Import from CS git

2026-02-12 09:09:54 +00:00 · 2026-01-20 10:01:40 +00:00 · 2025-12-01 09:14:24 +00:00 · 2025-09-12 09:34:00 +00:00 · 2025-07-21 11:47:55 +00:00 · 2025-06-24 11:34:57 +00:00
9 changed files with 512 additions and 574 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/deps-pkgs-6.tar.gz
-SOURCES/leapp-repository-0.16.0.tar.gz
+SOURCES/deps-pkgs-13.tar.gz
+SOURCES/leapp-repository-0.24.0.tar.gz
--- a/.leapp-repository.metadata
+++ b/.leapp-repository.metadata
@ -1,2 +1,2 @@
-a5100971d63814c213c5245181891329578baf8d SOURCES/deps-pkgs-6.tar.gz
-2bcc851f1344107581096a6b564375c440a4df4a SOURCES/leapp-repository-0.16.0.tar.gz
+3590b33b4a79ebe62f5cfa0eeca7efb41d526498 SOURCES/deps-pkgs-13.tar.gz
+2271b92541564ebd07a038a8b45e5a33d5f8b9c9 SOURCES/leapp-repository-0.24.0.tar.gz
--- a/SOURCES/0001-pcidevicesscanner-Also-match-deprecation-data-agains.patch1
+++ b/SOURCES/0001-pcidevicesscanner-Also-match-deprecation-data-agains.patch1
@ -1,70 +0,0 @@
-From b4fc2e0ae62e68dd246ed2eedda0df2a3ba90633 Mon Sep 17 00:00:00 2001
-From: Vinzenz Feenstra <vfeenstr@redhat.com>
-Date: Fri, 1 Apr 2022 15:13:51 +0200
-Subject: [PATCH] pcidevicesscanner: Also match deprecation data against kernel
- modules
-
-Previously when the deprecation data got introduced the kernel drivers
-reported to be used by lspci have not been checked.
-This patch fixes this regression.
-
-Signed-off-by: Vinzenz Feenstra <vfeenstr@redhat.com>
---
- .../libraries/pcidevicesscanner.py            | 29 ++++++++++++++++++-
- 1 file changed, 28 insertions(+), 1 deletion(-)
-
-diff --git a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
-index 146f1a33..0f02bd02 100644
--- a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
-+++ b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
-@@ -1,7 +1,13 @@
- import re
- 
- from leapp.libraries.stdlib import api, run
-from leapp.models import DetectedDeviceOrDriver, DeviceDriverDeprecationData, PCIDevice, PCIDevices
-+from leapp.models import (
-+    ActiveKernelModulesFacts,
-+    DetectedDeviceOrDriver,
-+    DeviceDriverDeprecationData,
-+    PCIDevice,
-+    PCIDevices
-+)
- 
- # Regex to capture Vendor, Device and SVendor and SDevice values
- PCI_ID_REG = re.compile(r"(?<=Vendor:\t|Device:\t)\w+")
-@@ -82,6 +88,26 @@ def produce_detected_devices(devices):
-     ])
- 
- 
-+def produce_detected_drivers(devices):
-+    active_modules = {
-+        module.file_name
-+        for message in api.consume(ActiveKernelModulesFacts) for module in message.kernel_modules
-+    }
-+
-+    # Create a lookup by driver_name and filter out the kernel that are active
-+    entry_lookup = {
-+        entry.driver_name: entry
-+        for message in api.consume(DeviceDriverDeprecationData) for entry in message.entries
-+        if entry.driver_name and entry.driver_name not in active_modules
-+    }
-+
-+    drivers = {device.driver for device in devices if device.driver in entry_lookup}
-+    api.produce(*[
-+        DetectedDeviceOrDriver(**entry_lookup[driver].dump())
-+        for driver in drivers
-+    ])
-+
-+
- def produce_pci_devices(producer, devices):
-     """ Produce a Leapp message with all PCI devices """
-     producer(PCIDevices(devices=devices))
-@@ -93,4 +119,5 @@ def scan_pci_devices(producer):
-     pci_numeric = run(['lspci', '-vmmkn'], checked=False)['stdout']
-     devices = parse_pci_devices(pci_textual, pci_numeric)
-     produce_detected_devices(devices)
-+    produce_detected_drivers(devices)
-     produce_pci_devices(producer, devices)
-- 
-2.35.1
-
--- a/SOURCES/0002-pciscanner-Fix-2-issues-in-regards-to-pci-address-ha.patch
+++ b/SOURCES/0002-pciscanner-Fix-2-issues-in-regards-to-pci-address-ha.patch
@ -1,44 +0,0 @@
-From 53ceded213ae17ca5d27268bc496e736dfea7e64 Mon Sep 17 00:00:00 2001
-From: Vinzenz Feenstra <vfeenstr@redhat.com>
-Date: Thu, 14 Apr 2022 14:50:07 +0200
-Subject: [PATCH 2/3] pciscanner: Fix 2 issues in regards to pci address
- handling
-
-In a previous patch, the introduction of the new handling of deprecation
-data, 2 problems slipped through.
-
-1. The regex replacement for pci ids errornous adds an empty space
-   instead of empty string
-2. Drivers should be matched on lspci output against the driver
-   deprecation data only if the pci_id is empty
-
-Signed-off-by: Vinzenz Feenstra <vfeenstr@redhat.com>
---
- .../actors/pcidevicesscanner/libraries/pcidevicesscanner.py   | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
-index 0f02bd02..eb063abb 100644
--- a/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
-+++ b/repos/system_upgrade/common/actors/pcidevicesscanner/libraries/pcidevicesscanner.py
-@@ -78,7 +78,7 @@ def parse_pci_devices(pci_textual, pci_numeric):
- def produce_detected_devices(devices):
-     prefix_re = re.compile('0x')
-     entry_lookup = {
-        prefix_re.sub(' ', entry.device_id): entry
-+        prefix_re.sub('', entry.device_id): entry
-         for message in api.consume(DeviceDriverDeprecationData) for entry in message.entries
-     }
-     api.produce(*[
-@@ -98,7 +98,7 @@ def produce_detected_drivers(devices):
-     entry_lookup = {
-         entry.driver_name: entry
-         for message in api.consume(DeviceDriverDeprecationData) for entry in message.entries
-        if entry.driver_name and entry.driver_name not in active_modules
-+        if not entry.device_id and entry.driver_name and entry.driver_name not in active_modules
-     }
- 
-     drivers = {device.driver for device in devices if device.driver in entry_lookup}
-- 
-2.35.1
-
--- a/SOURCES/0003-Ensure-the-right-repositories-are-enabled-on-Satelli.patch
+++ b/SOURCES/0003-Ensure-the-right-repositories-are-enabled-on-Satelli.patch
@ -1,78 +0,0 @@
-From a1fdabea9c00a96ffc1504577f12733e1c1830ee Mon Sep 17 00:00:00 2001
-From: Evgeni Golov <evgeni@golov.de>
-Date: Thu, 7 Apr 2022 14:56:18 +0200
-Subject: [PATCH 3/3] Ensure the right repositories are enabled on Satellite
- Capsules
-
---
- .../actors/satellite_upgrade_facts/actor.py   |  6 +++-
- .../unit_test_satellite_upgrade_facts.py      | 34 ++++++++++++++++++-
- 2 files changed, 38 insertions(+), 2 deletions(-)
-
-diff --git a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py
-index eb87cd68..fb83107e 100644
--- a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py
-+++ b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/actor.py
-@@ -129,6 +129,10 @@ class SatelliteUpgradeFacts(Actor):
-             modules_to_enable=modules_to_enable
-             )
-         )
-        repositories_to_enable = ['ansible-2.9-for-rhel-8-x86_64-rpms', 'satellite-6.11-for-rhel-8-x86_64-rpms',
-+        repositories_to_enable = ['ansible-2.9-for-rhel-8-x86_64-rpms',
-                                   'satellite-maintenance-6.11-for-rhel-8-x86_64-rpms']
-+        if has_package(InstalledRPM, 'foreman'):
-+            repositories_to_enable.append('satellite-6.11-for-rhel-8-x86_64-rpms')
-+        else:
-+            repositories_to_enable.append('satellite-capsule-6.11-for-rhel-8-x86_64-rpms')
-         self.produce(RepositoriesSetupTasks(to_enable=repositories_to_enable))
-diff --git a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
-index 5c8e79ff..e77b7b58 100644
--- a/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
-+++ b/repos/system_upgrade/el7toel8/actors/satellite_upgrade_facts/tests/unit_test_satellite_upgrade_facts.py
-@@ -1,6 +1,14 @@
- import os
- 
-from leapp.models import DNFWorkaround, InstalledRPM, Module, RPM, RpmTransactionTasks, SatelliteFacts
-+from leapp.models import (
-+    DNFWorkaround,
-+    InstalledRPM,
-+    Module,
-+    RepositoriesSetupTasks,
-+    RPM,
-+    RpmTransactionTasks,
-+    SatelliteFacts
-+)
