Rebase on upstream most recent version 0.23.0-1 (dcf53c28ea9c3fdd03277abcdeb1d124660f7f8e)#149
Merged
yuravk merged 99 commits intoAlmaLinux:almalinux-ng-0.23.0from Dec 1, 2025
Merged
Conversation
* add information about 'almalinux' new distro and its 'default' upgrade path * update mapping with 'almalinux' distro ID and its OS version format * add AlmaLinux OS release 9 and 10 RPM GPG keys, fingerprints of GPG keys, and obsoleted GPG keys * update unit tests to cover 'almalinux' (cherry picked from commit e2302c5)
Non-RHEL systems do not use Red Hat Subscription Manager (RHSM), therefore all RHSM related actions should be skipped on such systems. Changes: - The --no-rhsm option is implied on non-RHEL systems and LEAPP_NO_RHSM is forcefully set to 1. - Skip rhsm actions which are not skipped on RHEL even with --no-rhsm. Jira: RHEL-95975 (cherry picked from commit e2fad15)
This report is irrelevant on non-RHEL systems which don't use RHSM. (cherry picked from commit b207c64)
CentOS Stream systems the `stream` DNF variable is used instead of the `releasever`, which cause an issue when creating target repos, becuase the $stream variable is handled incorrectly. This patch is adjusting the content of /etc/dnf/vars/stream in scratch container, so $stream var is replaced with correct target version of system. Jira: RHEL-95982 (cherry picked from commit 9658b0b)
Update PES events data file. It includes also fixed PES events related to php module streams - fixing the DNF transaction when one of these rpms are installed. (cherry picked from commit 300e157)
The get_distro_id function from command_utils seeks wrong key in /etc/os-release. Instead of using 'ID', the function uses 'VERSION_ID', returning OS version (e.g. 9.6) instead of distro identifier such as RHEL. (cherry picked from commit cd161fd)
Execute isort when running the `fast_lint` target. Therefore, the target now matches the `lint` target, allowing the developer to see the results of running all of our linters on his/hers changes in a quick manner. (cherry picked from commit 315cb71)
Adding upgrade path 9.7 -> 10.1 for: - RHEL - AlmaLinux Adjust also CentOS virtual version to reflect actual state. Jira: RHEL-107228 (cherry picked from commit ba9c02e)
Adding the upgrade path 8.10 -> 9.7 for RHEL and Almalinux distros, making this upgrade path default now. Also update CI tests to reflect the changes. Note that tests for RHUI are not present at this moment yet - they will be added separately. Jira: RHEL-107228 (cherry picked from commit 5d1ea99) Keep AlmaLinux 9.6 -> 10.0 upgrade path.
The linux-firmware RPM has been rebased in RHEL 8.10.z, 9.6.z, 10.0.z, and updated in 9.4.z-eus. As the new rebased package contains dir <-> symlink change, it creates conflicts with old (not-updated) linux-firmware packages. To be able to test IPU 8.10.z -> 9.4, EUS repositories must be used for the target rhel 9.4 system as standard repositories do not receive updates anymore. (cherry picked from commit cb2408e)
Similarly to RHEL upgrades, we want to remove obsolete GPG keys, e.g. keys using SHA1 during Centos Stream upgrades. On CS9 (and also CS8) the gpg-pubkey-8483c65d-5ccc5b19 key imported from /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial is used. This key uses SHA1 and makes CS9 -> CS10 IPUs fail due to SHA1 being prohibited. This patch adds the key to the list of keys to remove during IPU. NOTE: The key used on CS10 is /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256 which uses SHA256, but after importing it it's also named gpg-pubkey-8483c65d-5ccc5b19. This isn't a problem because the SHA1 one is removed before the SHA256 one is imported, but it's something to keep in mind if there is CS10 -> CS11 sometime in he future. Jira: RHEL-104389 (cherry picked from commit 58aa9a7)
The old tool sss_ssh_knownhostsproxy was replaced by sss_ssh_knonwhosts in RHEL 10. SSH's configuration has to be updated from things like: ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h to: KnownHostsCommand /usr/bin/sss_ssh_knownhosts %H Three actors are added: * SSSDFacts: Retrieves facts about SSSD and SSH configuration related to the sss_ssh_knownhostsproxy tool. It dentifies files in the SSSD configuration including the `service` keyword, and files in the SSH configuration mentioning the tool. * SSSDCheck: Checks if there is something to do and, in that case, creates a report. File access is also checked and reported if they cannot be written to. * SSSDUpdate: Updates the SSSD and SSH configuration to use the new tool and meet its requirements. Each actor includes its test. Jira: https://issues.redhat.com/browse/IDM-107 (cherry picked from commit 5e8c298)
* device_driver_deprecation_data.json
* repomap.json
Upg paths are unchanged.
