From 3d76ed1a88a90370b710dfdfcf50f123c4952c8c Mon Sep 17 00:00:00 2001 From: Thomas Florio Date: Mon, 17 Jun 2024 10:30:28 +0200 Subject: [PATCH 1/4] Use absolute in paths in java code --- .../notification/types/UpdateAvailable.java | 9 ++++++--- .../channel/manage/SyncRepositoriesAction.java | 2 +- .../frontend/xmlrpc/system/SystemHandler.java | 3 +-- .../rhn/manager/rhnpackage/PackageManager.java | 2 +- .../task/payg/PaygAuthDataExtractor.java | 16 ++++++++-------- .../task/repomd/RpmRepositoryWriter.java | 2 +- .../bootstrap/AbstractMinionBootstrapper.java | 2 +- .../suse/manager/webui/utils/LoginHelper.java | 2 +- ...ges.mackdk.avoid-executing-commands-from-PATH | 1 + 9 files changed, 21 insertions(+), 18 deletions(-) create mode 100644 java/spacewalk-java.changes.mackdk.avoid-executing-commands-from-PATH diff --git a/java/code/src/com/redhat/rhn/domain/notification/types/UpdateAvailable.java b/java/code/src/com/redhat/rhn/domain/notification/types/UpdateAvailable.java index acb3ed4857b9..0f27e7503ff1 100644 --- a/java/code/src/com/redhat/rhn/domain/notification/types/UpdateAvailable.java +++ b/java/code/src/com/redhat/rhn/domain/notification/types/UpdateAvailable.java @@ -58,14 +58,17 @@ public boolean updateAvailable() { try { Process patchProc = runtime.exec(new String[]{"/bin/bash", "-c", - "LC_ALL=C zypper lp -r " + repo + " | grep 'applicable patch'"}); + "LC_ALL=C /usr/bin/zypper lp -r " + repo + " | /usr/bin/grep 'applicable patch'"}); patchProc.waitFor(); // 0 here means there are patches hasUpdates = (0 == patchProc.exitValue()); if (!hasUpdates && !mgr) { // Check for updates on uyuni when there are no patches - Process updateProc = runtime.exec(new String[]{"/bin/bash", "-c", - "LC_ALL=C zypper lu -r " + UYUNI_UPDATE_REPO + " | grep 'Available Version'"}); + Process updateProc = runtime.exec(new String[]{ + "/bin/bash", + "-c", + "LC_ALL=C /usr/bin/zypper lu -r " + UYUNI_UPDATE_REPO + " | /usr/bin/grep 'Available Version'" + }); updateProc.waitFor(); hasUpdates = (0 == updateProc.exitValue()); } diff --git a/java/code/src/com/redhat/rhn/frontend/action/channel/manage/SyncRepositoriesAction.java b/java/code/src/com/redhat/rhn/frontend/action/channel/manage/SyncRepositoriesAction.java index ecbbe9e9cef6..0f941772eec2 100644 --- a/java/code/src/com/redhat/rhn/frontend/action/channel/manage/SyncRepositoriesAction.java +++ b/java/code/src/com/redhat/rhn/frontend/action/channel/manage/SyncRepositoriesAction.java @@ -195,7 +195,7 @@ private boolean isSyncInProgress(Channel chan) { } // Is this PID running? - String[] cmd = {"ps", "-o", "args", "-p", pid}; + String[] cmd = {"/usr/bin/ps", "-o", "args", "-p", pid}; SystemCommandExecutor ce = new SystemCommandExecutor(); ce.execute(cmd); return ce.getLastCommandOutput().contains(" " + chan.getLabel() + " "); diff --git a/java/code/src/com/redhat/rhn/frontend/xmlrpc/system/SystemHandler.java b/java/code/src/com/redhat/rhn/frontend/xmlrpc/system/SystemHandler.java index c6832aa5b147..46b5a3d3add3 100644 --- a/java/code/src/com/redhat/rhn/frontend/xmlrpc/system/SystemHandler.java +++ b/java/code/src/com/redhat/rhn/frontend/xmlrpc/system/SystemHandler.java @@ -5910,8 +5910,7 @@ public Map transitionDataForSystem(String clientCert) throws FileNotFoundExcepti map.put(csvUuid, record[uuidPos]); map.put(csvSystemId, record[systemIdPos]); map.put(csvStamp, fileStamp); - String[] cmd = {"rpm", "--qf=%{NAME}", - "-qf", file.getAbsolutePath()}; + String[] cmd = {"/usr/bin/rpm", "--qf=%{NAME}", "-qf", file.getAbsolutePath()}; map.remove(csvHostname); SystemCommandExecutor ce = new SystemCommandExecutor(); if (ce.execute(cmd) == 0) { diff --git