- from leapp.snactor.fixture import current_actor_context
- 
- RH_PACKAGER = 'Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>'
-@@ -87,3 +95,27 @@ def test_detects_remote_postgresql(current_actor_context):
-     assert not satellitemsg.postgresql.local_postgresql
- 
-     assert not current_actor_context.consume(DNFWorkaround)
-+
-+
-+def test_enables_right_repositories_on_satellite(current_actor_context):
-+    current_actor_context.feed(InstalledRPM(items=[FOREMAN_RPM]))
-+    current_actor_context.run()
-+
-+    rpmmessage = current_actor_context.consume(RepositoriesSetupTasks)[0]
-+
-+    assert 'ansible-2.9-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
-+    assert 'satellite-maintenance-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
-+    assert 'satellite-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
-+    assert 'satellite-capsule-6.11-for-rhel-8-x86_64-rpms' not in rpmmessage.to_enable
-+
-+
-+def test_enables_right_repositories_on_capsule(current_actor_context):
-+    current_actor_context.feed(InstalledRPM(items=[FOREMAN_PROXY_RPM]))
-+    current_actor_context.run()
-+
-+    rpmmessage = current_actor_context.consume(RepositoriesSetupTasks)[0]
-+
-+    assert 'ansible-2.9-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
-+    assert 'satellite-maintenance-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
-+    assert 'satellite-6.11-for-rhel-8-x86_64-rpms' not in rpmmessage.to_enable
-+    assert 'satellite-capsule-6.11-for-rhel-8-x86_64-rpms' in rpmmessage.to_enable
-- 
-2.35.1
-
--- a/SOURCES/0004-Enforce-the-removal-of-rubygem-irb-do-not-install-it.patch
+++ b/SOURCES/0004-Enforce-the-removal-of-rubygem-irb-do-not-install-it.patch
@ -1,23 +0,0 @@
-From 496abd1775779054377c5e35ae96fa4d390bab42 Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Tue, 19 Apr 2022 21:51:03 +0200
-Subject: [PATCH] Enforce the removal of rubygem-irb (do not install it)
-
---
- etc/leapp/transaction/to_remove | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/etc/leapp/transaction/to_remove b/etc/leapp/transaction/to_remove
-index 0feb782..07c6864 100644
--- a/etc/leapp/transaction/to_remove
-+++ b/etc/leapp/transaction/to_remove
-@@ -1,3 +1,6 @@
- ### List of packages (each on new line) to be removed from the upgrade transaction
- # Removing initial-setup package to avoid it asking for EULA acceptance during upgrade - OAMG-1531
- initial-setup
-+
-+# temporary workaround for the file conflict symlink <-> dir (#2030627)
-+rubygem-irb
-- 
-2.35.1
-
--- a/SOURCES/0005-IPU-8-9-Migrate-blacklisted-CAs-hotfix.patch
+++ b/SOURCES/0005-IPU-8-9-Migrate-blacklisted-CAs-hotfix.patch
@ -1,209 +0,0 @@
-From eeb4f99f57c67937ea562fce11fd5607470ae0a6 Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Fri, 22 Apr 2022 00:20:15 +0200
-Subject: [PATCH] [IPU 8 -> 9] Migrate blacklisted CAs (hotfix)
-
-Preserve blacklisted certificates during the IPU 8 -> 9
-
-Path for the blacklisted certificates has been changed on RHEL 9.
-The original paths on RHEL 8 and older systems have been:
-    /etc/pki/ca-trust/source/blacklist/
-    /usr/share/pki/ca-trust-source/blacklist/
-However on RHEL 9 the blacklist directory has been renamed to 'blocklist'.
-So the paths are:
-    /etc/pki/ca-trust/source/blocklist/
-    /usr/share/pki/ca-trust-source/blocklist/
-This actor moves all blacklisted certificates into the expected directories
-and fix symlinks if to point to the new dirs if they originally pointed
-to one of obsoleted dirs.
-
-Covered cases:
- covered situations with missing dirs
- covered both mentioned blacklist directories
- update symlinks in case they point to one of obsoleted directories
- remove obsoleted directories when all files migrated successfully
- execute /usr/bin/update-ca-trust in the end
- remove original a blacklist directory in case all discovered files
-  inside are migrated successfully
- print error logs in case of any issues so the upgrade does not
-  crash in case of troubles and users could deal with problems
-  manually after the upgrade
-
-The actor is not covered by unit-tests as it's just a hotfix. Follow
-up works are expected to extend the problem with reports during
-preupgrade phases, improve the test coverage, ....
-
-BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2077432
-Followup ticket: CRYPTO-7097
---
- .../actors/migrateblacklistca/actor.py        | 28 ++++++
- .../libraries/migrateblacklistca.py           | 89 +++++++++++++++++++
- .../tests/unit_test_migrateblacklistca.py     | 25 ++++++
- 3 files changed, 142 insertions(+)
- create mode 100644 repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py
- create mode 100644 repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py
- create mode 100644 repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py
-
-diff --git a/repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py
-new file mode 100644
-index 00000000..863a0063
--- /dev/null
-+++ b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/actor.py
-@@ -0,0 +1,28 @@
-+from leapp.actors import Actor
-+from leapp.libraries.actor import migrateblacklistca
-+from leapp.tags import ApplicationsPhaseTag, IPUWorkflowTag
-+
-+
-+class MigrateBlacklistCA(Actor):
-+    """
-+    Preserve blacklisted certificates during the upgrade
-+
-+    Path for the blacklisted certificates has been changed on RHEL 9.
-+    The original paths on RHEL 8 and older systems have been:
-+        /etc/pki/ca-trust/source/blacklist/
-+        /usr/share/pki/ca-trust-source/blacklist/
-+    However on RHEL 9 the blacklist directory has been renamed to 'blocklist'.
-+    So the new paths are:
-+        /etc/pki/ca-trust/source/blocklist/
-+        /usr/share/pki/ca-trust-source/blocklist/
-+    This actor moves all blacklisted certificates into the expected directories
-+    and fix symlinks if needed.
-+    """
-+
-+    name = 'migrate_blacklist_ca'
-+    consumes = ()
-+    produces = ()
-+    tags = (ApplicationsPhaseTag, IPUWorkflowTag)
-+
-+    def process(self):
-+        migrateblacklistca.process()
-diff --git a/repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py
-new file mode 100644
-index 00000000..73c9d565
--- /dev/null
-+++ b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/libraries/migrateblacklistca.py
-@@ -0,0 +1,89 @@
-+import os
-+import shutil
-+
-+from leapp.libraries.stdlib import api, CalledProcessError, run
-+
-+# dict(orig_dir: new_dir)
-+DIRS_CHANGE = {
-+    '/etc/pki/ca-trust/source/blacklist/': '/etc/pki/ca-trust/source/blocklist/',
-+    '/usr/share/pki/ca-trust-source/blacklist/': '/usr/share/pki/ca-trust-source/blocklist/'
-+}
-+
-+
-+def _link_src_path(filepath):
-+    """
-+    Return expected target path for the symlink.
-+
-+    In case the symlink points to one of dirs supposed to be migrated in this
-+    actor, we need to point to the new directory instead.
-+
-+    In case the link points anywhere else, keep the target path as it is.
-+    """
-+    realpath = os.path.realpath(filepath)
-+    for dirname in DIRS_CHANGE:
-+        if realpath.startswith(dirname):
-+            return realpath.replace(dirname, DIRS_CHANGE[dirname])
-+
-+    # it seems we can keep this path
-+    return realpath
-+
-+
-+def _migrate_file(filename, src_basedir):
-+    dst_path = filename.replace(src_basedir, DIRS_CHANGE[src_basedir])
-+    if os.path.exists(dst_path):
-+        api.current_logger().info(
-+            'Skipping migration of the {} certificate. The target file already exists'
-+            .format(filename)
-+        )
-+        return
-+    os.makedirs(os.path.dirname(dst_path), mode=0o755, exist_ok=True)
-+    if os.path.islink(filename):
-+        # create the new symlink instead of the moving the file
