warn("AAP username is missing, use '-k "
"aap_containerized.username=<user>' to set it")
@@ -61,16 +62,15 @@ class AAPContainerized(Plugin, RedHatPlugin):
return
# Grab aap installation directory under user's home
- if not self.get_option("directory"):
+ if not self.aap_directory_name:
user_home_directory = os.path.expanduser(f"~{username}")
- aap_directory_name = self.path_join(user_home_directory, "aap")
- else:
- aap_directory_name = self.get_option("directory")
+ self.aap_directory_name = self.path_join(user_home_directory,
+ "aap")
# Don't collect cert and key files from the installation directory
- if self.path_exists(aap_directory_name):
+ if self.path_exists(self.aap_directory_name):
forbidden_paths = [
- self.path_join(aap_directory_name, path)
+ self.path_join(self.aap_directory_name, path)
for path in [
"containers",
"tls",
@@ -93,10 +93,10 @@ class AAPContainerized(Plugin, RedHatPlugin):
]
]
self.add_forbidden_path(forbidden_paths)
- self.add_copy_spec(aap_directory_name)
+ self.add_copy_spec(self.aap_directory_name)
else:
- self._log_error(f"Directory {aap_directory_name} does not exist "
- "or invalid absolute path provided")
+ self._log_error(f"Directory {self.aap_directory_name} does not "
+ "exist or invalid absolute path provided.")
# Gather output of following podman commands as user
podman_commands = [
@@ -200,6 +200,24 @@ class AAPContainerized(Plugin, RedHatPlugin):
return False
def postproc(self):
+ # remove controller email password
+ file_path = f"{self.aap_directory_name}/controller/etc/settings.py"
+ jreg = r"(EMAIL_HOST_PASSWORD\s*=\s*)\'(.+)\'"
+ repl = r"\1********"
+ self.do_path_regex_sub(file_path, jreg, repl)
+
+ # remove gateway database password
+ file_path = f"{self.aap_directory_name}/gateway/etc/settings.py"
+ jreg = r"(\s*'PASSWORD'\s*:\s*)('.*')"
+ repl = r"\1********"
+ self.do_path_regex_sub(file_path, jreg, repl)
+
+ # Mask EDA optional secrets
+ file_path = f"{self.aap_directory_name}/eda/etc/settings.yaml"
+ regex = r"(\s*)(PASSWORD|MQ_USER_PASSWORD|SECRET_KEY)(:\s*)(.*$)"
+ replacement = r'\1\2\3********'
+ self.do_path_regex_sub(file_path, regex, replacement)
+
# Mask PASSWORD from print_settings command
jreg = r'((["\']?PASSWORD["\']?\s*[:=]\s*)[rb]?["\'])(.*?)(["\'])'
self.do_cmd_output_sub(
@@ -214,4 +232,5 @@ class AAPContainerized(Plugin, RedHatPlugin):
jreg,
r'\1**********\5')
+
# vim: set et ts=4 sw=4 :
diff --git a/sos/report/plugins/aap_controller.py b/sos/report/plugins/aap_controller.py
index afb2508c..e2b5e39e 100644
--- a/sos/report/plugins/aap_controller.py
+++ b/sos/report/plugins/aap_controller.py
@@ -83,12 +83,12 @@ class AAPControllerPlugin(Plugin, RedHatPlugin):
self.do_path_regex_sub("/etc/tower/conf.d/postgres.py", jreg, repl)
# remove email password
- jreg = r"(EMAIL_HOST_PASSWORD\s*=)\'(.+)\'"
+ jreg = r"(EMAIL_HOST_PASSWORD\s*=\s*)\'(.+)\'"
repl = r"\1********"
self.do_path_regex_sub("/etc/tower/settings.py", jreg, repl)
# remove email password (if customized)
- jreg = r"(EMAIL_HOST_PASSWORD\s*=)\'(.+)\'"
+ jreg = r"(EMAIL_HOST_PASSWORD\s*=\s*)\'(.+)\'"
repl = r"\1********"
self.do_path_regex_sub("/etc/tower/conf.d/custom.py", jreg, repl)
--
2.52.0