a/java/code/src/com/redhat/rhn/manager/rhnpackage/PackageManager.java b/java/code/src/com/redhat/rhn/manager/rhnpackage/PackageManager.java index 52b7832413f1..27e5dddd9aac 100644 --- a/java/code/src/com/redhat/rhn/manager/rhnpackage/PackageManager.java +++ b/java/code/src/com/redhat/rhn/manager/rhnpackage/PackageManager.java @@ -1808,7 +1808,7 @@ public static String getPackageChangeLog(Package pkg) { } List cmd = new ArrayList<>(); - cmd.add(Config.get().getString("rpm.path", "/bin/rpm")); + cmd.add("/usr/bin/rpm"); cmd.add("-qp"); cmd.add("--changelog"); cmd.add(f.getPath()); diff --git a/java/code/src/com/redhat/rhn/taskomatic/task/payg/PaygAuthDataExtractor.java b/java/code/src/com/redhat/rhn/taskomatic/task/payg/PaygAuthDataExtractor.java index 4d1953eb5f17..03cf1613e248 100644 --- a/java/code/src/com/redhat/rhn/taskomatic/task/payg/PaygAuthDataExtractor.java +++ b/java/code/src/com/redhat/rhn/taskomatic/task/payg/PaygAuthDataExtractor.java @@ -49,12 +49,12 @@ public class PaygAuthDataExtractor { private static final Path PAYG_INSTANCE_INFO_JSON = Path.of("/var/cache/rhn/payg.json"); private static final int VALIDITY_MINUTES = 11; - private static final String CONNECTION_TIMEOUT_PROPEERRTY = "java.payg.connection_timeout"; - private static final String WAIT_RESPONSE_TIMEOUT_PROPEERRTY = "java.payg.repsonse_timeout"; + private static final String CONNECTION_TIMEOUT_PROPERTY = "java.payg.connection_timeout"; + private static final String WAIT_RESPONSE_TIMEOUT_PROPERTY = "java.payg.repsonse_timeout"; // time in milliseconds - private static final int CONNECTION_TIMEOUT = Config.get().getInt(CONNECTION_TIMEOUT_PROPEERRTY, 5000); - private static final int RESPONSE_TIMEOUT = Config.get().getInt(WAIT_RESPONSE_TIMEOUT_PROPEERRTY, 20000); + private static final int CONNECTION_TIMEOUT = Config.get().getInt(CONNECTION_TIMEOUT_PROPERTY, 5000); + private static final int RESPONSE_TIMEOUT = Config.get().getInt(WAIT_RESPONSE_TIMEOUT_PROPERTY, 20000); private static final Logger LOG = LogManager.getLogger(PaygAuthDataExtractor.class); @@ -65,9 +65,9 @@ public class PaygAuthDataExtractor { .create(); public enum OsSpecificExtractor { - SLES_EXTRACTOR("SLE", "sudo python3", "script/payg_extract_repo_data.py"), - RHEL_EXTRACTOR("RHEL", "sudo /usr/libexec/platform-python", "script/rhui_extract_repo_data.py"), - RHEL7_EXTRACTOR("RHEL7", "sudo python", "script/rhui7_extract_repo_data.py"); + SLES_EXTRACTOR("SLE", "/usr/bin/sudo /usr/bin/python3", "script/payg_extract_repo_data.py"), + RHEL_EXTRACTOR("RHEL", "/usr/bin/sudo /usr/libexec/platform-python", "script/rhui_extract_repo_data.py"), + RHEL7_EXTRACTOR("RHEL7", "/usr/bin/sudo /usr/bin/python", "script/rhui7_extract_repo_data.py"); private final String osLabel; private final String scriptExecutor; @@ -75,7 +75,7 @@ public enum OsSpecificExtractor { /** * Constructor - * @param osLabelIn the lable + * @param osLabelIn the label * @param scriptExecutorIn the script executor * @param extractorScriptIn the script path */ diff --git a/java/code/src/com/redhat/rhn/taskomatic/task/repomd/RpmRepositoryWriter.java b/java/code/src/com/redhat/rhn/taskomatic/task/repomd/RpmRepositoryWriter.java index b7d06171790c..6c06a7ba56b2 100644 --- a/java/code/src/com/redhat/rhn/taskomatic/task/repomd/RpmRepositoryWriter.java +++ b/java/code/src/com/redhat/rhn/taskomatic/task/repomd/RpmRepositoryWriter.java @@ -423,7 +423,7 @@ public void writeRepomdFiles(Channel channel) { if (ConfigDefaults.get().isMetadataSigningEnabled()) { String[] signCommand = new String[2]; - signCommand[0] = "mgr-sign-metadata"; + signCommand[0] = "/usr/bin/mgr-sign-metadata"; signCommand[1] = prefix + "repomd.xml"; cmdExecutor.execute(signCommand); createdFiles.add(new File(prefix, "repomd.xml.asc")); diff --git a/java/code/src/com/suse/manager/webui/controllers/bootstrap/AbstractMinionBootstrapper.java b/java/code/src/com/suse/manager/webui/controllers/bootstrap/AbstractMinionBootstrapper.java index 256d2fcbb9ee..c432737b34c9 100644 --- a/java/code/src/com/suse/manager/webui/controllers/bootstrap/AbstractMinionBootstrapper.java +++ b/java/code/src/com/suse/manager/webui/controllers/bootstrap/AbstractMinionBootstrapper.java @@ -138,7 +138,7 @@ private boolean hasCorrectSSHFileOwnership() throws IOException, CommandExecutio } File knownHostsFile = new File(SALT_SSH_DIR_PATH + "/known_hosts"); - String cmd = "sudo /usr/bin/ls -la " + knownHostsFile.getPath(); + String cmd = "/usr/bin/sudo /usr/bin/ls -la " + knownHostsFile.getPath(); Process prc = Runtime.getRuntime().exec(cmd); try { diff --git a/java/code/src/com/suse/manager/webui/utils/LoginHelper.java b/java/code/src/com/suse/manager/webui/utils/LoginHelper.java index 185c80ff72c9..e0f9ce3b8634 100644 --- a/java/code/src/com/suse/manager/webui/utils/LoginHelper.java +++ b/java/code/src/com/suse/manager/webui/utils/LoginHelper.java @@ -411,7 +411,7 @@ public static Boolean isSchemaUpgradeRequired() { private static String getRpmSchemaVersion(String schemaName) { String[] rpmCommand = new String[4]; - rpmCommand[0] = "rpm"; + rpmCommand[0] = "/usr/bin/rpm"; rpmCommand[1] = "-q"; rpmCommand[2] = "--qf=%{VERSION}-%{RELEASE}"; rpmCommand[3] = schemaName; diff --git a/java/spacewalk-java.changes.mackdk.avoid-executing-commands-from-PATH b/java/spacewalk-java.changes.mackdk.avoid-executing-commands-from-PATH new file mode 100644 index 000000000000..6d01454e939f --- /dev/null +++ b/java/spacewalk-java.changes.mackdk.avoid-executing-commands-from-PATH @@ -0,0 +1 @@ +- Use absolute paths when invoking external commands From 32f8b28668f3139312e35764e8a9ef5b87c74575 Mon Sep 17 00:00:00 2001 From: Thomas Florio Date: Mon, 17 Jun 2024 10:36:47 +0200 Subject: [PATCH 2/4] Use absolute in paths in pyton code --- ...push.changes.mackdk.avoid-executing-commands-from-PATH | 1 + client/tools/mgr-push/rhnpush_config.py | 6 +++--- python/spacewalk/satellite_tools/repo_plugins/yum_src.py | 8 ++++---- python/spacewalk/satellite_tools/reposync.py | 2 +- ...kend.changes.mackdk.avoid-executing-commands-from-PATH | 1 + spacewalk/admin/salt-secrets-config.py | 2 +- ...dmin.changes.mackdk.avoid-executing-commands-from-PATH | 1 + susemanager/src/mgr-create-bootstrap-repo | 2 +- ...ager.changes.mackdk.avoid-executing-commands-from-PATH | 1 + utils/spacewalk-sync-setup | 2 +- ...tils.changes.mackdk.avoid-executing-commands-from-PATH | 1 + 11 files changed, 16 insertions(+), 11 deletions(-) create mode 100644 client/tools/mgr-push/mgr-push.changes.mackdk.avoid-executing-commands-from-PATH create mode 100644 python/spacewalk/spacewalk-backend.changes.mackdk.avoid-executing-commands-from-PATH create mode 100644 spacewalk/admin/spacewalk-admin.changes.mackdk.avoid-executing-commands-from-PATH create mode 100644 susemanager/susemanager.changes.mackdk.avoid-executing-commands-from-PATH create mode 100644 utils/spacewalk-utils.changes.mackdk.avoid-executing-commands-from-PATH diff --git a/client/tools/mgr-push/mgr-push.changes.mackdk.avoid-executing-commands-from-PATH b/client/tools/mgr-push/mgr-push.changes.mackdk.avoid-executing-commands-from-PATH new file mode 100644 index 000000000000..6d01454e939f --- /dev/null +++ b/client/tools/mgr-push/mgr-push.changes.mackdk.avoid-executing-commands-from-PATH @@ -0,0 +1 @@ +- Use absolute paths when invoking external commands diff --git a/client/tools/mgr-push/rhnpush_config.py b/client/tools/mgr-push/rhnpush_config.py index 059d240213dd..315f94902021 100644 --- a/client/tools/mgr-push/rhnpush_config.py +++ b/client/tools/mgr-push/rhnpush_config.py @@ -38,11 +38,11 @@ class rhnpushConfigParser: _instance = None def get_ca_bundle_path(self): - if os.system("grep -iq '^ID_LIKE=.