-+        # as the target path could be different as well
-+        link_src_path = _link_src_path(filename)
-+        # TODO: is the broken symlink ok?
-+        os.symlink(link_src_path, dst_path)
-+        os.unlink(filename)
-+    else:
-+        # normal file, just move it
-+        shutil.move(filename, dst_path)
-+
-+
-+def _get_files(dirname):
-+    return run(['find', dirname, '-type', 'f,l'], split=True)['stdout']
-+
-+
-+def process():
-+    for dirname in DIRS_CHANGE:
-+        if not os.path.exists(dirname):
-+            # The directory does not exist; nothing to do here
-+            continue
-+        try:
-+            blacklisted_certs = _get_files(dirname)
-+        except (CalledProcessError, OSError) as e:
-+            # TODO: create post-upgrade report
-+            api.current_logger().error('Cannot get list of files in {}: {}.'.format(dirname, e))
-+            api.current_logger().error('Certificates under {} must be migrated manually.'.format(dirname))
-+            continue
-+        failed_files = []
-+        for filename in blacklisted_certs:
-+            try:
-+                _migrate_file(filename, dirname)
-+            except OSError as e:
-+                api.current_logger().error(
-+                    'Failed migration of blacklisted certificate {}: {}'
-+                    .format(filename, e)
-+                )
-+                failed_files.append(filename)
-+        if not failed_files:
-+            # the failed removal is not such a big issue here
-+            # clean the dir if all files have been migrated successfully
-+            shutil.rmtree(dirname, ignore_errors=True)
-+    try:
-+        run(['/usr/bin/update-ca-trust'])
-+    except (CalledProcessError, OSError) as e:
-+        api.current_logger().error(
-+            'Cannot update CA trust on the system.'
-+            ' It needs to be done manually after the in-place upgrade.'
-+            ' Reason: {}'.format(e)
-+        )
-diff --git a/repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py
-new file mode 100644
-index 00000000..970dcb97
--- /dev/null
-+++ b/repos/system_upgrade/el8toel9/actors/migrateblacklistca/tests/unit_test_migrateblacklistca.py
-@@ -0,0 +1,25 @@
-+import os
-+
-+from leapp.libraries.actor import migrateblacklistca
-+from leapp.libraries.common.testutils import CurrentActorMocked
-+from leapp.libraries.stdlib import api
-+
-+
-+class MockedGetFiles():
-+    def __init__(self):
-+        self.called = 0
-+
-+    def __call__(self):
-+        self.called += 1
-+        return []
-+
-+
-+def test_no_dirs_exist(monkeypatch):
-+    mocked_files = MockedGetFiles()
-+    monkeypatch.setattr(os.path, 'exists', lambda dummy: False)
-+    monkeypatch.setattr(migrateblacklistca, '_get_files', mocked_files)
-+    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked())
-+    # this is bad mock, but we want to be sure that update-ca-trust is not
-+    # called on the testing machine
-+    monkeypatch.setattr(migrateblacklistca, 'run', lambda dummy: dummy)
-+    assert not mocked_files.called
-- 
-2.35.1
-
--- a/SOURCES/0006-Skip-comment-lines-when-parsing-grub-configuration-f.patch
+++ b/SOURCES/0006-Skip-comment-lines-when-parsing-grub-configuration-f.patch
@ -1,108 +0,0 @@
-From 32702c7c7d1c445b9ab95e0d1bbdfdf8f06d4303 Mon Sep 17 00:00:00 2001
-From: Petr Stodulka <pstodulk@redhat.com>
-Date: Wed, 27 Apr 2022 11:25:40 +0200
-Subject: [PATCH] Skip comment lines when parsing grub configuration file
-
-Added simple unit-test for default grub info to see the valid lines
-can be parsed as expected.
---
- .../systemfacts/libraries/systemfacts.py      | 21 ++++++++-
- .../tests/test_systemfacts_grub.py            | 46 +++++++++++++++++++
- 2 files changed, 65 insertions(+), 2 deletions(-)
- create mode 100644 repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py
-
-diff --git a/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py b/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py
-index 0de8b383..81aea6f5 100644
--- a/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py
-+++ b/repos/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py
-@@ -9,6 +9,7 @@ import re
- import six
- 
- from leapp import reporting
-+from leapp.exceptions import StopActorExecutionError
- from leapp.libraries.common import repofileutils
- from leapp.libraries.common.config import architecture
- from leapp.libraries.stdlib import api, CalledProcessError, run
-@@ -289,9 +290,25 @@ def _default_grub_info():
-         ])
-     else:
-         for line in run(['cat', default_grb_fpath], split=True)['stdout']:
-            if not line.strip():
-+            line = line.strip()
-+            if not line or line[0] == '#':
-+                # skip comments and empty lines
-                 continue
-            name, value = tuple(map(type(line).strip, line.split('=', 1)))
-+            try:
-+                name, value = tuple(map(type(line).strip, line.split('=', 1)))
-+            except ValueError as e:
-+                # we do not want to really continue when we cannot parse this file
-+                # TODO(pstodulk): rewrite this in the form we produce inhibitor
-+                # with problematic lines. This is improvement just in comparison
-+                # to the original hard crash.
-+                raise StopActorExecutionError(
-+                    'Failed parsing of {}'.format(default_grb_fpath),
-+                    details={
-+                        'error': str(e),
-+                        'problematic line': str(line)
-+                    }
-+                )
-+
-             yield DefaultGrub(
-                 name=name,
-                 value=value
-diff --git a/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py b/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py
-new file mode 100644
-index 00000000..08552771
--- /dev/null
-+++ b/repos/system_upgrade/common/actors/systemfacts/tests/test_systemfacts_grub.py
-@@ -0,0 +1,46 @@
-+import os
-+
-+from leapp.libraries.actor import systemfacts
-+from leapp.models import DefaultGrub
-+
-+
-+class RunMocked(object):
-+    def __init__(self, cmd_result):
-+        self.called = 0
-+        self.cmd_result = cmd_result
-+        self.split = False
-+        self.cmd = None
-+
-+    def __call__(self, cmd, split=False):
-+        self.cmd = cmd
-+        self.split = split
-+        self.called += 1
-+        return self.cmd_result
-+
-+
-+def test_default_grub_info_valid(monkeypatch):
-+    mocked_run = RunMocked({
-+        'stdout': [
-+            'line="whatever else here"',
-+            'newline="whatever"',
-+            '# comment here',
-+            'why_not=value',
-+            ' # whitespaces around comment ',
-+            ' ',
-+            ' last=last really'
-+        ],
-+    })
-+    expected_result = [
-+        DefaultGrub(name='line', value='"whatever else here"'),
-+        DefaultGrub(name='newline', value='"whatever"'),
-+        DefaultGrub(name='why_not', value='value'),
-+        DefaultGrub(name='last', value='last really'),
-+    ]
-+    monkeypatch.setattr(systemfacts, 'run', mocked_run)
-+    monkeypatch.setattr(os.path, 'isfile', lambda dummy: True)
-+    for msg in systemfacts._default_grub_info():
-+        expected_msg = expected_result.pop(0)
-+        assert msg.name == expected_msg.name
-+        assert msg.value == expected_msg.value
-+    assert mocked_run.called
-+    assert not expected_result
-- 
-2.35.1
-
--- a/SPECS/leapp-repository.spec
+++ b/SPECS/leapp-repository.spec
@ -2,14 +2,24 @@
 %global repositorydir %{leapp_datadir}/repositories
 %global custom_repositorydir %{leapp_datadir}/custom-repositories