The following mappings for UpgPath(src_major='9', dst_major='10') have been added:
- MappingEntry(src='rhel9-rhui-client-config-server-9-sap', dst=('rhel10-rhui-client-config-server-10-sap',))
- MappingEntry(src='rhel9-rhui-microsoft-azure-sap-apps', dst=('rhel10-rhui-microsoft-azure-sap-apps',))
- MappingEntry(src='rhel9-rhui-microsoft-sap-ha', dst=('rhel10-rhui-microsoft-sap-ha',))
The following repos have been added:
- Repo(pesid='rhel10-AppStream', major_version='10', repoid='rhel-10-for-x86_64-appstream-e4s-rhui-rpms', repo_type='rpm', channel='e4s', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-AppStream', major_version='10', repoid='rhel-10-for-x86_64-appstream-eus-rhui-rpms', repo_type='rpm', channel='eus', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-BaseOS', major_version='10', repoid='rhel-10-for-x86_64-baseos-e4s-rhui-rpms', repo_type='rpm', channel='e4s', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-BaseOS', major_version='10', repoid='rhel-10-for-x86_64-baseos-eus-rhui-rpms', repo_type='rpm', channel='eus', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-HighAvailability', major_version='10', repoid='rhel-10-for-x86_64-highavailability-e4s-rhui-rpms', repo_type='rpm', channel='e4s', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-SAP-NetWeaver', major_version='10', repoid='rhel-10-for-x86_64-sap-netweaver-e4s-rhui-rpms', repo_type='rpm', channel='e4s', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-SAP-NetWeaver', major_version='10', repoid='rhel-10-for-x86_64-sap-netweaver-eus-rhui-rpms', repo_type='rpm', channel='eus', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-SAP-Solutions', major_version='10', repoid='rhel-10-for-x86_64-sap-solutions-e4s-rhui-rpms', repo_type='rpm', channel='e4s', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-rhui-client-config-server-10-sap', major_version='10', repoid='rhui-client-config-server-10-sap-bundle', repo_type='rpm', channel='ga', arch='x86_64', rhui='aws', distro='rhel')
- Repo(pesid='rhel10-rhui-microsoft-azure-sap-apps', major_version='10', repoid='rhui-microsoft-azure-rhel10-sapapps', repo_type='rpm', channel='eus', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-rhui-microsoft-sap-ha', major_version='10', repoid='rhui-microsoft-azure-rhel10-sap-ha', repo_type='rpm', channel='e4s', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel8-HighAvailability', major_version='8', repoid='rhel-8-for-x86_64-highavailability-aus-rpms', repo_type='rpm', channel='aus', arch='x86_64', rhui=None, distro='rhel')
(cherry picked from commit f73be94)
Add corresponding entries to known setups in the rhui.py library. Jira-ref: RHEL-104204, RHEL-104205 (cherry picked from commit f50b172)
This has been deprecated and replaced by DistributionSignedRPM since 2024-01-31. (cherry picked from commit 846057b)
ThirdPartyRPM is a more descriptive name as the model contains third-party packages as well. (cherry picked from commit 0177405)
Originally the redhatsignedrpmcheck actor has been written only with RHEL systems in mind and the expectation was that the only vendor as such is Red Hat. However, in case of other distributions that's not true. The existing report could be confusing for users and could set wrong expectations. This patch generalizes the actor with other distributions in mind: - the actor is renamed to distributionsignedrpmcheck - the report is updated to not mention the distribution/vendor name directly Jira: RHEL-80333 Co-authored-by: Petr Stodulka <pstodulk@redhat.com> (cherry picked from commit 73b2742)
Add an actor that scans the default boot entry by calling grubby. New model named 'DefaultSourceBootEntry' is introduced, allowing to share obtained information with actors. At the moment, only the initramfs path and kernel path are scanned, the rest of the default boot entry's information is ignored. (Done in preparation of:) Jira-ref: RHEL-102591 (cherry picked from commit 5a9dc2c)