31
0003-cleaner-Mask-IPv6-addresses-with-trailing-or.patch
View File

@ -1,31 +0,0 @@
From 1c1ee1ac676961fecfc5513fa4f90656401b3aaa Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Wed, 5 Nov 2025 11:53:57 +0100
Subject: [PATCH] [cleaner] Mask IPv6 addresses with trailing ':' or '\'
Additionally, fix missing backslash in subnet identification.
Resolves: #4154
Closes: #4155
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
sos/cleaner/parsers/ipv6_parser.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sos/cleaner/parsers/ipv6_parser.py b/sos/cleaner/parsers/ipv6_parser.py
index bfb860c7..315241f5 100644
--- a/sos/cleaner/parsers/ipv6_parser.py
+++ b/sos/cleaner/parsers/ipv6_parser.py
@@ -27,7 +27,7 @@ class SoSIPv6Parser(SoSCleanerParser):
# a trailing prefix for the network bits.
r"(?<![:\\.\\-a-z0-9])((([0-9a-f]{1,4})(:[0-9a-f]{1,4}){7})|"
r"(([0-9a-f]{1,4}(:[0-9a-f]{0,4}){0,5}))([^.])::(([0-9a-f]{1,4}"
- r"(:[0-9a-f]{1,4}){0,5})?)(/\d{1,3})?)(?![:\\a-z0-9])"
+ r"(:[0-9a-f]{1,4}){0,5})?)(\/\d{1,3})?)(?!([a-z0-9]|:[a-z0-9]))"
]
parser_skip_files = [
'etc/dnsmasq.conf.*',
--
2.51.1

121
0004-cleaner-Update-filename-after-converting-pem-to-text.patch Normal file
View File

@ -0,0 +1,121 @@
From 0c7626683ae2dcbc5f7b0f00e0980895e0e1ce0d Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Mon, 2 Feb 2026 14:03:26 +0100
Subject: [PATCH] [cleaner] Update filename after converting pem to text
When converting PEM certificate to text, we need to update filename and
short_name to the newly created file, to ensure cleaner handles the
right file.
Also, rename misleading short_name to rel_name as it keeps the rel.path
to the filename.
Closes: #4219
Relevant: RHEL-145301
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
sos/cleaner/archives/__init__.py | 34 +++++++++++++++++++-------------
1 file changed, 20 insertions(+), 14 deletions(-)
diff --git a/sos/cleaner/archives/__init__.py b/sos/cleaner/archives/__init__.py
index e918e2e3..af6ed222 100644
--- a/sos/cleaner/archives/__init__.py
+++ b/sos/cleaner/archives/__init__.py
@@ -156,18 +156,18 @@ class SoSObfuscationArchive():
for filename in flist:
self.log_debug(f" pid={os.getpid()}: obfuscating {filename}")
try:
- short_name = filename.split(self.archive_name + '/')[1]
- if self.should_skip_file(short_name):
+ rel_name = os.path.relpath(filename, start=self.extracted_path)
+ if self.should_skip_file(rel_name):
continue
if (not self.keep_binary_files and
- self.should_remove_file(short_name)):
+ self.should_remove_file(rel_name)):
# We reach this case if the option --keep-binary-files
# was not used, and the file is in a list to be removed
- self.remove_file(short_name)
+ self.remove_file(rel_name)
continue
if (self.keep_binary_files and
(file_is_binary(filename) or
- self.should_remove_file(short_name))):
+ self.should_remove_file(rel_name))):
# We reach this case if the option --keep-binary-files
# is used. In this case we want to make sure
# the cleaner doesn't try to clean a binary file
@@ -180,28 +180,32 @@ class SoSObfuscationArchive():
if is_certificate:
if is_certificate == "certificatekey":
# Always remove certificate Key files
- self.remove_file(short_name)
+ self.remove_file(rel_name)
continue
if self.treat_certificates == "keep":
continue
if self.treat_certificates == "remove":
- self.remove_file(short_name)
+ self.remove_file(rel_name)
continue
if self.treat_certificates == "obfuscate":
- self.certificate_to_text(filename)
+ # since the original filename is deleted, we must
+ # update both "filename" and "rel_name"
+ filename = self.certificate_to_text(filename)
+ rel_name = os.path.relpath(filename,
+ start=self.extracted_path)
_parsers = [
_p for _p in self.parsers if not
any(
- _skip.match(short_name) for _skip in _p.skip_patterns
+ _skip.match(rel_name) for _skip in _p.skip_patterns
)
]
if not _parsers:
self.log_debug(
- f"Skipping obfuscation of {short_name or filename} "
+ f"Skipping obfuscation of {rel_name or filename} "
f"due to matching file skip pattern"
)
continue
- self.log_debug(f"Obfuscating {short_name or filename}")
+ self.log_debug(f"Obfuscating {rel_name or filename}")
subs = 0
with tempfile.NamedTemporaryFile(mode='w', dir=self.tmpdir) \
as tfile:
@@ -214,13 +218,13 @@ class SoSObfuscationArchive():
tfile.write(line)
except Exception as err:
self.log_debug(f"Unable to obfuscate "
- f"{short_name}: {err}")
+ f"{rel_name}: {err}")
tfile.seek(0)
if subs:
shutil.copyfile(tfile.name, filename)
self.update_sub_count(subs)
- self.obfuscate_filename(short_name, filename)
+ self.obfuscate_filename(rel_name, filename)
except Exception as err:
self.log_debug(f" pid={os.getpid()}: caught exception on "
@@ -309,11 +313,13 @@ class SoSObfuscationArchive():
"""Convert a certificate to text. This is used when cleaner encounters
a certificate file and the option 'treat_certificates' is 'obfuscate'.
"""
+ out_fn = f"{fname}.text"
self.log_info(f"Converting certificate file '{fname}' to text")
sos_get_command_output(
f"openssl storeutl -noout -text -certs {str(fname)}",
- to_file=f"{fname}.text")
+ to_file=out_fn)
os.remove(fname)
+ return out_fn
def remove_file(self, fname):
"""Remove a file from the archive. This is used when cleaner encounters
--
2.52.0