-%define leapp_repo_deps  6
+%define leapp_repo_deps  10

 %if 0%{?rhel} == 7
    %define leapp_python_sitelib %{python2_sitelib}
    %define lpr_name leapp-upgrade-el7toel8
+    %define repo_shortname el7toel8
+    %define next_major_ver 8
 %else
    %define leapp_python_sitelib %{python3_sitelib}
-    %define lpr_name leapp-upgrade-el8toel9
+    %if 0%{?rhel} == 8
+        %define lpr_name leapp-upgrade-el8toel9
+        %define repo_shortname el8toel9
+        %define next_major_ver 9
+    %else
+        %define lpr_name leapp-upgrade-el9toel10
+        %define repo_shortname el9toel10
+        %define next_major_ver 10
+    %endif

    # This drops autogenerated deps on
    #    - /usr/libexec/platform-python  (rhel-8 buildroot)
@ -41,24 +51,20 @@ py2_byte_compile "%1" "%2"}
 # RHEL 8+ packages to be consistent with other leapp projects in future.

 Name:           leapp-repository
-Version:        0.16.0
-Release:        6%{?dist}
+Version:        0.24.0
+Release:        1%{?dist}
 Summary:        Repositories for leapp

 License:        ASL 2.0
 URL:            https://oamg.github.io/leapp/
-Source0:        https://github.com/oamg/leapp-repository/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source1:        deps-pkgs-6.tar.gz
+Source0:        https://github.com/oamg/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source1:        deps-pkgs-13.tar.gz
+
+# NOTE: Our packages must be noarch. Do no drop this in any way.
 BuildArch:      noarch

 ### PATCHES HERE
 # Patch0001:    filename.patch
-Patch0001:      0001-pcidevicesscanner-Also-match-deprecation-data-agains.patch1
-Patch0002:      0002-pciscanner-Fix-2-issues-in-regards-to-pci-address-ha.patch
-Patch0003:      0003-Ensure-the-right-repositories-are-enabled-on-Satelli.patch
-Patch0004:      0004-Enforce-the-removal-of-rubygem-irb-do-not-install-it.patch
-Patch0005:      0005-IPU-8-9-Migrate-blacklisted-CAs-hotfix.patch
-Patch0006:      0006-Skip-comment-lines-when-parsing-grub-configuration-f.patch

 %description
 %{summary}
@ -77,7 +83,7 @@ Requires:       python2-leapp
 Obsoletes:      leapp-repository-data <= 0.6.1
 Provides:       leapp-repository-data <= 0.6.1

-# Former leapp subpackage that is part of the sos package since HEL 7.8
+# Former leapp subpackage that is part of the sos package since RHEL 7.8
 Obsoletes:      leapp-repository-sos-plugin <= 0.10.0

 # Set the conflict to be sure this RPM is not upgraded automatically to
@ -87,28 +93,46 @@ Obsoletes:      leapp-repository-sos-plugin <= 0.10.0
 Conflicts:      leapp-upgrade-el8toel9

 %else
-######### RHEL 8 ############
+######### RHEL 8+ (and newer) ############
 BuildRequires:  python3-devel
 Requires:       python3-leapp

+# NOTE(pstodulk): else if / elif has been implemented quite late. as we still
+# want to build on RHEL 7 too, go in the old way. Ref:
+# https://github.com/rpm-software-management/rpm/issues/311
+%if 0%{?rhel} == 8
+######### RHEL 8 ############
+
 # Same as the conflict above - we want to be sure our packages are untouched
 # during the whole IPU process
 Conflicts:      leapp-upgrade-el7toel8
-
+Conflicts:      leapp-upgrade-el9toel10
+%else
+######### RHEL 9 ############
+Conflicts:      leapp-upgrade-el8toel9
+%endif
 %endif

-# IMPORTANT: everytime the requirements are changed, increment number by one
+# IMPORTANT: every time the requirements are changed, increment number by one
 # - same for Provides in deps subpackage
 Requires:       leapp-repository-dependencies = %{leapp_repo_deps}

 # IMPORTANT: this is capability provided by the leapp framework rpm.
 # Check that 'version' instead of the real framework rpm version.
-Requires:       leapp-framework >= 2.2
+Requires:       leapp-framework >= 6.2

 # Since we provide sub-commands for the leapp utility, we expect the leapp
 # tool to be installed as well.
 Requires:       leapp

+# Used to determine RHEL version of a given target RHEL installation image -
+# uncompressing redhat-release package from the ISO.
+Requires:   cpio
+
+# Subpackage for managing fapolicyd rules for %{lpr_name} installed only if
+# fapolicyd is present on the system
+Requires:       (%{lpr_name}-fapolicyd = %{version}-%{release} if fapolicyd)
+
 # The leapp-repository rpm is renamed to %%{lpr_name}
 Obsoletes:      leapp-repository < 0.14.0-5
 Provides:       leapp-repository = %{version}-%{release}
@ -117,13 +141,21 @@ Provides:       leapp-repository = %{version}-%{release}
 # to install "leapp-upgrade" in the official docs.
 Provides:       leapp-upgrade = %{version}-%{release}

+# Provide leapp-commands so the framework could refer to them when customers
+# do not have installed particular leapp-repositories
+Provides:       leapp-command(answer)
+Provides:       leapp-command(preupgrade)
+Provides:       leapp-command(upgrade)
+Provides:       leapp-command(rerun)
+Provides:       leapp-command(list-runs)
+

 %description -n %{lpr_name}
 Leapp repositories for the in-place upgrade to the next major version
 of the Red Hat Enterprise Linux system.


-# This metapackage should contain all RPM dependencies exluding deps on *leapp*
+# This metapackage should contain all RPM dependencies excluding deps on *leapp*
 # RPMs. This metapackage will be automatically replaced during the upgrade
 # to satisfy dependencies with RPMs from target system.
 %package -n %{lpr_name}-deps
@ -132,7 +164,7 @@ Summary:    Meta-package with system dependencies of %{lpr_name} package
 # The package has been renamed, so let's obsoletes the old one
 Obsoletes:      leapp-repository-deps < 0.14.0-5

