5 changed files with 274 additions and 721 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/sos-4.6.1.tar.gz
+SOURCES/sos-4.7.0.tar.gz
 SOURCES/sos-audit-0.3.tgz
--- a/.sos.metadata
+++ b/.sos.metadata
@ -1,2 +1,2 @@
-b6999d34ade3b3d0b88390ab525d31c6a8dc2950 SOURCES/sos-4.6.1.tar.gz
+7d1629848263be2d613983fb15cd418dccdf1c76 SOURCES/sos-4.7.0.tar.gz
 9d478b9f0085da9178af103078bbf2fd77b0175a SOURCES/sos-audit-0.3.tgz
--- a/SOURCES/sos-RHEL-21178-device-auth.patch
+++ b/SOURCES/sos-RHEL-21178-device-auth.patch
@ -1,502 +0,0 @@
-From c1a08482f9f724395102be22d94382cbda14dbce Mon Sep 17 00:00:00 2001
-From: Jose Castillo <jcastillo@redhat.com>
-Date: Mon, 9 Oct 2023 16:28:15 +0100
-Subject: [PATCH] [redhat] Change authentication method for RHEL
-
-The authentication method for RHEL uploads to the
-customer portal is changing in 2024 to Device Auth
-tokens, from user/password basic authorization.
-To accomplish this, one new class is created:
-DeviceAuth (deviceauth.py), that takes care of
-managing OID token authentication.
-
-Closes: RH: SUPDEV-63
-
-Signed-off-by: Jose Castillo <jcastillo@redhat.com>
---
- sos/policies/auth/__init__.py  | 210 +++++++++++++++++++++++++++++++++
- sos/policies/distros/redhat.py | 121 ++++++++++++++-----
- 2 files changed, 300 insertions(+), 31 deletions(-)
- create mode 100644 sos/policies/auth/__init__.py
-
-diff --git a/sos/policies/auth/__init__.py b/sos/policies/auth/__init__.py
-new file mode 100644
-index 000000000..5b62a4953
--- /dev/null
-+++ b/sos/policies/auth/__init__.py
-@@ -0,0 +1,210 @@
-+# Copyright (C) 2023 Red Hat, Inc., Jose Castillo <jcastillo@redhat.com>
-+
-+# This file is part of the sos project: https://github.com/sosreport/sos
-+#
-+# This copyrighted material is made available to anyone wishing to use,
-+# modify, copy, or redistribute it subject to the terms and conditions of
-+# version 2 of the GNU General Public License.
-+#
-+# See the LICENSE file in the source distribution for further information.
-+
-+import logging
-+try:
-+    import requests
-+    REQUESTS_LOADED = True
-+except ImportError:
-+    REQUESTS_LOADED = False
-+import time
-+from datetime import datetime, timedelta
-+
-+DEVICE_AUTH_CLIENT_ID = "sos-tools"
-+GRANT_TYPE_DEVICE_CODE = "urn:ietf:params:oauth:grant-type:device_code"
-+
-+logger = logging.getLogger("sos")
-+
-+
-+class DeviceAuthorizationClass:
-+    """
-+    Device Authorization Class
-+    """
-+
-+    def __init__(self, client_identifier_url, token_endpoint):
-+
-+        self._access_token = None
-+        self._access_expires_at = None
-+        self.__device_code = None
-+
-+        self.client_identifier_url = client_identifier_url
-+        self.token_endpoint = token_endpoint
-+        self._use_device_code_grant()
-+
-+    def _use_device_code_grant(self):
-+        """
-+        Start the device auth flow. In the future we will
-+        store the tokens in an in-memory keyring.
-+
-+        """
-+
-+        self._request_device_code()
-+        print(
-+            "Please visit the following URL to authenticate this"
-+            f" device: {self._verification_uri_complete}"
-+        )
-+        self.poll_for_auth_completion()
-+
-+    def _request_device_code(self):
-+        """
-+        Initialize new Device Authorization Grant attempt by
-+        requesting a new device code.
-+
-+        """
-+        data = "client_id={}".format(DEVICE_AUTH_CLIENT_ID)
-+        headers = {'content-type': 'application/x-www-form-urlencoded'}
-+        if not REQUESTS_LOADED:
-+            raise Exception("python3-requests is not installed and is required"
-+                            " for obtaining device auth token.")
-+        try:
-+            res = requests.post(
-+                self.client_identifier_url,
-+                data=data,
-+                headers=headers)
-+            res.raise_for_status()
-+            response = res.json()
-+            self._user_code = response.get("user_code")
-+            self._verification_uri = response.get("verification_uri")
-+            self._interval = response.get("interval")
-+            self.__device_code = response.get("device_code")
-+            self._verification_uri_complete = response.get(
-+                "verification_uri_complete")
-+        except requests.HTTPError as e:
-+            raise requests.HTTPError("HTTP request failed "
-+                                     "while attempting to acquire the tokens."
-+                                     f"Error returned was {res.status_code} "
-+                                     f"{e}")
-+
-+    def poll_for_auth_completion(self):
-+        """
-+        Continuously poll OIDC token endpoint until the user is successfully
-+        authenticated or an error occurs.
-+
-+        """
-+        token_data = {'grant_type': GRANT_TYPE_DEVICE_CODE,
-+                      'client_id': DEVICE_AUTH_CLIENT_ID,
-+                      'device_code': self.__device_code}
-+
-+        if not REQUESTS_LOADED:
-+            raise Exception("python3-requests is not installed and is required"
-+                            " for obtaining device auth token.")
-+        while self._access_token is None:
-+            time.sleep(self._interval)
-+            try:
-+                check_auth_completion = requests.post(self.token_endpoint,
-+                                                      data=token_data)
-+
-+                status_code = check_auth_completion.status_code
-+
-+                if status_code == 200:
-+                    logger.info("The SSO authentication is successful")
-+                    self._set_token_data(check_auth_completion.json())
-+                if status_code not in [200, 400]:
-+                    raise Exception(status_code, check_auth_completion.text)
-+                if status_code == 400 and \
-+                    check_auth_completion.json()['error'] not in \
-+                        ("authorization_pending", "slow_down"):
-+                    raise Exception(status_code, check_auth_completion.text)
-+            except requests.exceptions.RequestException as e:
-+                logger.error(f"Error was found while posting a request: {e}")
-+
-+    def _set_token_data(self, token_data):
-+        """
-+        Set the class attributes as per the input token_data received.
-+        In the future we will persist the token data in a local,
-+        in-memory keyring, to avoid visting the browser frequently.
-+        :param token_data: Token data containing access_token, refresh_token
-+        and their expiry etc.
-+        """
-+        self._access_token = token_data.get("access_token")
-+        self._access_expires_at = datetime.utcnow() + \
-+            timedelta(seconds=token_data.get("expires_in"))
-+        self._refresh_token = token_data.get("refresh_token")
-+        self._refresh_expires_in = token_data.get("refresh_expires_in")
-+        if self._refresh_expires_in == 0:
-+            self._refresh_expires_at = datetime.max
-+        else:
-+            self._refresh_expires_at = datetime.utcnow() + \
-+                timedelta(seconds=self._refresh_expires_in)
-+
-+    def get_access_token(self):
-+        """
-+        Get the valid access_token at any given time.
-+        :return: Access_token
-+        :rtype: string
-+        """
-+        if self.is_access_token_valid():
-+            return self._access_token
-+        else:
-+            if self.is_refresh_token_valid():
-+                self._use_refresh_token_grant()
