sos updates to 9.2

Resolves: bz2082615

Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
This commit is contained in:
Pavel Moravec 2023-02-07 15:40:44 +01:00
parent df2cf645cb
commit fe8cb53fec
7 changed files with 12 additions and 357 deletions

1
.gitignore vendored
View File

@ -17,3 +17,4 @@ sos-2.2.tar.gz
/sos-audit-0.3.tgz
/sos-4.3.tar.gz
/sos-4.4.tar.gz
/sos-4.5.0.tar.gz

View File

@ -1,73 +0,0 @@
From 0b81b7ef780171af4431db656809f10d1683bc4c Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Tue, 20 Sep 2022 22:11:48 +0200
Subject: [PATCH 1/2] [dnf] Collect legacy yum config and dnf global vars
Some systems might rely on legacy yum config with default symlinks to
dnf config - sos should collect the symlinks.
Additionally, collect dnf global vars.
Related: #3031
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
sos/report/plugins/dnf.py | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/sos/report/plugins/dnf.py b/sos/report/plugins/dnf.py
index 59b8de6c..82078faf 100644
--- a/sos/report/plugins/dnf.py
+++ b/sos/report/plugins/dnf.py
@@ -55,7 +55,12 @@ class DNFPlugin(Plugin, RedHatPlugin):
'/etc/dnf/modules.d/.*.module': 'dnf_modules'
})
- self.add_copy_spec("/etc/dnf/")
+ self.add_copy_spec([
+ "/etc/dnf/",
+ "/etc/yum.conf",
+ "/etc/yum/pluginconf.d/",
+ "/etc/yum/vars/",
+ ])
self.add_copy_spec("/etc/yum.repos.d/",
tags=['yum_repos_d', 'dnf_repos_d', 'dnf_repo'])
--
2.37.3
From ff17d6486f349dcdc115e898cc50c3845578aef3 Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Tue, 20 Sep 2022 22:20:51 +0200
Subject: [PATCH 2/2] [dnf] Obfuscate all passwords from all vars
- obfuscate also "password=.." variable values
- apply the obfuscation also to global vars dir
Resolves: #3031
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
sos/report/plugins/dnf.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/sos/report/plugins/dnf.py b/sos/report/plugins/dnf.py
index 82078faf..6efc9cac 100644
--- a/sos/report/plugins/dnf.py
+++ b/sos/report/plugins/dnf.py
@@ -125,8 +125,9 @@ class DNFPlugin(Plugin, RedHatPlugin):
self.get_modules_info(modules['output'])
def postproc(self):
- regexp = r"(proxy_password(\s)*=(\s)*)(\S+)\n"
+ regexp = r"(password(\s)*=(\s)*)(\S+)\n"
repl = r"\1********\n"
- self.do_path_regex_sub("/etc/yum.repos.d/*", regexp, repl)
+ for f in ["/etc/yum.repos.d/*", "/etc/dnf/vars/*"]:
+ self.do_path_regex_sub(f, regexp, repl)
# vim: set et ts=4 sw=4 :
--
2.37.3

View File

@ -1,131 +0,0 @@
From 4245de0b978a4d28bb8c833c2f2f5a15a260bd22 Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Mon, 12 Sep 2022 15:30:16 +0200
Subject: [PATCH] [utilities] Relax from hard dependency of python3-magic
For compatibility reasons on some distros, sos should not have a hard
dependency on 'magic' python library. It should attempt to use it for
detection of binary file content, but should fall back to previous "read
the very first byte" method otherwise.
Resolves: #3025
Relates: #3021
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
requirements.txt | 1 -
setup.py | 2 +-
sos.spec | 2 +-
sos/utilities.py | 50 +++++++++++++++++++++++++++++++++++-------------
4 files changed, 39 insertions(+), 16 deletions(-)
diff --git a/requirements.txt b/requirements.txt
index c6ba1162..39f42161 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,5 +2,4 @@ pycodestyle>=2.4.0
coverage>=4.0.3
Sphinx>=1.3.5
pexpect>=4.0.0
-python_magic>=0.4.20
pyyaml
diff --git a/setup.py b/setup.py
index 2a70802d..f2f9ecbe 100644
--- a/setup.py
+++ b/setup.py
@@ -107,7 +107,7 @@ setup(
],
cmdclass=cmdclass,
command_options=command_options,
- requires=['pexpect', 'python_magic', 'pyyaml']
+ requires=['pexpect', 'pyyaml']
)
diff --git a/sos.spec b/sos.spec
index 748b9fd5..08499816 100644
--- a/sos.spec
+++ b/sos.spec
@@ -16,7 +16,7 @@ Requires: python3-rpm
Requires: tar
Requires: xz
Requires: python3-pexpect
-Requires: python3-magic
+Recommends: python3-magic
Recommends: python3-pyyaml
Obsoletes: sos-collector <= 1.9
diff --git a/sos/utilities.py b/sos/utilities.py
index 2046c8fd..21c815d9 100644
--- a/sos/utilities.py
+++ b/sos/utilities.py
@@ -19,11 +19,26 @@ import tempfile
import threading
import time
import io
-import magic
-
from contextlib import closing
from collections import deque
+# try loading magic>=0.4.20 which implements detect_from_filename method
+magic_mod = False
+try:
+ import magic
+ magic.detect_from_filename(__file__)
+ magic_mod = True
+except (ImportError, AttributeError):
+ log = logging.getLogger('sos')
+ from textwrap import fill
+ msg = ("""\
+WARNING: Failed to load 'magic' module version >= 0.4.20 which sos aims to \
+use for detecting binary files. A less effective method will be used. It is \
+recommended to install proper python3-magic package with the module.
+""")
+ log.warn('\n' + fill(msg, 72, replace_whitespace=False) + '\n')
+
+
TIMEOUT_DEFAULT = 300
@@ -75,17 +90,26 @@ def file_is_binary(fname):
:returns: True if binary, else False
:rtype: ``bool``
"""
- try:
- _ftup = magic.detect_from_filename(fname)
- _mimes = ['text/', 'inode/']
- return (
- _ftup.encoding == 'binary' and not
- any(_ftup.mime_type.startswith(_mt) for _mt in _mimes)
- )
- except Exception:
- # if for some reason this check fails, don't blindly remove all files
- # but instead rely on other checks done by the component
- return False
+ if magic_mod:
+ try:
+ _ftup = magic.detect_from_filename(fname)
+ _mimes = ['text/', 'inode/']
+ return (
+ _ftup.encoding == 'binary' and not
+ any(_ftup.mime_type.startswith(_mt) for _mt in _mimes)
+ )
+ except Exception:
+ pass
+ # if for some reason the above check fails or magic>=0.4.20 is not present,
+ # fail over to checking the very first byte of the file content
+ with open(fname, 'tr') as tfile:
+ try:
+ # when opened as above (tr), reading binary content will raise
+ # an exception
+ tfile.read(1)
+ return False
+ except UnicodeDecodeError:
+ return True
def find(file_pattern, top_dir, max_depth=None, path_pattern=None):
--
2.37.3