-# IMPORTANT: everytime the requirements are changed, increment number by one
+# IMPORTANT: every time the requirements are changed, increment number by one
 # - same for Requires in main package
 Provides:  leapp-repository-dependencies = %{leapp_repo_deps}
 ##################################################
@ -140,6 +172,16 @@ Provides:  leapp-repository-dependencies = %{leapp_repo_deps}
 ##################################################
 Requires:   dnf >= 4
 Requires:   pciutils
+
+# required to be able to format disk images with XFS file systems (default)
+Requires:   xfsprogs
+
+# required to be able to format disk images with Ext4 file systems
+# NOTE: this is not happening by default, but we can expact that many customers
+# will want to / need to do this - especially on RHEL 7 now. Adding this deps
+# as the best trade-off to resolve this problem.
+Requires:   e2fsprogs
+
 %if 0%{?rhel} && 0%{?rhel} == 7
 # Required to gather system facts about SELinux
 Requires:   libselinux-python
@ -160,6 +202,24 @@ Requires:   python3-requests
 Requires:   python3-six
 # required by SELinux actors
 Requires:   policycoreutils-python-utils
+# required by systemfacts, and several other actors
+Requires:   procps-ng
+Requires:   kmod
+# since RHEL 8+ dracut does not have to be present on the system all the time
+# and missing dracut could be killing situation for us :)
+Requires:   dracut
+
+# Required to scan NetworkManagerConnection (e.g. to recognize secrets)
+# NM is requested to be used on RHEL 8+ systems
+Requires:   NetworkManager-libnm
+Requires:   python3-gobject-base
+
+%endif
+
+%if 0%{?rhel} && 0%{?rhel} == 9
+############# RHEL 9 dependencies (when the source system is RHEL 9) ##########
+# Required to convert pam_userdb database from BerkeleyDB to GDBM
+Requires:   libdb-utils
 %endif
 ##################################################
 # end requirement
@ -170,27 +230,24 @@ Requires:   policycoreutils-python-utils
 %{summary}


+%package -n %{lpr_name}-fapolicyd
+Summary:    Manage fapolicyd rules for %{lpr_name} during the upgrade
+
+Requires:   fapolicyd
+
+%description -n %{lpr_name}-fapolicyd
+%{summary}
+
+
 %prep
 %setup -n %{name}-%{version}
 %setup -q  -n %{name}-%{version} -D -T -a 1

 # APPLY PATCHES HERE
-# %%patch0001 -p1
-%patch0001 -p1
-%patch0002 -p1
-%patch0003 -p1
-%patch0004 -p1
-%patch0005 -p1
-%patch0006 -p1
-
-# enforce removal of packages below during the upgrade
+# %%patch -P 0001 -p1

 %build
-%if 0%{?rhel} == 7
-cp -a leapp*deps-el8*rpm repos/system_upgrade/el7toel8/files/bundled-rpms/
-%else
-cp -a leapp*deps-el9*rpm repos/system_upgrade/el8toel9/files/bundled-rpms/
-%endif
+cp -a leapp*deps*el%{next_major_ver}.noarch.rpm repos/system_upgrade/%{repo_shortname}/files/bundled-rpms/


 %install
@ -198,9 +255,18 @@ install -m 0755 -d %{buildroot}%{custom_repositorydir}
 install -m 0755 -d %{buildroot}%{repositorydir}
 cp -r repos/* %{buildroot}%{repositorydir}/
 install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/repos.d/
+# NOTE(pstodulk): drop transaction dir and its content if replaced by config files before RHEL 10
 install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/transaction/
 install -m 0755 -d %{buildroot}%{_sysconfdir}/leapp/files/
 install -m 0644 etc/leapp/transaction/* %{buildroot}%{_sysconfdir}/leapp/transaction
+install -m 0644 etc/leapp/files/* %{buildroot}%{_sysconfdir}/leapp/files
+
+# install rules necessary for fapolicy
+mkdir -p %{buildroot}%{_sysconfdir}/fapolicyd/rules.d/
+install -m 0644 etc/fapolicyd/rules.d/31-leapp-repository.rules %{buildroot}%{_sysconfdir}/fapolicyd/rules.d
+
+# uncomment to install existing configs if any exists
+#install -m 0644 etc/leapp/actor_conf.d/* %%{buildroot}%%{_sysconfdir}/leapp/actor_conf.d

 # install CLI commands for the leapp utility on the expected path
 install -m 0755 -d %{buildroot}%{leapp_python_sitelib}/leapp/cli/
@ -209,17 +275,20 @@ rm -rf %{buildroot}%{leapp_python_sitelib}/leapp/cli/commands/tests

 # Remove irrelevant repositories - We don't want to ship them for the particular
 # RHEL version
-%if 0%{?rhel} == 7
-rm -rf %{buildroot}%{repositorydir}/system_upgrade/el8toel9
-%else
-rm -rf %{buildroot}%{repositorydir}/system_upgrade/el7toel8
-%endif
+for i in el7toel8 el8toel9 el9toel10;
+do
+    [ "$i" != "%{repo_shortname}" ] && rm -rf %{buildroot}%{repositorydir}/system_upgrade/$i
+done

 # remove component/unit tests, Makefiles, ... stuff that related to testing only
 rm -rf %{buildroot}%{repositorydir}/common/actors/testactor
 find %{buildroot}%{repositorydir}/common -name "test.py" -delete
 rm -rf `find %{buildroot}%{repositorydir} -name "tests" -type d`
 find %{buildroot}%{repositorydir} -name "Makefile" -delete
+find %{buildroot} -name "*.py.orig" -delete
+# .gitkeep file is used to have a directory in the repo. but we do not want these
+# files in the resulting RPM
+find %{buildroot} -name .gitkeep -delete

 for DIRECTORY in $(find  %{buildroot}%{repositorydir}/  -mindepth 1 -maxdepth 1 -type d);
 do
@ -238,6 +307,12 @@ done;
 %endif


+%posttrans -n %{lpr_name}-fapolicyd
+if systemctl is-active --quiet fapolicyd; then
+    systemctl restart fapolicyd
+fi
+
+
 %files -n %{lpr_name}
 %doc README.md
 %license LICENSE
@ -247,6 +322,9 @@ done;
 %dir %{repositorydir}
 %dir %{custom_repositorydir}
 %dir %{leapp_python_sitelib}/leapp/cli/commands
+%config %{_sysconfdir}/leapp/files/*
+# uncomment to package installed configs
+#%%config %%{_sysconfdir}/leapp/actor_conf.d/*
 %{_sysconfdir}/leapp/repos.d/*
 %{_sysconfdir}/leapp/transaction/*
 %{repositorydir}/*
@ -256,7 +334,399 @@ done;
 %files -n %{lpr_name}-deps
 # no files here