Add an actor that scans the properties of the initramfs of the default boot entry. At the moment, only used dracut modules are determined, using `lsinitrd`. An accompanying model `DefaultInitramfsInfo` is introduced. (Done in preparation of:) Jira-ref: RHEL-102591 (cherry picked from commit 6994f3d)
Inhibit the upgrade if the initramfs of the source system's default boot entry was built using dracut modules that are not present on the target system. At the moment, only the `network-legacy` dracut module is detected. (cherry picked from commit ac92e20)
When fapolicy is running on system, the upgrade fails with error related to not sufficient permissions to /var/ilb/leapp/. To solve this issue, there needs to be added new rule to fapolicyd, so this change creates new rule and restart the service after any Leapp' packages transactions. Jira: RHEL-50847 (cherry picked from commit 7a3e2f6)
## Packaging - Require leapp-framework > 6.1 (oamg#1350) - Introduced leapp-upgrade-*-fapolicyd subpackage with config file for fapolicyd (oamg#1410) ## Upgrade handling ### Fixes - Disable localpkg_gpgcheck during the upgrade if set to allow installation of bundled leapp and leapp-repository deps packages (oamg#1401) - Fix in-place upgrades on systems using fapolicyd (oamg#1410) - Fix parsing of the kernel cmdline (oamg#1372) - Load DNF configuration in the `module.py` shared library to prevent errors when downloading remote content and proxy is required (oamg#1398) - Minor fixes in reports (oamg#1355, oamg#1371, oamg#1370, oamg#1402) - Prevent a crash during the Application phase when no custom SELinux modules needs to be handled post-upgrade (oamg#1352) - Sanitize the device driver deprecation data and the scan of deprecated PCI devices (oamg#1362, oamg#1376) - Skip checking ownership of files in the /etc/pki/ca-trust/extracted/pem/directory-hash directory (oamg#1405) - [IPU 8 -> 9] Fix broken bootloader on Azure hybrid images for systems previously upgraded from RHEL 7 (oamg#1284) - [IPU 9 -> 10] Create proper error message when the swap of RHUI clients fails (oamg#1353) - [IPU 9 -> 10] Exclude the leapp-upgrade-el9toel10 RPM from the upgrade transaction (oamg#1351) - [IPU 9 -> 10] Inhibit the upgrade on systems using deprecated network-legacy dracut module to prevent kernel panic (oamg#1412) ### Enhancements - Add IPU paths 8.10 -> 9.7 and 9.7 -> 10 (oamg#1411, oamg#1415) - Add RHEL 9.7 and 10.1 product certificates (oamg#1374) - Requires data with provided_data_streams 4.0+ (oamg#1375) - Generalize the solution to make it more distribution agnostic - Skip RHSM-related actions on non-RHEL distros (oamg#1407, oamg#1414) - Manage RPM GPG keys during the upgrade respecting used linux distributions (oamg#1378) - Respect the release_id of the OS when processing DNF repositories (oamg#1375) - Enable upgrades of CentOS Stream - Adjust the DNF `stream` variable during CentOS upgrades (oamg#1406) - Gracefully handle CentOS OS versions that do not provide a minor version number (oamg#1363, oamg#1396) - [IPU 9 -> 10] Remove obsoleted RPM GPG key when upgrading to CentOS 10 (oamg#1408) - Enable upgrades of AlmaLinux (oamg#1391) - Introduced the --enable-experimental-feature to simplify use of experimental features (oamg#1350) - Simplified use of the LiveMode experimental feature with additional enhancements (oamg#1350) - Unify definition and processing of defined upgrade paths (oamg#1359) - Update leapp upgrade data files, start to provide data stream 4.0 (oamg#1358, oamg#1380, oamg#1375, oamg#1388, oamg#1409, oamg#1418) - [IPU 8 -> 9] Add actor with recommendations for upgrade of MySQL (oamg#1335) - [IPU 9 -> 10] Add actors to migrate SSSD configuration (oamg#1397) - [IPU 9 -> 10] Enable upgrades on systems using RHUI on AWS, Azure, and Alibaba (oamg#1387, oamg#1383, oamg#1420) - [IPU 9 -> 10] Inhibit the upgrade if cgroups v1 are enabled on the system (oamg#1392) ## Additional changes interesting for devels - Documented more technical details about the LiveMode (oamg#1357, oamg#1366) - Makefile: Return non-zero exit code on failed tests in container (oamg#1382) - New deprecations introduced: - The `HybridImage` model has been replaced by `ConvertGrubenvTask`. (oamg#1284) - The `InstalledUnsignedRPM` model