View File

@ -1,62 +0,0 @@
From 765f5f283bdb4747b0069f2f5d3381134b4b9a95 Mon Sep 17 00:00:00 2001
From: Jake Hunsaker <jhunsake@redhat.com>
Date: Thu, 15 Sep 2022 12:36:42 -0400
Subject: [PATCH] [ocp] Add newly required labels to temp OCP namespace
Newer OCP versions have a more restrictive default deployment
configuration. As such, add the required labels to the temporary
namespace/project we use for collections.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
---
sos/collector/clusters/ocp.py | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/sos/collector/clusters/ocp.py b/sos/collector/clusters/ocp.py
index 06301536f..92c4e04a2 100644
--- a/sos/collector/clusters/ocp.py
+++ b/sos/collector/clusters/ocp.py
@@ -142,12 +142,32 @@ def setup(self):
self.fmt_oc_cmd("new-project %s" % self.project)
)
if ret['status'] == 0:
+ self._label_sos_project()
return True
self.log_debug("Failed to create project: %s" % ret['output'])
raise Exception("Failed to create temporary project for collection. "
"\nAborting...")
+ def _label_sos_project(self):
+ """Add pertinent labels to the temporary project we've created so that
+ our privileged containers can properly run.
+ """
+ labels = [
+ "security.openshift.io/scc.podSecurityLabelSync=false",
+ "pod-security.kubernetes.io/enforce=privileged"
+ ]
+ for label in labels:
+ ret = self.exec_primary_cmd(
+ self.fmt_oc_cmd(
+ f"label namespace {self.project} {label} --overwrite"
+ )
+ )
+ if not ret['status'] == 0:
+ raise Exception(
+ f"Error applying namespace labels: {ret['output']}"
+ )
+
def cleanup(self):
"""Remove the project we created to execute within
"""
@@ -231,8 +251,9 @@ def get_nodes(self):
for node_name, node in self.node_dict.items():
if roles:
for role in roles:
- if role == node['roles']:
+ if role in node['roles']:
nodes.append(node_name)
+ break
else:
nodes.append(node_name)
else:

View File

@ -1,79 +0,0 @@
From 21101d80610c43a7c00de3dfaa5ff043d1f8324a Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Thu, 27 Oct 2022 18:00:28 +0200
Subject: [PATCH] [cleaner] Apply compile_regexes after a regular parse line
Hostname parser treats strings like 'host.domain.com' with precompiled
domain 'domain.com' in a wrong way. It first obfuscates the domain while
subsequent _parse_line skips host obfuscation.
Calling _parse_line before _parse_line_with_compiled_regexes does clean
both the host name and the domain name well.
Adding a unittest with a reproducer.
Resolves: #3054
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
sos/cleaner/parsers/hostname_parser.py | 19 +++++++++++++++++++
tests/unittests/cleaner_tests.py | 7 +++++++
2 files changed, 26 insertions(+)
diff --git a/sos/cleaner/parsers/hostname_parser.py b/sos/cleaner/parsers/hostname_parser.py
index debdf182..07eb40f6 100644
--- a/sos/cleaner/parsers/hostname_parser.py
+++ b/sos/cleaner/parsers/hostname_parser.py
@@ -8,6 +8,7 @@
#
# See the LICENSE file in the source distribution for further information.
+import re
from sos.cleaner.parsers import SoSCleanerParser
from sos.cleaner.mappings.hostname_map import SoSHostnameMap
@@ -29,6 +30,24 @@ class SoSHostnameParser(SoSCleanerParser):
self.load_short_names_from_mapping()
self.mapping.set_initial_counts()
+ def parse_line(self, line):
+ """This will be called for every line in every file we process, so that
+ every parser has a chance to scrub everything.
+
+ We are overriding parent method since we need to swap ordering of
+ _parse_line_with_compiled_regexes and _parse_line calls.
+ """
+ count = 0
+ for skip_pattern in self.skip_line_patterns:
+ if re.match(skip_pattern, line, re.I):
+ return line, count
+ line, _count = self._parse_line(line)
+ count += _count
+ if self.compile_regexes:
+ line, _rcount = self._parse_line_with_compiled_regexes(line)
+ count += _rcount
+ return line, count
+
def load_short_names_from_mapping(self):
"""When we load the mapping file into the hostname map, we have to do
some dancing to get those loaded properly into the "intermediate" dicts
diff --git a/tests/unittests/cleaner_tests.py b/tests/unittests/cleaner_tests.py
index d27481c1..9759b38a 100644
--- a/tests/unittests/cleaner_tests.py
+++ b/tests/unittests/cleaner_tests.py
@@ -171,6 +171,13 @@ class CleanerParserTests(unittest.TestCa
_test = self.host_parser.parse_line(line)[0]
self.assertNotEqual(line, _test)
+ def test_obfuscate_whole_fqdn_for_given_domainname(self):
+ self.host_parser.load_hostname_into_map('sostestdomain.domain')
+ line = 'let obfuscate soshost.sostestdomain.domain'
+ _test = self.host_parser.parse_line(line)[0]
+ self.assertFalse('soshost' in _test)
+ self.assertFalse('sostestdomain' in _test)
+
def test_keyword_parser_valid_line(self):
line = 'this is my foobar test line'
_test = self.kw_parser.parse_line(line)[0]
--
2.37.3

View File

@ -4,8 +4,8 @@
Summary: A set of tools to gather troubleshooting information from a system
Name: sos
Version: 4.4
Release: 4%{?dist}
Version: 4.5.0
Release: 1%{?dist}
Group: Applications/System
Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz
Source1: sos-audit-%{auditversion}.tgz
@ -14,6 +14,7 @@ BuildArch: noarch
Url: https://github.com/sosreport/sos
BuildRequires: python3-devel
BuildRequires: gettext
BuildRequires: python3-setuptools
Requires: tar
Requires: bzip2
Requires: xz
@ -23,10 +24,6 @@ Recommends: python3-pexpect
Recommends: python3-pyyaml
Conflicts: vdsm < 4.40
Obsoletes: sos-collector <= 1.9
Patch1: sos-bz2126089-relax-magic-dep.patch
Patch2: sos-bz2125499-yum-legacy-links.patch
Patch3: sos-bz2138174-clean-host-before-domain.patch
Patch4: sos-bz2130976-collect-ocp412.patch
%description
@ -38,10 +35,6 @@ support technicians and developers.
%prep
%setup -qn %{name}-%{version}
%setup -T -D -a1 -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%build
%py3_build
@ -64,7 +57,9 @@ cd %{name}-audit-%{auditversion}
DESTDIR=%{buildroot} ./install.sh
cd ..
%files -f %{name}.lang
# internationalization is currently broken. Uncomment this line once fixed.
# %%files -f %%{name}.lang
%files
%{_sbindir}/sos
%{_sbindir}/sosreport
%{_sbindir}/sos-collector
@ -109,6 +104,10 @@ of the system. Currently storage and filesystem commands are audited.
%changelog
* Tue Feb 07 2023 Pavel Moravec <pmoravec@redhat.com> = 4.5.0-1
- Rebase on upstream 4.5.0
Resolves: bz2082615
* Thu Nov 03 2022 Pavel Moravec <pmoravec@redhat.com> = 4.4-4
- [ocp] Add newly required labels to temp OCP namespace
Resolves: bz2130976

View File

@ -1,2 +1,2 @@
SHA512 (sos-4.4.tar.gz) = 0e040bd48463960872e7f14ac773edcce40a5bfb1e05967498c8c9dc41560dfe901c60f08aad5e2a987d5de8068b21729d2317ae99602c739aa4f78eb7f72251
SHA512 (sos-4.5.0.tar.gz) = c38ede9c587f8aa714889f2c28e0fcc55db38d1f63826615409d5bc8c26aa7178bb1cb01922fe4212f37c6a0c66de11711d5e1df1242abc2477039d6e97c84c9
SHA512 (sos-audit-0.3.tgz) = 32597baf6350804d08179a0dbe48470a93df148e83d2e49bb3288f6bcc2d151bb1433761913bfbccd912c14de92435939fef5bcd7e091dfe33a345d61ea842ea