*suse' /etc/os-release") == 0: + if os.system("/usr/bin/grep -iq '^ID_LIKE=.*suse' /etc/os-release") == 0: return '/etc/ssl/ca-bundle.pem' - if os.system("grep -iq '^ID_LIKE=.*rhel' /etc/os-release") == 0: + if os.system("/usr/bin/grep -iq '^ID_LIKE=.*rhel' /etc/os-release") == 0: return '/etc/pki/tls/certs/ca-bundle.crt' - if os.system("grep -iq '^ID_LIKE=.*debian' /etc/os-release") == 0: + if os.system("/usr/bin/grep -iq '^ID_LIKE=.*debian' /etc/os-release") == 0: return '/etc/ssl/certs/ca-certificates.crt' def __init__(self, filename=None, ensure_consistency=False): diff --git a/python/spacewalk/satellite_tools/repo_plugins/yum_src.py b/python/spacewalk/satellite_tools/repo_plugins/yum_src.py index 3848da05c92f..c2cd826b0f61 100644 --- a/python/spacewalk/satellite_tools/repo_plugins/yum_src.py +++ b/python/spacewalk/satellite_tools/repo_plugins/yum_src.py @@ -154,7 +154,7 @@ def __synchronize_gpg_keys(self): # which are not needed and can cause issues when importing into the RPMDB os.system( # pylint: disable-next=consider-using-f-string - "gpg -q --batch --no-options --no-default-keyring --no-permission-warning --keyring {} --export --export-options export-clean -a > {}".format( + "/usr/bin/gpg -q --batch --no-options --no-default-keyring --no-permission-warning --keyring {} --export --export-options export-clean -a > {}".format( SPACEWALK_GPG_KEYRING, f.name ) ) @@ -199,7 +199,7 @@ def __synchronize_gpg_keys(self): # We delete this key from the RPM database to allow importing the newer version. os.system( # pylint: disable-next=consider-using-f-string - "rpm --dbpath {} -e gpg-pubkey-{}-{}".format( + "/usr/bin/rpm --dbpath {} -e gpg-pubkey-{}-{}".format( REPOSYNC_ZYPPER_RPMDB_PATH, key, zypper_gpg_keys[key] ) ) @@ -957,12 +957,12 @@ def _prep_zypp_repo_url(self, url, uln_repo): sys.stdout.write(str(msg) + "\n") os.system( # pylint: disable-next=consider-using-f-string - 'awk \'BEGIN {{c=0;}} /BEGIN CERT/{{c++}} {{ print > "{0}/cert." c ".pem"}}\' < {1}'.format( + '/usr/bin/awk \'BEGIN {{c=0;}} /BEGIN CERT/{{c++}} {{ print > "{0}/cert." c ".pem"}}\' < {1}'.format( _ssl_capath, self.sslcacert ) ) # pylint: disable-next=consider-using-f-string - os.system("c_rehash {} 2&>1 /dev/null".format(_ssl_capath)) + os.system("/usr/bin/c_rehash {} 2&>1 /dev/null".format(_ssl_capath)) query_params["ssl_capath"] = _ssl_capath if self.sslclientcert: query_params["ssl_clientcert"] = self.sslclientcert diff --git a/python/spacewalk/satellite_tools/reposync.py b/python/spacewalk/satellite_tools/reposync.py index 69db1d42944e..0c51d07beee4 100644 --- a/python/spacewalk/satellite_tools/reposync.py +++ b/python/spacewalk/satellite_tools/reposync.py @@ -521,7 +521,7 @@ def __init__( CFG.set("DEBUG", log_level) rhnLog.initLOG(log_path, log_level) # os.fchown isn't in 2.4 :/ - os.system("chgrp " + CFG.httpd_group + " " + log_path) + os.system("/usr/bin/chgrp " + CFG.httpd_group + " " + log_path) # pylint: disable-next=consider-using-f-string log2disk(0, "Command: %s" % str(sys.argv)) diff --git a/python/spacewalk/spacewalk-backend.changes.mackdk.avoid-executing-commands-from-PATH b/python/spacewalk/spacewalk-backend.changes.mackdk.avoid-executing-commands-from-PATH new file mode 100644 index 000000000000..6d01454e939f --- /dev/null +++ b/python/spacewalk/spacewalk-backend.changes.mackdk.avoid-executing-commands-from-PATH @@ -0,0 +1 @@ +- Use absolute paths when invoking external commands diff --git a/spacewalk/admin/salt-secrets-config.py b/spacewalk/admin/salt-secrets-config.py index 9030288043dc..8620c2e7ba7d 100755 --- a/spacewalk/admin/salt-secrets-config.py +++ b/spacewalk/admin/salt-secrets-config.py @@ -144,7 +144,7 @@ ] ): os.system( - "openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out /etc/salt/pki/api/salt-api.crt -keyout /etc/salt/pki/api/salt-api.key -subj '/CN=localhost'" + "/usr/bin/openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out /etc/salt/pki/api/salt-api.crt -keyout /etc/salt/pki/api/salt-api.key -subj '/CN=localhost'" ) os.chown( "/etc/salt/pki/api/salt-api.crt", diff --git a/spacewalk/admin/spacewalk-admin.changes.mackdk.avoid-executing-commands-from-PATH b/spacewalk/admin/spacewalk-admin.changes.mackdk.avoid-executing-commands-from-PATH new file mode 100644 index 000000000000..6d01454e939f --- /dev/null +++ b/spacewalk/admin/spacewalk-admin.changes.mackdk.avoid-executing-commands-from-PATH @@ -0,0 +1 @@ +- Use absolute paths when invoking external commands diff --git a/susemanager/src/mgr-create-bootstrap-repo b/susemanager/src/mgr-create-bootstrap-repo index a36d4ea1f264..b1e4bab1446e 100755 --- a/susemanager/src/mgr-create-bootstrap-repo +++ b/susemanager/src/mgr-create-bootstrap-repo @@ -794,7 +794,7 @@ def create_repo(label, options, mgr_bootstrap_data, additional=[]): log(err, 2) return 1 else: - os.system("createrepo -s sha256 %s" % destdirtmp) + os.system("/usr/bin/createrepo -s sha256 %s" % destdirtmp) # ensure venv-enabled-{ARCH}.txt doesn't exist in repo with no salt bundle package # create venv-enabled-{ARCH}.txt for repos with salt bundle package for file_path in glob.glob(os.path.join(destdirtmp, "venv-enabled-*.txt")): diff --git a/susemanager/susemanager.changes.mackdk.avoid-executing-commands-from-PATH b/susemanager/susemanager.changes.mackdk.avoid-executing-commands-from-PATH new file mode 100644 index 000000000000..6d01454e939f --- /dev/null +++ b/susemanager/susemanager.changes.mackdk.avoid-executing-commands-from-PATH @@ -0,0 +1 @@ +- Use absolute paths when invoking external commands diff --git a/utils/spacewalk-sync-setup b/utils/spacewalk-sync-setup index 11b78ec44603..878700fbbdf8 100755 --- a/utils/spacewalk-sync-setup +++ b/utils/spacewalk-sync-setup @@ -387,7 +387,7 @@ def gen_slave_template(slave_session, master_session, master, filename, dflt_mas master_ca_cert_path = '/usr/share/rhn/' + master + '_RHN-ORG-TRUSTED-SSL-CERT' slave_setup.set(master, 'cacert', master_ca_cert_path) - wget_cmd = 'wget -q -O ' + master_ca_cert_path + ' http://' + master + '/pub/RHN-ORG-TRUSTED-SSL-CERT' + wget_cmd = '/usr/bin/wget -q -O ' + master_ca_cert_path + ' http://' + master + '/pub/RHN-ORG-TRUSTED-SSL-CERT' logging.info("About to wget master CA cert: [" + wget_cmd + "]") try: os.system(wget_cmd) diff --git a/utils/spacewalk-utils.changes.mackdk.avoid-executing-commands-from-PATH b/utils/spacewalk-utils.changes.mackdk.avoid-executing-commands-from-PATH new file mode 100644 index 000000000000..6d01454e939f --- /dev/null +++ b/utils/spacewalk-utils.changes.mackdk.avoid-executing-commands-from-PATH @@ -0,0 +1 @@ +- Use absolute paths when invoking external commands From 67a09b992a321e2f7270c3361c673de7c5dfb084 Mon Sep 17 00:00:00 2001 From: Thomas Florio Date: Mon, 17 Jun 2024 12:16:03 +0200 Subject: [PATCH 3/4] Use absolute in paths in salt scripts --- .../salt/bootloader/autoinstall.sls | 6 ++-- .../susemanager-sls/salt/bootstrap/init.sls | 6 ++-- .../bootstrap/remove_traditional_stack.sls | 2 +- .../salt/bootstrap/set_proxy.sls | 2 +- .../susemanager-sls/salt/certs/init.sls | 2 +- .../susemanager-sls/salt/certs/redhat.sls | 2 +- .../susemanager-sls/salt/channels/init.sls | 10 +++--- .../salt/cleanup_minion/init.sls | 4 +-- .../salt/cocoattest/requestdata.sls | 10 +++--- .../salt/hardware/profileupdate.sls | 2 +- .../salt/images/kiwi-image-build.sls | 4 +-- .../salt/images/kiwi-image-inspect.sls | 2 +- .../salt/images/profileupdate.sls | 4 +-- .../salt/packages/profileupdate.sls | 4 +-- .../salt/packages/redhatproductinfo.sls | 36 +++++++++---------- .../susemanager-sls/salt/reboot.sls | 2 +- .../susemanager-sls/salt/rebootifneeded.sls | 12 +++---- .../salt/services/salt-minion.sls | 2 +- .../salt/srvmonitoring/disable.sls | 4 +-- .../salt/srvmonitoring/enable.sls | 4 +-- .../salt/srvmonitoring/removejmxprops.sls | 20 +++++------ .../salt/srvmonitoring/status.sls | 2 +- .../salt/ssh_bootstrap/init.sls | 2 +- .../susemanager-sls/salt/uptodate.sls | 6 ++-- .../salt/util/mgr_disable_fqdns_grain.sls | 2 +- .../salt/util/mgr_mine_config_clean_up.sls | 2 +- .../salt/util/mgr_rotate_saltssh_key.sls | 6 ++-- .../salt/util/mgr_start_event_grains.sls | 2 +- .../salt/util/mgr_switch_to_venv_minion.sls | 18 +++++----- .../susemanager-sls/salt/virt/create-vm.sls | 4 +-- ....mackdk.avoid-executing-commands-from-PATH | 1 + 31 files changed, 93 insertions(+), 92 deletions(-) create mode 100644 susemanager-utils/susemanager-sls/susemanager-sls.changes.mackdk.avoid-executing-commands-from-PATH diff --git a/susemanager-utils/susemanager-sls/salt/bootloader/autoinstall.sls b/susemanager-utils/susemanager-sls/salt/bootloader/autoinstall.sls index 2066c24baa8e..57c68223ad20 100644 --- a/susemanager-utils/susemanager-sls/salt/bootloader/autoinstall.sls +++ b/susemanager-utils/susemanager-sls/salt/bootloader/autoinstall.sls @@ -50,7 +50,7 @@ mgr_set_default_boot: mgr_elilo_copy_config: cmd.run: - - name: elilo + - name: /sbin/elilo - onchanges: - file: mgr_create_elilo_entry - file: mgr_set_default_boot @@ -72,7 +72,7 @@ mgr_set_default_boot: mgr_generate_grubconf: cmd.run: - - name: grub2-mkconfig -o /boot/grub2/grub.cfg + - name: /usr/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg - onchanges: - file: mgr_copy_kernel - file: mgr_copy_initrd @@ -82,7 +82,7 @@ mgr_generate_grubconf: mgr_autoinstall_start: cmd.run: - - name: shutdown -r +1 + - name: /usr/sbin/shutdown -r +1 - require: {% if loader_type == 'grub' %} - cmd: mgr_grub_boot_once diff --git a/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls b/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls index 6cdfc867262e..022b490823fc 100644 --- a/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls +++ b/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls @@ -168,7 +168,7 @@ bootstrap_repo: {% set salt_minion_installed = (salt['pkg.info_installed']('venv-salt-minion', attr='version', failhard=False).get('venv-salt-minion', {}).get('version') != None) %} check_bootstrap_dbg: cmd.run: - - name: echo "{{ salt_minion_installed }}" + - name: /usr/bin/echo "{{ salt_minion_installed }}" {% set venv_available_request = salt_minion_installed or salt['http.query'](bootstrap_repo_url + 'venv-enabled-' + grains['osarch'] + '.txt', status=True, verify_ssl=False) %} {# Prefer venv-salt-minion if available and not disabled #} {%- set use_venv_salt = salt['pillar.get']('mgr_force_venv_salt_minion') or ((salt_minion_installed or (0 < venv_available_request.get('status', 404) < 300)) and not salt['pillar.get']('mgr_avoid_venv_salt_minion')) %} @@ -332,7 +332,7 @@ copy_transactional_conf_file_to_etc: - name: /etc/transactional-update.conf - source: /usr/etc/transactional-update.conf - unless: - - test -f /etc/transactional-update.conf + - /usr/bin/test -f /etc/transactional-update.conf transactional_update_set_reboot_method_systemd: file.keyvalue: @@ -345,7 +345,7 @@ transactional_update_set_reboot_method_systemd: - require: - file: copy_transactional_conf_file_to_etc - unless: - - grep -P '^(?