From 8e385f2a978596a59990b8332eda482d32506c9c Mon Sep 17 00:00:00 2001 From: Johannes Hahn Date: Tue, 20 Jun 2023 17:05:28 +0200 Subject: [PATCH 01/53] Update jetty-util to version 9.4.51 --- java/buildconf/ivy/ivy-suse.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/buildconf/ivy/ivy-suse.xml b/java/buildconf/ivy/ivy-suse.xml index 4867aa9d61a6..49770255499e 100644 --- a/java/buildconf/ivy/ivy-suse.xml +++ b/java/buildconf/ivy/ivy-suse.xml @@ -121,7 +121,7 @@ - + From 955fdabe802b1fdddf69c5726bb511a6d76ffa0f Mon Sep 17 00:00:00 2001 From: Johannes Hahn Date: Tue, 20 Jun 2023 17:08:52 +0200 Subject: [PATCH 02/53] Update changelog --- java/spacewalk-java.changes | 2 ++ 1 file changed, 2 insertions(+) diff --git a/java/spacewalk-java.changes b/java/spacewalk-java.changes index 2ab418c5953f..1914c9a8920d 100644 --- a/java/spacewalk-java.changes +++ b/java/spacewalk-java.changes @@ -1,3 +1,5 @@ +- Update jetty-util to version 9.4.51 (for dev and test) + ------------------------------------------------------------------- Wed Apr 19 12:47:06 CEST 2023 - marina.latini@suse.com From 8033e3bc2d4f6c35b53f4d684b8b71619b51e883 Mon Sep 17 00:00:00 2001 From: Johannes Hahn Date: Tue, 20 Jun 2023 18:10:16 +0200 Subject: [PATCH 03/53] Update tomcat jars --- java/buildconf/ivy/ivy-suse.xml | 12 ++++++------ java/spacewalk-java.changes | 1 + 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/java/buildconf/ivy/ivy-suse.xml b/java/buildconf/ivy/ivy-suse.xml index 49770255499e..0dca994c5b1b 100644 --- a/java/buildconf/ivy/ivy-suse.xml +++ b/java/buildconf/ivy/ivy-suse.xml @@ -112,12 +112,12 @@ - - - - - - + + + + + + diff --git a/java/spacewalk-java.changes b/java/spacewalk-java.changes index 1914c9a8920d..ddbac88dae11 100644 --- a/java/spacewalk-java.changes +++ b/java/spacewalk-java.changes @@ -1,3 +1,4 @@ +- Update tomcat jars to version 9.0.75 (for dev and test) - Update jetty-util to version 9.4.51 (for dev and test) ------------------------------------------------------------------- From 2337007a73cd0ad57fcd3a858e7c3684dff4c648 Mon Sep 17 00:00:00 2001 From: Johannes Hahn Date: Wed, 21 Jun 2023 10:23:26 +0200 Subject: [PATCH 04/53] Update changelog entries --- java/spacewalk-java.changes | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/spacewalk-java.changes b/java/spacewalk-java.changes index ddbac88dae11..127d7415752e 100644 --- a/java/spacewalk-java.changes +++ b/java/spacewalk-java.changes @@ -1,5 +1,5 @@ -- Update tomcat jars to version 9.0.75 (for dev and test) -- Update jetty-util to version 9.4.51 (for dev and test) +- Update tomcat jars to version 9.0.75 +- Update jetty-util to version 9.4.51 ------------------------------------------------------------------- Wed Apr 19 12:47:06 CEST 2023 - marina.latini@suse.com From 1d95c62b4056363e5fd54d6161e77d164d48f37f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Thu, 13 Apr 2023 16:32:48 +0200 Subject: [PATCH 05/53] Don't log generated SSL certificate and key. --- .../com/redhat/rhn/common/util/FileUtils.java | 16 +++++++++++++++- .../src/com/suse/manager/ssl/SSLCertManager.java | 4 ++-- java/spacewalk-java.changes | 2 ++ 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/java/code/src/com/redhat/rhn/common/util/FileUtils.java b/java/code/src/com/redhat/rhn/common/util/FileUtils.java index 5b4258c81508..1d34b5c54e4a 100644 --- a/java/code/src/com/redhat/rhn/common/util/FileUtils.java +++ b/java/code/src/com/redhat/rhn/common/util/FileUtils.java @@ -114,6 +114,20 @@ public static void setAttributes(Path path, String user, String group, Set Date: Thu, 13 Apr 2023 17:19:07 +0200 Subject: [PATCH 06/53] Remove logging tiny url parameters --- .../rhn/frontend/action/common/TinyUrlAction.java | 12 ------------ java/spacewalk-java.changes | 1 + 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/java/code/src/com/redhat/rhn/frontend/action/common/TinyUrlAction.java b/java/code/src/com/redhat/rhn/frontend/action/common/TinyUrlAction.java index 26dde432c0ce..d3a0de0a104e 100644 --- a/java/code/src/com/redhat/rhn/frontend/action/common/TinyUrlAction.java +++ b/java/code/src/com/redhat/rhn/frontend/action/common/TinyUrlAction.java @@ -14,7 +14,6 @@ */ package com.redhat.rhn.frontend.action.common; -import com.redhat.rhn.common.util.StringUtil; import com.redhat.rhn.domain.common.CommonFactory; import com.redhat.rhn.domain.common.TinyUrl; import com.redhat.rhn.frontend.struts.RhnAction; @@ -25,8 +24,6 @@ import org.apache.struts.action.ActionForward; import org.apache.struts.action.ActionMapping; -import java.util.Enumeration; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -47,15 +44,6 @@ public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { String token = request.getParameter(TY_TOKEN); - if (log.isDebugEnabled()) { - log.debug("token: {}", StringUtil.sanitizeLogInput(token)); - Enumeration e = request.getParameterNames(); - while (e.hasMoreElements()) { - String name = e.nextElement(); - log.debug("param.name: {} val: {}", StringUtil.sanitizeLogInput(name), - StringUtil.sanitizeLogInput(request.getParameter(name))); - } - } TinyUrl turl = CommonFactory.lookupTinyUrl(token); if (turl != null) { diff --git a/java/spacewalk-java.changes b/java/spacewalk-java.changes index 42c321ba2159..75349cb1d885 100644 --- a/java/spacewalk-java.changes +++ b/java/spacewalk-java.changes @@ -1,3 +1,4 @@ +- Don't output URL parameters for tiny urls CVE-2023-22644 (bsc#1210101) - Do not log SSL certificate / key file content CVE-2023-22644 (bsc#1210094) ------------------------------------------------------------------- From e5aaa5fd576db0f302794da3f7d39326862c6b68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Tue, 18 Apr 2023 13:52:52 +0200 Subject: [PATCH 07/53] Don't output cobbler xml-rpc token in debug logs --- .../kickstart/cobbler/CobblerDistroCreateCommand.java | 6 ------ .../rhn/manager/kickstart/cobbler/CobblerLoginCommand.java | 4 ++-- java/spacewalk-java.changes | 1 + 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/java/code/src/com/redhat/rhn/manager/kickstart/cobbler/CobblerDistroCreateCommand.java b/java/code/src/com/redhat/rhn/manager/kickstart/cobbler/CobblerDistroCreateCommand.java index 17e29c4043b3..f275ecece12b 100644 --- a/java/code/src/com/redhat/rhn/manager/kickstart/cobbler/CobblerDistroCreateCommand.java +++ b/java/code/src/com/redhat/rhn/manager/kickstart/cobbler/CobblerDistroCreateCommand.java @@ -24,9 +24,6 @@ import com.redhat.rhn.domain.user.User; import com.redhat.rhn.manager.satellite.CobblerSyncCommand; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - import java.util.List; /** @@ -34,7 +31,6 @@ */ public class CobblerDistroCreateCommand extends CobblerDistroCommand { - private static Logger log = LogManager.getLogger(CobblerDistroCreateCommand.class); private boolean syncProfiles; /** * Constructor @@ -74,8 +70,6 @@ public CobblerDistroCreateCommand(KickstartableTree ksTreeIn, */ @Override public ValidatorError store() { - log.debug("Token : [{}]", xmlRpcToken); - CobblerDistroHelper.getInstance().createDistroFromTree( CobblerXMLRPCHelper.getConnection(user), tree); diff --git a/java/code/src/com/redhat/rhn/manager/kickstart/cobbler/CobblerLoginCommand.java b/java/code/src/com/redhat/rhn/manager/kickstart/cobbler/CobblerLoginCommand.java index d21e442feb41..9fd3ef1eeeef 100644 --- a/java/code/src/com/redhat/rhn/manager/kickstart/cobbler/CobblerLoginCommand.java +++ b/java/code/src/com/redhat/rhn/manager/kickstart/cobbler/CobblerLoginCommand.java @@ -57,7 +57,7 @@ public String login(String usernameIn, String passwordIn) { throw new NoCobblerTokenException( "We had an error trying to login.", e); } - log.debug("token received from cobbler: {}", retval); + log.debug("token received from cobbler"); return retval; } @@ -91,7 +91,7 @@ public boolean checkToken(String token) { throw new NoCobblerTokenException( "We errored out trying to check the token.", e); } - log.debug("token received from cobbler: {}", retval); + log.debug("token received from cobbler"); return retval; } diff --git a/java/spacewalk-java.changes b/java/spacewalk-java.changes index 75349cb1d885..f7792378c988 100644 --- a/java/spacewalk-java.changes +++ b/java/spacewalk-java.changes @@ -1,3 +1,4 @@ +- Do not output cobbler xmlrpc token in debug logs CVE-2023-22644 (bsc#1210162) - Don't output URL parameters for tiny urls CVE-2023-22644 (bsc#1210101) - Do not log SSL certificate / key file content CVE-2023-22644 (bsc#1210094) From a3ac2bea670d383ac34e25318c6555654efb942e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Tue, 18 Apr 2023 14:35:23 +0200 Subject: [PATCH 08/53] Fix sonarcloud template parameters errors --- .../manager/kickstart/cobbler/CobblerLoginCommand.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/java/code/src/com/redhat/rhn/manager/kickstart/cobbler/CobblerLoginCommand.java b/java/code/src/com/redhat/rhn/manager/kickstart/cobbler/CobblerLoginCommand.java index 9fd3ef1eeeef..c51f99d165bf 100644 --- a/java/code/src/com/redhat/rhn/manager/kickstart/cobbler/CobblerLoginCommand.java +++ b/java/code/src/com/redhat/rhn/manager/kickstart/cobbler/CobblerLoginCommand.java @@ -44,10 +44,10 @@ public String login(String usernameIn, String passwordIn) { XMLRPCInvoker helper = (XMLRPCInvoker) MethodUtil.getClassFromConfig( CobblerXMLRPCHelper.class.getName()); - List args = new ArrayList<>(); + List args = new ArrayList<>(); args.add(usernameIn); args.add(passwordIn); - String retval = null; + String retval; try { retval = (String) helper.invokeMethod("login", args); } @@ -73,9 +73,9 @@ public boolean checkToken(String token) { XMLRPCInvoker helper = (XMLRPCInvoker) MethodUtil.getClassFromConfig( CobblerXMLRPCHelper.class.getName()); - List args = new ArrayList<>(); + List args = new ArrayList<>(); args.add(token); - Boolean retval = null; + Boolean retval; try { retval = (Boolean) helper.invokeMethod("token_check", args); if (retval == null) { From af2bdad2ae9a253cefd2de897c862300c6e9ba27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Thu, 13 Apr 2023 16:56:49 +0200 Subject: [PATCH 09/53] Remove SessionSwap secret logging --- .../code/src/com/redhat/rhn/common/security/SessionSwap.java | 5 ----- java/spacewalk-java.changes | 1 + 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/java/code/src/com/redhat/rhn/common/security/SessionSwap.java b/java/code/src/com/redhat/rhn/common/security/SessionSwap.java index 6126750640f7..19c4bb2ea3fb 100644 --- a/java/code/src/com/redhat/rhn/common/security/SessionSwap.java +++ b/java/code/src/com/redhat/rhn/common/security/SessionSwap.java @@ -170,11 +170,6 @@ public static String rhnHmacData(List text) { String joinedText = StringUtils.join(text.iterator(), "\0"); - - if (log.isDebugEnabled()) { - log.debug("Data : [{}]", joinedText); - log.debug("Key : [{}]", swapKey); - } String retval = HMAC.sha1(joinedText, swapKey.toString()); if (log.isDebugEnabled()) { log.debug("retval: {}", retval); diff --git a/java/spacewalk-java.changes b/java/spacewalk-java.changes index f7792378c988..e4fdec983ef1 100644 --- a/java/spacewalk-java.changes +++ b/java/spacewalk-java.changes @@ -1,3 +1,4 @@ +- Remove web session swap secrets output in logs CVE-2023-22644 (bsc#1210086) - Do not output cobbler xmlrpc token in debug logs CVE-2023-22644 (bsc#1210162) - Don't output URL parameters for tiny urls CVE-2023-22644 (bsc#1210101) - Do not log SSL certificate / key file content CVE-2023-22644 (bsc#1210094) From 5ede859a9039415bec72a364c41471e10956953d Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Thu, 13 Apr 2023 16:56:19 +0200 Subject: [PATCH 10/53] fix secrets disclosure when debug log is enabled --- .../renderers/setupwizard/MirrorCredentialsRenderer.java | 4 +--- .../src/com/redhat/rhn/manager/session/SessionManager.java | 1 - java/spacewalk-java.changes | 2 ++ 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/java/code/src/com/redhat/rhn/frontend/action/renderers/setupwizard/MirrorCredentialsRenderer.java b/java/code/src/com/redhat/rhn/frontend/action/renderers/setupwizard/MirrorCredentialsRenderer.java index a9affeecf970..d6c218e996ef 100644 --- a/java/code/src/com/redhat/rhn/frontend/action/renderers/setupwizard/MirrorCredentialsRenderer.java +++ b/java/code/src/com/redhat/rhn/frontend/action/renderers/setupwizard/MirrorCredentialsRenderer.java @@ -89,9 +89,7 @@ public String saveCredentials(HttpServletRequest request, Long id, String user, creds = new MirrorCredentialsDto(user, password); } - if (logger.isDebugEnabled()) { - logger.debug("Saving credentials: {}:{}", user, password); - } + logger.debug("Saving credentials for user '{}'", user); try { credsManager.storeMirrorCredentials(creds, request); } diff --git a/java/code/src/com/redhat/rhn/manager/session/SessionManager.java b/java/code/src/com/redhat/rhn/manager/session/SessionManager.java index 15b23f030608..a235d12c4e2f 100644 --- a/java/code/src/com/redhat/rhn/manager/session/SessionManager.java +++ b/java/code/src/com/redhat/rhn/manager/session/SessionManager.java @@ -340,7 +340,6 @@ public static boolean isPxtSessionKeyValid(String key) { if (data != null && data.length == 2) { String recomputedkey = generateSessionKey(data[0]); - logger.debug("recomputed [{}] cookiekey [{}]", recomputedkey, data[1]); return recomputedkey.equals(data[1]); } diff --git a/java/spacewalk-java.changes b/java/spacewalk-java.changes index e4fdec983ef1..1424da1ff9b6 100644 --- a/java/spacewalk-java.changes +++ b/java/spacewalk-java.changes @@ -1,3 +1,5 @@ +- fix credentials and other secrets disclosure when debug log is enabled + CVE-2023-22644 (bsc#1210154) - Remove web session swap secrets output in logs CVE-2023-22644 (bsc#1210086) - Do not output cobbler xmlrpc token in debug logs CVE-2023-22644 (bsc#1210162) - Don't output URL parameters for tiny urls CVE-2023-22644 (bsc#1210101) From 328d37047d666b057149bcd89665cee7abf090a8 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Thu, 27 Apr 2023 13:11:27 +0200 Subject: [PATCH 11/53] fix session information leak --- .../frontend/action/kickstart/KickstartHelper.java | 5 ----- java/code/src/org/cobbler/CobblerConnection.java | 13 +++++++++++-- java/spacewalk-java.changes | 1 + 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/java/code/src/com/redhat/rhn/frontend/action/kickstart/KickstartHelper.java b/java/code/src/com/redhat/rhn/frontend/action/kickstart/KickstartHelper.java index 508f9b0a10b5..51831f48230e 100644 --- a/java/code/src/com/redhat/rhn/frontend/action/kickstart/KickstartHelper.java +++ b/java/code/src/com/redhat/rhn/frontend/action/kickstart/KickstartHelper.java @@ -145,7 +145,6 @@ public Map parseKickstartUrl(String url) { KickstartSessionUpdateCommand cmd = new KickstartSessionUpdateCommand(kssid); ksdata = cmd.getKsdata(); retval.put(SESSION, cmd.getKickstartSession()); - log.debug("session: {}", retval.get(SESSION)); cmd.setSessionState(KickstartFactory.SESSION_STATE_CONFIG_ACCESSED); cmd.store(); mode = SESSION; @@ -192,8 +191,6 @@ else if (mode.equals(ORG_DEFAULT)) { if (log.isDebugEnabled()) { - log.debug("session : {}", - StringUtil.sanitizeLogInput(retval.get(SESSION).toString())); log.debug("options.containsKey(VIEW_LABEL): {}", options.containsKey(VIEW_LABEL)); log.debug("ksdata : {}", ksdata); } @@ -278,7 +275,6 @@ public String getKickstartHost() { // gsaTRKpX6AxkUFQ11A==:fjs-0-12.rhndev.redhat.com String proxyHeader = request.getHeader(XRHNPROXYAUTH); - log.debug("X-RHN-Proxy-Auth : {}", proxyHeader); if (!StringUtils.isEmpty(proxyHeader)) { String[] proxies = StringUtils.split(proxyHeader, ","); @@ -288,7 +284,6 @@ public String getKickstartHost() { log.debug("first1: {}", firstProxy); String[] chunks = StringUtils.split(firstProxy, ":"); firstProxy = chunks[chunks.length - 1]; - log.debug("first2: {}", firstProxy); log.debug("Kickstart host from proxy header: {}", firstProxy); return firstProxy; } diff --git a/java/code/src/org/cobbler/CobblerConnection.java b/java/code/src/org/cobbler/CobblerConnection.java index dfcb599da094..a39ecf3c839b 100644 --- a/java/code/src/org/cobbler/CobblerConnection.java +++ b/java/code/src/org/cobbler/CobblerConnection.java @@ -139,8 +139,17 @@ public String login(String login, String password) { * @param args to pass to method * @return Object returned. */ - private Object invokeMethod(String procedureName, List args) { - log.debug("procedure: {} args: {}", procedureName, args); + private Object invokeMethod(String procedureName, List args) { + if (log.isDebugEnabled()) { + List dbgArgs = new LinkedList<>(args); + String lastArg = (String) dbgArgs.get(dbgArgs.size() - 1); + if (lastArg.length() == 36 && lastArg.endsWith("==")) { + // probably a base64 token + dbgArgs.remove(dbgArgs.size() - 1); + dbgArgs.add(""); + } + log.debug("procedure: {} args: {}", procedureName, dbgArgs); + } Object retval; try { retval = client.invoke(procedureName, args); diff --git a/java/spacewalk-java.changes b/java/spacewalk-java.changes index 127d7415752e..eebdf6deb577 100644 --- a/java/spacewalk-java.changes +++ b/java/spacewalk-java.changes @@ -1,3 +1,4 @@ +- fix session information leak CVE-2023-22644 (bsc#1210107) - Update tomcat jars to version 9.0.75 - Update jetty-util to version 9.4.51 From ea9afa04dadc2b6521f37f0f8120f096d2a83ed0 Mon Sep 17 00:00:00 2001 From: Marina Latini Date: Thu, 22 Jun 2023 18:59:59 +0200 Subject: [PATCH 12/53] Automatic commit of package [spacewalk-java] release [4.4.18-1]. --- java/spacewalk-java.changes | 22 +++++++++++++--------- java/spacewalk-java.spec | 2 +- rel-eng/packages/spacewalk-java | 2 +- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/java/spacewalk-java.changes b/java/spacewalk-java.changes index 2871c47c2cca..97eb1416f818 100644 --- a/java/spacewalk-java.changes +++ b/java/spacewalk-java.changes @@ -1,12 +1,16 @@ -- fix session information leak CVE-2023-22644 (bsc#1210107) -- fix credentials and other secrets disclosure when debug log is enabled - CVE-2023-22644 (bsc#1210154) -- Remove web session swap secrets output in logs CVE-2023-22644 (bsc#1210086) -- Do not output cobbler xmlrpc token in debug logs CVE-2023-22644 (bsc#1210162) -- Don't output URL parameters for tiny urls CVE-2023-22644 (bsc#1210101) -- Do not log SSL certificate / key file content CVE-2023-22644 (bsc#1210094) -- Update tomcat jars to version 9.0.75 -- Update jetty-util to version 9.4.51 +------------------------------------------------------------------- +Thu Jun 22 18:59:40 CEST 2023 - marina.latini@suse.com + +- version 4.4.18-1 + * Fix session information leak CVE-2023-22644 (bsc#1210107) + * Fix credentials and other secrets disclosure when debug log is enabled + CVE-2023-22644 (bsc#1210154) + * Remove web session swap secrets output in logs CVE-2023-22644 (bsc#1210086) + * Do not output cobbler xmlrpc token in debug logs CVE-2023-22644 (bsc#1210162) + * Do not output URL parameters for tiny urls CVE-2023-22644 (bsc#1210101) + * Do not log SSL certificate / key file content CVE-2023-22644 (bsc#1210094) + * Update tomcat jars to version 9.0.75 + * Update jetty-util to version 9.4.51 ------------------------------------------------------------------- Wed Apr 19 12:47:06 CEST 2023 - marina.latini@suse.com diff --git a/java/spacewalk-java.spec b/java/spacewalk-java.spec index 2abc1acb677a..e09ec4e0b2f7 100644 --- a/java/spacewalk-java.spec +++ b/java/spacewalk-java.spec @@ -59,7 +59,7 @@ Name: spacewalk-java Summary: Java web application files for Spacewalk License: GPL-2.0-only Group: Applications/Internet -Version: 4.4.17 +Version: 4.4.18 Release: 1 URL: https://github.com/uyuni-project/uyuni Source0: https://github.com/uyuni-project/uyuni/archive/%{name}-%{version}-1.tar.gz diff --git a/rel-eng/packages/spacewalk-java b/rel-eng/packages/spacewalk-java index 1316cec52472..7b078f0dc0d2 100644 --- a/rel-eng/packages/spacewalk-java +++ b/rel-eng/packages/spacewalk-java @@ -1 +1 @@ -4.4.17-1 java/ +4.4.18-1 java/ From 532f0790f881b497af4855a0978ebaee24068de5 Mon Sep 17 00:00:00 2001 From: Sebastian Engel Date: Sun, 29 Jan 2023 13:15:59 +0100 Subject: [PATCH 13/53] Add spacecmd function - cryptokey_update --- spacecmd/src/spacecmd/cryptokey.py | 71 ++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/spacecmd/src/spacecmd/cryptokey.py b/spacecmd/src/spacecmd/cryptokey.py index a957b8e6f082..e81f9b8eb860 100644 --- a/spacecmd/src/spacecmd/cryptokey.py +++ b/spacecmd/src/spacecmd/cryptokey.py @@ -111,6 +111,77 @@ def do_cryptokey_create(self, args): #################### +def help_cryptokey_update(self): + print(_('cryptokey_update: Update a cryptographic key')) + print(_('''usage: cryptokey_update [options]) + +options: + -t GPG or SSL + -d DESCRIPTION + -f KEY_FILE''')) + + +def do_cryptokey_update(self, args): + arg_parser = get_argument_parser() + arg_parser.add_argument('-t', '--type') + arg_parser.add_argument('-d', '--description') + arg_parser.add_argument('-f', '--file') + + (args, options) = parse_command_arguments(args, arg_parser) + options.contents = None + + if is_interactive(options): + options.type = prompt_user(_('GPG or SSL [G/S]:')) + + options.description = '' + while options.description == '': + options.description = prompt_user(_('Description:')) + + if self.user_confirm(_('Read an existing file [y/N]:'), + nospacer=True, ignore_yes=True): + options.file = prompt_user('File:') + else: + options.contents = editor(delete=True) + else: + if not options.type: + logging.error(_N('The key type is required')) + return 1 + + if not options.description: + logging.error(_N('A description is required')) + return 1 + + if not options.file: + logging.error(_N('A file containing the key is required')) + return 1 + + # read the file the user specified + if options.file: + options.contents = read_file(options.file) + + if not options.contents: + logging.error(_N('No contents of the file')) + return 1 + + # translate the key type to what the server expects + if re.match('G', options.type, re.I): + options.type = 'GPG' + elif re.match('S', options.type, re.I): + options.type = 'SSL' + else: + logging.error(_N('Invalid key type')) + return 1 + + self.client.kickstart.keys.update(self.session, + options.description, + options.type, + options.contents) + + return 0 + +#################### + + def help_cryptokey_delete(self): print(_('cryptokey_delete: Delete a cryptographic key')) print(_('usage: cryptokey_delete NAME')) From 3b1cdce83aa8630c1d8c698535efad9a4ccef2e5 Mon Sep 17 00:00:00 2001 From: Sebastian Engel Date: Sun, 29 Jan 2023 20:44:53 +0100 Subject: [PATCH 14/53] Add test for spacecmd function cryptokey_update --- spacecmd/tests/test_cryptokey.py | 158 +++++++++++++++++++++++++++++++ 1 file changed, 158 insertions(+) diff --git a/spacecmd/tests/test_cryptokey.py b/spacecmd/tests/test_cryptokey.py index 59c51d4d324c..1294787636e3 100644 --- a/spacecmd/tests/test_cryptokey.py +++ b/spacecmd/tests/test_cryptokey.py @@ -171,6 +171,164 @@ def test_cryptokey_create_SSL_key(self, shell): assert args == (shell.session, "description", "SSL", "contents") assert not kw + def test_cryptokey_update_no_keytype(self, shell): + """ + Test do_cryptokey_update without correct key type. + + :param shell: + :return: + """ + shell.help_cryptokey_update = MagicMock() + shell.client.kickstart.keys.update = MagicMock() + shell.user_confirm = MagicMock(return_value=True) + read_file = MagicMock(return_value="contents") + prompt_user = MagicMock(side_effect=["", "interactive descr", "/tmp/file.txt"]) + editor = MagicMock() + logger = MagicMock() + + with patch("spacecmd.cryptokey.prompt_user", prompt_user) as pmu, \ + patch("spacecmd.cryptokey.read_file", read_file) as rfl, \ + patch("spacecmd.cryptokey.editor", editor) as edt, \ + patch("spacecmd.cryptokey.logging", logger) as lgr: + spacecmd.cryptokey.do_cryptokey_update(shell, "") + + assert not shell.help_cryptokey_update.called + assert not shell.client.kickstart.keys.update.called + assert not editor.called + assert read_file.called + assert prompt_user.called + assert logger.error.called + + assert_expect(logger.error.call_args_list, "Invalid key type") + + def test_cryptokey_update_interactive_no_contents(self, shell): + """ + Test do_cryptokey_update without arguments (interactive, no contents given). + + :param shell: + :return: + """ + shell.help_cryptokey_update = MagicMock() + shell.client.kickstart.keys.update = MagicMock() + shell.user_confirm = MagicMock(return_value=True) + read_file = MagicMock() + prompt_user = MagicMock(side_effect=["g", "interactive descr", ""]) + editor = MagicMock() + logger = MagicMock() + + with patch("spacecmd.cryptokey.prompt_user", prompt_user) as pmu, \ + patch("spacecmd.cryptokey.read_file", read_file) as rfl, \ + patch("spacecmd.cryptokey.editor", editor) as edt, \ + patch("spacecmd.cryptokey.logging", logger) as lgr: + spacecmd.cryptokey.do_cryptokey_update(shell, "") + + assert not shell.help_cryptokey_update.called + assert not shell.client.kickstart.keys.update.called + assert not read_file.called + assert not editor.called + assert prompt_user.called + assert logger.error.called + + assert_expect(logger.error.call_args_list, "No contents of the file") + + def test_cryptokey_update_interactive_wrong_key_type(self, shell): + """ + Test do_cryptokey_update without arguments (interactive, wrong key type). + + :param shell: + :return: + """ + shell.help_cryptokey_update = MagicMock() + shell.client.kickstart.keys.update = MagicMock() + shell.user_confirm = MagicMock(return_value=True) + read_file = MagicMock(return_value="contents") + prompt_user = MagicMock(side_effect=["x", "interactive descr", "/tmp/file.txt"]) + editor = MagicMock() + logger = MagicMock() + + with patch("spacecmd.cryptokey.prompt_user", prompt_user) as pmu, \ + patch("spacecmd.cryptokey.read_file", read_file) as rfl, \ + patch("spacecmd.cryptokey.editor", editor) as edt, \ + patch("spacecmd.cryptokey.logging", logger) as lgr: + spacecmd.cryptokey.do_cryptokey_update(shell, "") + + assert not shell.help_cryptokey_update.called + assert not shell.client.kickstart.keys.update.called + assert not editor.called + assert read_file.called + assert prompt_user.called + assert logger.error.called + + assert_expect(logger.error.call_args_list, "Invalid key type") + + def test_cryptokey_update_GPG_key(self, shell): + """ + Test do_cryptokey_update with parameters, calling GPG key type. + + :param shell: + :return: + """ + shell.help_cryptokey_update = MagicMock() + shell.client.kickstart.keys.update = MagicMock() + shell.user_confirm = MagicMock(return_value=True) + read_file = MagicMock(return_value="contents") + prompt_user = MagicMock(side_effect=[]) + editor = MagicMock() + logger = MagicMock() + + with patch("spacecmd.cryptokey.prompt_user", prompt_user) as pmu, \ + patch("spacecmd.cryptokey.read_file", read_file) as rfl, \ + patch("spacecmd.cryptokey.editor", editor) as edt, \ + patch("spacecmd.cryptokey.logging", logger) as lgr: + spacecmd.cryptokey.do_cryptokey_update(shell, "-t g -d description -f /tmp/file.txt") + + assert not editor.called + assert not shell.help_cryptokey_update.called + assert not prompt_user.called + assert not logger.error.called + + assert shell.client.kickstart.keys.update.called + assert read_file.called + + for call in shell.client.kickstart.keys.update.call_args_list: + args, kw = call + assert args == (shell.session, "description", "GPG", "contents") + assert not kw + + def test_cryptokey_update_SSL_key(self, shell): + """ + Test do_cryptokey_update with parameters, calling SSL key type. + + :param shell: + :return: + """ + shell.help_cryptokey_update = MagicMock() + shell.client.kickstart.keys.update = MagicMock() + shell.user_confirm = MagicMock(return_value=True) + read_file = MagicMock(return_value="contents") + prompt_user = MagicMock(side_effect=[]) + editor = MagicMock() + logger = MagicMock() + + with patch("spacecmd.cryptokey.prompt_user", prompt_user) as pmu, \ + patch("spacecmd.cryptokey.read_file", read_file) as rfl, \ + patch("spacecmd.cryptokey.editor", editor) as edt, \ + patch("spacecmd.cryptokey.logging", logger) as lgr: + spacecmd.cryptokey.do_cryptokey_update(shell, "-t s -d description -f /tmp/file.txt") + + assert not editor.called + assert not shell.help_cryptokey_update.called + assert not prompt_user.called + assert not logger.error.called + + assert shell.client.kickstart.keys.update.called + assert read_file.called + + for call in shell.client.kickstart.keys.update.call_args_list: + args, kw = call + assert args == (shell.session, "description", "SSL", "contents") + assert not kw + def test_cryptokey_delete_noargs(self, shell): """ Test do_cryptokey_delete without parameters, so help should be displayed. From 6fe56c333f05fa305d2ca9bf70803ebc4139fa8b Mon Sep 17 00:00:00 2001 From: Sebastian Engel Date: Sun, 29 Jan 2023 20:55:49 +0100 Subject: [PATCH 15/53] Specify changes to spacecmd --- spacecmd/spacecmd.changes.blu-base.cryptokey_update | 1 + 1 file changed, 1 insertion(+) create mode 100644 spacecmd/spacecmd.changes.blu-base.cryptokey_update diff --git a/spacecmd/spacecmd.changes.blu-base.cryptokey_update b/spacecmd/spacecmd.changes.blu-base.cryptokey_update new file mode 100644 index 000000000000..0ecf1cf295f9 --- /dev/null +++ b/spacecmd/spacecmd.changes.blu-base.cryptokey_update @@ -0,0 +1 @@ +- Add spacecmd function: cryptokey_update From 6a685c158413bc16abd695a3669738199aa1aa58 Mon Sep 17 00:00:00 2001 From: Sebastian Engel Date: Sun, 9 Jul 2023 17:58:33 +0200 Subject: [PATCH 16/53] Spacecmd: extract process_opts in cryptokey Adding the private function `_crypto_key_options` in spacecmd's cryptokey module to minimize code duplication in the previously introduced `do_cryptokey_update` function --- spacecmd/src/spacecmd/cryptokey.py | 82 +++++++++--------------------- 1 file changed, 23 insertions(+), 59 deletions(-) diff --git a/spacecmd/src/spacecmd/cryptokey.py b/spacecmd/src/spacecmd/cryptokey.py index e81f9b8eb860..61c28530eadf 100644 --- a/spacecmd/src/spacecmd/cryptokey.py +++ b/spacecmd/src/spacecmd/cryptokey.py @@ -51,54 +51,8 @@ def help_cryptokey_create(self): def do_cryptokey_create(self, args): - arg_parser = get_argument_parser() - arg_parser.add_argument('-t', '--type') - arg_parser.add_argument('-d', '--description') - arg_parser.add_argument('-f', '--file') - - (args, options) = parse_command_arguments(args, arg_parser) - options.contents = None - - if is_interactive(options): - options.type = prompt_user(_('GPG or SSL [G/S]:')) - - options.description = '' - while options.description == '': - options.description = prompt_user(_('Description:')) - - if self.user_confirm(_('Read an existing file [y/N]:'), - nospacer=True, ignore_yes=True): - options.file = prompt_user('File:') - else: - options.contents = editor(delete=True) - else: - if not options.type: - logging.error(_N('The key type is required')) - return 1 - - if not options.description: - logging.error(_N('A description is required')) - return 1 - - if not options.file: - logging.error(_N('A file containing the key is required')) - return 1 - - # read the file the user specified - if options.file: - options.contents = read_file(options.file) - - if not options.contents: - logging.error(_N('No contents of the file')) - return 1 - - # translate the key type to what the server expects - if re.match('G', options.type, re.I): - options.type = 'GPG' - elif re.match('S', options.type, re.I): - options.type = 'SSL' - else: - logging.error(_N('Invalid key type')) + options = _cryptokey_process_options(self, args) + if options is None: return 1 self.client.kickstart.keys.create(self.session, @@ -122,6 +76,21 @@ def help_cryptokey_update(self): def do_cryptokey_update(self, args): + options = _cryptokey_process_options(self, args) + if options is None: + return 1 + + self.client.kickstart.keys.update(self.session, + options.description, + options.type, + options.contents) + + return 0 + +#################### + + +def _cryptokey_process_options(self, args): arg_parser = get_argument_parser() arg_parser.add_argument('-t', '--type') arg_parser.add_argument('-d', '--description') @@ -145,15 +114,15 @@ def do_cryptokey_update(self, args): else: if not options.type: logging.error(_N('The key type is required')) - return 1 + return None if not options.description: logging.error(_N('A description is required')) - return 1 + return None if not options.file: logging.error(_N('A file containing the key is required')) - return 1 + return None # read the file the user specified if options.file: @@ -161,7 +130,7 @@ def do_cryptokey_update(self, args): if not options.contents: logging.error(_N('No contents of the file')) - return 1 + return None # translate the key type to what the server expects if re.match('G', options.type, re.I): @@ -170,14 +139,9 @@ def do_cryptokey_update(self, args): options.type = 'SSL' else: logging.error(_N('Invalid key type')) - return 1 - - self.client.kickstart.keys.update(self.session, - options.description, - options.type, - options.contents) + return None - return 0 + return options #################### From 52ae76a67ce8f40074f5e0c4ea7d2b954fd6eccc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Fri, 14 Jul 2023 14:59:18 +0200 Subject: [PATCH 17/53] Fix sonarcloud reported bugs in new code --- .../rhn/common/db/datasource/Elaborator.java | 3 ++- .../rhn/common/db/datasource/ModeElaborator.java | 15 ++++++++++----- .../action/channel/ssm/BaseSubscribeAction.java | 4 ++-- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/java/code/src/com/redhat/rhn/common/db/datasource/Elaborator.java b/java/code/src/com/redhat/rhn/common/db/datasource/Elaborator.java index f41f175aef46..b8bed3359f3f 100644 --- a/java/code/src/com/redhat/rhn/common/db/datasource/Elaborator.java +++ b/java/code/src/com/redhat/rhn/common/db/datasource/Elaborator.java @@ -16,13 +16,14 @@ import org.hibernate.Session; +import java.io.Serializable; import java.util.List; /** * Elaboratable */ -public interface Elaborator { +public interface Elaborator extends Serializable { /** * Returns an elaborated list for the given List of objects diff --git a/java/code/src/com/redhat/rhn/common/db/datasource/ModeElaborator.java b/java/code/src/com/redhat/rhn/common/db/datasource/ModeElaborator.java index 02992e4803ab..dde06db159fb 100644 --- a/java/code/src/com/redhat/rhn/common/db/datasource/ModeElaborator.java +++ b/java/code/src/com/redhat/rhn/common/db/datasource/ModeElaborator.java @@ -17,7 +17,7 @@ import org.hibernate.Session; -import java.io.Serializable; +import java.util.HashMap; import java.util.List; import java.util.Map; @@ -25,9 +25,9 @@ /** * ModeElaborator */ -public class ModeElaborator implements Elaborator, Serializable { +public class ModeElaborator implements Elaborator { private SelectMode mode; - private Map params; + private final HashMap params; // increase this number on any data change private static final long serialVersionUID = 1L; @@ -36,9 +36,14 @@ public class ModeElaborator implements Elaborator, Serializable { * @param select Select mode * @param elabParams elaborator params */ - public ModeElaborator(SelectMode select, Map elabParams) { + public ModeElaborator(SelectMode select, Map elabParams) { mode = select; - params = elabParams; + if (elabParams != null) { + params = new HashMap<>(elabParams); + } + else { + params = null; + } } /** diff --git a/java/code/src/com/redhat/rhn/frontend/action/channel/ssm/BaseSubscribeAction.java b/java/code/src/com/redhat/rhn/frontend/action/channel/ssm/BaseSubscribeAction.java index fc55d60d31dc..76eb72bcef2e 100644 --- a/java/code/src/com/redhat/rhn/frontend/action/channel/ssm/BaseSubscribeAction.java +++ b/java/code/src/com/redhat/rhn/frontend/action/channel/ssm/BaseSubscribeAction.java @@ -683,7 +683,7 @@ protected ActionMessages buildMessages(User u, Map> successes, if (srvrs.isEmpty()) { continue; } - else if (toId == -1L) { + else if (toId != null && toId == -1L) { am = new ActionMessage("basesub.jsp.success-default", srvrs.size()); msgs.add(ActionMessages.GLOBAL_MESSAGE, am); } @@ -697,7 +697,7 @@ else if (toId == -1L) { if (srvrs.isEmpty()) { continue; } - else if (toId == -1L) { + else if (toId != null && toId == -1L) { am = new ActionMessage("basesub.jsp.skip-default", srvrs.size()); msgs.add(ActionMessages.GLOBAL_MESSAGE, am); } From a28306389e81dcd8ea1182f88ce1ef9863c1b5f8 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Pla Date: Mon, 17 Jul 2023 10:04:26 +0200 Subject: [PATCH 18/53] ci: schedule a reference job once a day fixes https://github.com/SUSE/spacewalk/issues/21993 Signed-off-by: Jordi Massaguer Pla --- .github/workflows/acceptance_tests_secondary.yml | 2 ++ .github/workflows/acceptance_tests_secondary_parallel.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/acceptance_tests_secondary.yml b/.github/workflows/acceptance_tests_secondary.yml index 9bcb0d2c42b9..ad14472f39f2 100644 --- a/.github/workflows/acceptance_tests_secondary.yml +++ b/.github/workflows/acceptance_tests_secondary.yml @@ -8,6 +8,8 @@ on: - '.github/workflows/acceptance_tests_secondary.yml' - '.github/workflows/acceptance_tests_common.yml' - '!java/*.changes*' + schedule: + - cron: '0 6 * * *' jobs: test-uyuni: uses: ./.github/workflows/acceptance_tests_common.yml diff --git a/.github/workflows/acceptance_tests_secondary_parallel.yml b/.github/workflows/acceptance_tests_secondary_parallel.yml index 8bdad85b778c..ab94718a3de9 100644 --- a/.github/workflows/acceptance_tests_secondary_parallel.yml +++ b/.github/workflows/acceptance_tests_secondary_parallel.yml @@ -8,6 +8,8 @@ on: - '.github/workflows/acceptance_tests_secondary_parallel.yml' - '.github/workflows/acceptance_tests_common.yml' - '!java/*.changes*' + schedule: + - cron: '0 6 * * *' jobs: test-uyuni: uses: ./.github/workflows/acceptance_tests_common.yml From 8ce367ac0c7175d134275e89da854138617924a6 Mon Sep 17 00:00:00 2001 From: elariekerboull Date: Mon, 17 Jul 2023 10:29:20 +0200 Subject: [PATCH 19/53] Refactor step so loop can time out (#7271) --- testsuite/features/step_definitions/command_steps.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/testsuite/features/step_definitions/command_steps.rb b/testsuite/features/step_definitions/command_steps.rb index 2704bb975bbd..aa5cf54cd98a 100644 --- a/testsuite/features/step_definitions/command_steps.rb +++ b/testsuite/features/step_definitions/command_steps.rb @@ -1534,8 +1534,10 @@ _hostname, local, remote, node_code = node.test_and_store_results_together('hostname', 'root', 500) command_output, _code = node.run("cloud-init status --wait", check_errors: true, verbose: false) - until command_output.include?("done") + repeat_until_timeout(report_result: true) do command_output, code = node.run("cloud-init status --wait", check_errors: true, verbose: false) + break if command_output.include?("done") + sleep 2 raise StandardError 'Error during cloud-init.' if code == 1 end end From 553579f63edd7b12dce1256942e41f02e5827f41 Mon Sep 17 00:00:00 2001 From: elariekerboull Date: Mon, 17 Jul 2023 10:29:34 +0200 Subject: [PATCH 20/53] Move the 2 hour timeout for reposync to a more appropriate place (#7262) --- testsuite/features/step_definitions/command_steps.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testsuite/features/step_definitions/command_steps.rb b/testsuite/features/step_definitions/command_steps.rb index aa5cf54cd98a..657b82b07a45 100644 --- a/testsuite/features/step_definitions/command_steps.rb +++ b/testsuite/features/step_definitions/command_steps.rb @@ -369,6 +369,8 @@ $channels_synchronized.add(channel) log "Reposync of channel #{channel} left running" if (reposync_left_running_streak % 60).zero? reposync_left_running_streak += 1 + + raise 'We have a reposync process that still running after 2 hours' if reposync_left_running_streak > 7200 sleep 1 next end @@ -377,8 +379,6 @@ pid = process.split(' ')[0] $server.run("kill #{pid}", check_errors: false) log "Reposync of channel #{channel} killed" - - raise 'We have a reposync process that still running after 2 hours' if reposync_left_running_streak > 7200 end end From 9372a099f66270c31169b682b895d0910f39f28b Mon Sep 17 00:00:00 2001 From: mbussolotto Date: Mon, 17 Jul 2023 13:02:14 +0200 Subject: [PATCH 21/53] Workaround for python3-debian bug about collecting control file (#7215) --- python/uyuni/common/rhn_deb.py | 29 ++++++++++++++++++- ...ni-common-libs.changes.mbussolotto.fix_deb | 1 + 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 python/uyuni/uyuni-common-libs.changes.mbussolotto.fix_deb diff --git a/python/uyuni/common/rhn_deb.py b/python/uyuni/common/rhn_deb.py index 1830e0030737..4eae546e2814 100644 --- a/python/uyuni/common/rhn_deb.py +++ b/python/uyuni/common/rhn_deb.py @@ -21,6 +21,7 @@ import tempfile from debian import debfile +from debian.deb822 import Deb822 from uyuni.common.usix import raise_with_tb from uyuni.common import checksum @@ -34,6 +35,25 @@ class deb_Header: + # this is a workaround for issue in python-debian + # https://www.mail-archive.com/pkg-python-debian-maint@alioth-lists.debian.net/msg00598.html + # after the issue is fixed, remove this function + def get_file(self, control, fname): + if fname.startswith('./'): + fname = fname[2:] + elif fname.startswith('/'): + fname = fname[1:] + + try: + fobj = control.tgz().extractfile(fname) + except KeyError: + raise debfile.DebError("control.tar.* not found inside package") + + if fobj is None: + raise debfile.DebError("control.tar.* not found inside package") + + return fobj + "Wrapper class for an deb header - we need to store a flag is_source" def __init__(self, stream): @@ -50,7 +70,14 @@ def __init__(self, stream): try: # Fill info about package - debcontrol = self.deb.debcontrol() + try: + debcontrol = self.deb.debcontrol() + except debfile.DebError: + # this is a workaround for issue in python-debian + # https://www.mail-archive.com/pkg-python-debian-maint@alioth-lists.debian.net/msg00598.html + debcontrol = Deb822(self.get_file(self.deb.control, 'control')) + + self.hdr = { 'name': debcontrol.get_as_string('Package'), 'arch': debcontrol.get_as_string('Architecture') + '-deb', diff --git a/python/uyuni/uyuni-common-libs.changes.mbussolotto.fix_deb b/python/uyuni/uyuni-common-libs.changes.mbussolotto.fix_deb new file mode 100644 index 000000000000..cca6f776f94a --- /dev/null +++ b/python/uyuni/uyuni-common-libs.changes.mbussolotto.fix_deb @@ -0,0 +1 @@ +- Workaround for python3-debian bug about collecting control file (bsc#1211525, bsc#1208692) From b9c06bc50058219f4e316c5d82906f0b0fcbc1b9 Mon Sep 17 00:00:00 2001 From: Marina Latini Date: Mon, 17 Jul 2023 13:58:27 +0200 Subject: [PATCH 22/53] remove conflicting line for making it possible to have a clean backport of security fixes in 7189 --- java/code/src/com/redhat/rhn/common/security/SessionSwap.java | 1 - 1 file changed, 1 deletion(-) diff --git a/java/code/src/com/redhat/rhn/common/security/SessionSwap.java b/java/code/src/com/redhat/rhn/common/security/SessionSwap.java index 316d3ab85286..6ad450fa391a 100644 --- a/java/code/src/com/redhat/rhn/common/security/SessionSwap.java +++ b/java/code/src/com/redhat/rhn/common/security/SessionSwap.java @@ -152,7 +152,6 @@ public static String rhnHmacData(List text) { log.debug("Data : [{}]", joinedText); log.debug("Key : [{}]", swapKey); } - String retval = HMAC.sha256(joinedText, swapKey.toString()); if (log.isDebugEnabled()) { log.debug("retval: {}", retval); } From fec45aa445af91f9af00e1eb17d7800c8bbc4703 Mon Sep 17 00:00:00 2001 From: Alexander Graul Date: Thu, 22 Jun 2023 16:05:55 +0200 Subject: [PATCH 23/53] Don't install products on openSUSE client OSes openSUSE repos often contain multiple "product packages", that conflict. The idea is that installer installs the correct product once and that's it. In Uyuni, we currently install all products we can find. That does not work because of the conflict. --- susemanager-utils/susemanager-sls/salt/channels/init.sls | 2 +- .../susemanager-sls.changes.agraul.no-products-for-opensuse | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 susemanager-utils/susemanager-sls/susemanager-sls.changes.agraul.no-products-for-opensuse diff --git a/susemanager-utils/susemanager-sls/salt/channels/init.sls b/susemanager-utils/susemanager-sls/salt/channels/init.sls index 5a70365c5cb2..1a3f7a18c22b 100644 --- a/susemanager-utils/susemanager-sls/salt/channels/init.sls +++ b/susemanager-utils/susemanager-sls/salt/channels/init.sls @@ -145,7 +145,7 @@ install_gnupg_debian: {%- endif %} {%- if not salt['pillar.get']('susemanager:distupgrade:dryrun', False) %} -{%- if grains['os_family'] == 'Suse' and grains['osmajorrelease']|int > 11 and not grains['oscodename'] == 'openSUSE Leap 15.3' %} +{%- if grains['os_family'] == 'Suse' and grains['osmajorrelease']|int > 11 and "opensuse" not in grains['oscodename']|lower %} mgrchannels_install_products: product.all_installed: - require: diff --git a/susemanager-utils/susemanager-sls/susemanager-sls.changes.agraul.no-products-for-opensuse b/susemanager-utils/susemanager-sls/susemanager-sls.changes.agraul.no-products-for-opensuse new file mode 100644 index 000000000000..9d9fd9a0d68f --- /dev/null +++ b/susemanager-utils/susemanager-sls/susemanager-sls.changes.agraul.no-products-for-opensuse @@ -0,0 +1 @@ +- Don't install product packages on openSUSE clients From fe894dfc391f95e30ebe9fd5b489891c143176c5 Mon Sep 17 00:00:00 2001 From: Marina Latini Date: Mon, 17 Jul 2023 15:32:06 +0200 Subject: [PATCH 24/53] remove conflicting line for making it possible to have a clean backport of security fixes in 7189 --- java/code/src/com/redhat/rhn/common/security/SessionSwap.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/java/code/src/com/redhat/rhn/common/security/SessionSwap.java b/java/code/src/com/redhat/rhn/common/security/SessionSwap.java index 6ad450fa391a..6b0656f80330 100644 --- a/java/code/src/com/redhat/rhn/common/security/SessionSwap.java +++ b/java/code/src/com/redhat/rhn/common/security/SessionSwap.java @@ -148,10 +148,6 @@ public static String rhnHmacData(List text) { String joinedText = StringUtils.join(text.iterator(), "\0"); - if (log.isDebugEnabled()) { - log.debug("Data : [{}]", joinedText); - log.debug("Key : [{}]", swapKey); - } if (log.isDebugEnabled()) { log.debug("retval: {}", retval); } From c35c3dec8bcea5a8e9e0eca8934deb3c54b2aa41 Mon Sep 17 00:00:00 2001 From: Marina Latini Date: Mon, 17 Jul 2023 15:50:27 +0200 Subject: [PATCH 25/53] tem add sha1 retval for making it possible to have a clean backport of security fixes in 7189 --- java/code/src/com/redhat/rhn/common/security/SessionSwap.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/code/src/com/redhat/rhn/common/security/SessionSwap.java b/java/code/src/com/redhat/rhn/common/security/SessionSwap.java index 6b0656f80330..0af29ea0f52d 100644 --- a/java/code/src/com/redhat/rhn/common/security/SessionSwap.java +++ b/java/code/src/com/redhat/rhn/common/security/SessionSwap.java @@ -147,7 +147,7 @@ public static String rhnHmacData(List text) { String joinedText = StringUtils.join(text.iterator(), "\0"); - + String retval = HMAC.sha1(joinedText, swapKey.toString()); if (log.isDebugEnabled()) { log.debug("retval: {}", retval); } From e8aa8e62493ae00914e9afd7a7d2c69c11c329b5 Mon Sep 17 00:00:00 2001 From: Marina Latini Date: Mon, 17 Jul 2023 16:57:09 +0200 Subject: [PATCH 26/53] revert 7275 and 7277 after the merge of the backport from 7189 --- java/code/src/com/redhat/rhn/common/security/SessionSwap.