has been deprecated and replaced by `ThirdPartyRPM` (oamg#1402) - The `leapp.libraries.common.config.version.SUPPORTED_VERSIONS` variable is deprecated (oamg#1359) - the is_rhel_alt function from shared libraries has been deprecated (oamg#1377) - The rhui field in PESIDRepositoryEntry model is now plain string type instead of enumeration (oamg#1375) - Cleaning: - The el7toel8 repository has been removed (oamg#1385) - Removal of some deprecated models: InstalledRedHatSignedRPM, IPUPaths (oamg#1359, oamg#1402) - The `LEAPP_DEVEL_ENABLE_LIVE_MODE` envar has been dropped (oamg#1350) (cherry picked from commit c86de9a)
Implements detection and inhibition of the upgrade when DNF pluginpath is configured in /etc/dnf/dnf.conf: - Add DnfPluginPathDetected model to communicate detection results - Add ScanDnfPluginPath actor (FactsPhase) to scan DNF configuration - Add CheckDnfPluginPath actor (ChecksPhase) to create inhibitor report - Add related unit tests Localisation of dnf plugins is not constant between system releases which can cause issues with the upgrade, so the user should remove this option or comment it out. Jira: RHEL-69601 (cherry picked from commit dcf53c2)
Thank you for contributing to the Leapp project!Please note that every PR needs to comply with the leapp-repository contribution and development guidelines and must pass all tests in order to be mergeable.
Packit will automatically schedule regression tests for this PR's build and latest upstream leapp build.
Note that first time contributors cannot run tests automatically - they need to be started by a reviewer. It is possible to schedule specific on-demand tests as well. Currently 2 test sets are supported,
See other labels for particular jobs defined in the Please open ticket in case you experience technical problem with the CI. (RH internal only) Note: In case there are problems with tests not being triggered automatically on new PR/commit or pending for a long time, please contact leapp-infra. |
Originally we had implemented our own mount_usr.sh script, which took care about mounting the /usr when it is present on separate partition / mountpoint. It took care also about LVM activation. However, it has been problematic in various cases (e.g. when device needed more time for initialisation - e.g. when connected using FC). Let's use instead existing system solutions, starting the upgrade.target after initrd-fs.target (instead of just basic.target). IOW, let's get as close to the standard booting procedure when speaking about the storage, as possible. Note that the booting is still broken in this commit and needs additional changes made in followup commits. But due to complexity of the solution, keeping this separated. jira: RHEL-3344, RHEL-35446 (cherry picked from commit 004cec5)
Add LVM autoactivation mechanism to the upgrade initramfs. The core of the mechanism is based on a special udev rule that is triggered when a new device is detected. The rule then calls two lvm binaries (which are also included into the upgrade initrams) to activate the volume groups and logical volumes. (cherry picked from commit 04a2ec2)
Run systemd-fstab-generator to produce mount units that correspond to the content of source system's fstab. The generated mount units are then modified to mount /target into /sysroot/target, to reflect that the root of the source system is mounted as /sysroot. These mount units are made dependencies of local-fs.target, and, therefore, will be triggered by systemd before the upgrade. Assisted-by: Cursor (Claude Sonnet 4) Jira-ref: RHEL-35446 @pstodulk: Updated the code to cover also other systemd targets that can be covered by systemd-fstab-generator. Also cover the situation when a directory with systemd target (requires, wants) already exists. Tests have been updated. Note that there are still possible issues hidden in the generate mount unit files as we update at this moment just the `Where` clause however we are not touching anything else. (Before, After, RequiresMountsFor, ...). But keeping that for future development and testing. The call for `mount -a` is still present, we expect followup PRs at this point. Co-authored-by: Petr Stodulka <pstodulk@redhat.com> (cherry picked from commit 47fce17)