-+                return self._access_token
-+            else:
-+                self._use_device_code_grant()
-+                return self._access_token
-+
-+    def is_access_token_valid(self):
-+        """
-+        Check the validity of access_token. We are considering it invalid 180
-+        sec. prior to it's exact expiry time.
-+        :return: True/False
-+
-+        """
-+        return self._access_token and self._access_expires_at and \
-+            self._access_expires_at - timedelta(seconds=180) > \
-+            datetime.utcnow()
-+
-+    def is_refresh_token_valid(self):
-+        """
-+        Check the validity of refresh_token. We are considering it invalid
-+        180 sec. prior to it's exact expiry time.
-+
-+        :return: True/False
-+
-+        """
-+        return self._refresh_token and self._refresh_expires_at and \
-+            self._refresh_expires_at - timedelta(seconds=180) > \
-+            datetime.utcnow()
-+
-+    def _use_refresh_token_grant(self, refresh_token=None):
-+        """
-+        Fetch the new access_token and refresh_token using the existing
-+        refresh_token and persist it.
-+        :param refresh_token: optional param for refresh_token
-+
-+        """
-+        if not REQUESTS_LOADED:
-+            raise Exception("python3-requests is not installed and is required"
-+                            " for obtaining device auth token.")
-+        refresh_token_data = {'client_id': DEVICE_AUTH_CLIENT_ID,
-+                              'grant_type': 'refresh_token',
-+                              'refresh_token': self._refresh_token if not
-+                              refresh_token else refresh_token}
-+
-+        refresh_token_res = requests.post(self.token_endpoint,
-+                                          data=refresh_token_data)
-+
-+        if refresh_token_res.status_code == 200:
-+            self._set_token_data(refresh_token_res.json())
-+
-+        elif refresh_token_res.status_code == 400 and 'invalid' in\
-+                refresh_token_res.json()['error']:
-+            logger.warning("Problem while fetching the new tokens from refresh"
-+                           " token grant - {} {}."
-+                           " New Device code will be requested !".format
-+                           (refresh_token_res.status_code,
-+                            refresh_token_res.json()['error']))
-+            self._use_device_code_grant()
-+        else:
-+            raise Exception(
-+                "Something went wrong while using the "
-+                "Refresh token grant for fetching tokens:"
-+                f" Returned status code {refresh_token_res.status_code}"
-+                f" and error {refresh_token_res.json()['error']}")
-diff --git a/sos/policies/distros/redhat.py b/sos/policies/distros/redhat.py
-index bdbe8f952..02cc4cc2f 100644
--- a/sos/policies/distros/redhat.py
-+++ b/sos/policies/distros/redhat.py
-@@ -12,6 +12,7 @@
- import os
- import sys
- import re
-+from sos.policies.auth import DeviceAuthorizationClass
- 
- from sos.report.plugins import RedHatPlugin
- from sos.presets.redhat import (RHEL_PRESETS, ATOMIC_PRESETS, RHV, RHEL,
-@@ -51,6 +52,10 @@ class RedHatPolicy(LinuxPolicy):
-     default_container_runtime = 'podman'
-     sos_pkg_name = 'sos'
-     sos_bin_path = '/usr/sbin'
-+    client_identifier_url = "https://sso.redhat.com/auth/"\
-+        "realms/redhat-external/protocol/openid-connect/auth/device"
-+    token_endpoint = "https://sso.redhat.com/auth/realms/"\
-+        "redhat-external/protocol/openid-connect/token"
- 
-     def __init__(self, sysroot=None, init=None, probe_runtime=True,
-                  remote_exec=None):
-@@ -228,6 +233,7 @@ class RHELPolicy(RedHatPolicy):
- """ + disclaimer_text + "%(vendor_text)s\n")
-     _upload_url = RH_SFTP_HOST
-     _upload_method = 'post'
-+    _device_token = None
- 
-     def __init__(self, sysroot=None, init=None, probe_runtime=True,
-                  remote_exec=None):
-@@ -266,24 +272,23 @@ def check(cls, remote=''):
- 
-     def prompt_for_upload_user(self):
-         if self.commons['cmdlineopts'].upload_user:
-            return
-        # Not using the default, so don't call this prompt for RHCP
-        if self.commons['cmdlineopts'].upload_url:
-            super(RHELPolicy, self).prompt_for_upload_user()
-            return
-        if not self.get_upload_user():
-            if self.case_id:
-                self.upload_user = input(_(
-                    "Enter your Red Hat Customer Portal username for "
-                    "uploading [empty for anonymous SFTP]: ")
-                )
-            else:   # no case id provided => failover to SFTP
-                self.upload_url = RH_SFTP_HOST
-                self.ui_log.info("No case id provided, uploading to SFTP")
-                self.upload_user = input(_(
-                    "Enter your Red Hat Customer Portal username for "
-                    "uploading to SFTP [empty for anonymous]: ")
-                )
-+            self.ui_log.info(
-+                _("The option --upload-user has been deprecated in favour"
-+                  " of device authorization in RHEL")
-+            )
-+        if not self.case_id:
-+            # no case id provided => failover to SFTP
-+            self.upload_url = RH_SFTP_HOST
-+            self.ui_log.info("No case id provided, uploading to SFTP")
-+
-+    def prompt_for_upload_password(self):
-+        # With OIDC we don't ask for user/pass anymore
-+        if self.commons['cmdlineopts'].upload_pass:
-+            self.ui_log.info(
-+                _("The option --upload-pass has been deprecated in favour"
-+                  " of device authorization in RHEL")
-+            )
-+        return
- 
-     def get_upload_url(self):
-         if self.upload_url:
-@@ -292,10 +297,42 @@ def get_upload_url(self):
-             return self.commons['cmdlineopts'].upload_url
-         elif self.commons['cmdlineopts'].upload_protocol == 'sftp':
-             return RH_SFTP_HOST
-+        elif not self.commons['cmdlineopts'].case_id:
-+            self.ui_log.info("No case id provided, uploading to SFTP")
-+            return RH_SFTP_HOST
-         else:
-             rh_case_api = "/support/v1/cases/%s/attachments"
-             return RH_API_HOST + rh_case_api % self.case_id
- 
-+    def _get_upload_https_auth(self):
-+        str_auth = "Bearer {}".format(self._device_token)
-+        return {'Authorization': str_auth}
-+
-+    def _upload_https_post(self, archive, verify=True):
-+        """If upload_https() needs to use requests.post(), use this method.
-+
-+        Policies should override this method instead of the base upload_https()
-+
-+        :param archive:     The open archive file object
-+        """
-+        files = {
-+            'file': (archive.name.split('/')[-1], archive,
-+                     self._get_upload_headers())
-+        }
-+        # Get the access token at this point. With this,
-+        # we cover the cases where report generation takes
-+        # longer than the token timeout
-+        RHELAuth = DeviceAuthorizationClass(
-+                self.client_identifier_url,
-+                self.token_endpoint
-+            )
-+        self._device_token = RHELAuth.get_access_token()
-+        self.ui_log.info("Device authorized correctly. Uploading file to "
-+                         f"{self.get_upload_url_string()}")
-+        return requests.post(self.get_upload_url(), files=files,
-+                             headers=self._get_upload_https_auth(),