+
+%files -n %{lpr_name}-fapolicyd
+%attr(644, root, fapolicyd) %config %{_sysconfdir}/fapolicyd/rules.d/31-leapp-repository.rules
+
+
 %changelog
+* Tue Feb 10 2026 Matej Matuska <mmatuska@redhat.com> - 0.24.0-1
+- Rebase to new upstream 0.24.0
+- Introduce new IPU path 8.10 -> 9.8
+- Remove obsoleted IPU paths
+- Fix the upgrade for systems with installed kernel-rt
+- Enable php:8.2 module stream if enabled on the source system
+- Skip check for required baseos & appstream repos when upgrading from CS 8
+- Improve the error message when a problematic DNF repository definition is detected
+- Process enabled DNF module-streams correctly during the upgrade
+- Fix the leapp rerun command when upgrading using LiveMode
+- Ignore trailing slashes when checking that required mountpoints are persistent
+- Wait until filesystems defined in FSTAB are initialized and mounted when booting into the upgrade environment
+- Drop inhibitor for use of LiveMode on aarch64, s390x, ppcle64 architectures
+- LiveMode: Do not install RPMs that are not essential in the initramfs by default
+- Added scan and checks for NVMe devices, inhibiting upgrades on known problematic setups
+- Handle the upgrade on systems with NVMe-FC storage
+- Migrate the UEFI configuration when converting to RHEL
+- Inhibit the upgrade when converting system to a different linux distribution with enabled Secure Boot
+- Resolves: RHEL-128267, RHEL-95215, RHEL-102361, RHEL-46807, RHEL-100961, RHEL-42609, RHEL-33661, RHEL-19249, RHEL-119516
+
+* Wed Dec 17 2025 Matej Matuska <mmatuska@redhat.com> - 0.23.0-3
+- Fix handling of LVM and Multipath during the upgrade
+- Fix remediation command for making symlinks in root directory relative
+- Remove RPM GPG keys of the source distribution when upgrading and converting the system
+- Replace distro specific packages during upgrade and conversion
+- Improve error message when scanning invalid SSHD configuration
+- Update the leapp data files
+- Minor changes in logs and reports
+- Resolves: RHEL-14712, RHEL-30447, RHEL-19247, RHEL-127066, RHEL-124923, RHEL-119516
+
+* Thu Nov 13 2025 Karolina Kula <kkula@redhat.com> - 0.23.0-2
+- Requires leapp-framework 6.2+
+- Detect potentially harmful third party python modules for the target python version
+- Fix detection of encrypted Ceph OSD containers
+- Fix unlocking of LUKS devices when applied on non-rootfs file systems
+- Inhibit the upgrade if pluginpath is configured explicitly in DNF
+- Introduce `--target-os` option to specify target distribution for possible conversion during the upgrade
+- Introduce the `--target-version` alias for the `--target` option
+- Minor changes in logs and reports
+- Modernize the storage initialization when booting to the upgrade environment
+- Prevent sssdupdate actor from rising errors that could stop the upgrade
+- Respect repomapping on CentOS-like distributions
+- Respect repomapping when converting the system to different Linux distribution
+- Skip empty lines when parsing dumped DNF config to prevent confusing warning log
+- Cover JBoss EAP repositories for the upgrade
+- Update the leapp data files
+- Resolves: RHEL-25838, RHEL-35446, RHEL-69601, RHEL-71882, RHEL-90098, RHEL-120328, RHEL-123886
+
+* Thu Aug 14 2025 Karolina Kula <kkula@redhat.com> - 0.23.0-1
+- Rebase to new upstream 0.23.0
+- Enable in-place upgrades on CentOS Stream systems
+- Introduce leapp-upgrade-el8toel9-fapolicyd subpackage with fapolicyd rules for in-place upgrades
+- Ignore Red Hat subscription-manager actions on non-RHEL distros
+- Update leapp upgrade data files
+- Resolves: RHEL-65599, RHEL-67627
+
+* Fri Jul 18 2025 Karolina Kula <kkula@redhat.com> - 0.22.0-5
+- Fix broken bootloader on Azure hybrid images for systems previously upgraded from RHEL 7
+- Load DNF configuration correctly when using DNF libraries
+- Disable localpkg_gpgcheck during the upgrade if set to allow installation of bundled leapp and leapp-repository deps packages
+- Add actor with recommendations for upgrade of MySQL
+- The HybridImage model has been replaced by ConvertGrubenvTask
+- Check the input format of the target version properly
+- Resolves: RHEL-5459, RHEL-38255,  RHEL-39095, RHEL-47472, RHEL-96238
+
+* Thu Jun 05 2025 Karolina Kula <kkula@redhat.com> - 0.22.0-4
+- Fix parsing of the kernel cmdline
+- Require leapp data with provided_data_streams 4.0+
+- Resolves: RHEL-67627
+
+
+* Wed May 14 2025 Petr Stodulka <pstodulk@redhat.com> - 0.22.0-3
+- Rebuild
+
+* Tue May 13 2025 Petr Stodulka <pstodulk@redhat.com> - 0.22.0-2
+- Require leapp-framework >= 6.1
+- Simplified use of the LiveMode experimental feature with additional enhancements
+- Fix the check of deprecated PCI devices and drivers
+- Add RHEL 9.7 product certificates
+- Gracefully handle CentOS OS versioning style
+- Introduced the --enable-experimental-feature to simplify use of experimental features
+- Manage RPM GPG keys during the upgrade respecting used linux distributions
+- Minor fixes in reports
+- Prevent a crach during post-upgrade phases when no custom SELinux modules needs to be migrated
+- Update leapp upgrade data files
+- Resolves: RHEL-53801, RHEL-77945, RHEL-84978
+
+* Fri Feb 14 2025 Petr Stodulka <pstodulk@redhat.com> - 0.22.0-1
+- Rebase to new upstream 0.22.0
+- Minor updates in generated reports
+- Resolves: RHEL-67621, RHEL-67719, RHEL-16881
+
+* Wed Jan 29 2025 Petr Stodulka <pstodulk@redhat.com> - 0.21.0-6
+- Raise an inhibitor if unsupported target version supplied instead of error
+- Prevent a possible crash with LiveMode when adding the upgrade boot entry on systems with LVM
+- Fix the bootloader workaround for upgrades on ARM machines - covering also differences on AWS
+- Resolves: RHEL-67621, RHEL-51072, RHEL-41193
+
+* Fri Jan 17 2025 Petr Stodulka <pstodulk@redhat.com> - 0.21.0-5
+- Fix pes events scanner crashing when there are duplicate packages in the received instructions
+- Fix pes events scanner not respecting user’s transaction configuration
+- Fix storage scanner crashing when command outputs contain colon character
+- Activate LVM VGs with `--sysinit` option to correct the use in the upgrade initramfs
+- Minor improvements in preupgrade reports
+- Resolves: RHEL-67621, RHEL-34570, RHEL-44596, RHEL-50076
+
+* Tue Nov 19 2024 Matej Matuska <mmatuska@redhat.com> - 0.21.0-4
+- Use net.naming-scheme by default
+- Resolves: RHEL-23473
+
+* Mon Nov 18 2024 Petr Stodulka <pstodulk@redhat.com> - 0.21.0-3
+- Introduce upgrade path 8.10 -> 9.6
+- Require leapp-framework 6.0+
+- Update leapp-deps package to satisfy leapp-framework-dependencies 6
+- Add possibility to use net.naming-scheme during the upgrade
+- Cap max size of the sparse files to 1TiB for storage with large amount of free space
+- Enable upgrade for systems with LUKS bound to Clevis with TPM 2.0 token
+- Adjust resource limitations for leapp to be able to perform the upgrade
+- Fix problems with the bootloader when upgrading to RHEL 9.6 on ARM
+- Fix the report when handling broken parsing of kernel cmdline
+- Generate proper error message instead of ModelViolationError when parsing invalid repository definition
+- Handle default kernel cmdline when multiple boot entries for the default kernel are defined
+- Introduce a possibility to configure leapp actors covering RHUI on clouds
+- Skip checking of (PKI) `directory-hash` dir to speedup the upgrade process and clean logs
+- Update leapp upgrade data files
+- Resolves: RHEL-67621, RHEL-57064, RHEL-56251, RHEL-50686, RHEL-41193
+- Resolves: RHEL-34570, RHEL-26459, RHEL-23473, RHEL-16881, RHEL-3294
+
+* Mon Aug 19 2024 Petr Stodulka <pstodulk@redhat.com> - 0.21.0-2
+- Updated SPEC file to drop leapp repositories unrelated to IPU 8 -> 9
+- Resolves: RHEL-27847
+
+* Fri Aug 16 2024 Toshio Kuratomi <toshio@fedoraproject.org> - 0.21.0-1
+- Rebase to new upstream 0.21.0
+- Updated leapp data files.
