commit 4fcaa51c5a72660fa4a82a1cef33aa61b57e6531 Author: CentOS Sources Date: Wed May 18 07:41:20 2022 -0400 import leapp-repository-0.16.0-6.el8_6 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5efef74 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/deps-pkgs-6.tar.gz +SOURCES/leapp-repository-0.16.0.tar.gz diff --git a/.leapp-repository.metadata b/.leapp-repository.metadata new file mode 100644 index 0000000..f61e49c --- /dev/null +++ b/.leapp-repository.metadata @@ -0,0 +1,2 @@ +a5100971d63814c213c5245181891329578baf8d SOURCES/deps-pkgs-6.tar.gz +2bcc851f1344107581096a6b564375c440a4df4a SOURCES/leapp-repository-0.16.0.tar.gz diff --git a/SOURCES/0001-pcidevicesscanner-Also-match-deprecation-data-agains.patch1 b/SOURCES/0001-pcidevicesscanner-Also-match-deprecation-data-agains.patch1 new file mode 100644 index 0000000..00949e8 --- /dev/null +++ b/SOURCES/0001-pcidevicesscanner-Also-match-deprecation-data-agains.patch1 @@ -0,0 +1,70 @@ +From b4fc2e0ae62e68dd246ed2eedda0df2a3ba90633 Mon Sep 17 00:00:00 2001 +From: Vinzenz Feenstra +Date: Fri, 1 Apr 2022 15:13:51 +0200 +Subject: [PATCH] pcidevicesscanner: Also match deprecation data against kernel + modules + +Previously when the deprecation data got introduced the kernel drivers +reported to be used by lspci have not been checked. +This patch fixes this regression. + +Signed-off-by: Vinzenz Feenstra +--- + .../libraries/pcidevicesscanner.py | 29 ++++++++++++++++++- + 1 file changed, 28 insertions(+), 1 deletion(-) + +diff --git a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py +index 146f1a33..0f02bd02 100644 +--- a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py ++++ b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py +@@ -1,7 +1,13 @@ + import re + + from leapp.libraries.stdlib import api, run +-from leapp.models import DetectedDeviceOrDriver, DeviceDriverDeprecationData, PCIDevice, PCIDevices ++from leapp.models import ( ++ ActiveKernelModulesFacts, ++ DetectedDeviceOrDriver, ++ DeviceDriverDeprecationData, ++ PCIDevice, ++ PCIDevices ++) + + # Regex to capture Vendor, Device and SVendor and SDevice values + PCI_ID_REG = re.compile(r"(?<=Vendor:\t|Device:\t)\w+") +@@ -82,6 +88,26 @@ def produce_detected_devices(devices): + ]) + + ++def produce_detected_drivers(devices): ++ active_modules = { ++ module.file_name ++ for message in api.consume(ActiveKernelModulesFacts) for module in message.kernel_modules ++ } ++ ++ # Create a lookup by driver_name and filter out the kernel that are active ++ entry_lookup = { ++ entry.driver_name: entry ++ for message in api.consume(DeviceDriverDeprecationData) for entry in message.entries ++ if entry.driver_name and entry.driver_name not in active_modules ++ } ++ ++ drivers = {device.driver for device in devices if device.driver in entry_lookup} ++ api.produce(*[ ++ DetectedDeviceOrDriver(**entry_lookup[driver].dump()) ++ for driver in drivers ++ ]) ++ ++ + def produce_pci_devices(producer, devices): + """ Produce a Leapp message with all PCI devices """ + producer(PCIDevices(devices=devices)) +@@ -93,4 +119,5 @@ def scan_pci_devices(producer): + pci_numeric = run(['lspci', '-vmmkn'], checked=False)['stdout'] + devices = parse_pci_devices(pci_textual, pci_numeric) + produce_detected_devices(devices) ++ produce_detected_drivers(devices) + produce_pci_devices(producer, devices) +-- +2.35.1 + diff --git a/SOURCES/0002-pciscanner-Fix-2-issues-in-regards-to-pci-address-ha.patch b/SOURCES/0002-pciscanner-Fix-2-issues-in-regards-to-pci-address-ha.patch new file mode 100644 index 0000000..4b2809c --- /dev/null +++ b/SOURCES/0002-pciscanner-Fix-2-issues-in-regards-to-pci-address-ha.patch @@ -0,0 +1,44 @@ +From 53ceded213ae17ca5d27268bc496e736dfea7e64 Mon Sep 17 00:00:00 2001 +From: Vinzenz Feenstra +Date: Thu, 14 Apr 2022 14:50:07 +0200 +Subject: [PATCH 2/3] pciscanner: Fix 2 issues in regards to pci address + handling + +In a previous patch, the introduction of the new handling of deprecation +data, 2 problems slipped through. + +1. The regex replacement for pci ids errornous adds an empty space + instead of empty string +2. Drivers should be matched on lspci output against the driver + deprecation data only if the pci_id is empty + +Signed-off-by: Vinzenz Feenstra +--- + .../actors/pcidevicesscanner/libraries/pcidevicesscanner.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py +index 0f02bd02..eb063abb 100644 +--- a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py ++++ b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py +@@ -78,7 +78,7 @@ def parse_pci_devices(pci_textual, pci_numeric): + def produce_detected_devices(devices): + prefix_re = re.compile('0x') + entry_lookup = { +- prefix_re.sub(' ', entry.device_id): entry ++ prefix_re.sub('', entry.device_id): entry + for message in api.consume(DeviceDriverDeprecationData) for entry in message.entries + } + api.produce(*[ +@@ -98,7 +98,7 @@ def produce_detected_drivers(devices): + entry_lookup = { + entry.driver_name: entry + for message in api.consume(DeviceDriverDeprecationData) for entry in message.entries +- if entry.driver_name and entry.driver_name not in active_modules ++ if not entry.device_id and entry.driver_name and entry.driver_name not in active_modules + } + + drivers = {device.driver for device in devices if device.driver in entry_lookup} +-- +2.35.1 + diff --git a/SOURCES/0003-Ensure-the-right-repositories-are-enabled-on-Satelli.patch b/SOURCES/0003-Ensure-the-right-repositories-are-enabled-on-Satelli.patch new file mode 100644 index 0000000..aa04a8a --- /dev/null +++ b/SOURCES/0003-Ensure-the-right-repositories-are-enabled-on-Satelli.patch @@ -0,0 +1,78 @@ +From a1fdabea9c00a96ffc1504577f12733e1c1830ee Mon Sep 17 00:00:00 2001 +From: Evgeni Golov +Date: Thu, 7 Apr 2022 14:56:18 +0200 +Subject: [PATCH 3/3] Ensure the right repositories are enabled on Satellite + Capsules + +--- + .../actors/satellite_upgrade_facts/actor.py | 6 +++- + .../unit_test_satellite_upgrade_facts.py | 34 ++++++++++++++++++- + 2 files changed, 38 insertions(+), 2 deletions(-) + +diff --git a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py +index eb87cd68..fb83107e 100644 +--- a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py ++++ b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py +@@ -129,6 +129,10 @@ class SatelliteUpgradeFacts(Actor): + modules_to_enable=modules_to_enable + ) + ) +- repositories_to_enable = ['ansible-2.9-for-rhel-8-x86_64-rpms', 'satellite-6.11-for-rhel-8-x86_64-rpms', ++ repositories_to_enable = ['ansible-2.9-for-rhel-8-x86_64-rpms', + 'satellite-maintenance-6.11-for-rhel-8-x86_64-rpms'] ++ if has_package(InstalledRPM, 'foreman'): ++ repositories_to_enable.append('satellite-6.11-for-rhel-8-x86_64-rpms') ++ else: ++ repositories_to_enable.append('satellite-capsule-6.11-for-rhel-8-x86_64-rpms') + self.produce(RepositoriesSetupTasks(to_enable=repositories_to_enable)) +diff --git a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py +index 5c8e79ff..e77b7b58 100644 +--- a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py ++++ b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py +@@ -1,6 +1,14 @@ + import os + +-from leapp.models import DNFWorkaround, InstalledRPM, Module, RPM, RpmTransactionTasks, SatelliteFacts ++from leapp.models import ( ++ DNFWorkaround, ++ InstalledRPM, ++ Module, ++ RepositoriesSetupTasks, ++ RPM, ++ RpmTransactionTasks, ++ SatelliteFacts ++) + from leapp.snactor.fixture import current_actor_context + + RH_PACKAGER = 'Red Hat, Inc. ' +@@ -87,3 +95,27 @@ def test_detects_remote_postgresql(current_actor_context): + assert not satellitemsg.postgresql.local_postgresql + + assert not current_actor_context.consume(DNFWorkaround) ++ ++ ++def test_enables_right_repositories_on_satellite(current_actor_context): ++ current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM])) ++ current_actor_context.run() ++ ++ rpmmessage = current_actor_context.consume(RepositoriesSetupTasks)[0] ++ ++ assert 'ansible-2.9-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable ++ assert 'satellite-maintenance-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable ++ assert 'satellite-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable ++ assert 'satellite-capsule-6.11-for-rhel-8-x86_64-rpms' not in rpmmessage.to_enable ++ ++ ++def test_enables_right_repositories_on_capsule(current_actor_context): ++ current_actor_context.feed(InstalledRPM(items=[FOREMAN_PROXY_RPM])) ++ current_actor_context.run() ++ ++ rpmmessage = current_actor_context.consume(RepositoriesSetupTasks)[0] ++ ++ assert 'ansible-2.9-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable ++ assert 'satellite-maintenance-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable ++ assert 'satellite-6.11-for-rhel-8-x86_64-rpms' not in rpmmessage.to_enable ++ assert 'satellite-capsule-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable +-- +2.35.1 + diff --git a/SOURCES/0004-Enforce-the-removal-of-rubygem-irb-do-not-install-it.patch b/SOURCES/0004-Enforce-the-removal-of-rubygem-irb-do-not-install-it.patch new file mode 100644 index 0000000..1cc62cc --- /dev/null +++ b/SOURCES/0004-Enforce-the-removal-of-rubygem-irb-do-not-install-it.patch @@ -0,0 +1,23 @@ +From 496abd1775779054377c5e35ae96fa4d390bab42 Mon Sep 17 00:00:00 2001 +From: Petr Stodulka +Date: Tue, 19 Apr 2022 21:51:03 +0200 +Subject: [PATCH] Enforce the removal of rubygem-irb (do not install it) + +--- + etc/leapp/transaction/to_remove | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/etc/leapp/transaction/to_remove b/etc/leapp/transaction/to_remove +index 0feb782..07c6864 100644 +--- a/etc/leapp/transaction/to_remove ++++ b/etc/leapp/transaction/to_remove +@@ -1,3 +1,6 @@ + ### List of packages (each on new line) to be removed from the upgrade transaction + # Removing initial-setup package to avoid it asking for EULA acceptance during upgrade - OAMG-1531 + initial-setup ++ ++# temporary workaround for the file conflict symlink <-> dir (#2030627) ++rubygem-irb +-- +2.35.1 + diff --git a/SOURCES/0005-IPU-8-9-Migrate-blacklisted-CAs-hotfix.patch b/SOURCES/0005-IPU-8-9-Migrate-blacklisted-CAs-hotfix.patch new file mode 100644 index 0000000..d7ca5cd --- /dev/null +++ b/SOURCES/0005-IPU-8-9-Migrate-blacklisted-CAs-hotfix.patch @@ -0,0 +1,209 @@ +From eeb4f99f57c67937ea562fce11fd5607470ae0a6 Mon Sep 17 00:00:00 2001 +From: Petr Stodulka +Date: Fri, 22 Apr 2022 00:20:15 +0200 +Subject: [PATCH] [IPU 8 -> 9] Migrate blacklisted CAs (hotfix) + +Preserve blacklisted certificates during the IPU 8 -> 9 + +Path for the blacklisted certificates has been changed on RHEL 9. +The original paths on RHEL 8 and older systems have been: + /etc/pki/ca-trust/source/blacklist/ + /usr/share/pki/ca-trust-source/blacklist/ +However on RHEL 9 the blacklist directory has been renamed to 'blocklist'. +So the paths are: + /etc/pki/ca-trust/source/blocklist/ + /usr/share/pki/ca-trust-source/blocklist/ +This actor moves all blacklisted certificates into the expected directories +and fix symlinks if to point to the new dirs if they originally pointed +to one of obsoleted dirs. + +Covered cases: +- covered situations with missing dirs +- covered both mentioned blacklist directories +- update symlinks in case they point to one of obsoleted directories +- remove obsoleted directories when all files migrated successfully +- execute /usr/bin/update-ca-trust in the end +- remove original a blacklist directory in case all discovered files + inside are migrated successfully +- print error logs in case of any issues so the upgrade does not + crash in case of troubles and users could deal with problems + manually after the upgrade + +The actor is not covered by unit-tests as it's just a hotfix. Follow +up works are expected to extend the problem with reports during +preupgrade phases, improve the test coverage, .... + +BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2077432 +Followup ticket: CRYPTO-7097 +--- + .../actors/migrateblacklistca/actor.py | 28 ++++++ + .../libraries/migrateblacklistca.py | 89 +++++++++++++++++++ + .../tests/unit_test_migrateblacklistca.py | 25 ++++++ + 3 files changed, 142 insertions(+) + create mode 100644 repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py + create mode 100644 repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py + create mode 100644 repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py + +diff --git a/repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py +new file mode 100644 +index 00000000..863a0063 +--- /dev/null ++++ b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py +@@ -0,0 +1,28 @@ ++from leapp.actors import Actor ++from leapp.libraries.actor import migrateblacklistca ++from leapp.tags import ApplicationsPhaseTag, IPUWorkflowTag ++ ++ ++class MigrateBlacklistCA(Actor): ++ """ ++ Preserve blacklisted certificates during the upgrade ++ ++ Path for the blacklisted certificates has been changed on RHEL 9. ++ The original paths on RHEL 8 and older systems have been: ++ /etc/pki/ca-trust/source/blacklist/ ++ /usr/share/pki/ca-trust-source/blacklist/ ++ However on RHEL 9 the blacklist directory has been renamed to 'blocklist'. ++ So the new paths are: ++ /etc/pki/ca-trust/source/blocklist/ ++ /usr/share/pki/ca-trust-source/blocklist/ ++ This actor moves all blacklisted certificates into the expected directories ++ and fix symlinks if needed. ++ """ ++ ++ name = 'migrate_blacklist_ca' ++ consumes = () ++ produces = () ++ tags = (ApplicationsPhaseTag, IPUWorkflowTag) ++ ++ def process(self): ++ migrateblacklistca.process() +diff --git a/repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py +new file mode 100644 +index 00000000..73c9d565 +--- /dev/null ++++ b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py +@@ -0,0 +1,89 @@ ++import os ++import shutil ++ ++from leapp.libraries.stdlib import api, CalledProcessError, run ++ ++# dict(orig_dir: new_dir) ++DIRS_CHANGE = { ++ '/etc/pki/ca-trust/source/blacklist/': '/etc/pki/ca-trust/source/blocklist/', ++ '/usr/share/pki/ca-trust-source/blacklist/': '/usr/share/pki/ca-trust-source/blocklist/' ++} ++ ++ ++def _link_src_path(filepath): ++ """ ++ Return expected target path for the symlink. ++ ++ In case the symlink points to one of dirs supposed to be migrated in this ++ actor, we need to point to the new directory instead. ++ ++ In case the link points anywhere else, keep the target path as it is. ++ """ ++ realpath = os.path.realpath(filepath) ++ for dirname in DIRS_CHANGE: ++ if realpath.startswith(dirname): ++ return realpath.replace(dirname, DIRS_CHANGE[dirname]) ++ ++ # it seems we can keep this path ++ return realpath ++ ++ ++def _migrate_file(filename, src_basedir): ++ dst_path = filename.replace(src_basedir, DIRS_CHANGE[src_basedir]) ++ if os.path.exists(dst_path): ++ api.current_logger().info( ++ 'Skipping migration of the {} certificate. The target file already exists' ++ .format(filename) ++ ) ++ return ++ os.makedirs(os.path.dirname(dst_path), mode=0o755, exist_ok=True) ++ if os.path.islink(filename): ++ # create the new symlink instead of the moving the file ++ # as the target path could be different as well ++ link_src_path = _link_src_path(filename) ++ # TODO: is the broken symlink ok? ++ os.symlink(link_src_path, dst_path) ++ os.unlink(filename) ++ else: ++ # normal file, just move it ++ shutil.move(filename, dst_path) ++ ++ ++def _get_files(dirname): ++ return run(['find', dirname, '-type', 'f,l'], split=True)['stdout'] ++ ++ ++def process(): ++ for dirname in DIRS_CHANGE: ++ if not os.path.exists(dirname): ++ # The directory does not exist; nothing to do here ++ continue ++ try: ++ blacklisted_certs = _get_files(dirname) ++ except (CalledProcessError, OSError) as e: ++ # TODO: create post-upgrade report ++ api.current_logger().error('Cannot get list of files in {}: {}.'.format(dirname, e)) ++ api.current_logger().error('Certificates under {} must be migrated manually.'.format(dirname)) ++ continue ++ failed_files = [] ++ for filename in blacklisted_certs: ++ try: ++ _migrate_file(filename, dirname) ++ except OSError as e: ++ api.current_logger().error( ++ 'Failed migration of blacklisted certificate {}: {}' ++ .format(filename, e) ++ ) ++ failed_files.append(filename) ++ if not failed_files: ++ # the failed removal is not such a big issue here ++ # clean the dir if all files have been migrated successfully ++ shutil.rmtree(dirname, ignore_errors=True) ++ try: ++ run(['/usr/bin/update-ca-trust']) ++ except (CalledProcessError, OSError) as e: ++ api.current_logger().error( ++ 'Cannot update CA trust on the system.' ++ ' It needs to be done manually after the in-place upgrade.' ++ ' Reason: {}'.format(e) ++ ) +diff --git a/repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py +new file mode 100644 +index 00000000..970dcb97 +--- /dev/null ++++ b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py +@@ -0,0 +1,25 @@ ++import os ++ ++from leapp.libraries.actor import migrateblacklistca ++from leapp.libraries.common.testutils import CurrentActorMocked ++from leapp.libraries.stdlib import api ++ ++ ++class MockedGetFiles(): ++ def __init__(self): ++ self.called = 0 ++ ++ def __call__(self): ++ self.called += 1 ++ return [] ++ ++ ++def test_no_dirs_exist(monkeypatch): ++ mocked_files = MockedGetFiles() ++ monkeypatch.setattr(os.path, 'exists', lambda dummy: False) ++ monkeypatch.setattr(migrateblacklistca, '_get_files', mocked_files) ++ monkeypatch.setattr(api, 'current_actor', CurrentActorMocked()) ++ # this is bad mock, but we want to be sure that update-ca-trust is not ++ # called on the testing machine ++ monkeypatch.setattr(migrateblacklistca, 'run', lambda dummy: dummy) ++ assert not mocked_files.called +-- +2.35.1 + diff --git a/SOURCES/0006-Skip-comment-lines-when-parsing-grub-configuration-f.patch b/SOURCES/0006-Skip-comment-lines-when-parsing-grub-configuration-f.patch new file mode 100644 index 0000000..0b99e81 --- /dev/null +++ b/SOURCES/0006-Skip-comment-lines-when-parsing-grub-configuration-f.patch @@ -0,0 +1,108 @@ +From 32702c7c7d1c445b9ab95e0d1bbdfdf8f06d4303 Mon Sep 17 00:00:00 2001 +From: Petr Stodulka +Date: Wed, 27 Apr 2022 11:25:40 +0200 +Subject: [PATCH] Skip comment lines when parsing grub configuration file + +Added simple unit-test for default grub info to see the valid lines +can be parsed as expected. +--- + .../systemfacts/libraries/systemfacts.py | 21 ++++++++- + .../tests/test_systemfacts_grub.py | 46 +++++++++++++++++++ + 2 files changed, 65 insertions(+), 2 deletions(-) + create mode 100644 repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py + +diff --git a/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py b/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py +index 0de8b383..81aea6f5 100644 +--- a/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py ++++ b/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py +@@ -9,6 +9,7 @@ import re + import six + + from leapp import reporting ++from leapp.exceptions import StopActorExecutionError + from leapp.libraries.common import repofileutils + from leapp.libraries.common.config import architecture + from leapp.libraries.stdlib import api, CalledProcessError, run +@@ -289,9 +290,25 @@ def _default_grub_info(): + ]) + else: + for line in run(['cat', default_grb_fpath], split=True)['stdout']: +- if not line.strip(): ++ line = line.strip() ++ if not line or line[0] == '#': ++ # skip comments and empty lines + continue +- name, value = tuple(map(type(line).strip, line.split('=', 1))) ++ try: ++ name, value = tuple(map(type(line).strip, line.split('=', 1))) ++ except ValueError as e: ++ # we do not want to really continue when we cannot parse this file ++ # TODO(pstodulk): rewrite this in the form we produce inhibitor ++ # with problematic lines. This is