-+                             verify=verify)
-+
-     def _get_upload_headers(self):
-         if self.get_upload_url().startswith(RH_API_HOST):
-             return {'isPrivate': 'false', 'cache-control': 'no-cache'}
-@@ -332,15 +369,38 @@ def upload_sftp(self):
-                             " for obtaining SFTP auth token.")
-         _token = None
-         _user = None
-+
-+        # We may have a device token already if we attempted
-+        # to upload via http but the upload failed. So
-+        # lets check first if there isn't one.
-+        if not self._device_token:
-+            try:
-+                RHELAuth = DeviceAuthorizationClass(
-+                    self.client_identifier_url,
-+                    self.token_endpoint
-+                )
-+            except Exception as e:
-+                # We end up here if the user cancels the device
-+                # authentication in the web interface
-+                if "end user denied" in str(e):
-+                    self.ui_log.info(
-+                        "Device token authorization "
-+                        "has been cancelled by the user."
-+                    )
-+            else:
-+                self._device_token = RHELAuth.get_access_token()
-+        if self._device_token:
-+            self.ui_log.info("Device authorized correctly. Uploading file to"
-+                             f" {self.get_upload_url_string()}")
-+
-         url = RH_API_HOST + '/support/v2/sftp/token'
-        # we have a username and password, but we need to reset the password
-        # to be the token returned from the auth endpoint
-        if self.get_upload_user() and self.get_upload_password():
-            auth = self.get_upload_https_auth()
-            ret = requests.post(url, auth=auth, timeout=10)
-+        ret = None
-+        if self._device_token:
-+            headers = self._get_upload_https_auth()
-+            ret = requests.post(url, headers=headers, timeout=10)
-             if ret.status_code == 200:
-                 # credentials are valid
-                _user = self.get_upload_user()
-+                _user = json.loads(ret.text)['username']
-                 _token = json.loads(ret.text)['token']
-             else:
-                 self.ui_log.debug(
-@@ -351,8 +411,7 @@ def upload_sftp(self):
-                     "Unable to retrieve Red Hat auth token using provided "
-                     "credentials. Will try anonymous."
-                 )
-        # we either do not have a username or password/token, or both
-        if not _token:
-+        else:
-             adata = {"isAnonymous": True}
-             anon = requests.post(url, data=json.dumps(adata), timeout=10)
-             if anon.status_code == 200:
-@@ -368,7 +427,6 @@ def upload_sftp(self):
-                     f"DEBUG: anonymous request failed (status: "
-                     f"{anon.status_code}): {anon.json()}"
-                 )
-
-         if _user and _token:
-             return super(RHELPolicy, self).upload_sftp(user=_user,
-                                                        password=_token)
-@@ -380,17 +438,18 @@ def upload_archive(self, archive):
-         """
-         try:
-             if self.upload_url and self.upload_url.startswith(RH_API_HOST) and\
-              (not self.get_upload_user() or not self.get_upload_password()):
-+                    (not self.get_upload_user() or
-+                     not self.get_upload_password()):
-                 self.upload_url = RH_SFTP_HOST
-             uploaded = super(RHELPolicy, self).upload_archive(archive)
-        except Exception:
-+        except Exception as e:
-             uploaded = False
-             if not self.upload_url.startswith(RH_API_HOST):
-                 raise
-             else:
-                 self.ui_log.error(
-                    _(f"Upload to Red Hat Customer Portal failed. Trying "
-                      f"{RH_SFTP_HOST}")
-+                    _(f"Upload to Red Hat Customer Portal failed due to "
-+                      f"{e}. Trying {RH_SFTP_HOST}")
-                 )
-                 self.upload_url = RH_SFTP_HOST
-                 uploaded = super(RHELPolicy, self).upload_archive(archive)
-From d338a232cd7c829ca8ca5e5febef51035d1f7da5 Mon Sep 17 00:00:00 2001
-From: Pavel Moravec <pmoravec@redhat.com>
-Date: Wed, 10 Jan 2024 16:47:44 +0100
-Subject: [PATCH] [build] Bump version to 4.6.1
-
-Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
- docs/conf.py    | 4 ++--
- sos.spec        | 5 ++++-
- sos/__init__.py | 2 +-
- 3 files changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/docs/conf.py b/docs/conf.py
-index 5f105373e..57d1b9297 100644
--- a/docs/conf.py
-+++ b/docs/conf.py
-@@ -59,9 +59,9 @@
- # built documents.
- #
- # The short X.Y version.
-version = '4.6.0'
-+version = '4.6.1'
- # The full version, including alpha/beta/rc tags.
-release = '4.6.0'
-+release = '4.6.1'
- 
- # The language for content autogenerated by Sphinx. Refer to documentation
- # for a list of supported languages.
-diff --git a/sos.spec b/sos.spec
-index b575b5232..a08e2857b 100644
--- a/sos.spec
-+++ b/sos.spec
-@@ -1,6 +1,6 @@
- Summary: A set of tools to gather troubleshooting information from a system
- Name: sos
-Version: 4.6.0
-+Version: 4.6.1
- Release: 1%{?dist}
- Source0: https://github.com/sosreport/sos/archive/%{name}-%{version}.tar.gz
- License: GPL-2.0-or-later
-@@ -90,6 +90,9 @@ rm -rf %{buildroot}/usr/config/
- %config(noreplace) %{_sysconfdir}/sos/sos.conf
- 
- %changelog
-+* Wed Jan 10 2024 Pavel Moravec <pmoravec@redhat.com> = 4.6.1
-+- New upstream release
-+
- * Thu Aug 17 2023 Jake Hunsaker <jacob.r.hunsaker@gmail.com> = 4.6.0
- - New upstream release
- 
-diff --git a/sos/__init__.py b/sos/__init__.py
-index 78e452676..18d18c4c7 100644
--- a/sos/__init__.py
-+++ b/sos/__init__.py
-@@ -14,7 +14,7 @@
- This module houses the i18n setup and message function. The default is to use
- gettext to internationalize messages.
- """
-__version__ = "4.6.0"
-+__version__ = "4.6.1"
- 
- import os
- import sys
--- a/SOURCES/sos-almalinux-branding.patch
+++ b/SOURCES/sos-almalinux-branding.patch
@ -1,36 +0,0 @@
-diff -aruN sos-4.3/sos/policies/distros/redhat.py sos-4.3.alma/sos/policies/distros/redhat.py
--- sos-4.3/sos/policies/distros/redhat.py	2022-02-15 07:20:20.000000000 +0300
-+++ sos-4.3.alma/sos/policies/distros/redhat.py	2022-10-24 10:54:24.000000000 +0300
-@@ -435,6 +435,16 @@
-     vendor_urls = [('Community Website', 'https://www.centos.org/')]
- 
- 
-+class AlmaLinuxPolicy(RHELPolicy):
-+    distro = "AlmaLinux"
-+    vendor = "AlmaLinux OS Foundation"
-+    vendor_urls = [
-+        ('Distribution Website', 'https://www.almalinux.org/'),
-+        ('Commercial Support', 'https://tuxcare.com/linux-support-services/')
-+    ]
-+
-+
-+
- class RedHatAtomicPolicy(RHELPolicy):
-     distro = "Red Hat Atomic Host"
-     msg = _("""\
-@@ -592,6 +602,15 @@
-     vendor_urls = [('Community Website', 'https://www.centos.org/')]
- 
- 
-+class AlmaLinuxAtomicPolicy(RedHatAtomicPolicy):
-+    distro = "AlmaLinux Atomic Host"
-+    vendor = "AlmaLinux OS Foundation"
-+    vendor_urls = [
-+        ('Distribution Website', 'https://www.almalinux.org/'),
-+        ('Commercial Support', 'https://tuxcare.com/linux-support-services/')
-+    ]
-+
-+
- class FedoraPolicy(RedHatPolicy):
-     """
-     The policy for Fedora based systems, regardless of spin/edition. This
--- a/SPECS/sos.spec
+++ b/SPECS/sos.spec
@ -4,8 +4,8 @@