+- Inhibit the upgrade to RHEL 9.5 on ARM architecture due to
+  incompatibility between the RHEL 8 bootloader and RHEL 9.5 kernel.
+- Introduce experimental upgrades in 'live' mode for the testing.
+- Resolves: RHEL-27847, RHEL-52993, RHEL-45280, RHEL-49748, RHEL-52186
+
+* Wed Jul 24 2024 Toshio Kuratomi <toshio@fedoraproject.org> - 0.20.0-5
+- Improve set_systemd_services_states logging
+- [IPU 7 -> 8] Fix detection of bootable device on RAID
+- Fix detection of valid sshd config with internal-sftp subsystem in Leapp
+- Handle a false positive GPG check error when TargetUserSpaceInfo is missing
+- Fix failing "update-ca-trust" command caused by missing util-linux package
+- Improve report when a system is unsupported
+- Fix handling of versions in RHUI configuration for ELS and SAP upgrades
+- Add missing RHUI GCP config info for RHEL for SAP
+- Fix upgrade on aarch64 via RHUI on AWS
+- Resolves: RHEL-33902, RHEL-38909, RHEL-30573, RHEL-43978, RHEL-39046, RHEL-39047, RHEL-39049
+
+* Thu May 30 2024 Petr Stodulka <pstodulk@redhat.com> - 0.20.0-4
+- Enable new upgrade path RHEL 8.10 -> 9.5
+- Minor updates in reports
+- Add information about leapp invocation to leapp.db
+- Resolves: RHEL-27847
+
+* Mon May 13 2024 Toshio Kuratomi <toshio@fedoraproject.org> - 0.20.0-3
+- Do not terminate the upgrade dracut module execution if
+  /sysroot/root/tmp_leapp_py3/.leapp_upgrade_failed exists
+- Several minor improvements in messages printed in console output
+- Several minor improvements in report and error messages
+- Fix the parsing of the lscpu output
+- Fix evaluation of PES data
+- Target by default always "GA" channel repositories unless a different
+  channel is specified for the leapp execution
+- Fix creation of the post upgrade report about changes in states of systemd
+  services
+- Update the device driver deprecation data, fixing invalid fields for some
+  AMD CPUs
+- Update the default kernel cmdline
+- Wait for the storage initialization when /usr is on separate file system -
+  covering SAN
+- Resolves: RHEL-27847, RHEL-35240
+
+* Tue Feb 20 2024 Petr Stodulka <pstodulk@redhat.com> - 0.20.0-2
+- Fallback to original RHUI solution on AWS to fix issues caused by changes in RHUI client
+- Resolves: RHEL-16729
+
+* Tue Feb 13 2024 Toshio Kuratomi <toshio@fedoraproject.org> - 0.20.0-1
+- Rebase to new upstream v0.20.0.
+- Fix semanage import issue
+- Fix handling of libvirt's systemd services
+- Add a dracut breakpoint for the pre-upgrade step.
+- Drop obsoleted upgrade paths (obsoleted releases: 8.6, 8.9, 9.0, 9.3)
+- Resolves: RHEL-16729
+
+* Tue Jan 23 2024 Toshio Kuratomi <toshio@fedoraproject.org> - 0.19.0-10
+- Print nice error msg when device and driver deprecation data is malformed
+- Fix another cornercase when preserving symlinks to certificates in /etc/pki
+- Update the leapp upgrade data files - fixing upgrades with idm-tomcatjss
+- Resolves: RHEL-16729
+
+* Fri Jan 19 2024 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-9
+- Do not try to download data files anymore when missing as the service
+  is obsoleted since the data is part of installed packages
+- Update error messages and reports when installed upgrade data files
+  are malformed or missing to instruct user how to resolve it
+- Update the leapp upgrade data files - bump data stream to "3.0"
+- Resolves: RHEL-16729
+
+* Fri Jan 12 2024 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-7
+- Add detection of possible usage of OpenSSL IBMCA engine on IBM Z machines
+- Add detection of modified /etc/pki/tls/openssl.cnf file
+- Update the leapp upgrade data files
+- Fix handling of symlinks under /etc/pki with relative paths specified
+- Report custom actors and modifications of the upgrade tooling
+- Requires xfsprogs and e2fsprogs to ensure that Ext4 and XFS tools are installed
+- Bump leapp-repository-dependencies to 10
+- Resolves: RHEL-1774, RHEL-16729
+
+* Thu Nov 16 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-5
+- Enable new upgrade path for RHEL 8.10 -> RHEL 9.4 (including RHEL with SAP HANA)
+- Introduce generic transition of systemd services states during the IPU
+- Introduce possibility to upgrade with local repositories
+- Improve possibilities of upgrade when a proxy is configured in DNF configutation file
+- Fix handling of symlinks under /etc/pki when managing certificates
+- Fix the upgrade with custom https repositories
+- Default to the NO_RHSM mode when subscription-manager is not installed
+- Detect customized configuration of dynamic linker
+- Drop the invalid `tuv` target channel for the --channel option
+- Fix the issue of going out of bounds in the isccfg parser
+- Fix traceback when saving the rhsm facts results and the /etc/rhsm/facts directory doesn’t exist yet
+- Load all rpm repository substitutions that dnf knows about, not just "releasever" only
+- Simplify handling of upgrades on systems using RHUI, reducing the maintenance burden for cloud providers
+- Detect possible unexpected RPM GPG keys has been installed during RPM transaction
+- Resolves: RHEL-16729
+
+* Thu Nov 02 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-4
+- Fix the upgrade for systems without subscription-manager package
+- Resolves: RHEL-14901
+
+* Tue Oct 31 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-3
+- Fix the upgrade when the release is locked by new subscription-manager
+- Resolves: RHEL-14901
+
+* Wed Aug 23 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-1
+- Rebase to v0.19.0
+- Requires leapp-framework 5.0
+- Handle correctly the installed certificates to allow upgrades with custom repositories using HTTPs with enabled SSL verification
+- Fix failing upgrades with devtmpfs file systems specified in FSTAB
+- Do not try to update GRUB core on IBM Z systems
+- Minor improvements and fixes of various reports and error messages
+- Redesign handling of information about kernel (booted and target) to reflect changes in RHEL 9.3
+- Use new leapp CLI API which provides better report summary output
+- Resolves: rhbz#2215997, rhbz#2222861, rhbz#2232618
+
+* Tue Jul 18 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-5
+- Fix the calculation of the required free space on each partitions/volume for the upgrade transactions
+- Create source overlay images with dynamic sizes to optimize disk space consumption
+- Update GRUB2 when /boot resides on multiple devices aggregated in RAID
+- Use new leapp CLI API which provides better report summary output
+- Introduce possibility to add (custom) kernel drivers to initramfs
+- Detect and report use of deprecated Xorg drivers
+- Fix the generation of the report about hybrid images
+- Inhibit the upgrade when unsupported x86-64 microarchitecture is detected
+- Minor improvements and fixes of various reports
+- Requires leapp-framework 4.0
+- Update leapp data files
+- Resolves: rhbz#2140011, rhbz#2144304, rhbz#2174095, rhbz#2215997
+
+* Mon Jun 19 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-4
+- Introduce new upgrade path RHEL 8.9 -> 9.3
+- Update leapp data files to reflect new changes between systems
+- Detect and report use of deprecated Xorg drivers
+- Minor improvements of generated reports
+- Fix false positive report about invalid symlinks
+- Inhibit the upgrade when unsupported x86-64 microarchitecture is detected
+- Resolves: rhbz#2215997
+
+* Mon Jun 05 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-3
+- Update the repomap.json file to address planned changes on RHUI Azure
+- Resolves: rhbz#2203800
+
+* Fri May 19 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-2
+- Include leap data files in the package
+- Introduce in-place upgrades for systems with enabled FIPS mode
+- Enable the upgrade path 8.8 -> 9.2 for RHEL with SAP HANA
+- Fix the upgrade of ruby-irb package
+- Resolves: rhbz#2030627, rhbz#2097003, rhbz#2203800, rhbz#2203803
+