improvement just in comparison ++ # to the original hard crash. ++ raise StopActorExecutionError( ++ 'Failed parsing of {}'.format(default_grb_fpath), ++ details={ ++ 'error': str(e), ++ 'problematic line': str(line) ++ } ++ ) ++ + yield DefaultGrub( + name=name, + value=value +diff --git a/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py b/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py +new file mode 100644 +index 00000000..08552771 +--- /dev/null ++++ b/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py +@@ -0,0 +1,46 @@ ++import os ++ ++from leapp.libraries.actor import systemfacts ++from leapp.models import DefaultGrub ++ ++ ++class RunMocked(object): ++ def __init__(self, cmd_result): ++ self.called = 0 ++ self.cmd_result = cmd_result ++ self.split = False ++ self.cmd = None ++ ++ def __call__(self, cmd, split=False): ++ self.cmd = cmd ++ self.split = split ++ self.called += 1 ++ return self.cmd_result ++ ++ ++def test_default_grub_info_valid(monkeypatch): ++ mocked_run = RunMocked({ ++ 'stdout': [ ++ 'line="whatever else here"', ++ 'newline="whatever"', ++ '# comment here', ++ 'why_not=value', ++ ' # whitespaces around comment ', ++ ' ', ++ ' last=last really' ++ ], ++ }) ++ expected_result = [ ++ DefaultGrub(name='line', value='"whatever else here"'), ++ DefaultGrub(name='newline', value='"whatever"'), ++ DefaultGrub(name='why_not', value='value'), ++ DefaultGrub(name='last', value='last really'), ++ ] ++ monkeypatch.setattr(systemfacts, 'run', mocked_run) ++ monkeypatch.setattr(os.path, 'isfile', lambda dummy: True) ++ for msg in systemfacts._default_grub_info(): ++ expected_msg = expected_result.pop(0) ++ assert msg.name == expected_msg.name ++ assert msg.value == expected_msg.value ++ assert mocked_run.called ++ assert not expected_result +-- +2.35.1 + diff --git a/SPECS/leapp-repository.spec b/SPECS/leapp-repository.spec new file mode 100644 index 0000000..14ea971 --- /dev/null +++ b/SPECS/leapp-repository.spec @@ -0,0 +1,756 @@ +%global leapp_datadir %{_datadir}/leapp-repository +%global repositorydir %{leapp_datadir}/repositories +%global custom_repositorydir %{leapp_datadir}/custom-repositories + +%define leapp_repo_deps 6 + +%if 0%{?rhel} == 7 + %define leapp_python_sitelib %{python2_sitelib} + %define lpr_name leapp-upgrade-el7toel8 +%else + %define leapp_python_sitelib %{python3_sitelib} + %define lpr_name leapp-upgrade-el8toel9 + + # This drops autogenerated deps on + # - /usr/libexec/platform-python (rhel-8 buildroot) + # - /usr/bin/python3.x (epel-8 buildroot) + # - python(abi) = 3.x + # Each of these lead into the removal of leapp rpms as python is changed between + # major versions of RHEL + %global __requires_exclude ^python\\(abi\\) = 3\\..+|/usr/libexec/platform-python|/usr/bin/python.* +%endif + + +# TODO: not sure whether it's required nowadays. Let's check it and drop +# the whole block if not. +%if 0%{?rhel} == 7 +# Defining py_byte_compile macro because it is not defined in old rpm (el7) +# Only defined to python2 since python3 is not used in RHEL7 +%{!?py_byte_compile: %global py_byte_compile py2_byte_compile() {\ + python_binary="%1"\ + bytecode_compilation_path="%2"\ + find $bytecode_compilation_path -type f -a -name "*.py" -print0 | xargs -0 $python_binary -c 'import py_compile, sys; [py_compile.compile(f, dfile=f.partition("$RPM_BUILD_ROOT")[2]) for f in sys.argv[1:]]' || :\ + find $bytecode_compilation_path -type f -a -name "*.py" -print0 | xargs -0 $python_binary -O -c 'import py_compile, sys; [py_compile.compile(f, dfile=f.partition("$RPM_BUILD_ROOT")[2]) for f in sys.argv[1:]]' || :\ +}\ +py2_byte_compile "%1" "%2"} +%endif + + +# We keeps the leapp-repository name for the component, however we do not plan +# to create such an rpm. Instead, we are going to introduce new naming for +# RHEL 8+ packages to be consistent with other leapp projects in future. + +Name: leapp-repository +Version: 0.16.0 +Release: 6%{?dist} +Summary: Repositories for leapp + +License: ASL 2.0 +URL: https://oamg.github.io/leapp/ +Source0: https://github.com/oamg/leapp-repository/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source1: deps-pkgs-6.tar.gz +BuildArch: noarch + +### PATCHES HERE +# Patch0001: filename.patch +Patch0001: 0001-pcidevicesscanner-Also-match-deprecation-data-agains.patch1 +Patch0002: 0002-pciscanner-Fix-2-issues-in-regards-to-pci-address-ha.patch +Patch0003: 0003-Ensure-the-right-repositories-are-enabled-on-Satelli.patch +Patch0004: 0004-Enforce-the-removal-of-rubygem-irb-do-not-install-it.patch +Patch0005: 0005-IPU-8-9-Migrate-blacklisted-CAs-hotfix.patch +Patch0006: 0006-Skip-comment-lines-when-parsing-grub-configuration-f.patch + +%description +%{summary} + + +# This is the real RPM with the leapp repositories content +%package -n %{lpr_name} +Summary: Leapp repositories for the in-place upgrade + +%if 0%{?rhel} == 7 +######### RHEL 7 ############ +BuildRequires: python-devel +Requires: python2-leapp + +# We should not drop this on RHEL 7 because of the compatibility reasons +Obsoletes: leapp-repository-data <= 0.6.1 +Provides: leapp-repository-data <= 0.6.1 + +# Former leapp subpackage that is part of the sos package since HEL 7.8 +Obsoletes: leapp-repository-sos-plugin <= 0.10.0 + +# Set the conflict to be sure this RPM is not upgraded automatically to +# the one from the target (upgraded) RHEL. The RPM has to stay untouched +# during the whole IPU process. +# The manual removal of the RPM is required after the IPU +Conflicts: leapp-upgrade-el8toel9 + +%else +######### RHEL 8 ############ +BuildRequires: python3-devel +Requires: python3-leapp + +# Same as the conflict above - we want to be sure our packages are untouched +# during the whole IPU process +Conflicts: leapp-upgrade-el7toel8 + +%endif + +# IMPORTANT: everytime the requirements are changed, increment number by one +# - same for Provides in deps subpackage +Requires: leapp-repository-dependencies = %{leapp_repo_deps} + +# IMPORTANT: this is capability provided by the leapp framework rpm. +# Check that 'version' instead of the real framework rpm version. +Requires: leapp-framework >= 2.2 + +# Since we provide sub-commands for the leapp utility, we expect the leapp +# tool to be installed as well. +Requires: leapp + +# The leapp-repository rpm is renamed to %%{lpr_name} +Obsoletes: leapp-repository < 0.14.0-5 +Provides: leapp-repository = %{version}-%{release} + +# Provide "leapp-upgrade" for the user convenience. Users will be pointed +# to install "leapp-upgrade" in the official docs. +Provides: leapp-upgrade = %{version}-%{release} + + +%description -n %{lpr_name} +Leapp repositories for the in-place upgrade to the next major version +of the Red Hat Enterprise Linux system. + + +# This metapackage should contain all RPM dependencies exluding deps on *leapp* +# RPMs. This metapackage will be automatically replaced during the upgrade +# to satisfy dependencies with RPMs from target system. +%package -n %{lpr_name}-deps +Summary: Meta-package with system dependencies of %{lpr_name} package + +# The package has been renamed, so let's obsoletes the old one +Obsoletes: leapp-repository-deps < 0.14.0-5 + +# IMPORTANT: everytime the requirements are changed, increment number by one +# - same for Requires in main package +Provides: leapp-repository-dependencies = %{leapp_repo_deps} +################################################## +# Real requirements for the leapp-repository HERE +################################################## +Requires: dnf >= 4 +Requires: pciutils +%if 0%{?rhel} && 0%{?rhel} == 7 +# Required to gather system facts about SELinux +Requires: libselinux-python +Requires: python-pyudev +# required by SELinux actors +Requires: policycoreutils-python +# Required to fetch leapp data +Requires: python-requests + +%else +############# RHEL 8 dependencies (when the source system is RHEL 8) ########## +# systemd-nspawn utility +Requires: systemd-container +Requires: python3-pyudev +# Required to fetch leapp data +Requires: python3-requests +# Required because the code is kept Py2 & Py3 compatible +Requires: python3-six +# required by SELinux actors +Requires: policycoreutils-python-utils +%endif +################################################## +# end requirement +################################################## + + +%description -n %{lpr_name}-deps +%{summary} + + +%prep +%setup -n %{name}-%{version} +%setup -q -n %{name}-%{version} -D -T -a 1 + +# APPLY PATCHES HERE +# %%patch0001 -p1 +%patch0001 -p1 +%patch0002 -p1 +%patch0003 -p1 +%patch0004 -p1 +%patch0005 -p1 +%patch0006 -p1 + +# enforce removal of packages below during the upgrade + +%build +%if 0%{?rhel} == 7 +cp -a leapp*deps-el8*rpm repos/system_upgrade/el7toel8/files/bundled-rpms/ +%else +cp -a leapp*deps-el9*rpm repos/system_upgrade/el8toel9/files/bundled-rpms/ +%endif + + +%install +install -m 0755 -d %{buildroot}%{custom_repositorydir} +install -m 0755 -d %{buildroot}%{repositorydir} +cp -r repos/* %{buildroot}%{repositorydir}/ +install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/repos.d/ +install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/transaction/ +install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/files/ +install -m 0644 etc/leapp/transaction/* %{buildroot}%{_sysconfdir}/leapp/transaction + +# install CLI commands for the leapp utility on the expected path +install -m 0755 -d %{buildroot}%{leapp_python_sitelib}/leapp/cli/ +cp -r commands %{buildroot}%{leapp_python_sitelib}/leapp/cli/ +rm -rf %{buildroot}%{leapp_python_sitelib}/leapp/cli/commands/tests + +# Remove irrelevant repositories - We don't want to ship them for the particular +# RHEL version +%if 0%{?rhel} == 7 +rm -rf %{buildroot}%{repositorydir}/system_upgrade/el8toel9 +%else +rm -rf %{buildroot}%{repositorydir}/system_upgrade/el7toel8 +%endif + +# remove component/unit tests, Makefiles, ... stuff that related to testing only +rm -rf %{buildroot}%{repositorydir}/common/actors/testactor +find %{buildroot}%{repositorydir}/common -name "test.py" -delete +rm -rf `find %{buildroot}%{repositorydir} -name "tests" -type d` +find %{buildroot}%{repositorydir} -name "Makefile" -delete + +for DIRECTORY in $(find %{buildroot}%{repositorydir}/ -mindepth 1 -maxdepth 1 -type d); +do + REPOSITORY=$(basename $DIRECTORY) + echo "Enabling repository $REPOSITORY" + ln -s %{repositorydir}/$REPOSITORY %{buildroot}%{_sysconfdir}/leapp/repos.d/$REPOSITORY +done; + +# __python2 could be problematic on systems with Python3 only, but we have +# no choice as __python became error on F33+: +# https://fedoraproject.org/wiki/Changes/PythonMacroError +%if 0%{?rhel} == 7 +%py_byte_compile %{__python2} %{buildroot}%{repositorydir}/* +%else +%py_byte_compile %{__python3} %{buildroot}%{repositorydir}/* +%endif + + +%files -n %{lpr_name} +%doc README.md +%license LICENSE +%dir %{_sysconfdir}/leapp/transaction +%dir %{_sysconfdir}/leapp/files +%dir %{leapp_datadir} +%dir %{repositorydir} +%dir %{custom_repositorydir} +%dir %{leapp_python_sitelib}/leapp/cli/commands +%{_sysconfdir}/leapp/repos.d/* +%{_sysconfdir}/leapp/transaction/* +%{repositorydir}/* +%{leapp_python_sitelib}/leapp/cli/commands/* + + +%files -n %{lpr_name}-deps +# no files here + +%changelog +* Wed Apr 27 2022 Petr Stodulka - 0.16.0-6 +- Skip comments in /etc/default/grub during the parsing +- Resolves: #1997076 + +* Tue Apr 26 2022 Petr Stodulka - 0.16.0-5 +- Migrate blacklisted CA certificates during the upgrade +- Resolves: #1997076 + +* Tue Apr 19 2022 Petr Stodulka - 0.16.0-4 +- Extend the check of deprecated or removed PCI drivers +- Do not instruct DNF to install rubygem-irb during the in-place upgrade + to prevent conflict between files +- Resolves: #1997076 + +* Fri Mar 18 2022 Petr Stodulka - 0.16.0-1 +- Rebase to v0.16.0 +- Improve the performance of the leapp execution for "pre first reboot" phases +- Introduce upgrades for RHEL 8 to RHEL 9 +- Enabled upgrade paths: + - RHEL 8.6 -> 9.0 + - RHEL with SAP 8.6 -> 9.0 +- Requires leapp-framework >= 2.2 +- Bump leapp-framework-dependencies to 5 +- Add actors for MariaDB and PostgreSQL +- Add detection of enabled DNF plugins +- Add scan & checks for VDO devices +- Bind the /run/lock dir into the container in the upgrade initramfs env +- Check Firewalld configuration +- Check SSSD configuration for changes in RHEL 9 +- Check deprecated network settings +- Check ifcfg files for change in RHEL 9 +- Check the existence of the custom network-scripts +- Filter out PES data unrelated for the particular IPU path +- Fix generating of instructions/data for the leapp DNF plugin during +- Fix generating the target initramfs when additional files and dracut modules are requested to be added +- Fix getting device attribute through udev on Python 3 +- Fix parsing of sysctl output during the scan of the system +- Fix scanning "/etc/default/grub" with empty lines +- Fix scanning information about mounted devices +- Fix the execution order for the dnf dry run actor +- Handle SELinux during the in-place upgrade +- Handle live kernel patching during +- Improve and generalize checking of device drivers +- Inhibit the upgrade when ipa-server is detected +- Introduce DNFWorkarounds to