 Summary: A set of tools to gather troubleshooting information from a system
 Name: sos
-Version: 4.6.1
-Release: 1%{?dist}.alma.1
+Version: 4.7.0
+Release: 1%{?dist}
 Group: Applications/System
 Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz
 Source1: sos-audit-%{auditversion}.tgz
@ -21,11 +21,7 @@ Recommends: python3-magic
 Recommends: python3-pexpect
 Recommends: python3-pyyaml
 Conflicts: vdsm < 4.40
-Obsoletes: sos-collector <= 1.9
-Patch1: sos-RHEL-21178-device-auth.patch
-
-# AlmaLinux patches
-Patch1000: sos-almalinux-branding.patch
+Obsoletes: sos-collector

 %description
 Sos is a set of tools that gathers information about system
@ -36,54 +32,52 @@ support technicians and developers.
 %prep
 %setup -qn %{name}-%{version}
 %setup -T -D -a1 -q
-%patch1 -p1

-# AlmaLinux patches
-%patch1000 -p1

 %build
 %py3_build         

 %install
 %py3_install '--install-scripts=%{_sbindir}'
-
-install -d -m 755 %{buildroot}%{_sysconfdir}/%{name}
-install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/cleaner
-install -d -m 755 %{buildroot}%{_sysconfdir}/%{name}/presets.d
-install -d -m 755 %{buildroot}%{_sysconfdir}/%{name}/groups.d
-install -d -m 755 %{buildroot}%{_sysconfdir}/%{name}/extras.d
+rm -f %{buildroot}/usr/config/sos.conf
+rm -f %{buildroot}/usr/config/tmpfilesd-sos-rh.conf
+install -Dm644 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
 install -d -m 755 %{buildroot}%{_sysconfdir}/tmpfiles.d/
-install -m 644 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
 install -m 644 tmpfiles/tmpfilesd-sos-rh.conf %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf

-rm -rf %{buildroot}/usr/config/
-
 %find_lang %{name} || echo 0

 cd %{name}-audit-%{auditversion}
 DESTDIR=%{buildroot} ./install.sh
 cd ..