+* Tue Feb 21 2023 Petr Stodulka <pstodulk@redhat.com> - 0.18.0-1
+- Rebase to v0.18.0
+- Introduce new upgrade path RHEL 8.8 -> 9.2
+- Requires cpio
+- Requires python3-gobject-base, NetworkManager-libnm
+- Bump leapp-repository-dependencies to 9
+- Add breadcrumbs results to RHSM facts
+- Add leapp RHUI packages to an allowlist to drop confusing reports
+- Added checks for RHEL SAP IPU 8.6 -> 9.0
+- Check RPM signatures during the upgrade
+- Check only mounted XFS partitions
+- Check the validity and compatitibility of used leapp data
+- Detect CIFS also when upgrading from RHEL8 to RHEL9 (PR1035)
+- Detect RoCE on IBM Z machines and check the configuration is safe for the upgrade
+- Detect a proxy configuration in YUM/DNF and adjust an error msg on issues caused by the configuration
+- Detect and report systemd symlinks that are broken before the upgrade
+- Detect the kernel-core RPM instead of kernel to prevent an error during post-upgrade phases
+- Disable the amazon-id DNF plugin on AWS during the upgrade stage to omit confusing error messages
+- Do not create new *pyc files when running leapp after the DNF upgrade transaction
+- Drop obsoleted upgrade paths
+- Enable upgrades of RHEL 8 for SAP HANA to RHEL 9 on ppc64le
+- Enable upgrades on s390x when /boot is part of rootfs
+- Extend the allow list of RHUI clients by azure-sap-apps to omit confusing report
+- Filter out PES events unrelated for the used upgrade path and handle overlapping event
+ (fixes upgrades with quagga installed)
+- Fix scan of ceph volumes on systems without ceph-osd or when ceph-osd container is not found
+- Fix systemd symlinks that become incorrect during the IPU
+- Fix the check of memory (RAM) limits and use human readable values in the report
+- Fix the kernel detection during initramfs creation for new kernel on RHEL 9.2+
+- Fix the upgrade of IBM Z machines configured with ZFCP
+- Fix the upgrade on Azure using RHUI for SAP Apps images
+- Ignore external accounts in /etc/passwd
+- Improve remediation instructions for packages in unknown repositories
+- Improve the error message to guide users when discovered more space is needed
+- Improve the handling of blocklisted certificates
+- Inhibit the upgrade when entries in /etc/fstab cause overshadowing during the upgrade
+- Introduced an option to use an ISO file as a target RHEL version content source
+- Introduced possibility to specify what systemd services should be enabled/disabled on the upgraded system
+- Introduced the --nogpgcheck option to skip checking of RPM signatures
+- Map the target repositories also based on the installed content
+- Prevent re-run of leapp in the upgrade initramfs in case of previous failure
+- Prevent the upgrade with RHSM when Baseos and Appstream target repositories are not discovered
+- Provide common information about systemd services
+- RHUI(Azure) Handle correctly various SAP images
+- Register subscribed systems automatically to Red Hat Insights unless --no-insights-register is used
+- Remove obsoleted GPG keys provided by RH after the upgrade to prevent errors
+- Rework the network configuration handling and parse the configuration data properly
+- Set the system release lock after the upgrade also for premium channels
+- Small improvements in various reports
+- Resolves: rhbz#2088492, rhbz#2111691, rhbz#2127920, rhbz#2129716,rhbz#2139907, rhbz#2139907, rhbz#2141393, rhbz#2143372, rhbz#2155661
+
+* Wed Sep 07 2022 Petr Stodulka <pstodulk@redhat.com> - 0.17.0-3
+- Adding back instruction to not install rubygem-irb during the in-place upgrade
+  to prevent conflict between files
+- Resolves: rhbz#2090995
+
+* Wed Sep 07 2022 Petr Stodulka <pstodulk@redhat.com> - 0.17.0-2
+- Update VDO checks to enable user to decide the system state on check failures
+  and undetermined block devices
+- The VDO dialog and related VDO reports have been properly updated
+- Resolves: rhbz#2096159
+
+* Wed Aug 24 2022 Petr Stodulka <pstodulk@redhat.com> - 0.17.0-1
+- Rebase to v0.17.0
+- Support upgrade path RHEL 8.7 -> 9.0 and RHEL SAP 8.6 -> 9.0
+- Provide and require leapp-repository-dependencies 7
+- Provide `leapp-command(<CMD>)` for each CLI command provided by leapp-repository
+- Require dracut, kmod, procps-ng on RHEL 8+
+- Require leapp-framework >= 3.1
+- Add actors covering removal of NIS components on RHEL 9
+- Add checks for obsolete .NET versions
+- Allow specifying the report schema v1.2.0
+- Check and handle upgrades with custom crypto policies
+- Check and migrate OpenSSH configuration
+- Check and migrate multipath configuration
+- Check minimum memory requirements
+- Do not create the upgrade bootloader entry when the dnf dry-run actor stops the upgrade
+- Enable Base and SAP in-place upgrades on Azure
+- Enable in-place upgrade in case LUKS volumes are Ceph OSDs
+- Enable in-place upgrades in Azure RHEL 8 base images using RHUI
+- Enable in-place upgrades on  IBM z16 machines
+- Enable the CRB repository for the upgrade only if enabled on the source system
+- Fix cloud provider detection on AWS
+- Fix detection of the latest kernel
+- Fix issues caused by leapp artifacts from previous in-place upgrades
+- Fix issues with false positive switch to emergency console during the upgrade
+- Fix swap page size on aarch64
+- Fix the VDO scanner to skip partitions unrelated to VDO and adjust error messages
+- Fix the false positive NFS storage detection on NFS servers and improve the report msg
+- Fix the issues on systems with the LANGUAGE environment variable
+- Fix the root directory scan to deal with non-utf8 filenames
+- Handle upgrades of SAP systems on AWS
+- Inform about necessary migrations related to bacula-director when installed on the system
+- Inhibit the upgrade when /var/lib/leapp being mounted in a non-persistent fashion to prevent failures
+- Inhibit the upgrade when /var/lib/leapp mounted with the noexec option to prevent failures
+- Inhibit upgrade when NVIDIA driver is detected
+- Make the application of custom selinux rules more reliable and do not override changes done by RPM scriptlets
+- Migrate the OpenSSL configuration
+- PESEventScanner actor has been fully refactored
+- Report changes around SCP and SFTP
+- Skip comment lines when parsing the GRUB configuration file
+- Stop propagating the “debug” and ”enforcing=0” kernel cmdline options into the target kernel cmdline options
+- Mass refactoring to be compatible with leapp v0.15.0
+- Resolves: rhbz#2090995, rhbz#2040470, rhbz#2092005, rhbz#2093220, rhbz#2095704, rhbz#2096159, rhbz#2100108, rhbz#2100110, rhbz#2103282, rhbz#2106904, rhbz#2110627
+
 * Wed Apr 27 2022 Petr Stodulka <pstodulk@redhat.com> - 0.16.0-6
 - Skip comments in /etc/default/grub during the parsing
 - Resolves: #1997076
Author	SHA1	Message	Date
eabdullin	7129e85d68	Import from CS git	2026-02-12 09:09:54 +00:00
eabdullin	3f0f8c21af	Import from CS git	2026-01-20 10:01:40 +00:00
eabdullin	316902b8f7	Import from CS git	2025-12-01 09:14:24 +00:00
eabdullin	76bbdddc33	Import from CS git	2025-09-12 09:34:00 +00:00
eabdullin	51f8cea591	Import from CS git	2025-07-21 11:47:55 +00:00
eabdullin	b71dc1da3a	Import from CS git	2025-06-24 11:34:57 +00:00
eabdullin	5bdc5cf293	Import from CS git	2025-05-15 07:48:12 +00:00
eabdullin	5b5f97e2e5	Import from CS git	2025-02-27 12:33:34 +00:00
eabdullin	c60931c8ff	Import from CS git	2025-01-23 09:27:51 +00:00
eabdullin	ef02e9e53b	Import from CS git	2024-11-25 09:10:29 +00:00
eabdullin	6e448a755d	import CS leapp-repository-0.20.0-2.el8	2024-05-22 10:44:17 +00:00
Andrew Lukoshko	7f3492f658	import CS leapp-repository-0.19.0-4.el8	2024-01-10 17:19:25 +00:00
CentOS Sources	7418c7fbb3	import leapp-repository-0.18.0-1.el8	2023-05-16 06:47:35 +00:00
CentOS Sources	205e8ee942	import leapp-repository-0.17.0-1.el8_6.2	2022-11-09 09:43:41 +00:00
CentOS Sources	091a7af850	import leapp-repository-0.17.0-3.el8	2022-11-08 10:42:38 +00:00