=[\s]*+[^#])[^#]*(REBOOT_METHOD=(?!auto))' /etc/transactional-update.conf + - /usr/bin/grep -P '^(?=[\s]*+[^#])[^#]*(REBOOT_METHOD=(?!auto))' /etc/transactional-update.conf disable_reboot_timer_transactional_minions: cmd.run: diff --git a/susemanager-utils/susemanager-sls/salt/bootstrap/remove_traditional_stack.sls b/susemanager-utils/susemanager-sls/salt/bootstrap/remove_traditional_stack.sls index 9651f279e412..0c36b46564d8 100644 --- a/susemanager-utils/susemanager-sls/salt/bootstrap/remove_traditional_stack.sls +++ b/susemanager-utils/susemanager-sls/salt/bootstrap/remove_traditional_stack.sls @@ -42,7 +42,7 @@ remove_traditional_stack: {%- if grains['os_family'] == 'Suse' %} - suseRegisterInfo {%- endif %} - - unless: rpm -q spacewalk-proxy-common || rpm -q spacewalk-common + - unless: /usr/bin/rpm -q spacewalk-proxy-common || /usr/bin/rpm -q spacewalk-common # only removing apt-transport-spacewalk above # causes apt-get update to 'freeze' if this diff --git a/susemanager-utils/susemanager-sls/salt/bootstrap/set_proxy.sls b/susemanager-utils/susemanager-sls/salt/bootstrap/set_proxy.sls index d2b81f052072..04771cc916fb 100644 --- a/susemanager-utils/susemanager-sls/salt/bootstrap/set_proxy.sls +++ b/susemanager-utils/susemanager-sls/salt/bootstrap/set_proxy.sls @@ -20,7 +20,7 @@ restart: mgrcompat.module_run: - name: cmd.run_bg - - cmd: "sleep 2; service {{ salt_service }} restart" + - cmd: "/usr/bin/sleep 2; /usr/sbin/service {{ salt_service }} restart" - python_shell: true {% else -%} diff --git a/susemanager-utils/susemanager-sls/salt/certs/init.sls b/susemanager-utils/susemanager-sls/salt/certs/init.sls index f51e02a4e53a..1e86d289a9ec 100644 --- a/susemanager-utils/susemanager-sls/salt/certs/init.sls +++ b/susemanager-utils/susemanager-sls/salt/certs/init.sls @@ -8,4 +8,4 @@ mgr_proxy_ca_cert_symlink: file.symlink: - name: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT - target: /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT - - onlyif: grep -Eq "^proxy.rhn_parent *= *[a-zA-Z0-9]+" /etc/rhn/rhn.conf && -e /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT + - onlyif: /usr/bin/grep -Eq "^proxy.rhn_parent *= *[a-zA-Z0-9]+" /etc/rhn/rhn.conf && -e /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT diff --git a/susemanager-utils/susemanager-sls/salt/certs/redhat.sls b/susemanager-utils/susemanager-sls/salt/certs/redhat.sls index 098fcbcfc64a..6f427f849816 100644 --- a/susemanager-utils/susemanager-sls/salt/certs/redhat.sls +++ b/susemanager-utils/susemanager-sls/salt/certs/redhat.sls @@ -3,7 +3,7 @@ enable_ca_store: cmd.run: - name: /usr/bin/update-ca-trust enable - runas: root - - unless: "/usr/bin/update-ca-trust check | grep \"PEM/JAVA Status: ENABLED\"" + - unless: "/usr/bin/update-ca-trust check | /usr/bin/grep \"PEM/JAVA Status: ENABLED\"" {%- endif %} mgr_ca_cert: diff --git a/susemanager-utils/susemanager-sls/salt/channels/init.sls b/susemanager-utils/susemanager-sls/salt/channels/init.sls index aee8fb4a4fed..1db77c8472cd 100644 --- a/susemanager-utils/susemanager-sls/salt/channels/init.sls +++ b/susemanager-utils/susemanager-sls/salt/channels/init.sls @@ -42,7 +42,7 @@ mgrchannels_enable_dnf_plugins: - pattern: plugins=.