+mkdir -p %{buildroot}%{_sysconfdir}/sos/{cleaner,presets.d,extras.d,groups.d}
+
 # internationalization is currently broken. Uncomment this line once fixed.
 # %%files -f %%{name}.lang
 %files
-%{_sbindir}/sos
 %{_sbindir}/sosreport
+%{_sbindir}/sos
 %{_sbindir}/sos-collector
-#%dir /etc/sos/cleaner
 %dir /etc/sos/presets.d
 %dir /etc/sos/extras.d
 %dir /etc/sos/groups.d
-%{_sysconfdir}/tmpfiles.d/%{name}.conf
+/etc/tmpfiles.d/%{name}.conf
 %{python3_sitelib}/*
-%{_mandir}/man1/*
+%{_mandir}/man1/sosreport.1.gz
+%{_mandir}/man1/sos-clean.1.gz
+%{_mandir}/man1/sos-collect.1.gz
+%{_mandir}/man1/sos-collector.1.gz
+%{_mandir}/man1/sos-help.1.gz
+%{_mandir}/man1/sos-mask.1.gz
+%{_mandir}/man1/sos-report.1.gz
+%{_mandir}/man1/sos.1.gz
 %{_mandir}/man5/sos.conf.5.gz
 %doc AUTHORS README.md
 %license LICENSE
 %config(noreplace) %{_sysconfdir}/sos/sos.conf
 %config(noreplace) %{_sysconfdir}/sos/cleaner

-
 %package audit
 Summary: Audit use of some commands for support purposes
 License: GPLv2+
@ -93,7 +87,7 @@ Group: Application/System

 Sos-audit provides configuration files for the Linux Auditing System
 to track the use of some commands capable of changing the configuration
-of the system.  Currently storage and filesystem commands are audited.
+of the system. Currently storage and filesystem commands are audited.

 %post audit
 %{_sbindir}/sos-audit.sh
@ -110,302 +104,399 @@ of the system.  Currently storage and filesystem commands are audited.
 %ghost /etc/audit/rules.d/40-sos-filesystem.rules
 %ghost /etc/audit/rules.d/40-sos-storage.rules

-
 %changelog
-* Thu Feb 08 2023 Eduard Abdullin <eabdullin@almalinux.org> - 4.6.1-1.alma.1
- Debrand for AlmaLinux
+* Tue Feb 20 2024 Jan Jansky <jjansky@redhat.com> = 4.7.0-1
+- rebase to upstream 4.7.0
+  Resolves: RHEL-26111

 * Thu Jan 11 2024 Pavel Moravec <pmoravec@redhat.com> = 4.6.1-1
 - rebase to upstream 4.6.1
-  Resolves: RHEL-21174
+  Resolves: RHEL-21173
 - [redhat] Change authentication method for RHEL
-  Resolves: RHEL-21178
+  Resolves: RHEL-21177

 * Wed Oct 18 2023 Pavel Moravec <pmoravec@redhat.com> = 4.6.0-5
  [pulpcore] Scrub AUTH_LDAP_BIND_PASSWORD value
-  Resolves: RHEL-13701
+  Resolves: RHEL-13697

 * Tue Oct 17 2023 Pavel Moravec <pmoravec@redhat.com> = 4.6.0-4
 - [pulp] Fix dynaconf obfuscation and add AUTH_LDAP_BIND_PASSWORD
-  Resolves: RHEL-13701
-
-* Thu Oct 12 2023 Pavel Moravec <pmoravec@redhat.com> = 4.6.0-3
- [greenboot] seperate logs to a standalone plugin; enhance [microshift]
-  Resolves: SUPDEV148
+  Resolves: RHEL-13697

 * Fri Sep 01 2023 Pavel Moravec <pmoravec@redhat.com> = 4.6.0-2
 - [openshift_ovn] Collect additional ovnkube node logs
  Resolves: SUPDEV145

 * Wed Aug 23 2023 Jan Jansky <jjansky@redhat.com> = 4.6.0-1
- [ultrapath] Add new plugin for Huawei UltraPath
-  Resolves: bz2187407
 - [cleaner] Use data filter for extraction
-  Resolves: bz2217906
- [discovery] Enable the plugin by containers
-  Resolves: bz2222134
+  Resolves: bz2218873

 * Thu Jul 27 2023 Pavel Moravec <pmoravec@redhat.com> = 4.5.6-1
- Collect db files for ovn interconnect environment
-  Resolves: bz2226682
-* Fri Jul 14 2023 Jan Jansky <jjansky@redhat.com> - 4.5.5-2
- Adding patch for cleaning mac addresses
-  Resolves: bz2217943
+- Rebase sos to 4.5.6
+  Resolves: bz2226724
+
+* Fri Jul 14 2023 Jan Jansky <jjansky@redhat.com> = 4.5.5-2
+- Adding patch for mac obfuscation
+  Resolves: bz2218279
+  Resolves: bz2216608
+  Resolves: bz2207562
+
 * Mon Jul 03 2023 Jan Jansky <jjansky@redhat.com> = 4.5.5-1
- Rebase on upstream 4.5.5
-  Resolves: bz2217943
+- [clean] Respect permissions of sanitised files
+  Resolves: bz2218279
+- [plugin] Fix exception when calling os.makedirs
+  Resolves: bz2216608
+- [cleaner] Enhance trailing characters list after AMC address
+  Resolves: bz2207562

-* Tue May 31 2023 Pavel Moravec <pmoravec@redhat.com> = 4.5.4-1
- [specfile] add runtime requirement to python3-setuptools
-  Resolves: bz2207776
+* Thu Jun 01 2023 Pavel Moravec <pmoravec@redhat.com> = 4.5.4-1
+- [plugins] collect strings before commands
+  Resolves: bz2203141
+- [collector] collect report from primary node if in node_list
+  Resolves: bz2186460
+- [powerpc] collect invscout logs
+  Resolves: bz2210543
+- [rhc] New plugin for RHC
+  Resolves: bz2196649

-* Thu May 04 2023 Jan Jansky <jjansky@redhat.com> = 4.5.3-1
- [unpackaged] Print unpackaged symlinks instead of targets
-  Resolves: bz2169684
+* Fri May 05 2023 Jan Jansky <jjansky@redhat.com> = 4.5.3-1
 - [report] Ignore case when scrubbing via do_file_sub
-  Resolves: bz2174254
- [powerpc]: To collect lparnumascore logs
-  Resolves: bz2177984
+  Resolves: bz2143272
+- [subscription_manager] Scrub proxy passwords from repo_server_val
+  Resolves: bz2177282
+- [virsh] Scrub passwords in virt-manager logs
+  Resolves: bz2184062
+
 * Wed Mar 08 2023 Pavel Moravec <pmoravec@redhat.com> = 4.5.1-3
 - Rebase on upstream 4.5.1
-  Resolves: bz2175808
- [microshift] Fix microshift get and add commands
-  Resolves: bz2175650
+  Resolves: bz2175806
+- [composer] Capure /etc/osbuild-composer file
+  Resolves: bz2169776
+- [ostree] Collect "ostree fsck" under plugin specific opt
+  Resolves: bz2161533
+- [iprconfig] guard whole plugin by sg kmod predicate
+  Resolves: bz2176086
+- [cleaner] dont clean sys_tmp from final_path
+  Resolves: bz2176218