49
0004-revert-PR4092.patch
View File

@ -1,49 +0,0 @@
--- a/sos/upload/targets/__init__.py 2025-09-16 19:57:27.294642506 +0200
+++ b/sos/upload/targets/__init__.py 2025-09-16 19:59:44.498573843 +0200
@@ -465,7 +465,7 @@
self.upload_password or
self._upload_password)
- def upload_sftp(self, user=None, password=None, user_dir=None):
+ def upload_sftp(self, user=None, password=None):
"""Attempts to upload the archive to an SFTP location.
Due to the lack of well maintained, secure, and generally widespread
@@ -540,13 +540,10 @@
raise Exception("Unable to connect via SFTP to "
f"{self.get_upload_url_string()}")
- # certain implementations require file to be put in the user dir
- put_cmd = (
- f"put {self.upload_archive_name} "
- f"{f'{user_dir}/' if user_dir else ''}"
- f"{self._get_sftp_upload_name()}"
- )
+ put_cmd = (f'put {self.upload_archive_name} '
+ f'{self._get_sftp_upload_name()}')
ret.sendline(put_cmd)
+
put_expects = [
'100%',
pexpect.TIMEOUT,
--- a/sos/upload/targets/redhat.py 2025-09-16 19:57:36.804628207 +0200
+++ b/sos/upload/targets/redhat.py 2025-09-16 20:00:52.578728154 +0200
@@ -145,7 +145,7 @@
return fname
# pylint: disable=too-many-branches
- def upload_sftp(self, user=None, password=None, user_dir=None):
+ def upload_sftp(self, user=None, password=None):
"""Override the base upload_sftp to allow for setting an on-demand
generated anonymous login for the RH SFTP server if a username and
password are not given
@@ -217,8 +217,7 @@
f"{anon.status_code}): {anon.json()}"
)
if _user and _token:
- return super().upload_sftp(user=_user, password=_token,
- user_dir=_user)
+ return super().upload_sftp(user=_user, password=_token)
raise Exception("Could not retrieve valid or anonymous credentials")
def check_file_too_big(self, archive):