register scripts to be executed before DNF run +- Introduce handling of DNF modularity during the upgrade +- Introduce the --report-schema option to control the version of the generated report format +- Introduce the --target option to specify the version of the target system +- Provide the LEAPP_IPU_IN_PROGRESS environment variable for actors during in-place upgrade +- Resolves: #1997076 + +* Tue Feb 01 2022 Petr Stodulka - 0.15.0-12 +- Fix handling of PES data for modularity packages +- Resolves: #1997076 + +* Thu Jan 27 2022 Petr Stodulka - 0.15.0-11 +- Beta version of IPU 8 -> 9 +- Resolves: #1997076 + +* Wed Oct 20 2021 Petr Stodulka - 0.15.0-10 +- Bumping the release for the testing purposes. +- First build for the IPU 8 -> 9 +- Resolves: #1997076 + +* Wed Oct 20 2021 Petr Stodulka - 0.15.0-3 +- Correct the version-release to obsolete previous leapp-repository-deps rpm +- Resolves: #2015192 + +* Wed Oct 20 2021 Petr Stodulka - 0.15.0-2 +- Correct the version-release to obsolete previous leapp-repository rpm +- Resolves: #2015192 + +* Tue Oct 19 2021 Petr Stodulka - 0.15.0-1 +- Rebase to v0.15.0 +- Changed supported upgrade path for: RHEL with SAP 7.9 -> 8.2 +- Enable upgrades for SAP on AWS & Azure using RHUI +- The leapp-repository rpm has been renamed to leapp-upgrade-el7toel8 +- Provides the leapp-upgrade capability, so all required packages can be installed + by the `yum install leapp-upgrade` command +- Added a dependency on leapp as the new rpm provides leapp commands +- Bumped leapp-repository-dependencies to 6 +- Do not exclude repoids enabled via the --enablerepo option (#623) +- Enforce the `en_US.utf-8` locale when running leapp to prevent various issues + when a different locale is used on the system +- Enhance the check of required free space on disk for the upgrade +- Fix XFS ftype=0 workaround when "non-XFS" rootfs is present +- Fix detection of XFS partitions without ftype +- Fix handling of /etc/yum.repos.d directory for RHUI +- Fix incorrect mapping of RHEL repositories +- Fix the detection of NFS partitions in /etc/fstab (e.g. when nfs3 or nfs4 is specified) +- Fix the report message when multiple NICs with ethX names are present (#640) +- Fix handling of issues when fetching leapp data files +- Introduce the LEAPP_NO_NETWORK_RENAMING environment variable to leave management + of NICs names on user when set to '1'; it's wanted e.g. in case a bonding + is configured on the system +- Add actors to report about PostgresSQL changes +- Make generation of targetuserspace container, upgrade initramfs, and target initramfs more dynamic +- Require the /etc/dasd.conf file only when DASD is used on s390x +- Generate /etc/migration-results upon leapp preupgrade / upgrade execution to inform about status of the upgrade +- Improve the report message when BTRFS is detected +- Inhibit the upgrade if any CIFS entries found in /etc/fstab +- Inhibit the upgrade if any deprecated OpenSSH configuration options / directives are detected +- Inhibit the upgrade when multiple rescue boot entries exist on s390x +- Inhibit the upgrade when x32b and x64b versions of packages are installed +- Introduce hard preservation of leapp packages during the IPU to make the + upgrade process more protected +- Introduce new system of automatic mapping of RHEL repositories for the in-place + upgrade based on the repomap.json data file +- Introduce the --channel CLI option to specify the channel (e.g. eus) supposed + to be used for the upgrade +- Report the problems with target repositories using inhibitors instead of error messages +- Update (or create) the /etc/{yum,dnf}/var/releasever file containing the target + OS release if exists or RHUI is detected +- Introduced the upgrade/common leapp repository: contains fundamental parts + generic for all in-place upgrades +- The upgrade/el7toel8 leapp repository contains only stuff related to in-place + upgrade from RHEL 7 -> RHEL 8 +- Resolves: #2015192 + +* Thu May 13 2021 Petr Stodulka - 0.14.0-4 +- Fix the check of removed non-pci drivers + Relates: #1952886 + +* Tue May 04 2021 Petr Stodulka - 0.14.0-3 +- Fix handling of errors when fetching leapp data files from server + Relates: #1952886 + +* Tue Apr 27 2021 Petr Stodulka - 0.14.0-2 +- Improve fetching of leapp data files from server (increase timeouts and + retry multiple times in case of error) +- Relates: #1952886 + +* Fri Apr 23 2021 Petr Stodulka - 0.14.0-1 +- Rebase to v0.14.0 +- Added dependency on python-requests on RHEL 7 +- Changed supported upgrade paths: + RHEL-ALT 7.6 -> 8.4 + RHEL 7.9 -> 8.4 + RHEL with SAP 7.7 -> 8.2 (unchanged) +- Download the leapp data from cloud.redhat.com automatically + when no data are present locally (and system is registered) +- Fix migration of Quagga to FRR on RHEL 8.4 +- Inhibit the upgrade if the system uses any drivers dropped + from the RHEL 8 system +- Resolves: #1952886 + +* Thu Feb 04 2021 Dominik Rehak - 0.13.0-2 +- Rebuild +- Relates: #1915509 + +* Thu Feb 04 2021 Dominik Rehak - 0.13.0-1 +- Rebase to v0.13.0 +- Add actors to migrate Quagga to FRR +- Add stable uniq Key id for every dialog +- Add upgrade support for SAP HANA +- Allow upgrade with SCA enabled manifest +- Fix comparison of the newest installed and booted kernel +- Fix crash due to missing network interfaces during upgrade phases +- Fix error with /boot/efi existing on non-EFI systems +- Fix false positive detection of issue in /etc/default/grub that led into GRUB + prompt +- Fix remediation command for ipa-server removal +- Fix syntax error in upgrade script +- Inhibit upgrade if multiple kernel-debug pkgs are installed +- Inhibit upgrade on s390x machines with /boot on a separate partition +- Inhibit upgrade with mount options in fstab that break mounting on RHEL 8 +- Remove the *leapp-resume* service after the *FirstBoot* phase to prevent kill + of the leapp process on `systemctl daemon-reload` +- Remove the initial-setup package to avoid it asking for EULA acceptance during + upgrade +- Require the leapp-framework capability 1.4 +- Respect the *kernel-rt* package +- Resolves: #1915509 #1872356 #1873312 #1899455 #1901002 #1905247 #1870813 +- Relates: #1901440 + +* Sun Oct 25 2020 Petr Stodulka - 0.12.0-2 +- Add actors to migrate Quagga to FRR +- Fixes issues with interrupted leapp during the FirstBoot phase when reload + of daemons is required + Resolves: #1883218 +- Relates: #1887912 + +* Wed Oct 21 2020 Dominik Rehak - 0.12.0-1 +- Rebase to v0.12.0 +- Enable upgrades on AWS and Azure +- Check usage of removed/deprecated leapp env vars +- Do not inhibit if winbind or wins