Potential error rise (StopActorExecutionError) is replaced with warning logs in the SSSD update file processing function. This prevents the upgrade from failing when accessing non-critical files. Also fix minor formatting nit picks. Jira: RHEL-108992 (cherry picked from commit e263598)
The distro.linux_distribution in createresumeservice test is replaced distro.id(). The distro.linux_distribution has been deprecated and on Fedora 42 containerized tests with python3.13 it doesn't work correctly and the createresumeservice tests don't get skipped. Jira: RHELMISC-13271 (cherry picked from commit 23d8f69)
Our changes towards using systemd-fstab-generator in the upgrade initramfs caused that we are mounting almost all partitions, including /boot (the actual mount target is /sysroot/boot) early in the boot process. When upgrading with FIPS, the dracut fips module tries to mount the device where the boot partition resides to check the integrity of the kernel, however, it fails as the boot block device is already mounted by us. This patch therefore introduces a static unit that bind-mounts What=/sysroot/boot to Where=/boot, making the contents of /boot available to the fips module. The bind-mounting service is introduced only if the source system has /boot on a separate partition. This is determined by checking whether anything shuld be mounted at /boot according to fstab. Jira-ref: RHEL-123886 (cherry picked from commit 0a20333)
This patch fixes handling of empty lines during parsing of output from `dnf config-manager --dump` command. Jira: RHEL-120328 (cherry picked from commit 9b06998)
Introduce actors to detect presence of third-party Python modules installed for target Python. Those modules could interfere with the upgrade process or cause issues after rebooting into the target system. Scanner (scanthirdpartytargetpythonmodules): - Identifies the target Python interpreter - Queries the target Python's sys.path to determine where it searches for modules - Recursively scans these directories for Python files (.py, .so, .pyc) - Cross-references found files against the RPM database to determine ownership and categorize them Checker (checkthirdpartytargetpythonmodules) creates a high severity report to inform users about findings and presents full list of them in logs and short version in report. Jira: RHEL-71882 (cherry picked from commit 428c460)
- DDDD reflects updates from kernel
- PES data contains various new events related to IPU 8 -> 9 -> 10
including data related to JB EAP
- Repomapping has been updated to cover JB EAP repositories
on intel for IPU 8 -> 9:
The following mappings for UpgPath(src_major='8', dst_major='9') have been added:
- MappingEntry(src='rhel8-jbeap-7.4', dst=('rhel9-jbeap-7.4',))
- MappingEntry(src='rhel8-jbeap-8.0', dst=('rhel9-jbeap-8.0',))
- MappingEntry(src='rhel8-jbeap-8.1', dst=('rhel9-jbeap-8.1',))
The following repos have been added:
- Repo(pesid='rhel8-jbeap-7.4', major_version='8', repoid='jb-eap-7.4-for-rhel-8-x86_64-rpms', repo_type='rpm', channel='ga', arch='x86_64', rhui=None, distro='rhel')
- Repo(pesid='rhel8-jbeap-8.0', major_version='8', repoid='jb-eap-8.0-for-rhel-8-x86_64-rpms', repo_type='rpm', channel='ga', arch='x86_64', rhui=None, distro='rhel')
- Repo(pesid='rhel8-jbeap-8.1', major_version='8', repoid='jb-eap-8.1-for-rhel-8-x86_64-rpms', repo_type='rpm', channel='ga', arch='x86_64', rhui=None, distro='rhel')
- Repo(pesid='rhel9-jbeap-7.4', major_version='9', repoid='jb-eap-7.4-for-rhel-9-x86_64-rpms', repo_type='rpm', channel='ga', arch='x86_64', rhui=None, distro='rhel')
- Repo(pesid='rhel9-jbeap-8.0', major_version='9', repoid='jb-eap-8.0-for-rhel-9-x86_64-rpms', repo_type='rpm', channel='ga', arch='x86_64', rhui=None, distro='rhel')
- Repo(pesid='rhel9-jbeap-8.1', major_version='9', repoid='jb-eap-8.1-for-rhel-9-x86_64-rpms', repo_type='rpm', channel='ga', arch='x86_64', rhui=None, distro='rhel')
Jira: RHEL-127066
