From 0bfbf5e03ce5a9f1b1c56188b416d45b8aefe9b8 Mon Sep 17 00:00:00 2001
From: Michael Calmer <mc@suse.de>
Date: Mon, 14 Aug 2023 15:02:36 +0200
Subject: [PATCH] check that billing-data-service files are not modified

---
 java/code/src/com/suse/cloud/CloudPaygManager.java | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/java/code/src/com/suse/cloud/CloudPaygManager.java b/java/code/src/com/suse/cloud/CloudPaygManager.java
index a6bef1d10bf2..10df07306963 100644
--- a/java/code/src/com/suse/cloud/CloudPaygManager.java
+++ b/java/code/src/com/suse/cloud/CloudPaygManager.java
@@ -18,6 +18,7 @@
 import com.redhat.rhn.domain.credentials.Credentials;
 import com.redhat.rhn.domain.credentials.CredentialsFactory;
 import com.redhat.rhn.manager.content.ContentSyncManager;
+import com.redhat.rhn.manager.satellite.SystemCommandExecutor;
 import com.redhat.rhn.taskomatic.TaskomaticApi;
 import com.redhat.rhn.taskomatic.TaskomaticApiException;
 
@@ -246,6 +247,19 @@ private boolean detectIsCompliant() {
             return false;
         }
 
+        // files of this package should not be modified
+        String[] cmd = {"/usr/bin/rpm", "-V", "billing-data-service"};
+        SystemCommandExecutor scexec = new SystemCommandExecutor();
+        int retcode = scexec.execute(cmd);
+        if (retcode != 0) {
+            // 5 means checksum changed / file is modified. Example "S.5....T.  /path/to/file"
+            if (scexec.getLastCommandOutput().lines().anyMatch(l -> l.charAt(2) == '5')) {
+                LOG.error("Billing Data Service has modifications");
+                LOG.info(scexec.getLastCommandOutput());
+                return false;
+            }
+        }
+
         // we only need to check compliance for SUMA PAYG
         try {
             if (!requestUrl("http://localhost:18888/").equals("online")) {