 * Tue Feb 07 2023 Pavel Moravec <pmoravec@redhat.com> = 4.5.0-1
 - Rebase on upstream 4.5.0
-  Resolves: bz2082615
+  Resolves: bz2082614

 * Thu Nov 03 2022 Pavel Moravec <pmoravec@redhat.com> = 4.4-4
 - [ocp] Add newly required labels to temp OCP namespace
-  Resolves: bz2130976
+  Resolves: bz2130922

 * Fri Oct 28 2022 Pavel Moravec <pmoravec@redhat.com> = 4.4-3
 - [cleaner] Apply compile_regexes after a regular parse line
-  Resolves: bz2138174
+  Resolves: bz2138173

 * Thu Sep 22 2022 Pavel Moravec <pmoravec@redhat.com> = 4.4-2
 - [utilities] Relax from hard dependency of python3-magic
-  Resolves: bz2126089
+  Resolves: bz2129038
 - [dnf] Collect legacy yum config symlinks, properly obfuscate pwds
-  Resolves: bz2125499
+  Resolves: bz2100154

 * Fri Sep 09 2022 Pavel Moravec <pmoravec@redhat.com> = 4.4-1
 - Rebase on upstream 4.4
-  Resolves: bz2082615
+  Resolves: bz2082614
 - [redhat] Honour credential-less --upload-url on RedHat distro properly
-  Resolves: bz2059573
- [md] Restrict data capture to raid members
-  Resolves: bz2062283
+  Resolves: bz2059572
 - [sos] Fix unhandled exception when concurrently removing temp dir
-  Resolves: bz2088440
+  Resolves: bz2088439
+- [specfile] drop python3-libxml2 dependency
+  Resolves: bz2125486
+- [md] Restrict data capture to raid members
+  Resolves: bz2125485
+- [cleaner] Use compiled regex lists for parsers by default
+  Resolves: bz2043233
+- [cgroups] not collect memory.kmem.slabinfo
+  Resolves: bz1995120
+- [report] Fix loop devices data gathering
+  Resolves: bz2010735
+- [insights] Collect /var/lib/insights
+  Resolves: bz2103233
+- [candlepin] collect information about SCA
+  Resolves: bz2060925
+- [manpages] Clarify --upload-directory applicable to FTP protocol only
+  Resolves: bz2063259
+- [cleaner] Dont obfuscate tmpdir path of local private_map
+  Resolves: bz2064815
+- [fibrechannel] collect Cisco fnic statistics
+  Resolves: bz2074715
+- [pulpcore] Collect db_tables_sizes
+  Resolves: bz2081433
+- [fibrechannel]: Update fibrechannel plugin to collect HBA logs
+  Resolves: bz2089591
+- [arcconf]: Update arcconf plugin to collect UART logs
+  Resolves: bz2090283
+- [pulpcore] Stop collecting commands relevant to old taskig system
+  Resolves: bz2093191
+- [dnf,yum] Merge plugins into dnf, remove yum plugin
+  Resolves: bz2100154
+- [policies] Simplify flow in _container_init()
+  Resolves: bz2100480
+- [pacemaker] Update collect cluster profile for pacemaker
+  Resolves: bz2065821

 * Mon Aug 29 2022 Pavel Moravec <pmoravec@redhat.com> = 4.3-3
 - [vdsm] Set LVM option use_devicesfile=0
-  Resolves: bz2122355
+  Resolves: bz2093993
 - [Plugin] Make forbidden path checks more efficient
-  Resolves: bz2122354
+  Resolves: bz2099598

 * Thu Jun 16 2022 Pavel Moravec <pmoravec@redhat.com> = 4.3-2
- [ocp, openshift] Re-align API collection options and rename
-  Resolves: bz2065563
- [utilities] Close file only when storing to file
-  Resolves: bz2079492
- [report] --list-plugins should report used, not default,
-  Resolves: bz2079490
- [report] Honor plugins' hardcoded plugin_timeout
-  Resolves: bz2079188
- crio: switch from parsing output in table format to json
-  Resolves: bz2097674
- [pacemaker] Redesign node enumeration logic
-  Resolves: bz2082914
- [tigervnc] Update collections for newer versions of TigerVNC
-  Resolves: bz2066181
- [plugins] Allow 'str' PlugOpt type to accept any value
-  Resolves: bz2079491
 - [ovirt] answer files: Filter out all password keys
-  Resolves: bz2095267
+  Resolves: bz2095263
+- [plugins] Allow 'str' PlugOpt type to accept any value
+  Resolves: bz2079485
+- [tigervnc] Update collections for newer versions of TigerVNC
+  Resolves: bz2062908
+- [pacemaker] Redesign node enumeration logic
+  Resolves: bz2065805
+- crio: switch from parsing output in table format to json
+  Resolves: bz2092969
+- [report] Honor plugins' hardcoded plugin_timeout
+  Resolves: bz2079187
+- [report] --list-plugins should report used, not default,
+  Resolves: bz2079484
+- [utilities] Close file only when storing to file
+  Resolves: bz2079486
+- [presets] Adjust OCP preset options, more OCP backports
+  Resolves: bz2058279

-* Thu Mar 24 2022 Pavel Moravec <pmoravec@redhat.com> = 4.3-1
+* Mon Apr 04 2022 Pavel Moravec <pmoravec@redhat.com> = 4.3-1
 - Rebase on upstream 4.3
-  Resolves: 2055003
+  Resolves: bz2055002
 - [sapnw] Fix IndexError exception
-  Resolves: 2065551
- [subscription_manager] collect syspurpose data via sub-man
-  Resolves: 2002333
+  Resolves: bz1992938
 - [Plugin, utilities] Allow writing command output directly to disk
-  Resolves: 2065564
+  Resolves: bz1726023
 - [Ceph] Add support for containerized Ceph setup
-  Resolves: 2065562
+  Resolves: bz1882544
 - [unbound] Add new plugin for Unbound DNS resolver
-  Resolves: 2065560
+  Resolves: bz2018228
 - [discovery] Add new discovery plugin
-  Resolves: 2065558
- [system] Collect glibc tuning decisions
-  Resolves: 2032913
+  Resolves: bz2018549
+- [vdsm] Exclude /var/lib/vdsm/storage/transient_disks
+  Resolves: bz2029154