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/code/src/com/redhat/rhn/common/security/SessionSwap.java b/java/code/src/com/redhat/rhn/common/security/SessionSwap.java index 0af29ea0f52d..e3d8d973daf0 100644 --- a/java/code/src/com/redhat/rhn/common/security/SessionSwap.java +++ b/java/code/src/com/redhat/rhn/common/security/SessionSwap.java @@ -147,7 +147,7 @@ public static String rhnHmacData(List text) { String joinedText = StringUtils.join(text.iterator(), "\0"); - String retval = HMAC.sha1(joinedText, swapKey.toString()); + String retval = HMAC.sha256(joinedText, swapKey.toString()); if (log.isDebugEnabled()) { log.debug("retval: {}", retval); } From f7008b216919d279495ce76e7540b192ec389381 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Sat, 15 Jul 2023 15:30:11 +0200 Subject: [PATCH 27/53] generate EC keys with test script --- spacewalk/certs-tools/gen-test-cert-chain.sh | 47 +++++++++++++++----- 1 file changed, 37 insertions(+), 10 deletions(-) diff --git a/spacewalk/certs-tools/gen-test-cert-chain.sh b/spacewalk/certs-tools/gen-test-cert-chain.sh index 3e90e2532aa0..663def3aa723 100755 --- a/spacewalk/certs-tools/gen-test-cert-chain.sh +++ b/spacewalk/certs-tools/gen-test-cert-chain.sh @@ -6,6 +6,10 @@ DIR=demoCA PASSWORD="secret" +# rsa, or any of "openssl ecparam -list_curves" +#PKEYALGO="secp384r1" +PKEYALGO="rsa" + ROOTCA="RootCA" ORGCA="OrgCa" TEAMCA="TeamCA" @@ -38,7 +42,7 @@ dir = ./$DIR database = \$dir/index.txt serial = \$dir/serial new_certs_dir = \$dir/newcerts -default_md = sha256 +default_md = sha384 default_days = 365 # how closely we follow policy @@ -96,22 +100,37 @@ OPENSSLCNF export commonname=$ROOTCA export subaltname="" -openssl req -config $DIR/openssl.cnf -extensions req_ca_x509_extensions -new -x509 -keyout $DIR/$ROOTCA.key -out $DIR/$ROOTCA.crt -days 1024 -passout pass:$PASSWORD +if [ $PKEYALGO = "rsa" ]; then + openssl genrsa -out $DIR/$ROOTCA.key -passout pass:$PASSWORD -aes256 2048 +else + openssl ecparam -genkey -name $PKEYALGO | openssl ec -aes256 -passout pass:$PASSWORD -out $DIR/$ROOTCA.key +fi + +openssl req -config $DIR/openssl.cnf -extensions req_ca_x509_extensions -new -x509 -key $DIR/$ROOTCA.key -out $DIR/$ROOTCA.crt -days 1024 -passin pass:$PASSWORD #----------------------------------------------------------------- export commonname=$ORGCA -openssl genrsa -out $DIR/private/$commonname.key -passout pass:$PASSWORD 2048 +if [ $PKEYALGO = "rsa" ]; then + openssl genrsa -out $DIR/private/$commonname.key -passout pass:$PASSWORD -aes256 2048 +else + openssl ecparam -genkey -name $PKEYALGO | openssl ec -aes256 -passout pass:$PASSWORD -out $DIR/private/$commonname.key +fi + -openssl req -config $DIR/openssl.cnf -extensions req_ca_x509_extensions -new -key $DIR/private/$commonname.key -out $DIR/requests/$commonname.csr +openssl req -config $DIR/openssl.cnf -extensions req_ca_x509_extensions -new -key $DIR/private/$commonname.key -out $DIR/requests/$commonname.csr -passin pass:$PASSWORD openssl ca -config $DIR/openssl.cnf -create_serial -extensions req_ca_x509_extensions -in $DIR/requests/$commonname.csr -keyfile $DIR/$ROOTCA.key \ -cert $DIR/$ROOTCA.crt -passin pass:$PASSWORD -out $DIR/certs/$commonname.crt -days 500 -batch #----------------------------------------------------------------- export commonname=$TEAMCA -openssl genrsa -out $DIR/private/$commonname.key -passout pass:$PASSWORD 2048 +if [ $PKEYALGO = "rsa" ]; then + openssl genrsa -out $DIR/private/$commonname.key -passout pass:$PASSWORD -aes256 2048 +else + openssl ecparam -genkey -name $PKEYALGO | openssl ec -aes256 -passout pass:$PASSWORD -out $DIR/private/$commonname.key +fi -openssl req -config $DIR/openssl.cnf -extensions req_ca_x509_extensions -new -key $DIR/private/$commonname.key -out $DIR/requests/$commonname.csr +openssl req -config $DIR/openssl.cnf -extensions req_ca_x509_extensions -new -key $DIR/private/$commonname.key -out $DIR/requests/$commonname.csr -passin pass:$PASSWORD openssl ca -config $DIR/openssl.cnf -create_serial -extensions req_ca_x509_extensions -in $DIR/requests/$commonname.csr -keyfile $DIR/private/$ORGCA.key \ -cert $DIR/certs/$ORGCA.crt -passin pass:$PASSWORD -out $DIR/certs/$commonname.crt -days 400 -batch @@ -119,17 +138,25 @@ openssl ca -config $DIR/openssl.cnf -create_serial -extensions req_ca_x509_exten #----------------------------------------------------------------- export commonname=$SRVCRT export subaltname=$SRVALTNAME -openssl genrsa -out $DIR/private/$commonname.key -passout pass:$PASSWORD 2048 +if [ $PKEYALGO = "rsa" ]; then + openssl genrsa -out $DIR/private/$commonname.key -passout pass:$PASSWORD -aes256 2048 +else + openssl ecparam -genkey -name $PKEYALGO | openssl ec -aes256 -passout pass:$PASSWORD -out $DIR/private/$commonname.key +fi -openssl req -config $DIR/openssl.cnf -extensions req_server_x509_extensions -new -key $DIR/private/$commonname.key -out $DIR/requests/$commonname.csr +openssl req -config $DIR/openssl.cnf -extensions req_server_x509_extensions -new -key $DIR/private/$commonname.key -out $DIR/requests/$commonname.csr -passin pass:$PASSWORD openssl ca -config $DIR/openssl.cnf -create_serial -extensions req_server_x509_extensions -in $DIR/requests/$commonname.csr -keyfile $DIR/private/$TEAMCA.key \ -cert $DIR/certs/$TEAMCA.crt -passin pass:$PASSWORD -out $DIR/certs/$commonname.crt -days 365 -batch mkdir -p $DIR/package -cp $DIR/$ROOTCA.crt $DIR/package/root-ca.crt +openssl x509 -text -in $DIR/$ROOTCA.crt > $DIR/package/root-ca.crt cat $DIR/certs/$ORGCA.crt $DIR/certs/$TEAMCA.crt > $DIR/package/intermediate-ca.crt cp $DIR/certs/$SRVCRT.crt $DIR/package/server.crt -cp $DIR/private/$SRVCRT.key $DIR/package/server.key +if [ $PKEYALGO = "rsa" ]; then + openssl rsa -passin pass:$PASSWORD -in $DIR/private/$SRVCRT.key -out $DIR/package/server.key +else + openssl ec -passin pass:$PASSWORD -in $DIR/private/$SRVCRT.key -out $DIR/package/server.key +fi echo "Test Certificates in $DIR/package/" From c040010e55d9485381b66e546708390cbcb4e84a Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Sat, 15 Jul 2023 15:33:03 +0200 Subject: [PATCH 28/53] support EC private keys beside RSA to be deployed --- spacewalk/certs-tools/mgr_ssl_cert_setup.py | 33 ++++++++++++++------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/spacewalk/certs-tools/mgr_ssl_cert_setup.py b/spacewalk/certs-tools/mgr_ssl_cert_setup.py index f3dae130dc1f..24e1ad720a72 100755 --- a/spacewalk/certs-tools/mgr_ssl_cert_setup.py +++ b/spacewalk/certs-tools/mgr_ssl_cert_setup.py @@ -56,6 +56,7 @@ class CertCheckError(Exception): pass +privatekeytype = "unknown" FilesContent = namedtuple("FilesContent", ["root_ca", "server_cert", "server_key", "intermediate_cas"]) def log_error(msg): @@ -298,33 +299,42 @@ def getCertWithText(cert): return out.stdout.decode("utf-8") -def getRsaKey(key): +def getPrivateKey(key): + if "-----BEGIN RSA PRIVATE KEY-----" in key: + privatekeytype = "rsa" + elif "-----BEGIN EC PRIVATE KEY-----" in key: + privatekeytype = "ec" + else: + log_error("Unknown Private Key type") + return None + # set an invalid password to prevent asking in case of an encrypted one out = subprocess.run( - ["openssl", "rsa", "-passin", "pass:invalid"], + ["openssl", privatekeytype, "-passin", "pass:invalid"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, input=key.encode("utf-8") ) + if out.returncode: - log_error("Invalid RSA Key: {}".format(out.stderr.decode("utf-8"))) + log_error("Invalid {} Key: {}".format(privatekeytype.upper(), out.stderr.decode("utf-8"))) return None return out.stdout.decode("utf-8") def checkKeyBelongToCert(key, cert): out = subprocess.run( - ["openssl", "rsa", "-noout", "-modulus"], + ["openssl", "pkey", "-pubout"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, input=key.encode("utf-8"), ) if out.returncode: - log_error("Invalid RSA Key: {}".format(out.stderr.decode("utf-8"))) + log_error("Invalid {} Key: {}".format(privatekeytype.upper(), out.stderr.decode("utf-8"))) raise CertCheckError("Invalid Key") - keyModulus = out.stdout.decode("utf-8") + keyPubKey = out.stdout.decode("utf-8") out = subprocess.run( - ["openssl", "x509", "-noout", "-modulus"], + ["openssl", "x509", "-noout", "-pubkey"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, input=cert.encode("utf-8"), @@ -333,9 +343,10 @@ def checkKeyBelongToCert(key, cert): log_error("Invalid Cert file: {}".format(out.stderr.decode("utf-8"))) raise CertCheckError("Invalid Certificate") - certModulus = out.stdout.decode("utf-8") - if keyModulus != certModulus: + certPubKey = out.stdout.decode("utf-8") + if keyPubKey != certPubKey: log_error("The provided key does not belong to the server certificate") + log("{} vs. {}".format(keyPubKey, certPubKey), 1) raise CertCheckError("Key does not belong to Certificate") @@ -501,8 +512,8 @@ def checks(server_key_content,server_cert_content, certData): """ Perform different checks on the input data """ - if not getRsaKey(server_key_content): - raise CertCheckError("Unable to read the server key. Encrypted?") + if not getPrivateKey(server_key_content): + raise CertCheckError("Unable to read the server key. Is it maybe encrypted?") checkKeyBelongToCert(server_key_content, server_cert_content) From c0291a0398e006191ff88a7e43173b8aca00ab58 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Sat, 15 Jul 2023 15:39:11 +0200 Subject: [PATCH 29/53] update changelog --- ...k-certs-tools.changes.mcalmer.support-ec-crypto-keys-in-certs | 1 + 1 file changed, 1 insertion(+) create mode 100644 spacewalk/certs-tools/spacewalk-certs-tools.changes.mcalmer.support-ec-crypto-keys-in-certs diff --git a/spacewalk/certs-tools/spacewalk-certs-tools.changes.mcalmer.support-ec-crypto-keys-in-certs b/spacewalk/certs-tools/spacewalk-certs-tools.changes.mcalmer.support-ec-crypto-keys-in-certs new file mode 100644 index 000000000000..bc2f4dfd05fc --- /dev/null +++ b/spacewalk/certs-tools/spacewalk-certs-tools.changes.mcalmer.support-ec-crypto-keys-in-certs @@ -0,0 +1 @@ +- support EC Cryptography with mgr-ssl-cert-setup From df29070c58a9a1b739de9448e2a915d9e211bc24 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Mon, 17 Jul 2023 17:20:15 +0100 Subject: [PATCH 30/53] Mask uyuni roster module password on logs --- susemanager-utils/susemanager-sls/modules/roster/uyuni.py | 3 ++- ...s.changes.rmestre.mask-uyuni-roster-module-password-on-logs | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 susemanager-utils/susemanager-sls/susemanager-sls.changes.rmestre.mask-uyuni-roster-module-password-on-logs diff --git a/susemanager-utils/susemanager-sls/modules/roster/uyuni.py b/susemanager-utils/susemanager-sls/modules/roster/uyuni.py index f320ffe8c6dd..5d10f561da3b 100644 --- a/susemanager-utils/susemanager-sls/modules/roster/uyuni.py +++ b/susemanager-utils/susemanager-sls/modules/roster/uyuni.py @@ -5,6 +5,7 @@ import hashlib import io import logging +import re # Import Salt libs import salt.cache @@ -89,7 +90,7 @@ def __init__(self, db_config, uyuni_roster_config): ) ) - log.trace("db_connect string: %s", self.db_connect_str) + log.trace("db_connect string: %s", re.sub(r"password='[^']*'", "password='******'", self.db_connect_str)) log.debug("ssh_pre_flight_script: %s", self.ssh_pre_flight_script) log.debug("ssh_push_port_https: %d", self.ssh_push_port_https) log.debug("ssh_push_sudo_user: %s", self.ssh_push_sudo_user) diff --git a/susemanager-utils/susemanager-sls/susemanager-sls.changes.rmestre.mask-uyuni-roster-module-password-on-logs b/susemanager-utils/susemanager-sls/susemanager-sls.changes.rmestre.mask-uyuni-roster-module-password-on-logs new file mode 100644 index 000000000000..646167c7bfdb --- /dev/null +++ b/susemanager-utils/susemanager-sls/susemanager-sls.changes.rmestre.mask-uyuni-roster-module-password-on-logs @@ -0,0 +1 @@ +- Mask uyuni roster module password on logs From 16099f9c73439651d968c6b015192e66747812ee Mon Sep 17 00:00:00 2001 From: maximenoel8 <55169628+maximenoel8@users.noreply.github.com> Date: Tue, 18 Jul 2023 13:54:28 +1200 Subject: [PATCH 31/53] Check mgr-create-bootstrap-repo process not running before forcing this command (#7256) Check mgr-create-bootstrap-repo process not running before forcing this command --- testsuite/features/step_definitions/command_steps.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/testsuite/features/step_definitions/command_steps.rb b/testsuite/features/step_definitions/command_steps.rb index 657b82b07a45..d245bcab6278 100644 --- a/testsuite/features/step_definitions/command_steps.rb +++ b/testsuite/features/step_definitions/command_steps.rb @@ -966,6 +966,7 @@ base_channel = BASE_CHANNEL_BY_CLIENT[host] channel = CHANNEL_TO_SYNC_BY_BASE_CHANNEL[base_channel] parent_channel = PARENT_CHANNEL_TO_SYNC_BY_BASE_CHANNEL[base_channel] + $server.wait_while_process_running('mgr-create-bootstrap-repo') cmd = if parent_channel.nil? "mgr-create-bootstrap-repo --create #{channel} --with-custom-channels --flush" else From 6c93f65333de2795ed6fa3539a1b6de328e2b6c2 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Fri, 14 Jul 2023 15:51:45 +0200 Subject: [PATCH 32/53] fix sql join syntax for source package search --- .../src/com/redhat/rhn/manager/rhnpackage/PackageManager.java | 2 +- ...acewalk-java.changes.mc.Manager-4.3-fix-source-rpm-sql-query | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 java/spacewalk-java.changes.mc.Manager-4.3-fix-source-rpm-sql-query diff --git a/java/code/src/com/redhat/rhn/manager/rhnpackage/PackageManager.java b/java/code/src/com/redhat/rhn/manager/rhnpackage/PackageManager.java index bd6e991ffcf6..84c0d5a3d6fb 100644 --- a/java/code/src/com/redhat/rhn/manager/rhnpackage/PackageManager.java +++ b/java/code/src/com/redhat/rhn/manager/rhnpackage/PackageManager.java @@ -1307,7 +1307,7 @@ public static DataResult listOrphanPackages(Long orgId, boolean .from("rhnPackageSource PS " + "inner join rhnSourceRPM SRPM on PS.source_rpm_id = SRPM.id " + "left join rhnPackage P on SRPM.id = P.source_rpm_id " + - "left join rhnChannelPackage CP on CP.package_id") + "left join rhnChannelPackage CP on CP.package_id = P.id ") .where("PS.org_id = :org_id AND CP.package_id is null") .run(Map.of("org_id", orgId), pc, PagedSqlQueryBuilder::parseFilterAsText, PackageOverview.class); } diff --git a/java/spacewalk-java.changes.mc.Manager-4.3-fix-source-rpm-sql-query b/java/spacewalk-java.changes.mc.Manager-4.3-fix-source-rpm-sql-query new file mode 100644 index 000000000000..062b795d2755 --- /dev/null +++ b/java/spacewalk-java.changes.mc.Manager-4.3-fix-source-rpm-sql-query @@ -0,0 +1 @@ +- fix syntax error in sql query for source package search From 5a467eb18fd67ced259112658348bfc8f2a8af9c Mon Sep 17 00:00:00 2001 From: mbussolotto Date: Tue, 18 Jul 2023 11:12:21 +0200 Subject: [PATCH 33/53] do not install local-formula if container (#7249) --- .../features/secondary/allcli_system_group.feature | 10 +++++++--- testsuite/features/secondary/min_salt_formulas.feature | 6 +++++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/testsuite/features/secondary/allcli_system_group.feature b/testsuite/features/secondary/allcli_system_group.feature index 78e748ded1ec..fca19b05ed0e 100644 --- a/testsuite/features/secondary/allcli_system_group.feature +++ b/testsuite/features/secondary/allcli_system_group.feature @@ -60,9 +60,13 @@ Feature: Manage a group of systems And I should see "rhlike_minion" as link And I should see "sle_minion" as link - Scenario: Install some formula on the server - When I manually install the "locale" formula on the server - And I synchronize all Salt dynamic modules on "sle_minion" + #container already has locale formula installed + @skip_if_container_server + Scenario: Install the locale formula package on the server + When I manually install the "locale" formula on the server + + Scenario: I synchronize all Salt dynamic modules on "sle_minion" + When I synchronize all Salt dynamic modules on "sle_minion" Scenario: New formula page is rendered for the system group When I follow the left menu "Systems > System Groups" diff --git a/testsuite/features/secondary/min_salt_formulas.feature b/testsuite/features/secondary/min_salt_formulas.feature index 646adcee0577..2528e3f7917a 100644 --- a/testsuite/features/secondary/min_salt_formulas.feature +++ b/testsuite/features/secondary/min_salt_formulas.feature @@ -11,9 +11,13 @@ Feature: Use salt formulas Scenario: Log in as admin user Given I am authorized for the "Admin" section + #container already has locale formula installed + @skip_if_container_server Scenario: Install the locale formula package on the server When I manually install the "locale" formula on the server - And I synchronize all Salt dynamic modules on "sle_minion" + + Scenario: I synchronize all Salt dynamic modules on "sle_minion" + When I synchronize all Salt dynamic modules on "sle_minion" Scenario: The new formula appears on the server When I follow the left menu "Salt > Formula Catalog" From 9af9aa96e81f7a64830c2e5ebf4d84869722fcab Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Sat, 15 Jul 2023 16:16:58 +0200 Subject: [PATCH 34/53] rhn-ssl-dbstore accept ca from STDIN --- .../spacewalk/satellite_tools/rhn_ssl_dbstore.py | 6 ++++-- python/spacewalk/satellite_tools/satCerts.py | 15 +++++++++------ 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/python/spacewalk/satellite_tools/rhn_ssl_dbstore.py b/python/spacewalk/satellite_tools/rhn_ssl_dbstore.py index 668dc37dfeab..30fe53e880a0 100644 --- a/python/spacewalk/satellite_tools/rhn_ssl_dbstore.py +++ b/python/spacewalk/satellite_tools/rhn_ssl_dbstore.py @@ -29,7 +29,7 @@ def processCommandline(): options = [ Option('--ca-cert', action='store', default=DEFAULT_TRUSTED_CERT, type="string", - help='public CA certificate, default is %s' % DEFAULT_TRUSTED_CERT), + help='public CA certificate, default is %s. If the value is \'-\' the CA is read from STDIN' % DEFAULT_TRUSTED_CERT), Option('--label', action='store', default='RHN-ORG-TRUSTED-SSL-CERT', type="string", help='FOR TESTING ONLY - alternative database label for this CA certificate, ' + 'default is "RHN-ORG-TRUSTED-SSL-CERT"'), @@ -45,7 +45,9 @@ def processCommandline(): "--help): %s\n" % repr(args)) raise ValueError(msg) - if not os.path.exists(values.ca_cert): + if values.ca_cert == '-': + values.ca_cert = sys.stdin.read().strip() + elif not os.path.exists(values.ca_cert): sys.stderr.write("ERROR: can't find CA certificate at this location: " "%s\n" % values.ca_cert) sys.exit(10) diff --git a/python/spacewalk/satellite_tools/satCerts.py b/python/spacewalk/satellite_tools/satCerts.py index 79621ed2e0ee..0b0f502112fb 100644 --- a/python/spacewalk/satellite_tools/satCerts.py +++ b/python/spacewalk/satellite_tools/satCerts.py @@ -160,12 +160,15 @@ def _lobUpdate_rhnCryptoKey(rhn_cryptokey_id, cert): def store_CaCert(description, caCert, verbosity=0): org_ids = get_all_orgs() org_ids.append({'id': None}) - f = open(caCert, 'rb') - try: - cert = f.read().strip() - finally: - if f is not None: - f.close() + if " CERTIFICATE-----" in caCert: + cert = caCert + else: + f = open(caCert, 'rb') + try: + cert = f.read().strip() + finally: + if f is not None: + f.close() for org_id in org_ids: org_id = org_id['id'] store_rhnCryptoKey(description, cert, org_id, verbosity) From abbb75a9dd6bb75d91350132616dfbac90e5eadc Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Sat, 15 Jul 2023 16:17:23 +0200 Subject: [PATCH 35/53] store CA in DB during setup --- spacewalk/certs-tools/mgr_ssl_cert_setup.