is used in nsswitch.conf + (as the issue is fixed in RHEL 8.2) +- Do not remove java from the upgrade transaction +- Fix handling of events with same initial releases and input packages +- Fix mkhomedir issues after authselect conversion +- Fix python macro error in spec file +- Fix storing of logs from initramfs +- Handle migration of authselect and PAM +- Improve remediation instructions for HA clusters +- Make sure "default.target.wants" dir exists +- Resolves: #1887912 + +* Tue Sep 15 2020 Dominik Rehak - 0.11.0-4 +- Remove java from the upgrade transaction + Relates: #1860375 + +* Tue Sep 08 2020 Petr Stodulka - 0.11.0-3 +- Set authselect and PAM actors experimental again + Relates: #1860375 + +* Wed Sep 02 2020 Petr Stodulka - 0.11.0-2 +- Make possible upgrade with the java-11-openjdk-headless package +- Fix check of local repositories when metalink or mirrorlist is specified +- Relates: #1860375 + +* Tue Aug 18 2020 Michal Bocek - 0.11.0-1 +- Rebase to v0.11.0 +- Do not crash when the /root/temp_leapp_py3 directory exists (when upgrade is executed multiple times) + Relates: #1858479 +- Do not detect grub device on the s390x architecture (ZIPL is used there) +- Consider the katello rpm being signed by Red Hat +- Omit printing grub binary data on terminal which could break terminal output +- Provide just a single remedition command in the pre-upgrade report to be compatible with Satellite and Cockpit +- Search repository files only in directories used by DNF +- Change supported upgrade paths: RHEL-ALT 7.6 -> 8.2; RHEL 7.9 -> 8.2 +- Check whether PAM modules, that are not present on RHEL 8, are used +- Inhibit upgrade when local repositories (referred by file://) are detected +- Introduce actors for migration of Authconfig to Authselect +- Support for an in-place upgrade for z15 machines - s390x architecture +- Update list of removed drivers on RHEL 8 +- Resolves: #1860375 + +* Mon Apr 20 2020 Michal Bocek - 0.10.0-2 +- Fixed broken cli output due to printing binary data +- Relates: #1821710 + +* Thu Apr 16 2020 Petr Stodulka - 0.10.0-1 +- Rebase to v0.10.0 +- Changed upgrade paths: RHEL-ALT 7.6 -> 8.2; RHEL 7.8 -> 8.2 +- Add initial multipath support (it doesn't handle all cases yet) +- Use the new framework mechanism to inhibit the upgrade without reporting errors +- Support the upgrade without the use of subscription-manager +- Add dependency on leapp-framework +- Check if the latest installed kernel is booted before the upgrade +- Check that the system satisfies minimum memory requirements + for the upgrade (#413) +- Do not mount pseudo and unsupposrted FS to overlayfs (e.g. proc) +- Drop leapp sos plugin (it's part of the sos rpm in RHEL 7.7+) +- Evaluate PES events transitively to create correct data for the upgrade + transaction +- Fix checking of kernel drivers (#400) +- Fix failures caused by local rpms added into the upgrade transaction +- Fix getting mount information with mountpoints with spaces in the path +- Fix handling of XFS without ftype for every such mounted FS +- Fix issue with random booting into old RHEL 7 kernel after the upgrade +- Fix issues on systems with statically mapped IPs in /etc/hosts +- Fix issues with device mapper and udev in a container +- Fix issues with failing rpm transaction calculation because of duplicate + instructions for dnf +- Fix various issues related to RHSM (including rhbz rhbz#1702691) +- Fix yum repository scan in case of repositories with invalid URL +- Improved report related to KDE/GNOME +- Inhibit the upgrade for ipa-server (#481) +- Inhibit the upgrade if multiple kernel-devel rpms are installed +- Inhibit the upgrade on FIPS systems +- Inhibit the upgrade when links on root dir '/' are not absolute to save the world +- Inhibit the upgrade when the raised dialogs are missing answers (#589) +- Introduce new ways of using custom repositories during the transaction +- Make report messages more explicit about Dialogs (#600) +- Migrate SpamAssassin +- Migrate cups-filters +- Migrate sane-backend +- Modify vim configuration to keep the original behaviour +- Parse correctly kernel cmdline inside the initrd (#383) (fixes various issues on s390x) +- Print warnings instead of a hard failure when expected rpms cannot be found + (e.g. python3-nss inside an rpm module) (#405) +- Remove java11-openjdk-headless during the upgrade (rhbz#1820172) +- Report changes in wireshark +- The name and baseurl field in the CustomTargetRepository message are optional now +- Throw a nice error when invalid locale is set (#430) +- Various texts are improved based on the feedback +- Resolves: #1821710 + +* Tue Nov 5 2019 Petr Stodulka - 0.9.0-5 +- Do not use efibootmgr on non-efi systems + Resolves: #1768904 + +* Mon Nov 4 2019 Petr Stodulka - 0.9.0-4 +- Inhibit upgrade on EFI systems when efibootmgr is not installed + Relates: #1753580 + +* Fri Nov 1 2019 Petr Stodulka - 0.9.0-3 +- Inhibit upgrade on s390x machines with rd.znet in kernel cmdline to prevent + troubles with networking (temporary) +- Fix issues with failing rpm transaction calculation because of duplicates +- Fix boot order on EFI systems + Relates: #1753580 + +* Wed Oct 30 2019 Michal Bocek - 0.9.0-2 +- Fixed some remediation instructions +- Not trying to make an overlay over /boot/efi + Relates: #1753580 + +* Thu Oct 24 2019 Petr Stodulka - 0.9.0-1 +- Rebase to v0.9.0 +- Added dependency on policycoreutils-python +- Change upgrade path from RHEL(-ALT) 7.6 (EUS) to RHEL 8.1 +- Changed the title of the upgrade boot entry to be valid for ZIPL +- Check NSS configuration for use of wins or winbind +- Check SSSD configuration +- Check use of removed PAM modules +- Check whether CPU on s390x is supported on RHEL 8 +- Do not remove packages which shall be installed/kept on target system +- Do not waste time by downloading of RPMs if upgrade has been inhibited already +- Enable and make possible upgrades on all architectures +- Enable repositories used for upgrade on the upgraded system +- Fix adding of local rpms into the upgrade transaction +- Fix check of active kernel modules +- Fix handling of XFS filesystems with ftype=0 (rhbz#1746956) +- Fix ntp migration: extract configs into the right directories +- Fix traceback when RHSM is skipped +- Handle possible error when setting release on upgraded system +- Handle systems with EFI boot +- Handle upgrade on systems with multiple partitions +- Improve message on failed subscription-manager and dnf +- Improved the reporting capability +- Migrate SELinux customizations +- No size limit on leapp.db in sosreport +- Process new PES data