 * Wed Feb 23 2022 Pavel Moravec <pmoravec@redhat.com> = 4.2-15
 - [sosnode] Handle downstream versioning for runtime option
-  Resolves: bz2037350
+  Resolves: bz2036697
 - [options] Fix logging on plugopts in effective sos command
-  Resolves: bz2054883
+  Resolves: bz2054882
 - [report] Honor plugins' hardcoded plugin_timeout
-  Resolves: bz2055548
+  Resolves: bz2055547
 - [policies] Set fallback to None sysroot, don't chroot to '/'
-  Resolves: bz2011537
+  Resolves: bz1873185
 - [ovn_central] Rename container responsable of Red Hat
-  Resolves: bz2043488
+  Resolves: bz2042966

 * Wed Jan 26 2022 Pavel Moravec <pmoravec@redhat.com> = 4.2-13
 - [virsh] Catch parsing exception
-  Resolves: bz2041855
+  Resolves: bz2041488

 * Tue Jan 25 2022 Pavel Moravec <pmoravec@redhat.com> = 4.2-12
 - [foreman] Use psql-msgpack-decode wrapper for dynflow >= 1.6
-  Resolves: bz2043104
+  Resolves: bz2043102
 - [virsh] Call virsh commands in the foreground / with a TTY
-  Resolves: bz2041855
+  Resolves: bz2041488
 - [ovn_central] Account for Red Hat ovn package naming
-  Resolves: bz2043488
+  Resolves: bz2042966
 - [clean,parsers] Build regex lists for static items only once
-  Resolves: bz2037350
+  Resolves: bz2036697

 * Mon Jan 10 2022 Pavel Moravec <pmoravec@redhat.com> = 4.2-11
 - [report] Add journal logs for NetworkManager plugin
-  Resolves: bz2037350
+  Resolves: bz2036697

 * Fri Jan 07 2022 Pavel Moravec <pmoravec@redhat.com> = 4.2-9
 - add oc transport, backport various PRs for OCP
-  Resolves: bz2037350
+  Resolves: bz2036697
 - [report] Provide better warning about estimate-mode
-  Resolves: bz2011537
+  Resolves: bz1873185
 - [hostname] Fix loading and detection of long base domains
-  Resolves: bz2024893
+  Resolves: bz2023867

 * Sun Dec 19 2021 Pavel Moravec <pmoravec@redhat.com> = 4.2-8
 - [rhui] New log folder
-  Resolves: bz2031777
+  Resolves: bz2030741
 - nvidia]:Patch to update nvidia plugin for GPU info
-  Resolves: bz2034001
+  Resolves: bz2025403
 - [hostname] Fix edge case for new hosts in a known subdomain
-  Resolves: bz2024893
+  Resolves: bz2023867

 * Wed Dec 08 2021 Pavel Moravec <pmoravec@redhat.com> = 4.2-7
 - [hostname] Simplify case matching for domains
-  Resolves: bz2024893
+  Resolves: bz2023867

 * Tue Nov 30 2021 Pavel Moravec <pmoravec@redhat.com> = 4.2-6
 - [redhat] Fix broken URI to upload to customer portal
-  Resolves: bz2025611
+  Resolves: bz2025610

 * Mon Nov 22 2021 Pavel Moravec <pmoravec@redhat.com> = 4.2-5
 - [clean,hostname_parser] Source /etc/hosts for obfuscation
-  Resolves: bz2024893
+  Resolves: bz2023867
 - [clean, hostname] Fix unintentionally case sensitive
-  Resolves: bz2024892
+  Resolves: bz2023863
 - [redhat] update SFTP API version to v2
-  Resolves: bz2025611
+  Resolves: bz2025610

 * Tue Nov 16 2021 Pavel Moravec <pmoravec@redhat.com> = 4.2-4
 - [report] Calculate sizes of dirs, symlinks and manifest in
-  Resolves: bz2011537
+  Resolves: bz1873185
 - [report] shutdown threads for timeouted plugins
-  Resolves: bz2012859
+  Resolves: bz2012857
 - [report] fix filter_namespace per pattern
-  Resolves: bz2020778
+  Resolves: bz2020777
 - Ensure specific plugin timeouts are only set
-  Resolves: bz2023481
+  Resolves: bz2018033

 * Wed Nov 03 2021 Pavel Moravec <pmoravec@redhat.com> = 4.2-2
 - [firewall_tables] call iptables -t <table> based on nft
-  Resolves: bz2011536
+  Resolves: bz2005195
 - [report] Count with sos_logs and sos_reports in
-  Resolves: bz2011537
+  Resolves: bz1873185
 - [foreman] Collect puma status and stats
-  Resolves: bz2011507
+  Resolves: bz2011506
 - [report] Overwrite pred=None before refering predicate
-  Resolves: bz2012858
+  Resolves: bz2012856
 - [openvswitch] add commands for offline analysis
-  Resolves: bz2019697
+  Resolves: bz2004929

 * Wed Oct 06 2021 Pavel Moravec <pmoravec@redhat.com> = 4.2-1
 - Rebase on upstream 4.2
-  Resolves: bz1998134
+  Resolves: bz1998133
 - [report] Implement --estimate-only
-  Resolves: bz2011537
+  Resolves: bz1873185
 - [omnipath_client] Opacapture to run only with allow changes
-  Resolves: bz2011534
+  Resolves: bz1998433
 - [unpackaged] deal with recursive loop of symlinks properly
-  Resolves: bz2011533
+  Resolves: bz1998521
 - [networking] prevent iptables-save commands to load nf_tables
-  Resolves: bz2011538
+  Resolves: bz2001096
 - [kernel] Capture Pressure Stall Information
-  Resolves: bz2011535
+  Resolves: bz2002145
 - [processor] Apply sizelimit to /sys/devices/system/cpu/cpuX
-  Resolves: bz1869561
+  Resolves: bz2011413

-* Wed Aug 11 2021 Pavel Moravec <pmoravec@redhat.com> = 4.1-8
+* Wed Aug 11 2021 Pavel Moravec <pmoravec@redhat.com> = 4.1-5
 - [report,collect] unify --map-file arguments
-  Resolves: bz1985985
+  Resolves: bz1923938
 - [rhui] add new plugin for RHUI 4
-  Resolves: bz1992859
+  Resolves: bz1665947
 - [username parser] Load usernames from `last` for LDAP users
-  Resolves: bz1992861
+  Resolves: bz1985037

-* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 4.1-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
-
-* Tue Jul 27 2021 Pavel Moravec <pmoravec@redhat.com> - 4.1-6
- [networking] collect also tc filter show ingress
-  Resolves: bz1985976
- [cleaner] Only skip packaging-based files for the IP parser
-  Resolves: bz1985982
- [sssd] sssd plugin when sssd-common
-  Resolves: bz1967718
- Various OCP/cluster/cleanup enhancements
-  Resolves: bz1985983
+* Mon Jul 26 2021 Pavel Moravec <pmoravec@redhat.com> = 4.1-4
 - [options] allow variant option names in config file
-  Resolves: bz1985985
+  Resolves: bz1923938
 - [plugins] Set default predicate instead of None
-  Resolves: bz1938874
- [MigrationResults] collect info about conversions and
-  Resolves: bz1959779
+  Resolves: bz1985986
+- [MigrationResults] collect info about conversions
+  Resolves: bz1959598

-* Wed Jun 02 2021 Pavel Moravec <pmoravec@redhat.com> - 4.1-4
- [archive] skip copying SELinux context for /proc and /sys everytime
-  Resolves: bz1965002
+* Mon Jun 21 2021 Pavel Moravec <pmoravec@redhat.com> = 4.1-3
+- [gluster] collect public keys from the right dir
+  Resolves: bz1925419
+- [cleaner] Only skip packaging-based files for the IP parse
+  Resolves: bz1964499
+- [networking] collect also tc filter show ingress
+  Resolves: bz1886711
+- [archive] skip copying SELinux context for /proc and /sys
+  Resolves: bz1965001
+- [sssd] sssd plugin when sssd-common
+  Resolves: bz1967613
+- Various OCP/cluster/cleanup enhancements
+  Resolves: bz1973675
+
+* Tue May 18 2021 Pavel Moravec <pmoravec@redhat.com> = 4.1-2
 - Load maps from all archives before obfuscation
-  Resolves: bz1967110
+  Resolves: bz1930181
 - Multiple fixes in man pages
-  Resolves: bz1967111
+  Resolves: bz1935603
 - [ds] Mask password and encryption keys in ldif files
-  Resolves: bz1967112
+  Resolves: bz1937298
 - [report] add --cmd-timeout option
-  Resolves: bz1967113
+  Resolves: bz1937418
 - [cups] Add gathering cups-browsed logs
-  Resolves: bz1967114
+  Resolves: bz1939963
 - [sssd] Collect memory cache / individual logfiles
-  Resolves: bz1967115
+  Resolves: bz1940502
 - Collect ibmvNIC dynamic_debugs
-  Resolves: bz1967116
+  Resolves: bz1942276
 - [pulpcore] add plugin for pulp-3
-  Resolves: bz1967117
+  Resolves: bz1956673
 - [saphana] remove redundant unused argument of get_inst_info
-  Resolves: bz1967118
+  Resolves: bz1959413
 - [networking] Add nstat command support
-  Resolves: bz1967119
+  Resolves: bz1961458
 - [snapper] add a new plugin
-  Resolves: bz1967120
+  Resolves: bz1961229

-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.1-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Mon Apr 26 2021 Pavel Moravec <pmoravec@redhat.com> = 4.1-1
+- Rebase on upstream 4.1
+  Resolves: bz1928679

-* Thu Apr 01 2021 Pavel Moravec <pmoravec@redhat.com> - 4.1-3
- adding sos-audit
- [gluster] Add glusterd public keys and status files
-  Resolves: bz1925419 
+* Tue Feb 16 2021 Pavel Moravec <pmoravec@redhat.com> = 4.0-8
+- Automatically create directory for sos-cleaner default_mapping
+  Resolves: bz1923937

-* Wed Mar 10 2021 Sandro Bonazzola <sbonazzo@redhat.com> - 4.1-1
- Rebase to 4.1
+* Fri Jan 29 2021 Pavel Moravec <pmoravec@redhat.com> = 4.0-7
+- [kdump] Gather the file kexec-dmesg.log
+  Resolves: bz1887402
+- [Policy] Handle additional FTP authentication issues
+  Resolves: bz1916729

+* Thu Jan 21 2021 Pavel Moravec <pmoravec@redhat.com> = 4.0-6
+- [networking] Collect 'ethtool -e <device>' conditionally only
+  Resolves: bz1917196
+
+* Wed Jan 06 2021 Pavel Moravec <pmoravec@redhat.com> = 4.0-5
+- [component] honour plugopts from config file
+  Resolves: bz1912889
+- [collector] declare sysroot for each component
+  Resolves: bz1912821
+- [plugins] Dont stop collecting by empty specfile when sizelimit=0
+  Resolves: bz1912910
+
+* Mon Jan 04 2021 Pavel Moravec <pmoravec@redhat.com> = 4.0-4
+- [component] Use sysroot from Policy when opts doesn't specify it
+  Resolves: bz1881118
+
+* Mon Dec 14 2020 Pavel Moravec <pmoravec@redhat.com> = 4.0-3
+- [ovirt] collect /etc/pki/ovirt-engine/.truststore
+  Resolves: bz1848095
+- [collector] allow overriding plain --cluster-type
+  Resolves: bz1895316
+- [component] Add log verbosity from presets
+  Resolves: bz1904045
+- [options] Fix --log-size=0 being ignored and unreported
+  Resolves: bz1905657
+- [report] collect broken symlinks
+  Resolves: bz1906598
+
+* Thu Oct 29 2020 Pavel Moravec <pmoravec@redhat.com> = 4.0-2
+- [cleaner] more streamlined sanitize_item method
+  Resolves: bz1827801
+- [openstack_ironic] Missing ironic-inspector configs
+  Resolves: bz1874295
+- Add support to collect hardware component logs
+  Resolves: bz1880372
+- [crio] collect /etc/crio/crio.conf.d/
+  Resolves: bz1881118
+- [policy] Handle additional failure conditions for FTP uploads
+  Resolves: bz1882368
+- [filesys] never collect content of /proc/fs/panfs
+  Resolves: bz1886782
+- [kdump] Collect new kdump logfiles
+  Resolves: bz1887390
+- [stratis] Collect key list and report engine
+  Resolves: bz1888012
+- return tmp-dir with absolute path
+  Resolves: bz1891562
+
+* Tue Oct 13 2020 Pavel Moravec <pmoravec@redhat.com> = 4.0-1
+- Rebase on upstream 4.0
+  Resolves: bz1827801