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/spacewalk/certs-tools/mgr_ssl_cert_setup.py b/spacewalk/certs-tools/mgr_ssl_cert_setup.py index 24e1ad720a72..2350cbeffa69 100755 --- a/spacewalk/certs-tools/mgr_ssl_cert_setup.py +++ b/spacewalk/certs-tools/mgr_ssl_cert_setup.py @@ -483,6 +483,25 @@ def deployPg(server_key_content): log("""$> systemctl restart postgresql.service """) +def deployCAInDB(certData): + if not os.path.exists("/usr/bin/rhn-ssl-dbstore"): + # not a Uyuni Server - skip deploying into DB + return + + for h, ca in certData.items(): + if ca["root"]: + out = subprocess.run( + ["/usr/bin/rhn-ssl-dbstore", "--ca-cert", "-"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + input=ca["content"], + ) + if out.returncode: + log_error("Failed to upload CA Certificate to DB: {}".format(out.stderr.decode("utf-8"))) + raise OSError("Failed to upload CA Certificate to DB") + break + + def deployCAUyuni(certData): for h, ca in certData.items(): if ca["root"]: @@ -536,6 +555,7 @@ def getContainersSetup(root_ca_content, intermediate_ca_content, server_cert_con apache_cert_content = generateApacheCert(server_cert_content, certData) if not apache_cert_content: raise CertCheckError("Failed to generate certificates") + deployCAInDB(certData) return apache_cert_content @@ -568,6 +588,7 @@ def _main(): deployApache(apache_cert_content, files_content.server_key) deployPg(files_content.server_key) deployCAUyuni(certData) + deployCAInDB(certData) def main(): From d079eb90ca6d4538abcdff39bb81f7e2256ab7ff Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Sat, 15 Jul 2023 16:41:20 +0200 Subject: [PATCH 36/53] drop rhn-ssl-dbstore during setup. Its now called from inside mgr-ssl-cert-setup --- spacewalk/setup/bin/spacewalk-setup | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/spacewalk/setup/bin/spacewalk-setup b/spacewalk/setup/bin/spacewalk-setup index e7cd3d2513db..4a5926e19c5e 100755 --- a/spacewalk/setup/bin/spacewalk-setup +++ b/spacewalk/setup/bin/spacewalk-setup @@ -696,8 +696,6 @@ sub setup_ssl_certs { Spacewalk::Setup::system_or_exit(['/usr/bin/mgr-ssl-cert-setup', @opts], 37, "Could not deploy the certificates."); - - store_ssl_cert(-ssl_dir => $answers->{'ssl-dir'}); } sub print_country_list { @@ -781,21 +779,6 @@ sub generate_server_cert { return; } -sub store_ssl_cert { - my %params = validate(@_, { ssl_dir => 1, - ca_cert => { default => DEFAULT_CA_CERT_NAME }, - }); - - - my $cert_path = File::Spec->catfile($params{ssl_dir}, $params{ca_cert}); - my @opts = ("--ca-cert=${cert_path}"); - - Spacewalk::Setup::system_or_exit(['/usr/bin/rhn-ssl-dbstore', @opts], 39, - "There was a problem storing the SSL certificate."); - - return; -} - sub populate_initial_configs { my $opts = shift; my $answers = shift; From 4b6022c3810d8c67bdd8854b0e73a1973d8f5b94 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Sat, 15 Jul 2023 16:45:48 +0200 Subject: [PATCH 37/53] update changelogs --- .../spacewalk/spacewalk-backend.changes.mcalmer.store-ca-in-db | 1 + .../spacewalk-certs-tools.changes.mcalmer.store-ca-in-db | 1 + spacewalk/setup/spacewalk-setup.changes.mcalmer.store-ca-in-db | 1 + 3 files changed, 3 insertions(+) create mode 100644 python/spacewalk/spacewalk-backend.changes.mcalmer.store-ca-in-db create mode 100644 spacewalk/certs-tools/spacewalk-certs-tools.changes.mcalmer.store-ca-in-db create mode 100644 spacewalk/setup/spacewalk-setup.changes.mcalmer.store-ca-in-db diff --git a/python/spacewalk/spacewalk-backend.changes.mcalmer.store-ca-in-db b/python/spacewalk/spacewalk-backend.changes.mcalmer.store-ca-in-db new file mode 100644 index 000000000000..808a89f94e24 --- /dev/null +++ b/python/spacewalk/spacewalk-backend.changes.mcalmer.store-ca-in-db @@ -0,0 +1 @@ +- rhn-ssl-dbstore read ca from STDIN (bsc#1212856) diff --git a/spacewalk/certs-tools/spacewalk-certs-tools.changes.mcalmer.store-ca-in-db b/spacewalk/certs-tools/spacewalk-certs-tools.changes.mcalmer.store-ca-in-db new file mode 100644 index 000000000000..4e778b6e8d77 --- /dev/null +++ b/spacewalk/certs-tools/spacewalk-certs-tools.changes.mcalmer.store-ca-in-db @@ -0,0 +1 @@ +- mgr-ssl-cert-setup: store CA certificate in database (bsc#1212856) diff --git a/spacewalk/setup/spacewalk-setup.changes.mcalmer.store-ca-in-db b/spacewalk/setup/spacewalk-setup.changes.mcalmer.store-ca-in-db new file mode 100644 index 000000000000..4df7a8d1248e --- /dev/null +++ b/spacewalk/setup/spacewalk-setup.changes.mcalmer.store-ca-in-db @@ -0,0 +1 @@ +- remove storing CA in DB directly as it is now part of mgr-ssl-cert-setup (bsc#1212856) From 42a6c03073a5d4627fa23faa90a677a8a6935181 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Mon, 17 Jul 2023 17:38:43 +0200 Subject: [PATCH 38/53] write configured crypto-policy in supportconfig --- ...nges.mc.Manager-4.3-crypto-policy-in-supportconfig | 1 + .../susemanagerclient | 11 ++++++++++- ...nges.mc.Manager-4.3-crypto-policy-in-supportconfig | 1 + .../susemanagerproxy | 9 +++++++++ ...nges.mc.Manager-4.3-crypto-policy-in-supportconfig | 1 + .../supportutils-plugin-susemanager/susemanager | 10 ++++++++++ 6 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 susemanager-utils/supportutils-plugin-susemanager-client/supportutils-plugin-susemanager-client.changes.mc.Manager-4.3-crypto-policy-in-supportconfig create mode 100644 susemanager-utils/supportutils-plugin-susemanager-proxy/supportutils-plugin-susemanager-proxy.changes.mc.Manager-4.3-crypto-policy-in-supportconfig create mode 100644 susemanager-utils/supportutils-plugin-susemanager/supportutils-plugin-susemanager.changes.mc.Manager-4.3-crypto-policy-in-supportconfig diff --git a/susemanager-utils/supportutils-plugin-susemanager-client/supportutils-plugin-susemanager-client.changes.mc.Manager-4.3-crypto-policy-in-supportconfig b/susemanager-utils/supportutils-plugin-susemanager-client/supportutils-plugin-susemanager-client.changes.mc.Manager-4.3-crypto-policy-in-supportconfig new file mode 100644 index 000000000000..2c166805cd28 --- /dev/null +++ b/susemanager-utils/supportutils-plugin-susemanager-client/supportutils-plugin-susemanager-client.changes.mc.Manager-4.3-crypto-policy-in-supportconfig @@ -0,0 +1 @@ +- write configured crypto-policy in supportconfig diff --git a/susemanager-utils/supportutils-plugin-susemanager-client/susemanagerclient b/susemanager-utils/supportutils-plugin-susemanager-client/susemanagerclient index 16cd07e7340b..b01d364993d3 100755 --- a/susemanager-utils/supportutils-plugin-susemanager-client/susemanagerclient +++ b/susemanager-utils/supportutils-plugin-susemanager-client/susemanagerclient @@ -92,11 +92,20 @@ plugin_command "salt-minion --versions-report" plugin_command "cp /var/log/zypper.log $LOG" +section_header "Crypto Policy" + +if [ -f /etc/crypto-policies/config ]; then + plugin_command "cat /etc/crypto-policies/config" +elif [ $(cat /proc/sys/crypto/fips_enabled) -ne 0 ]; then + plugin_message "FIPS" +else + plugin_command "grep -v '#' /usr/share/crypto-policies/default-config" +fi + section_header "Proxy Containers Configuration Files" plugin_command "ls -l /etc/uyuni/proxy/" - section_header "Proxy Containers Systems Status" systemd_status() { diff --git a/susemanager-utils/supportutils-plugin-susemanager-proxy/supportutils-plugin-susemanager-proxy.changes.mc.Manager-4.3-crypto-policy-in-supportconfig b/susemanager-utils/supportutils-plugin-susemanager-proxy/supportutils-plugin-susemanager-proxy.changes.mc.Manager-4.3-crypto-policy-in-supportconfig new file mode 100644 index 000000000000..2c166805cd28 --- /dev/null +++ b/susemanager-utils/supportutils-plugin-susemanager-proxy/supportutils-plugin-susemanager-proxy.changes.mc.Manager-4.3-crypto-policy-in-supportconfig @@ -0,0 +1 @@ +- write configured crypto-policy in supportconfig diff --git a/susemanager-utils/supportutils-plugin-susemanager-proxy/susemanagerproxy b/susemanager-utils/supportutils-plugin-susemanager-proxy/susemanagerproxy index 0f5f27f8e4e3..a420484a6e7b 100755 --- a/susemanager-utils/supportutils-plugin-susemanager-proxy/susemanagerproxy +++ b/susemanager-utils/supportutils-plugin-susemanager-proxy/susemanagerproxy @@ -86,6 +86,15 @@ section_header "SSL Configuration" pconf_files $(spacewalk-cfg-get documentroot)/pub/RHN-ORG-TRUSTED-SSL-CERT \ /etc/apache2/ssl.crt/server.crt +section_header "Crypto Policy" + +if [ -f /etc/crypto-policies/config ]; then + plugin_command "cat /etc/crypto-policies/config" +elif [ $(cat /proc/sys/crypto/fips_enabled) -ne 0 ]; then + plugin_message "FIPS" +else + plugin_command "grep -v '#' /usr/share/crypto-policies/default-config" +fi plugin_command "zypper --no-refresh ls" plugin_command "zypper --no-refresh lr -u" diff --git a/susemanager-utils/supportutils-plugin-susemanager/supportutils-plugin-susemanager.changes.mc.Manager-4.3-crypto-policy-in-supportconfig b/susemanager-utils/supportutils-plugin-susemanager/supportutils-plugin-susemanager.changes.mc.Manager-4.3-crypto-policy-in-supportconfig new file mode 100644 index 000000000000..2c166805cd28 --- /dev/null +++ b/susemanager-utils/supportutils-plugin-susemanager/supportutils-plugin-susemanager.changes.mc.Manager-4.3-crypto-policy-in-supportconfig @@ -0,0 +1 @@ +- write configured crypto-policy in supportconfig diff --git a/susemanager-utils/supportutils-plugin-susemanager/susemanager b/susemanager-utils/supportutils-plugin-susemanager/susemanager index 128cfc8ddb18..66abed964fc8 100755 --- a/susemanager-utils/supportutils-plugin-susemanager/susemanager +++ b/susemanager-utils/supportutils-plugin-susemanager/susemanager @@ -62,6 +62,16 @@ plugin_command "/bin/ls -l --time-style=long-iso /etc/ssl/certs/" plugin_command "/bin/ls -l --time-style=long-iso $(spacewalk-cfg-get documentroot)/pub/ | grep -i trusted" +section_header "Crypto Policy" + +if [ -f /etc/crypto-policies/config ]; then + plugin_command "cat /etc/crypto-policies/config" +elif [ $(cat /proc/sys/crypto/fips_enabled) -ne 0 ]; then + plugin_message "FIPS" +else + plugin_command "grep -v '#' /usr/share/crypto-policies/default-config" +fi + plugin_command "psql --version" plugin_command "cat /var/lib/pgsql/data/PG_VERSION" From 0a4c1262d81907159405a2e1e419a5508f3ea23a Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Tue, 18 Jul 2023 13:45:25 +0200 Subject: [PATCH 39/53] fix CA encoding before storing it into DB --- spacewalk/certs-tools/mgr_ssl_cert_setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spacewalk/certs-tools/mgr_ssl_cert_setup.py b/spacewalk/certs-tools/mgr_ssl_cert_setup.py index 2350cbeffa69..6ad70d14d3e9 100755 --- a/spacewalk/certs-tools/mgr_ssl_cert_setup.py +++ b/spacewalk/certs-tools/mgr_ssl_cert_setup.py @@ -494,7 +494,7 @@ def deployCAInDB(certData): ["/usr/bin/rhn-ssl-dbstore", "--ca-cert", "-"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, - input=ca["content"], + input=ca["content"].encode("utf-8"), ) if out.returncode: log_error("Failed to upload CA Certificate to DB: {}".format(out.stderr.decode("utf-8"))) From 1fd669e1deadfdd5e956e6ddbf48f3d6c26c25b5 Mon Sep 17 00:00:00 2001 From: Arnaud Patard Date: Tue, 4 Apr 2023 15:12:30 +0200 Subject: [PATCH 40/53] python/spacewalk/satellite_tools/spacewalk-data-fsck: Fix srpm check The function is_orphaned_srpm() is used to check if a src.rpm has a corresponding binary package in the database. It is looking for a binary package having the same name as the src.rpm. For instance a package foo*.src.rpm should produce something like foo*.noarch.rpm. Unfortunately, it's a false idea. For instance, python packages are coming from python-foo*.src.rpm and the resulting package is python3-foo*.noarch.rpm. To solve the issue: 1 - Try to find the src.rpm in rhnPackageSource table. If not found, the file can be deleted 2 - If found, look for packages having the source_rpm_id matching the source package. Signed-off-by: Arnaud Patard --- .../satellite_tools/spacewalk-data-fsck | 21 ++++++++++++++++--- ...d.changes.apatard.spacewalk-data-fsck-srpm | 1 + 2 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 python/spacewalk/spacewalk-backend.changes.apatard.spacewalk-data-fsck-srpm diff --git a/python/spacewalk/satellite_tools/spacewalk-data-fsck b/python/spacewalk/satellite_tools/spacewalk-data-fsck index da8bfcdf2361..54fe2e978e87 100755 --- a/python/spacewalk/satellite_tools/spacewalk-data-fsck +++ b/python/spacewalk/satellite_tools/spacewalk-data-fsck @@ -59,11 +59,19 @@ def db_init(): def src_package_query(): - query = """select p.id - from rhnPackage p + query = """select p.source_rpm_id + from rhnPackageSource p where p.path like :filename""" return query + +def package_find_by_src_id(): + query = """select id + from rhnPackage p + where source_rpm_id = :id""" + return query + + def package_query(options, bind_path=False): query = """select %s from %s @@ -353,9 +361,16 @@ def is_orphaned_srpm(path, file): if is_srpm(file): query = src_package_query() h = rhnSQL.prepare(query) - wildcard_filename = "%/" + file.replace('src','%') + wildcard_filename = "%/" + os.path.basename(file) h.execute(filename=wildcard_filename) row = h.fetchone_dict() + if not row: + log(0, f"SRPM not in DB: {path}") + return True + query = package_find_by_src_id() + h = rhnSQL.prepare(query) + h.execute(id=row['source_rpm_id']) + row = h.fetchone_dict() if not row: log(0, "SRPM without matching RPM in db: %s" % (path)) return True diff --git a/python/spacewalk/spacewalk-backend.changes.apatard.spacewalk-data-fsck-srpm b/python/spacewalk/spacewalk-backend.changes.apatard.spacewalk-data-fsck-srpm new file mode 100644 index 000000000000..2a54032bb177 --- /dev/null +++ b/python/spacewalk/spacewalk-backend.changes.apatard.spacewalk-data-fsck-srpm @@ -0,0 +1 @@ +- Fix spacewalk-data-fsck src.rpm handling From 1d716d388596d3012ad0ab2d222f0b5be8c4f474 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Tue, 18 Jul 2023 17:18:00 +0200 Subject: [PATCH 41/53] require LTSS channels for SLE 15 SP1, SLE 15 SP2 and SLE 15 SP3 --- susemanager/src/mgr_bootstrap_data.py | 24 +++++++++---------- .../susemanager.changes.mc.fix-bootstrap-data | 1 + 2 files changed, 13 insertions(+), 12 deletions(-) create mode 100644 