format + process PES events in order of releases +- Require the biosdevname dracut module on the intel architecture only +- Retry some actions of subscription-manager on failure to reduce number of issues +- Update the list of packages supposed to be removed during the upgrade +- Upgrade only packages signed by Red Hat + Resolves: #1753580 + +* Thu Jul 25 2019 Petr Stodulka - 0.8.1-2 +- attempt to (un)set rhsm release several times to omit possible problems with + server + Relates: #1723115 + +* Wed Jul 24 2019 Petr Stodulka - 0.8.1-1 +- Rebase to v0.8.1 + Relates: #1723115 +- enable installation of RPMs that were previously blacklisted due to problems + with rich dependencies + +* Mon Jul 15 2019 Petr Stodulka - 0.8.0-1 +- Rebase to v0.8.0 + Relates: #1723115 +- improve handling of RPM transaction to be able to process RPMs with + rich dependencies +- add missing dependency on python-udev & python3-udev +- fix processing of last phase during the first boot of the upgraded system +- set RHSM target release after the upgrade to expected version of the system +- enable the CRB repository when the Optional repository is enabled +- check tcp wrappers +- check OpenSSH configuration +- check and handle vftpd configuration +- check kernel drivers +- improve checks related to subscriptions +- improve parsing of /etc/fstab +- ensure the new target kernel is default boot entry +- handle better cases when no target repositories has been found +- migrate NTP to chronyd +- migrate brltty configuration +- migrate sendmail +- avoid removal of /etc/localtime and /etc/resolv.conf during the upgrade +- add informational actors for: acpid, chrony, dosfstools, grep, irssi, + postfix, powertop + +* Sun Jun 23 2019 Vojtech Sokol - 0.7.0-6 +- Rebuild + Resolves: #1723115 + +* Fri Apr 26 2019 Petr Stodulka - 0.7.0-5 +- build rhel8 initrd on the fly during the upgrade process +- do not bundle initrd and vmlinuz file in the rpm + Relates: #1636481 + +* Fri Apr 26 2019 Petr Stodulka - 0.7.0-4 +- add python2-docs and python3-docs to the list of rpms for removal as + currently it causes troubles with RPM transaction + Relates: #1636481 + +* Fri Apr 26 2019 Petr Stodulka - 0.7.0-3 +- set selinux into the permissive mode on RHEL 8 when enforcing was set + originally +- add python-docs and squid rpms to the list of rpms for removal + Relates: #1636481 + +* Wed Apr 17 2019 Petr Stodulka - 0.7.0-2 +- fix inhibition when ethX network interface exists and more additional NIC + exist as well + Relates: #1636481 + +* Wed Apr 17 2019 Petr Stodulka - 0.7.0-1 +- Rebase to v0.7.0 + Relates: #1636481 +- new dependencies: python3, python*-pyudev +- upgrade process is interrupted after RPMUpgradePhase and resumed with Python3 +- upgrade of NetworkManager is fixed +- upgrade of firewalld is handled +- name changes of network interfaces are handled +- HTB repositories used for upgrades are replaced with the ones used for GA +- tpm2-abrmd and all packages that depend on redhat-rpm-config are removed + during upgrade +- handling of the upgrade RPM transaction is improved +- sync command is used in initrd to avoid issues related to cache +- networking naming changes are handled +- disable udev's persistent network interface naming scheme when the only NIC + is eth0 +- inhibit upgrade when ethX is detected and more NICs exist +- check whether all target upgrade repositories are available +- output of dnf tool is always showed during the upgrade +- all logs and reports are stored in /var/log/leapp/ directory + + +* Tue Apr 09 2019 Vojtech Sokol - 0.6.0-4 +- Remove wrong license for sos subpackage + Relates: #1636481 + +* Mon Apr 08 2019 Vojtech Sokol - 0.6.0-3 +- Fix patch + Relates: #1636481 + +* Mon Apr 08 2019 Vojtech Sokol - 0.6.0-2 +- Fix specfile + Relates: #1636481 + +* Mon Apr 08 2019 Vojtech Sokol - 0.6.0-1 +- Rebase to v0.6.0 + Relates: #1636481 +- Change license to Apache 2.0 +- leapp-repository-data subpackage is removed (it included data files) + - data files are required to be delivered by user manually now +- udev database is accessible during the upgrade +- downtime of some machines is significantly reduced +- sos plugin is introduced for collecting data needed for debugging +- redhat-rpm-config package is removed during upgrade +- system is checked for NFS filesystems usage and upgrade is inhibited when + detected +- /boot is checked for sufficient free space +- upgrade is not inhibited any more when Logic SCSI Controllers are present +- repositories used to upgrade the system are based on provided data files +- specific syntax errors in grub configuration are handled when detected +- SCTP is handled during the upgrade +- migration of yum is handled (yum is available after the upgrade) +- upgrade of NetworkManager is handled +- upgrades with XFS filesystems without ftype is handled better +- new reporting functionality is introduced and used +- new dependencies: python2-jinja2, pciutils, sos +- new directory /etc/leapp/files for data files is introduced +- python files are precompiled to avoid left over pyc files + +* Thu Jan 24 2019 Petr Stodulka - 0.5.0-1 +- Rebase to v0.5.0 + Relates: #1636481 +- Require DNF v4+ and Leapp framework v0.5.0 +- Improved handling of RPM transaction using own DNF plugin and PES + data +- Models have been refactored to use new format supported by framework +- Handle transaction preparation when release is set through RHSM +- Fix failing overlayfs unmounting +- Reduce the IPUWorkflo workflow +- Include all required directories inside RPMs +- Handle repositories using metalink and mirrorlist +- Handle better installation of local RPMs +- Move system dependencies into the RPM metapackage +- Satisfy leapp and leapp-repository RPM dependencies during the + upgrade + +* Thu Jan 03 2019 Petr Stodulka - 0.4.0-4 +- Activate LVM LVs during upgrade +- Resolve file conflict of python-inotify during the RPM transaction + Relates: #1636481 + +* Thu Nov 29 2018 Petr Stodulka - 0.4.0-3 +- Add empty empty events for leapp-repository-data. +- Requiring now DNF 2.7.5-19 or higher + Relates: #1636481 + +* Wed Nov 21 2018 Petr Stodulka - 0.4.0-2 +- update leapp-repository-data source + Relates: #1636481 + +* Wed Nov 21 2018 Petr Stodulka - 0.4.0-1 +- Rebase to 0.4.0 +- change hierarchy of repositories +- scan RHEL system for custom and 3rd-party packages +- improve error messages + Relates: #1636481 + +* Fri Nov 09 2018 Petr Stodulka - 0.3.1-1 +- Rebase to 0.3.1 +- move data to separate subpackage + Relates: #1636481 + +* Wed Nov 07 2018 Petr Stodulka - 0.3-1 +- Initial RPM + Resolves: #1636481 +