(cherry picked from commit 60c4987)
Since b6e84f7, the sanity check, runs in each repository and doesn't respect $(REPOSITORIES). This breaks the sanity-check when it's run with a version of Python which is incompatible with the code in particular repository. For example with python3.6 and el9toel10 repo, python crashes with the following because python3.6 doesn't understand the type hint: File "/payload/repos/system_upgrade/el9toel10/actors/mysql/scanmysql/libraries/scanmysql.py", line 35, in <module> def _check_incompatible_config() -> set[str]: TypeError: 'type' object is not subscriptable (cherry picked from commit d9fe552)
The ACTOR variable for running tests of a single actor has long been unusable, git bisect led me to dc3abf6 as the commit where it was (first?) broken due to the same model module being defined in both el7toel8 and el8toel9 repos. This patch unfortunately doesn't fix that, but works around it by enabling the utils/actor_path.py script to search in specific repositories. These are passed from the Makefile via REPOSITORIES variable. As the Makefile rules for containerized tests already use repositories, the ACTOR variable is just passed along. NOTE: the code in actor_path.py is ugly and uses private APIs, however that's nothing new :). (cherry picked from commit 60a1fa8)
Using ACTOR withtout REPOSITORIES leads to a dead lock during actor discovery (likely due to the 'multipathconfcheck' actor). This patch adds a new make target that prevents the use of ACTOR without REPOSITORIES. (cherry picked from commit 4e182e8)
(cherry picked from commit b7f8622)
Allow setting the target OS for development purposes. Internally (cannot be set by the user) the LEAPP_TARGET_OS envar is set, similarly to how this works other arguments. Note that this patch only adds the variable and stores it into LEAPP_TARGET_OS, otherwise it is unhandled. (cherry picked from commit b2dab41)
Jira: RHEL-110563 (cherry picked from commit ff0f962)
The distros are now stored similarly to how versions are stored. CurrentActorMocked is modified to take src_distro and dst_distro as arguments. Although there is already release_id parameter which is kept for compatibility. Jira: RHEL-110563 (cherry picked from commit a8ed1d7)
This is required for conversions. The existing error message was improved to contain the key that is actually missing in the virtual versions map. Jira: RHEL-110563 (cherry picked from commit e32668c)
Jira: RHEL-110563 (cherry picked from commit 37f6e61)
The leapp.libraries.common.config.get_distro_id() function is deprecated and replaced by the variants for source and target distros - leapp.libraries.common.config.get_source_distro_id() and leapp.libraries.common.config.get_target_distro_id(). Upstream deprecation documentation has been also updated. Notable changes: - removeobsoletegpgkeys - actor needs to handle RPM GPG key removal differently during converting, for now it just returns early. - RepoMapDataHandler is modified to accept source and target distro independently and therefore perform mapping across different distros. Jira: RHEL-110563 (cherry picked from commit b4cb48b)
Currently the version "autocorrection" is performed only when the source system is centos, however we might get a major only version even when the source doesn't use them and the target does. For example when matching whether a version is between source and target version as is done in peseventsscanner. Jira: RHEL-110563 (cherry picked from commit fbb7cda)
The option specifies the target OS (distribution) to upgrade to. This sets the value of LEAPP_TARGET_OS, however LEAPP_DEVEL_TARGET_OS has precedence. If none of the envars are defined, default to the source distro i.e. only upgrade, no conversion, will be performed. The available options are 'rhel', 'centos' and 'almalinux'. Note that the "ID" value from /etc/os-release is used and therefore 'centos' really refers to Centos Stream. Jira: RHEL-110563 (cherry picked from commit f688fbf)