susemanager/susemanager.changes.mc.fix-bootstrap-data diff --git a/susemanager/src/mgr_bootstrap_data.py b/susemanager/src/mgr_bootstrap_data.py index 1babbf2ff324..af25ef703954 100644 --- a/susemanager/src/mgr_bootstrap_data.py +++ b/susemanager/src/mgr_bootstrap_data.py @@ -923,19 +923,19 @@ 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/0/bootstrap/' }, 'SLE-15-SP1-aarch64' : { - 'PDID' : [1769, 1709], 'BETAPDID' : [1925], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_X86_ARM, + 'PDID' : [1769, 1709, 2216], 'BETAPDID' : [1925], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_X86_ARM, 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/1/bootstrap/' }, 'SLE-15-SP1-ppc64le' : { - 'PDID' : [1770, 1710], 'BETAPDID' : [1926], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_PPC, + 'PDID' : [1770, 1710, 2217], 'BETAPDID' : [1926], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_PPC, 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/1/bootstrap/' }, 'SLE-15-SP1-s390x' : { - 'PDID' : [1771, 1711], 'BETAPDID' : [1927], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_Z, + 'PDID' : [1771, 1711, 2218], 'BETAPDID' : [1927], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_Z, 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/1/bootstrap/' }, 'SLE-15-SP1-x86_64' : { - 'PDID' : [1772, 1712], 'BETAPDID' : [1928], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_X86_ARM, + 'PDID' : [1772, 1712, 2219], 'BETAPDID' : [1928], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_X86_ARM, 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/1/bootstrap/' }, 'SUMA-40-PROXY-x86_64' : { @@ -943,19 +943,19 @@ 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/1/bootstrap/' }, 'SLE-15-SP2-aarch64' : { - 'PDID' : [1943, 1709], 'BETAPDID' : [1925], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_X86_ARM, + 'PDID' : [1943, 1709, 2372], 'BETAPDID' : [1925], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_X86_ARM, 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/2/bootstrap/' }, 'SLE-15-SP2-ppc64le' : { - 'PDID' : [1944, 1710], 'BETAPDID' : [1926], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_PPC, + 'PDID' : [1944, 1710, 2373], 'BETAPDID' : [1926], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_PPC, 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/2/bootstrap/' }, 'SLE-15-SP2-s390x' : { - 'PDID' : [1945, 1711], 'BETAPDID' : [1927], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_Z, + 'PDID' : [1945, 1711, 2374], 'BETAPDID' : [1927], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_Z, 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/2/bootstrap/' }, 'SLE-15-SP2-x86_64' : { - 'PDID' : [1946, 1712], 'BETAPDID' : [1928], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_X86_ARM, + 'PDID' : [1946, 1712, 2375], 'BETAPDID' : [1928], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_X86_ARM, 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/2/bootstrap/' }, 'SUMA-41-PROXY-x86_64' : { @@ -963,19 +963,19 @@ 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/2/bootstrap/' }, 'SLE-15-SP3-aarch64' : { - 'PDID' : [2142, 1709], 'BETAPDID' : [1925], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_X86_ARM, + 'PDID' : [2142, 1709, 2567], 'BETAPDID' : [1925], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_X86_ARM, 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/3/bootstrap/' }, 'SLE-15-SP3-ppc64le' : { - 'PDID' : [2143, 1710], 'BETAPDID' : [1926], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_PPC, + 'PDID' : [2143, 1710, 2568], 'BETAPDID' : [1926], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_PPC, 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/3/bootstrap/' }, 'SLE-15-SP3-s390x' : { - 'PDID' : [2144, 1711], 'BETAPDID' : [1927], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_Z, + 'PDID' : [2144, 1711, 2569], 'BETAPDID' : [1927], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_Z, 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/3/bootstrap/' }, 'SLE-15-SP3-x86_64' : { - 'PDID' : [2145, 1712], 'BETAPDID' : [1928], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_X86_ARM, + 'PDID' : [2145, 1712, 2570], 'BETAPDID' : [1928], 'PKGLIST' : ONLYSLE15 + PKGLIST15_SALT + PKGLIST15_X86_ARM, 'DEST' : DOCUMENT_ROOT + '/pub/repositories/sle/15/3/bootstrap/' }, 'SUMA-42-PROXY-x86_64' : { diff --git a/susemanager/susemanager.changes.mc.fix-bootstrap-data b/susemanager/susemanager.changes.mc.fix-bootstrap-data new file mode 100644 index 000000000000..c25c61d18f73 --- /dev/null +++ b/susemanager/susemanager.changes.mc.fix-bootstrap-data @@ -0,0 +1 @@ +- require LTSS channels for SLE 15 SP1, SLE 15 SP2 and SLE 15 SP3 (bsc#1213432) From e1635fc7fa4e34ee345eb0de1c5acd8ff88b71ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Wed, 19 Jul 2023 09:37:09 +0200 Subject: [PATCH 42/53] Fix the URL showing the inactive systems list (gh#7067) Filter inactive systems on `status_type` rather than `system_type`. --- java/code/src/com/suse/manager/webui/menu/MenuTree.java | 2 +- java/spacewalk-java.changes.cbosdo.inactive-systems-fix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 java/spacewalk-java.changes.cbosdo.inactive-systems-fix diff --git a/java/code/src/com/suse/manager/webui/menu/MenuTree.java b/java/code/src/com/suse/manager/webui/menu/MenuTree.java index 3512202ab1a6..a3cae81066af 100644 --- a/java/code/src/com/suse/manager/webui/menu/MenuTree.java +++ b/java/code/src/com/suse/manager/webui/menu/MenuTree.java @@ -148,7 +148,7 @@ private MenuItem getSystemsNode(User user, Map adminRoles) { .withPrimaryUrl("/rhn/manager/systems/list/all?qc=group_count&q=0") .withVisibility(adminRoles.get("org"))) .addChild(new MenuItem("Inactive") - .withPrimaryUrl("/rhn/manager/systems/list/all?qc=system_kind&q=awol")) + .withPrimaryUrl("/rhn/manager/systems/list/all?qc=status_type&q=awol")) .addChild(new MenuItem("Recently Registered") .withPrimaryUrl("/rhn/manager/systems/list/all?qc=created_days&q=>6")) .addChild(new MenuItem("Proxy") diff --git a/java/spacewalk-java.changes.cbosdo.inactive-systems-fix b/java/spacewalk-java.changes.cbosdo.inactive-systems-fix new file mode 100644 index 000000000000..5083c8409b51 --- /dev/null +++ b/java/spacewalk-java.changes.cbosdo.inactive-systems-fix @@ -0,0 +1 @@ +- Fix the URL for inactive systems page From 80ee9f502b0040643820b6e7ebed3163fc706c6d Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 19 Jul 2023 11:27:05 +0100 Subject: [PATCH 43/53] Enhance logging database connection details --- susemanager-utils/susemanager-sls/modules/roster/uyuni.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/susemanager-utils/susemanager-sls/modules/roster/uyuni.py b/susemanager-utils/susemanager-sls/modules/roster/uyuni.py index 5d10f561da3b..92b30cbfb0bf 100644 --- a/susemanager-utils/susemanager-sls/modules/roster/uyuni.py +++ b/susemanager-utils/susemanager-sls/modules/roster/uyuni.py @@ -5,7 +5,6 @@ import hashlib import io import logging -import re # Import Salt libs import salt.cache @@ -90,7 +89,9 @@ def __init__(self, db_config, uyuni_roster_config): ) ) - log.trace("db_connect string: %s", re.sub(r"password='[^']*'", "password='******'", self.db_connect_str)) + log.trace("db_connect dbname: %s", db_config['db']) + log.trace("db_connect user: %s", db_config['user']) + log.trace("db_connect host: %s", db_config['host']) log.debug("ssh_pre_flight_script: %s", self.ssh_pre_flight_script) log.debug("ssh_push_port_https: %d", self.ssh_push_port_https) log.debug("ssh_push_sudo_user: %s", self.ssh_push_sudo_user) From a877fc108ac1f02e4b089eeda9e8e6b67ec52479 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Wed, 19 Jul 2023 14:47:23 +0200 Subject: [PATCH 44/53] proxy container config is created on server where CA should not be added to DB --- spacewalk/certs-tools/mgr_ssl_cert_setup.py | 1 - 1 file changed, 1 deletion(-) diff --git a/spacewalk/certs-tools/mgr_ssl_cert_setup.py b/spacewalk/certs-tools/mgr_ssl_cert_setup.py index 6ad70d14d3e9..26ac41be2fdf 100755 --- a/spacewalk/certs-tools/mgr_ssl_cert_setup.py +++ b/spacewalk/certs-tools/mgr_ssl_cert_setup.py @@ -555,7 +555,6 @@ def getContainersSetup(root_ca_content, intermediate_ca_content, server_cert_con apache_cert_content = generateApacheCert(server_cert_content, certData) if not apache_cert_content: raise CertCheckError("Failed to generate certificates") - deployCAInDB(certData) return apache_cert_content From d91f1b79b91ce5582a02123a7a82986ca2691a32 Mon Sep 17 00:00:00 2001 From: Thomas Florio Date: Mon, 17 Jul 2023 13:17:00 +0200 Subject: [PATCH 45/53] Use try-with-resources to properly close streams --- .../xmlrpc/packages/PackagesHandler.java | 9 +- .../frontend/xmlrpc/system/SystemHandler.java | 4 +- .../rhn/manager/audit/AuditManager.java | 116 ++++++++---------- .../rhn/manager/satellite/UpgradeCommand.java | 7 +- .../task/repomd/RpmRepositoryWriter.java | 45 ++++--- .../suse/manager/reactor/PGEventStream.java | 6 +- .../webui/utils/MinionActionUtils.java | 22 ++-- 7 files changed, 100 insertions(+), 109 deletions(-) diff --git a/java/code/src/com/redhat/rhn/frontend/xmlrpc/packages/PackagesHandler.java b/java/code/src/com/redhat/rhn/frontend/xmlrpc/packages/PackagesHandler.java index e4fa7a472c55..1da9282fd6ca 100644 --- a/java/code/src/com/redhat/rhn/frontend/xmlrpc/packages/PackagesHandler.java +++ b/java/code/src/com/redhat/rhn/frontend/xmlrpc/packages/PackagesHandler.java @@ -595,11 +595,12 @@ public byte[] getPackage(User loggedInUser, Integer pid) throws IOException { } byte[] toReturn = new byte[(int) file.length()]; - BufferedInputStream br = new BufferedInputStream(new FileInputStream(file)); - if (br.read(toReturn) != file.length()) { - throw new PackageDownloadException("api.package.download.ioerror"); + try (BufferedInputStream br = new BufferedInputStream(new FileInputStream(file))) { + if (br.read(toReturn) != file.length()) { + throw new PackageDownloadException("api.package.download.ioerror"); + } + return toReturn; } - return toReturn; } } diff --git a/java/code/src/com/redhat/rhn/frontend/xmlrpc/system/SystemHandler.java b/java/code/src/com/redhat/rhn/frontend/xmlrpc/system/SystemHandler.java index 8847277be4cf..6dd593829913 100644 --- a/java/code/src/com/redhat/rhn/frontend/xmlrpc/system/SystemHandler.java +++ b/java/code/src/com/redhat/rhn/frontend/xmlrpc/system/SystemHandler.java @@ -5672,8 +5672,7 @@ public Map transitionDataForSystem(String clientCert) throws FileNotFoundExcepti break; } - try { - BufferedReader br = new BufferedReader(new FileReader(file)); + try (BufferedReader br = new BufferedReader(new FileReader(file))) { String line; String[] header = null; Integer systemIdPos = null, uuidPos = null; @@ -5719,7 +5718,6 @@ public Map transitionDataForSystem(String clientCert) throws FileNotFoundExcepti } } } - br.close(); } catch (IOException e) { log.warn("Cannot read {}", file.getName()); diff --git a/java/code/src/com/redhat/rhn/manager/audit/AuditManager.java b/java/code/src/com/redhat/rhn/manager/audit/AuditManager.java index bf507803394d..0cb001828296 100644 --- a/java/code/src/com/redhat/rhn/manager/audit/AuditManager.java +++ b/java/code/src/com/redhat/rhn/manager/audit/AuditManager.java @@ -62,13 +62,11 @@ private AuditManager() { * @param username User marking the review * @throws IOException Thrown when the audit review log isn't writeable */ - public static void markReviewed(String machine, Long start, Long end, - String username) throws IOException { - FileWriter fwr = new FileWriter(reviewFile, true); // append! - - fwr.write(machine + "," + (start / 1000) + "," + (end / 1000) + "," + - username + "," + (new Date().getTime() / 1000) + "\n"); - fwr.close(); + public static void markReviewed(String machine, Long start, Long end, String username) throws IOException { + try (FileWriter fwr = new FileWriter(reviewFile, true)) { // append! + fwr.write(machine + "," + (start / 1000) + "," + (end / 1000) + "," + + username + "," + (new Date().getTime() / 1000) + "\n"); + } } /** @@ -371,87 +369,79 @@ public static DataResult getMachineReviewSections( * @throws IOException Throws when the audit review file is unreadable * @return An AuditReviewDto, possibly with review info set */ - public static AuditReviewDto getReviewInfo(String machine, long start, - long end) throws IOException { - BufferedReader brdr; + public static AuditReviewDto getReviewInfo(String machine, long start, long end) throws IOException { Date reviewedOn = null; String str, part1, reviewedBy = null; String[] revInfo; part1 = machine + "," + (start / 1000) + "," + (end / 1000) + ","; - brdr = new BufferedReader(new FileReader(reviewFile)); + try (BufferedReader brdr = new BufferedReader(new FileReader(reviewFile))) { - while ((str = brdr.readLine()) != null) { - if (str.startsWith(part1)) { - revInfo = str.split(","); - reviewedBy = revInfo[3]; - reviewedOn = new Date(Long.parseLong(revInfo[4]) * 1000); - break; + while ((str = brdr.readLine()) != null) { + if (str.startsWith(part1)) { + revInfo = str.split(","); + reviewedBy = revInfo[3]; + reviewedOn = new Date(Long.parseLong(revInfo[4]) * 1000); + break; + } } - } - - brdr.close(); - return new AuditReviewDto(machine, new Date(start), new Date(end), - reviewedBy, reviewedOn); + return new AuditReviewDto(machine, new Date(start), new Date(end), reviewedBy, reviewedOn); + } } - private static List readAuditFile(File aufile, String[] types, Long start, - Long end) throws IOException { + private static List readAuditFile(File aufile, String[] types, Long start, Long end) throws IOException { int milli = 0, serial = -1; - BufferedReader brdr; LinkedHashMap hmap; LinkedList events; Long time = -1L; String node = null, str, strtime = null; - brdr = new BufferedReader(new FileReader(aufile)); - events = new LinkedList<>(); - hmap = new LinkedHashMap<>(); + try (BufferedReader brdr = new BufferedReader(new FileReader(aufile))) { + events = new LinkedList<>(); + hmap = new LinkedHashMap<>(); - for (str = brdr.readLine(); str != null; str = brdr.readLine()) { - if (str.equals("")) { - strtime = hmap.remove("seconds"); + for (str = brdr.readLine(); str != null; str = brdr.readLine()) { + if (str.equals("")) { + strtime = hmap.remove("seconds"); - try { - serial = Integer.parseInt(hmap.remove("serial")); - } - catch (NumberFormatException nfex) { - serial = -1; - } + try { + serial = Integer.parseInt(hmap.remove("serial")); + } + catch (NumberFormatException nfex) { + serial = -1; + } - try { - time = Long.parseLong(strtime) * 1000; - } - catch (NumberFormatException nfex) { - time = 0L; - } + try { + time = Long.parseLong(strtime) * 1000; + } + catch (NumberFormatException nfex) { + time = 0L; + } - if (time >= start && time <= end) { - for (String type : types) { - if (type.equals(hmap.get("type"))) { - events.add(new AuditDto( - serial, new Date(time), milli, node, hmap)); - break; + if (time >= start && time <= end) { + for (String type : types) { + if (type.equals(hmap.get("type"))) { + events.add(new AuditDto(serial, new Date(time), milli, node, hmap)); + break; + } } } - } - hmap.clear(); - } - else if (str.indexOf('=') >= 0) { - hmap.put( - str.substring(0, str.indexOf('=')).trim(), - str.substring(str.indexOf('=') + 1).trim()); - } - else { - log.debug("unknown string: {}", str); + hmap.clear(); + } + else if (str.indexOf('=') >= 0) { + hmap.put( + str.substring(0, str.indexOf('=')).trim(), + str.substring(str.indexOf('=') + 1).trim()); + } + else { + log.debug("unknown string: {}", str); + } } - } - - brdr.close(); - return events; + return events; + } } } diff --git a/java/code/src/com/redhat/rhn/manager/satellite/UpgradeCommand.java b/java/code/src/com/redhat/rhn/manager/satellite/UpgradeCommand.java index 0f130eab497a..d3d655b49420 100644 --- a/java/code/src/com/redhat/rhn/manager/satellite/UpgradeCommand.java +++ b/java/code/src/com/redhat/rhn/manager/satellite/UpgradeCommand.java @@ -60,6 +60,7 @@ import java.util.List; import java.util.Set; import java.util.stream.Collectors; +import java.util.stream.Stream; /** * Class responsible for executing one-time upgrade logic @@ -316,10 +317,12 @@ private void regenerateConfigChannelFiles() { // list of directories with given prefix and natural number suffix in the salt root private Set listDirsWithPrefix(String prefix) throws IOException { - return Files.list(saltRootPath) + try (Stream pathStream = Files.list(saltRootPath)) { + return pathStream .filter(path -> path.getFileName().toString().matches("^" + prefix + "\\d*$") && - path.toFile().isDirectory()) + path.toFile().isDirectory()) .collect(Collectors.toSet()); + } } /** diff --git a/java/code/src/com/redhat/rhn/taskomatic/task/repomd/RpmRepositoryWriter.java b/java/code/src/com/redhat/rhn/taskomatic/task/repomd/RpmRepositoryWriter.java index fcdd781f3d44..f1e576025d15 100644 --- a/java/code/src/com/redhat/rhn/taskomatic/task/repomd/RpmRepositoryWriter.java +++ b/java/code/src/com/redhat/rhn/taskomatic/task/repomd/RpmRepositoryWriter.java @@ -476,11 +476,8 @@ private void generateSolv(Channel channel) { private void generateBadRepo(Channel channel, String prefix) { log.warn("No repo will be generated for channel {}", channel.getLabel()); deleteRepomdFiles(channel.getLabel(), false); - try { - FileWriter norepo = new FileWriter(prefix + NOREPO_FILE); - norepo.write("No repo will be generated for channel " + - channel.getLabel() + ".