58
0005-plugin_aws-fix-unable-to-get-metadata-in-aws.py.patch
View File

@ -1,58 +0,0 @@
From d78e7000d0c91ba0b6b7a56fc931bce3094d0bc9 Mon Sep 17 00:00:00 2001
From: Frank Liang <xiliang@redhat.com>
Date: Wed, 3 Dec 2025 00:21:06 +0800
Subject: [PATCH] [plugin_aws]fix unable to get metadata in aws.py
- exec_cmd() cmd type is a str, cannot execute when
it is a list
- removed spaces after X-aws-ec2-metadata-token and
X-aws-ec2-metadata-token-ttl-seconds
Signed-off-by: Frank Liang <xiliang@redhat.com>
---
sos/report/plugins/aws.py | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/sos/report/plugins/aws.py b/sos/report/plugins/aws.py
index 602e88e4..ba819bed 100644
--- a/sos/report/plugins/aws.py
+++ b/sos/report/plugins/aws.py
@@ -41,21 +41,19 @@ class Aws(Plugin, IndependentPlugin):
# Try to get an IMDSv2 token
token_url = 'http://169.254.169.254/latest/api/token'
- token_cmd = [
- 'curl', '-sS', '-X', 'PUT', '-H',
- 'X-aws-ec2-metadata-token-ttl-seconds: 21600',
- token_url]
+ token_cmd = f'curl -sS -X PUT -H \
+ X-aws-ec2-metadata-token-ttl-seconds:21600 {token_url}'
try:
- token = self.exec_cmd(token_cmd, timeout=1)
+ token = self.exec_cmd(token_cmd, timeout=1)['output']
except Exception:
token = ''
# Add header only if token retrieval succeeded
- token_header = []
+ token_header = ''
if token:
- token_header = ['-H', f'X-aws-ec2-metadata-token: {token}']
+ token_header = f'-H X-aws-ec2-metadata-token:{token}'
# List of metadata paths we want to get
metadata_paths = [
@@ -73,7 +71,7 @@ class Aws(Plugin, IndependentPlugin):
meta_url = base_url + path
safe_name = path.replace('/', '_')
self.add_cmd_output(
- ['curl', '-sS'] + token_header + [meta_url],
+ f'curl -sS {token_header} {meta_url}',
suggest_filename=f'aws_metadata_{safe_name}.txt'
)
--
2.51.1

16
sos.spec
View File

@ -4,8 +4,8 @@
Summary: A set of tools to gather troubleshooting information from a system
Name: sos
Version: 4.10.1
Release: 2%{?dist}
Version: 4.10.2
Release: 1%{?dist}
Group: Applications/System
Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz
Source1: sos-audit-%{auditversion}.tgz
@ -23,10 +23,9 @@ Recommends: python3-pyyaml
Conflicts: vdsm < 4.40
Obsoletes: sos-collector <= 1.9
Patch1: 0001-sosreport-binary.patch
Patch2: 0002-pulpcore-RFE-export-table-contents-as-CSV.patch
Patch3: 0003-cleaner-Mask-IPv6-addresses-with-trailing-or.patch
Patch4: 0004-revert-PR4092.patch
Patch5: 0005-plugin_aws-fix-unable-to-get-metadata-in-aws.py.patch
Patch2: 0002-gcp-Catch-exceptions-when-PRODUCT_PATH-doesnt-exist.patch
Patch3: 0003-aap_containerized-Carry-forward-postproc-from-other.patch
Patch4: 0004-cleaner-Update-filename-after-converting-pem-to-text.patch
%description
Sos is a set of tools that gathers information about system
@ -41,7 +40,6 @@ support technicians and developers.
%patch -P 2 -p1
%patch -P 3 -p1
%patch -P 4 -p1
%patch -P 5 -p1
%build
%py3_build
@ -114,6 +112,10 @@ of the system. Currently storage and filesystem commands are audited.
%license LICENSE
%changelog
* Thu Jan 22 2026 Jan Jansky <jjansky@redhat.com> = 4.10.2-1
- Update to 4.10.2-1
Resolves: RHEL-142635
* Fri Dec 05 2025 Jan Jansky <jjansky@redhat.com> = 4.10.1-2
- Update to 4.10.1-2
Resolves: RHEL-121474

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (sos-4.10.1.tar.gz) = 1cc1d63e4780158a0088b3c6d11b965331577b8f19f80b30e684a4bc84a0d651143f4033dc52e1341e77fa55ca5f57a8188edafa725fa2aea183c0a15e6da618
SHA512 (sos-4.10.2.tar.gz) = b79021d462f8f192bac8bd5651227cb1bbd7dfefae27bfc934194b29157512828b8fa8d7296283c8f555176f4d2662e08b74f54901d84db8833a0ac82b3d6fac
SHA512 (sos-audit-0.3-1.tgz) = 24c7bfec7e47a082ca1f2a96c5ad455c692d81dcc4339877de5bd324719609d91bc0ef6ddb95485fb75b81f90f8a7cc58370ada6f626c275bab36e9e2a409330