With the introduction of --target-os option, the --target option is a bit ambiguous, therefore --target-version is added as an alias. The leapp-framework dependency version is bumped from 6.1 to 6.2, because 6.2 introduces the ability to add an alias to an option. Jira: RHEL-110563 (cherry picked from commit 2df44df)
On CS to RHEL upgrades, particularly on 9->10, there is only one upgrade path defined, CS 9 -> latest RHEL 10 (10.X). However a situation may occur, in which the latest RHEL version has not yet been publicly released, e.g. in pre-release builds. This is problematic because the upgrade fails if the content is not yet available. If this happens the user is informed via a hint in the error message to specify the latest available RHEL version (the previous minor version) manually using the --target-version CLI option. To make leapp consider the previous minor version as supported without adding it to upgrade_paths.json (which would affect RHEL->RHEL upgrades), it is added to the IPUConfig message after processing the json. Also, in the error message, move the existing proxy hints from 'details' to 'hint', otherwise the original exeception message, which is in 'details' is overwritten. Jira: RHEL-110563 (cherry picked from commit 3c74cd2)
(cherry picked from commit 7bd5eaf)
This patch fixes a crash when executing upgrade on a system with version that is not defined in the supported upgrade paths map and when the fallback mechanism for this particular case fails as well. The upgrade process is now terminated with an error instead of a trace back. Jira: RHEL-120252 (cherry picked from commit 2b4d631)
The upgrade paths map contains fallback entries which make sure a target upgrade version is found regardless of the source minor version. This patch defines fallback entries for AlmaLinux. Jira: RHEL-120252 (cherry picked from commit ec92108)
Only the most common EL repos are mapped, still a bunch of unmapped, most notably resilientstorage and extras, leaving that up for a followup. Jira: RHEL-125081 (cherry picked from commit 249cd3b)
(cherry picked from commit 1340bd7)
The inhibitor, that checks if cgroups-v1 are enabled, generated remediation command which had incorrect form. This patch fixes the separator used for kernel arguments that need to be removed. (cherry picked from commit 4feb11f)
Add auxilliary key 2, auxilliary key 3 and the old signing key to "keys". These were handled in obsoleted-keys, but not used here. Add beta key to keys obsoleted in rhel 8. (cherry picked from commit 3f5bb62)
Add SIG Extras key to "keys". (cherry picked from commit 7e345c8) Keep in "keys" CentOS7 (AltArch) key 6c7cb6ef305d49d6
When doing upgrade + conversion, removing obsolete GPG from the current
(or target for that matter) distro doesn't make sense, because we are
moving to a different distro.
Instead, all distro provided keys from the source distro need to be
removed, as the target distro uses it's own keys. Those are imported
elsewhere later during the upgrade.
A new list is added to the gpg-signatures.json maps, which contains the
names of the fake RPMs "generated" upon importing a GPG key into the RPM
DB.
These are in the order the key IDs ("keys" in the map) are in, however
the mapping is not always 1:1 (e.g. the Centos SIG Extras keys).
The key id could be mapped to the RPM names, however since the RPM NVR
format is:
gpg-pubkey-<last 8 chars from key ID>-<creation time of the signature packet>
there could be a collision between the key IDs.
Some key RPMs are missing in Alma Linux map as I couldn't find out what
keys some the fingerprints correspond to.
Jira: RHEL-110190
I addded annotations to the keys at:
https://github.com/oamg/leapp-repository/wiki/gpg%E2%80%90signatures.json-key-annotations.
(cherry picked from commit 37a071d)
Keep in the map:
- CloudLinux TuxCare key d07bf2a08d50eb66
- CentOS7 AltArch key 6c7cb6ef305d49d6
The existing coding and PR workflow guidelines are split into separate pages under "Contrbuting" and the new doc is added there as well. Jira: RHEL-110563 (cherry picked from commit eabab8c)
yuravk
force-pushed
the
almalinux-ng-0.23.0
branch
from
edea7e0 to
ecdb84c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.