\n"); - norepo.close(); + try (FileWriter norepo = new FileWriter(prefix + NOREPO_FILE)) { + norepo.write("No repo will be generated for channel " + channel.getLabel() + ".\n"); } catch (IOException e) { log.warn("Cannot create " + NOREPO_FILE + " file."); @@ -549,29 +546,29 @@ private RepomdIndexData loadRepoMetadataFile(Channel channel, String checksumAlg return null; } - DigestInputStream digestStream; - try { - digestStream = new DigestInputStream(stream, MessageDigest - .getInstance(checksumAlgo)); - } - catch (NoSuchAlgorithmException nsae) { - throw new RepomdRuntimeException(nsae); - } - byte[] bytes = new byte[10]; + try (DigestInputStream digestStream = new DigestInputStream(stream, MessageDigest.getInstance(checksumAlgo))) { - try { - while (digestStream.read(bytes) != -1) { - // no-op + try { + byte[] bytes = new byte[10]; + while (digestStream.read(bytes) != -1) { + // no-op, just consume the stream + } + } + catch (IOException e) { + return null; } - } - catch (IOException e) { - return null; - } - Date timeStamp = new Date(metadataFile.lastModified()); + Date timeStamp = new Date(metadataFile.lastModified()); - return new RepomdIndexData(StringUtil.getHexString(digestStream - .getMessageDigest().digest()), null, timeStamp); + return new RepomdIndexData( + StringUtil.getHexString(digestStream.getMessageDigest().digest()), + null, + timeStamp + ); + } + catch (IOException | NoSuchAlgorithmException nsae) { + throw new RepomdRuntimeException(nsae); + } } /** diff --git a/java/code/src/com/suse/manager/reactor/PGEventStream.java b/java/code/src/com/suse/manager/reactor/PGEventStream.java index 5f2d2b3745ca..6269cb0516a1 100644 --- a/java/code/src/com/suse/manager/reactor/PGEventStream.java +++ b/java/code/src/com/suse/manager/reactor/PGEventStream.java @@ -101,9 +101,9 @@ public PGEventStream() throws SaltException { connection = (PGConnection) dataSource.getConnection(); connection.addNotificationListener(this); - Statement stmt = connection.createStatement(); - stmt.execute("LISTEN suseSaltEvent"); - stmt.close(); + try (Statement stmt = connection.createStatement()) { + stmt.execute("LISTEN suseSaltEvent"); + } startConnectionWatchdog(); diff --git a/java/code/src/com/suse/manager/webui/utils/MinionActionUtils.java b/java/code/src/com/suse/manager/webui/utils/MinionActionUtils.java index 9127b68b6029..9df2d5212e11 100644 --- a/java/code/src/com/suse/manager/webui/utils/MinionActionUtils.java +++ b/java/code/src/com/suse/manager/webui/utils/MinionActionUtils.java @@ -181,17 +181,19 @@ public void cleanupScriptActions() throws IOException { Path scriptsDir = saltUtils.getScriptsDir(); if (Files.isDirectory(scriptsDir)) { Pattern p = Pattern.compile("script_(\\d*).sh"); - Files.list(scriptsDir).forEach(file -> { - Matcher m = p.matcher(file.getFileName().toString()); - if (m.find()) { - long actionId = Long.parseLong(m.group(1)); - Action action = ActionFactory.lookupById(actionId); - if (action == null || action.allServersFinished()) { - LOG.info("Deleting script file: {}", file); - FileUtils.deleteFile(file); + try (Stream pathStream = Files.list(scriptsDir)) { + pathStream.forEach(file -> { + Matcher m = p.matcher(file.getFileName().toString()); + if (m.find()) { + long actionId = Long.parseLong(m.group(1)); + Action action = ActionFactory.lookupById(actionId); + if (action == null || action.allServersFinished()) { + LOG.info("Deleting script file: {}", file); + FileUtils.deleteFile(file); + } } - } - }); + }); + } } } From 5752a9942544fa19ee7edeac8a07509f9d863c29 Mon Sep 17 00:00:00 2001 From: Thomas Florio Date: Mon, 17 Jul 2023 16:11:15 +0200 Subject: [PATCH 46/53] Reduce readAuditFile() complexity --- .../com/redhat/rhn/frontend/dto/AuditDto.java | 8 +-- .../rhn/manager/audit/AuditManager.java | 60 +++++++++---------- 2 files changed, 32 insertions(+), 36 deletions(-) diff --git a/java/code/src/com/redhat/rhn/frontend/dto/AuditDto.java b/java/code/src/com/redhat/rhn/frontend/dto/AuditDto.java index e5fc6480de16..b45528126630 100644 --- a/java/code/src/com/redhat/rhn/frontend/dto/AuditDto.java +++ b/java/code/src/com/redhat/rhn/frontend/dto/AuditDto.java @@ -16,6 +16,7 @@ import java.util.Date; import java.util.LinkedHashMap; +import java.util.Map; /** * AuditDto @@ -27,7 +28,7 @@ public class AuditDto extends BaseDto { private int milli; private String node; - private LinkedHashMap kvmap; + private Map kvmap; private String type; @@ -39,8 +40,7 @@ public class AuditDto extends BaseDto { * @param nodeIn Audit generating node * @param kvmapIn HashMap of audit data */ - public AuditDto(int serialIn, Date timeIn, int milliIn, String nodeIn, - LinkedHashMap kvmapIn) { + public AuditDto(int serialIn, Date timeIn, int milliIn, String nodeIn, Map kvmapIn) { this.id = (long) serialIn; this.serial = serialIn; this.time = timeIn; @@ -91,7 +91,7 @@ public String getNode() { /** * @return Returns the key-value audit data. */ - public LinkedHashMap getKvmap() { + public Map getKvmap() { return kvmap; } diff --git a/java/code/src/com/redhat/rhn/manager/audit/AuditManager.java b/java/code/src/com/redhat/rhn/manager/audit/AuditManager.java index 0cb001828296..8bec5c264314 100644 --- a/java/code/src/com/redhat/rhn/manager/audit/AuditManager.java +++ b/java/code/src/com/redhat/rhn/manager/audit/AuditManager.java @@ -29,6 +29,7 @@ import java.io.FileWriter; import java.io.IOException; import java.nio.file.Path; +import java.util.Arrays; import java.util.Collections; import java.util.Date; import java.util.HashMap; @@ -391,42 +392,19 @@ public static AuditReviewDto getReviewInfo(String machine, long start, long end) } } - private static List readAuditFile(File aufile, String[] types, Long start, Long end) throws IOException { - int milli = 0, serial = -1; - LinkedHashMap hmap; - LinkedList events; - Long time = -1L; - String node = null, str, strtime = null; + private static List readAuditFile(File aufile, String[] types, Long start, Long end) throws IOException { + List events = new LinkedList<>(); - try (BufferedReader brdr = new BufferedReader(new FileReader(aufile))) { - events = new LinkedList<>(); - hmap = new LinkedHashMap<>(); + try (BufferedReader reader = new BufferedReader(new FileReader(aufile))) { + Map hmap = new LinkedHashMap<>(); - for (str = brdr.readLine(); str != null; str = brdr.readLine()) { + for (String str = reader.readLine(); str != null; str = reader.readLine()) { if (str.equals("")) { - strtime = hmap.remove("seconds"); + int serial = getSerial(hmap); + long time = getTime(hmap); - try { - serial = Integer.parseInt(hmap.remove("serial")); - } - catch (NumberFormatException nfex) { - serial = -1; - } - - try { - time = Long.parseLong(strtime) * 1000; - } - catch (NumberFormatException nfex) { - time = 0L; - } - - if (time >= start && time <= end) { - for (String type : types) { - if (type.equals(hmap.get("type"))) { - events.add(new AuditDto(serial, new Date(time), milli, node, hmap)); - break; - } - } + if (time >= start && time <= end && Arrays.asList(types).contains(hmap.get("type"))) { + events.add(new AuditDto(serial, new Date(time), 0, null, hmap)); } hmap.clear(); @@ -444,4 +422,22 @@ else if (str.indexOf('=') >= 0) { return events; } } + + private static Long getTime(Map hmap) { + try { + return Long.parseLong(hmap.remove("seconds")) * 1000; + } + catch (NumberFormatException ex) { + return 0L; + } + } + + private static int getSerial(Map hmap) { + try { + return Integer.parseInt(hmap.remove("serial")); + } + catch (NumberFormatException nfex) { + return -1; + } + } } From f01e06f8423ec8f5dfff49a3ff03cdcb13bf025a Mon Sep 17 00:00:00 2001 From: Thomas Florio Date: Mon, 17 Jul 2023 16:14:34 +0200 Subject: [PATCH 47/53] Extract method to improve readability --- .../task/repomd/RpmRepositoryWriter.java | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/java/code/src/com/redhat/rhn/taskomatic/task/repomd/RpmRepositoryWriter.java b/java/code/src/com/redhat/rhn/taskomatic/task/repomd/RpmRepositoryWriter.java index f1e576025d15..b7d06171790c 100644 --- a/java/code/src/com/redhat/rhn/taskomatic/task/repomd/RpmRepositoryWriter.java +++ b/java/code/src/com/redhat/rhn/taskomatic/task/repomd/RpmRepositoryWriter.java @@ -548,13 +548,7 @@ private RepomdIndexData loadRepoMetadataFile(Channel channel, String checksumAlg try (DigestInputStream digestStream = new DigestInputStream(stream, MessageDigest.getInstance(checksumAlgo))) { - try { - byte[] bytes = new byte[10]; - while (digestStream.read(bytes) != -1) { - // no-op, just consume the stream - } - } - catch (IOException e) { + if (!computeDigest(digestStream)) { return null; } @@ -571,6 +565,19 @@ private RepomdIndexData loadRepoMetadataFile(Channel channel, String checksumAlg } } + private static boolean computeDigest(DigestInputStream digestStream) { + try { + byte[] bytes = new byte[10]; + while (digestStream.read(bytes) != -1) { + // no-op, just fully consume the stream so that the digest is computed + } + } + catch (IOException e) { + return false; + } + return true; + } + /** * Generates update info for given channel * @param channel channel info From 15cdf30dc08de956e7a8e38ce4b809d62e99e4d7 Mon Sep 17 00:00:00 2001 From: elariekerboull Date: Thu, 20 Jul 2023 10:37:03 +0200 Subject: [PATCH 48/53] Testsuite: SSH tunnel package removal (#7288) * Remove package before running feature * Wait for package to appear --- testsuite/features/secondary/min_ssh_tunnel.feature | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/testsuite/features/secondary/min_ssh_tunnel.feature b/testsuite/features/secondary/min_ssh_tunnel.feature index 7628e0e17577..d2f692e64c08 100644 --- a/testsuite/features/secondary/min_ssh_tunnel.feature +++ b/testsuite/features/secondary/min_ssh_tunnel.feature @@ -13,6 +13,9 @@ Feature: Register a Salt system to be managed via SSH tunnel Scenario: Log in as admin user Given I am authorized for the "Admin" section + Scenario: Pre-requisite: remove package before ssh tunnel test + When I remove package "milkyway-dummy" from this "ssh_minion" without error control + Scenario: Delete the Salt minion for SSH tunnel bootstrap Given I am on the Systems overview page of this "ssh_minion" When I follow "Delete System" @@ -57,6 +60,7 @@ Feature: Register a Salt system to be managed via SSH tunnel And I follow "List / Remove" And I enter "milkyway-dummy" as the filtered package name And I click on the filter button + And I wait until I see "milkyway-dummy" text And I check "milkyway-dummy" in the list And I click on "Remove Packages" And I click on "Confirm" From 0e6cea4de9ff6d3b9f5ef6d69c52ea7ef2e3dfd2 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 20 Jul 2023 12:56:13 +0100 Subject: [PATCH 49/53] udpate log single to double quote --- susemanager-utils/susemanager-sls/modules/roster/uyuni.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/susemanager-utils/susemanager-sls/modules/roster/uyuni.py b/susemanager-utils/susemanager-sls/modules/roster/uyuni.py index 92b30cbfb0bf..54c555a41a76 100644 --- a/susemanager-utils/susemanager-sls/modules/roster/uyuni.py +++ b/susemanager-utils/susemanager-sls/modules/roster/uyuni.py @@ -89,9 +89,9 @@ def __init__(self, db_config, uyuni_roster_config): ) ) - log.trace("db_connect dbname: %s", db_config['db']) - log.trace("db_connect user: %s", db_config['user']) - log.trace("db_connect host: %s", db_config['host']) + log.trace("db_connect dbname: %s", db_config["db"]) + log.trace("db_connect user: %s", db_config["user"]) + log.trace("db_connect host: %s", db_config["host"]) log.debug("ssh_pre_flight_script: %s", self.ssh_pre_flight_script) log.debug("ssh_push_port_https: %d", self.ssh_push_port_https) log.debug("ssh_push_sudo_user: %s", self.ssh_push_sudo_user) From 9c949872162e396466dc67dc76065e81d1949e13 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Thu, 20 Jul 2023 13:26:41 +0200 Subject: [PATCH 50/53] fix logging of libraries using apache-commons-logging --- java/buildconf/build-props.xml | 3 ++- java/spacewalk-java.changes.mc.fix-lib-logging | 1 + java/spacewalk-java.spec | 3 +++ 3 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 java/spacewalk-java.changes.mc.fix-lib-logging diff --git a/java/buildconf/build-props.xml b/java/buildconf/build-props.xml index 585a0daed654..3d030ae67831 100644 --- a/java/buildconf/build-props.xml +++ b/java/buildconf/build-props.xml @@ -71,7 +71,8 @@ - + + diff --git a/java/spacewalk-java.changes.mc.fix-lib-logging b/java/spacewalk-java.changes.mc.fix-lib-logging new file mode 100644 index 000000000000..25aba61ea77d --- /dev/null +++ b/java/spacewalk-java.changes.mc.fix-lib-logging @@ -0,0 +1 @@ +- fix logging of libraries using apache-commons-logging diff --git a/java/spacewalk-java.spec b/java/spacewalk-java.spec index e08917d4fd66..7f5a3544dbcd 100644 --- a/java/spacewalk-java.spec +++ b/java/spacewalk-java.spec @@ -119,6 +119,7 @@ BuildRequires: jsch BuildRequires: jta BuildRequires: libxml2 BuildRequires: log4j +BuildRequires: log4j-jcl BuildRequires: log4j-slf4j BuildRequires: netty BuildRequires: objectweb-asm >= 9.2 @@ -206,6 +207,7 @@ Requires: jpa-api Requires: jta Requires: libsolv-tools Requires: log4j +Requires: log4j-jcl Requires: log4j-slf4j Requires: mgr-libmod Requires: netty @@ -363,6 +365,7 @@ Requires: jcommon Requires: jpa-api Requires: jsch Requires: log4j +Requires: log4j-jcl Requires: quartz Requires: simple-core Requires: spacewalk-java-config From 80b050e2371305d04c5bd9e2fa4f2832326cb6d1 Mon Sep 17 00:00:00 2001 From: Dominik Gedon Date: Wed, 19 Jul 2023 16:10:47 +0200 Subject: [PATCH 51/53] QE: Adjust step for creating bootstrap script This will adjust the step for creating a bootstrap script. The default SUSE key is not not used anymore and it is possible to specify a different key when using the step. This was necessary due to the fact that we need a different key for registering the proxy. Signed-off-by: Dominik Gedon --- testsuite/documentation/cucumber-steps.md | 4 ++-- .../core/proxy_register_as_minion_with_script.feature | 4 ++-- testsuite/features/step_definitions/command_steps.rb | 3 +-- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/testsuite/documentation/cucumber-steps.md b/testsuite/documentation/cucumber-steps.md index a34470bf0dd1..6cab45721ef6 100644 --- a/testsuite/documentation/cucumber-steps.md +++ b/testsuite/documentation/cucumber-steps.md @@ -466,10 +466,10 @@ Note that the text area variant handles the new lines characters while the other When I execute mgr-sync "list channels -e" with user "admin" and password "admin" ``` -* Execute mgr-bootstrap +* Execute mgr-bootstrap to create a bootstrap script ```gherkin - When I execute mgr-bootstrap "--script=bootstrap-test.sh" + When I execute mgr-bootstrap "--activation-keys=1-AK-KEY-NAME --script=bootstrap-test.sh" ``` * Execute mgr-create-bootstrap-repo diff --git a/testsuite/features/core/proxy_register_as_minion_with_script.feature b/testsuite/features/core/proxy_register_as_minion_with_script.feature index 0b529f4b5237..254b883d8ce0 100644 --- a/testsuite/features/core/proxy_register_as_minion_with_script.feature +++ b/testsuite/features/core/proxy_register_as_minion_with_script.feature @@ -22,7 +22,7 @@ Feature: Setup Uyuni proxy @skip_if_salt_bundle Scenario: Create the bootstrap script for the proxy and use it - When I execute mgr-bootstrap "--script=bootstrap-proxy.sh" + When I execute mgr-bootstrap "--activation-keys=1-SUSE-KEY-x86_64 --script=bootstrap-proxy.sh" Then I should get "* bootstrap script (written):" And I should get " '/srv/www/htdocs/pub/bootstrap/bootstrap-proxy.sh'" When I fetch "pub/bootstrap/bootstrap-proxy.sh" to "proxy" @@ -30,7 +30,7 @@ Feature: Setup Uyuni proxy @salt_bundle Scenario: Create the bundle-aware bootstrap script for the proxy and use it - When I execute mgr-bootstrap "--script=bootstrap-proxy.sh --force-bundle" + When I execute mgr-bootstrap "--activation-keys=1-SUSE-KEY-x86_64 --script=bootstrap-proxy.sh" Then I should get "* bootstrap script (written):" And I should get " '/srv/www/htdocs/pub/bootstrap/bootstrap-proxy.sh'" When I fetch "pub/bootstrap/bootstrap-proxy.sh" to "proxy" diff --git a/testsuite/features/step_definitions/command_steps.rb b/testsuite/features/step_definitions/command_steps.rb index d245bcab6278..f6a5acea4fec 100644 --- a/testsuite/features/step_definitions/command_steps.rb +++ b/testsuite/features/step_definitions/command_steps.rb @@ -449,8 +449,7 @@ end When(/^I execute mgr\-bootstrap "([^"]*)"$/) do |arg1| - arch = 'x86_64' - $command_output, _code = $server.run("mgr-bootstrap --activation-keys=1-SUSE-KEY-#{arch} #{arg1}") + $command_output, _code = $server.run("mgr-bootstrap #{arg1}") end When(/^I fetch "([^"]*)" to "([^"]*)"$/) do |file, host| From 5f95bf1ab10e0c030047146fd9fb4bef908a0346 Mon Sep 17 00:00:00 2001 From: Dominik Gedon Date: Wed, 19 Jul 2023 16:12:05 +0200 Subject: [PATCH 52/53] QE: Move proxy registration to init_clients This will move the proxy registration and onboarding from the `core` to the `init_clients` stage. This way we properly sync the required channels for the proxy before registering it. Furthermore this will also create a new activation key for the proxy with the correct channels assigned after they are synced. Signed-off-by: Dominik Gedon --- .../core/srv_create_activationkey.feature | 9 +++++ .../allcli_update_activationkeys.feature | 36 +++++++++++++++++++ .../proxy_branch_network.feature | 0 .../proxy_register_as_minion_with_gui.feature | 1 + ...oxy_register_as_minion_with_script.feature | 4 +-- .../proxy_register_as_pod.feature | 0 .../reposync/srv_sync_products.feature | 16 +++++++++ testsuite/features/support/constants.rb | 17 +++++++++ testsuite/run_sets/core.yml | 7 ---- .../github_validation_proxy.yml | 10 +++--- testsuite/run_sets/init_clients.yml | 8 +++++ 11 files changed, 94 insertions(+), 14 deletions(-) rename testsuite/features/{core => init_clients}/proxy_branch_network.feature (100%) rename testsuite/features/{core => init_clients}/proxy_register_as_minion_with_gui.feature (97%) rename testsuite/features/{core => init_clients}/proxy_register_as_minion_with_script.feature (93%) rename testsuite/features/{core => init_clients}/proxy_register_as_pod.feature (100%) diff --git a/testsuite/features/core/srv_create_activationkey.feature b/testsuite/features/core/srv_create_activationkey.feature index b66100505860..7db6a3f541ca 100644 --- a/testsuite/features/core/srv_create_activationkey.feature +++ b/testsuite/features/core/srv_create_activationkey.feature @@ -95,3 +95,12 @@ Feature: Create activation keys And I enter "20" as "usageLimit" And I select "Push via SSH tunnel" from "contact-method" And I click on "Create Activation Key" + + Scenario: Create an activation key for the Proxy + When I follow the left menu "Systems > Activation Keys" + And I follow "Create Key" + And I wait until I do not see "Loading..." text + And I enter "Proxy Key x86_64" as "description" + And I enter "PROXY-KEY-x86_64" as "key" + And I click on "Create Activation Key" + Then I should see a "Activation key Proxy Key x86_64 has been created" text diff --git a/testsuite/features/init_clients/allcli_update_activationkeys.feature b/testsuite/features/init_clients/allcli_update_activationkeys.feature index 3480e53e79b0..654aa8a82604 100644 --- a/testsuite/features/init_clients/allcli_update_activationkeys.feature +++ b/testsuite/features/init_clients/allcli_update_activationkeys.feature @@ -91,3 +91,39 @@ Feature: Update activation keys And I check "Fake-RPM-SUSE-Channel" And I click on "Update Activation Key" Then I should see a "Activation key SUSE SSH Tunnel Test Key x86_64 has been modified" text + +@scc_credentials +@susemanager + Scenario: Update the Proxy key with synced base product + When I follow the left menu "Systems > Activation Keys" + And I follow "Proxy Key x86_64" in the content area + And I wait until I do not see "Loading..." text + And I select "SLE-Product-SUSE-Manager-Proxy-4.3-Pool" from "selectedBaseChannel" + And I wait until I do not see "Loading..." text + And I include the recommended child channels + And I wait until "SLE-Module-Basesystem15-SP4-Pool for x86_64 Proxy 4.3" has been checked + And I wait until "SLE-Module-Basesystem15-SP4-Updates for x86_64 Proxy 4.3" has been checked + And I wait until "SLE-Module-Server-Applications15-SP4-Pool for x86_64 Proxy 4.3" has been checked + And I wait until "SLE-Module-Server-Applications15-SP4-Updates for x86_64 Proxy 4.3" has been checked + And I wait until "SLE-Module-SUSE-Manager-Proxy-4.3-Pool for x86_64" has been checked + And I wait until "SLE-Module-SUSE-Manager-Proxy-4.3-Updates for x86_64" has been checked + When I click on "Update Activation Key" + Then I should see a "Activation key Proxy Key x86_64 has been modified" text + +# This will be enabled once the Uyuni CI is syncing openSUSE Leap 15.4 +# @uyuni +# Scenario: Update the Proxy key with synced base product +# When I follow the left menu "Systems > Activation Keys" +# And I follow "Proxy Key x86_64" in the content area +# And I wait until I do not see "Loading..." text +# And I select "openSUSE Leap 15.4 (x86_64)" from "selectedBaseChannel" +# And I wait until I do not see "Loading..." text +# And I check "openSUSE 15.4 non oss (x86_64)" +# And I check "openSUSE Leap 15.4 non oss Updates (x86_64)" +# And I check "openSUSE Leap 15.4 Updates (x86_64)" +# And I check "Update repository of openSUSE Leap 15.4 Backports (x86_64)" +# And I check "Update repository with updates from SUSE Linux Enterprise 15 for openSUSE Leap 15.4 (x86_64)" +# And I check "Uyuni Client Tools for openSUSE Leap 15.4 (x86_64)" +# And I check "Uyuni Proxy Stable for openSUSE Leap 15.4 (x86_64)" +# When I click on "Update Activation Key" +# Then I should see a "Activation key Proxy Key x86_64 has been modified" text diff --git a/testsuite/features/core/proxy_branch_network.feature b/testsuite/features/init_clients/proxy_branch_network.feature similarity index 100% rename from testsuite/features/core/proxy_branch_network.feature rename to testsuite/features/init_clients/proxy_branch_network.feature diff --git a/testsuite/features/core/proxy_register_as_minion_with_gui.feature b/testsuite/features/init_clients/proxy_register_as_minion_with_gui.feature similarity index 97% rename from testsuite/features/core/proxy_register_as_minion_with_gui.feature rename to testsuite/features/init_clients/proxy_register_as_minion_with_gui.feature index 00394047b21d..fb7a9278ae83 100644 --- a/testsuite/features/core/proxy_register_as_minion_with_gui.feature +++ b/testsuite/features/init_clients/proxy_register_as_minion_with_gui.feature @@ -30,6 +30,7 @@ Feature: Setup Uyuni proxy And I enter "22" as "port" And I enter "root" as "user" And I enter "linux" as "password" + And I select "1-PROXY-KEY-x86_64" from "activationKeys" And I click on "Bootstrap" And I wait until I see "Successfully bootstrapped host!" text diff --git a/testsuite/features/core/proxy_register_as_minion_with_script.feature b/testsuite/features/init_clients/proxy_register_as_minion_with_script.feature similarity index 93% rename from testsuite/features/core/proxy_register_as_minion_with_script.feature rename to testsuite/features/init_clients/proxy_register_as_minion_with_script.feature index 254b883d8ce0..71954a119f68 100644 --- a/testsuite/features/core/proxy_register_as_minion_with_script.feature +++ b/testsuite/features/init_clients/proxy_register_as_minion_with_script.feature @@ -22,7 +22,7 @@ Feature: Setup Uyuni proxy @skip_if_salt_bundle Scenario: Create the bootstrap script for the proxy and use it - When I execute mgr-bootstrap "--activation-keys=1-SUSE-KEY-x86_64 --script=bootstrap-proxy.sh" + When I execute mgr-bootstrap "--activation-keys=1-PROXY-KEY-x86_64 --script=bootstrap-proxy.sh" Then I should get "* bootstrap script (written):" And I should get " '/srv/www/htdocs/pub/bootstrap/bootstrap-proxy.sh'" When I fetch "pub/bootstrap/bootstrap-proxy.sh" to "proxy" @@ -30,7 +30,7 @@ Feature: Setup Uyuni proxy @salt_bundle Scenario: Create the bundle-aware bootstrap script for the proxy and use it - When I execute mgr-bootstrap "--activation-keys=1-SUSE-KEY-x86_64 --script=bootstrap-proxy.sh" + When I execute mgr-bootstrap "--activation-keys=1-PROXY-KEY-x86_64 --script=bootstrap-proxy.sh" Then I should get "* bootstrap script (written):" And I should get " '/srv/www/htdocs/pub/bootstrap/bootstrap-proxy.sh'" When I fetch "pub/bootstrap/bootstrap-proxy.sh" to "proxy" diff --git a/testsuite/features/core/proxy_register_as_pod.feature b/testsuite/features/init_clients/proxy_register_as_pod.feature similarity index 100% rename from testsuite/features/core/proxy_register_as_pod.feature rename to testsuite/features/init_clients/proxy_register_as_pod.feature diff --git a/testsuite/features/reposync/srv_sync_products.feature b/testsuite/features/reposync/srv_sync_products.feature index 2e3062624d5b..98891abd1e97 100644 --- a/testsuite/features/reposync/srv_sync_products.feature +++ b/testsuite/features/reposync/srv_sync_products.feature @@ -87,6 +87,22 @@ Feature: Synchronize products in the products page of the Setup Wizard And I wait until I see "SUSE Linux Enterprise Server 15 SP4 x86_64" product has been added Then the SLE15 SP4 product should be added +@proxy +@susemanager + Scenario: Add SUSE Manager Proxy 4.3 + When I follow the left menu "Admin > Setup Wizard > Products" + And I wait until I do not see "Loading" text + And I enter "SUSE Manager Proxy 4.3" as the filtered product description + And I select "SUSE Manager Proxy 4.3 x86_64" as a product + Then I should see the "SUSE Manager Proxy 4.3 x86_64" selected + And I enter "SUSE Manager Retail Branch Server 4.3" as the filtered product description + And I select "SUSE Manager Retail Branch Server 4.3 x86_64" as a product + Then I should see the "SUSE Manager Retail Branch Server 4.3 x86_64" selected + When I click the Add Product button + And I wait until I see "Selected channels/products were scheduled successfully for syncing." text + And I wait until I see "SUSE Manager Proxy 4.3 x86_64" product has been added + And I wait until I see "SUSE Manager Retail Branch Server 4.3 x86_64" product has been added + @scc_credentials Scenario: Installer update channels got enabled when products were added When I execute mgr-sync "list channels" with user "admin" and password "admin" diff --git a/testsuite/features/support/constants.rb b/testsuite/features/support/constants.rb index 68ea24bcc433..c244851dbb31 100644 --- a/testsuite/features/support/constants.rb +++ b/testsuite/features/support/constants.rb @@ -422,6 +422,23 @@ sle-module-devtools15-sp4-updates-x86_64 sle-module-containers15-sp4-pool-x86_64 sle-module-containers15-sp4-updates-x86_64 + sle-module-suse-manager-proxy-4.3-pool-x86_64 + sle-module-suse-manager-proxy-4.3-updates-x86_64 + sle-module-server-applications15-sp4-pool-x86_64-proxy-4.3 + sle-module-server-applications15-sp4-updates-x86_64-proxy-4.3 + sle-module-basesystem15-sp4-pool-x86_64-proxy-4.3 + sle-module-basesystem15-sp4-updates-x86_64-proxy-4.3 + sle-product-suse-manager-proxy-4.3-pool-x86_64 + sle-product-suse-manager-proxy-4.3-updates-x86_64 + sle-product-suse-manager-retail-branch-server-4.3-pool-x86_64 + sle-product-suse-manager-retail-branch-server-4.3-updates-x86_64 + sle-module-suse-manager-retail-branch-server-4.3-pool-x86_64 + sle-module-suse-manager-retail-branch-server-4.3-updates-x86_64 + sle-module-basesystem15-sp4-pool-x86_64-smrbs-4.3 + sle-module-basesystem15-sp4-updates-x86_64-smrbs-4.3 + sle-module-suse-manager-proxy-4.3-pool-x86_64-smrbs + sle-module-suse-manager-proxy-4.3-updates-x86_64-smrbs + sle-module-server-applications15-sp4-updates-x86_64-smrbs-4.3 ], '8' => %w[ diff --git a/testsuite/run_sets/core.yml b/testsuite/run_sets/core.yml index 541c79e8dc03..d070bb84b3bd 100644 --- a/testsuite/run_sets/core.yml +++ b/testsuite/run_sets/core.yml @@ -19,11 +19,4 @@ - features/core/srv_osimage.feature - features/core/srv_docker.feature -# initialize Uyuni proxy - # one of: proxy_register_as_minion_with_script.feature - # proxy_register_as_minion_with_gui.feature - # proxy_register_as_pod.feature -- features/core/proxy_register_as_minion_with_script.feature -- features/core/proxy_branch_network.feature - ## Core features END ### diff --git a/testsuite/run_sets/github_validation/github_validation_proxy.yml b/testsuite/run_sets/github_validation/github_validation_proxy.yml index fea3ce0f04d5..17ec42db8c68 100644 --- a/testsuite/run_sets/github_validation/github_validation_proxy.yml +++ b/testsuite/run_sets/github_validation/github_validation_proxy.yml @@ -8,11 +8,11 @@ # IMMUTABLE ORDER -# initialize Uyuni proxy - # one of: proxy_register_as_trad_with_script.feature - # proxy_register_as_minion_with_script.feature +# Proxy + # one of: proxy_register_as_minion_with_script.feature # proxy_register_as_minion_with_gui.feature -- features/core/proxy_register_as_pod.feature -- features/core/proxy_branch_network.feature + # proxy_register_as_pod.feature +- features/init_clients/proxy_register_as_minion_with_script.feature +- features/init_clients/proxy_branch_network.feature ## Core features END ### diff --git a/testsuite/run_sets/init_clients.yml b/testsuite/run_sets/init_clients.yml index 1c7738761964..c38a7fd6a1ee 100644 --- a/testsuite/run_sets/init_clients.yml +++ b/testsuite/run_sets/init_clients.yml @@ -8,6 +8,14 @@ - features/init_clients/allcli_update_activationkeys.feature - features/init_clients/srv_check_reposync.feature + +# Proxy + # one of: proxy_register_as_minion_with_script.feature + # proxy_register_as_minion_with_gui.feature + # proxy_register_as_pod.feature +- features/init_clients/proxy_register_as_minion_with_script.feature +- features/init_clients/proxy_branch_network.feature + - features/init_clients/sle_minion.feature - features/init_clients/sle_ssh_minion.feature - features/init_clients/min_rhlike_salt.feature From 6fa072996396e475e7ada266de20c12a5b89b97f Mon Sep 17 00:00:00 2001 From: Dominik Gedon Date: Fri, 21 Jul 2023 13:19:43 +0200 Subject: [PATCH 53/53] QE: fix bootstrap script for using the Salt bundle (#7300) Fixup for https://github.com/uyuni-project/uyuni/pull/7287 --- .../init_clients/proxy_register_as_minion_with_script.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testsuite/features/init_clients/proxy_register_as_minion_with_script.feature b/testsuite/features/init_clients/proxy_register_as_minion_with_script.feature index 71954a119f68..178dc8d8a53b 100644 --- a/testsuite/features/init_clients/proxy_register_as_minion_with_script.feature +++ b/testsuite/features/init_clients/proxy_register_as_minion_with_script.feature @@ -30,7 +30,7 @@ Feature: Setup Uyuni proxy @salt_bundle Scenario: Create the bundle-aware bootstrap script for the proxy and use it - When I execute mgr-bootstrap "--activation-keys=1-PROXY-KEY-x86_64 --script=bootstrap-proxy.sh" + When I execute mgr-bootstrap "--activation-keys=1-PROXY-KEY-x86_64 --script=bootstrap-proxy.sh --force-bundle" Then I should get "* bootstrap script (written):" And I should get " '/srv/www/htdocs/pub/bootstrap/bootstrap-proxy.sh'" When I fetch "pub/bootstrap/bootstrap-proxy.sh" to "proxy"