* - repl: plugins=1 {#- default is '1' when option is not specififed #} - - onlyif: grep -e 'plugins=0' -e 'plugins=False' -e 'plugins=no' /etc/dnf/dnf.conf + - onlyif: /usr/bin/grep -e 'plugins=0' -e 'plugins=False' -e 'plugins=no' /etc/dnf/dnf.conf {%- endif %} {# this break the susemanagerplugin as it overwrite HTTP headers (bsc#1214601) #} @@ -51,7 +51,7 @@ mgrchannels_disable_dnf_rhui_plugin: - name: /etc/yum/pluginconf.d/dnf_rhui_plugin.conf - pattern: enabled=.* - repl: enabled=0 - - onlyif: grep -e 'enabled=1' -e 'enabled=True' -e 'enabled=yes' /etc/yum/pluginconf.d/dnf_rhui_plugin.conf + - onlyif: /usr/bin/grep -e 'enabled=1' -e 'enabled=True' -e 'enabled=yes' /etc/yum/pluginconf.d/dnf_rhui_plugin.conf {%- endif %} @@ -79,7 +79,7 @@ mgrchannels_enable_yum_plugins: - name: /etc/yum.conf - pattern: plugins=.* - repl: plugins=1 - - onlyif: grep plugins=0 /etc/yum.conf + - onlyif: /usr/bin/grep plugins=0 /etc/yum.conf {%- endif %} {%- endif %} @@ -147,7 +147,7 @@ mgrchannels_dnf_clean_all: - runas: root - onchanges: - file: "/etc/yum.repos.d/susemanager:channels.repo" - - unless: "/usr/bin/dnf repolist | grep \"repolist: 0$\"" + - unless: "/usr/bin/dnf repolist | /usr/bin/grep \"repolist: 0$\"" {%- endif %} {%- if is_yum %} mgrchannels_yum_clean_all: @@ -156,7 +156,7 @@ mgrchannels_yum_clean_all: - runas: root - onchanges: - file: "/etc/yum.repos.d/susemanager:channels.repo" - - unless: "/usr/bin/yum repolist | grep \"repolist: 0$\"" + - unless: "/usr/bin/yum repolist | /usr/bin/grep \"repolist: 0$\"" {%- endif %} {%- elif grains['os_family'] == 'Debian' %} install_gnupg_debian: diff --git a/susemanager-utils/susemanager-sls/salt/cleanup_minion/init.sls b/susemanager-utils/susemanager-sls/salt/cleanup_minion/init.sls index 016b977ee53e..fc1a0b9ffc7d 100644 --- a/susemanager-utils/susemanager-sls/salt/cleanup_minion/init.sls +++ b/susemanager-utils/susemanager-sls/salt/cleanup_minion/init.sls @@ -60,7 +60,7 @@ mgr_remove_salt_master_key: {%- if salt['pillar.get']('contact_method') not in ['ssh-push', 'ssh-push-tunnel'] %} mgr_disable_salt: cmd.run: - - name: systemctl disable {{ salt_minion_name }} + - name: /usr/bin/systemctl disable {{ salt_minion_name }} - require: - file: mgr_remove_salt_config @@ -68,7 +68,7 @@ mgr_disable_salt: mgr_stop_salt: cmd.run: - bg: True - - name: sleep 9 && systemctl stop {{ salt_minion_name }} + - name: /usr/bin/sleep 9 && /usr/bin/systemctl stop {{ salt_minion_name }} - order: last - require: - file: mgr_remove_salt_config diff --git a/susemanager-utils/susemanager-sls/salt/cocoattest/requestdata.sls b/susemanager-utils/susemanager-sls/salt/cocoattest/requestdata.sls index f261ee7540ee..edfc9e8c40a4 100644 --- a/susemanager-utils/susemanager-sls/salt/cocoattest/requestdata.sls +++ b/susemanager-utils/susemanager-sls/salt/cocoattest/requestdata.sls @@ -18,28 +18,28 @@ mgr_inst_snpguest: mgr_write_request_data: cmd.run: - - name: echo "{{ salt['pillar.get']('attestation_data:nonce') }}" | base64 -d > /tmp/cocoattest/request-data.txt - - onlyif: test -x /usr/bin/base64 + - name: /usr/bin/echo "{{ salt['pillar.get']('attestation_data:nonce') }}" | /usr/bin/base64 -d > /tmp/cocoattest/request-data.txt + - onlyif: /usr/bin/test -x /usr/bin/base64 - require: - file: mgr_create_attestdir mgr_create_snpguest_report: cmd.run: - - name: snpguest report /tmp/cocoattest/report.bin /tmp/cocoattest/request-data.txt + - name: /usr/bin/snpguest report /tmp/cocoattest/report.bin /tmp/cocoattest/request-data.txt - require: - cmd: mgr_write_request_data - file: mgr_create_attestdir mgr_snpguest_report: cmd.run: - - name: cat /tmp/cocoattest/report.bin | base64 + - name: /usr/bin/cat /tmp/cocoattest/report.bin | /usr/bin/base64 - require: - cmd: mgr_create_snpguest_report - file: mgr_create_attestdir mgr_secureboot_enabled: cmd.run: - - name: mokutil --sb-state + - name: /usr/bin/mokutil --sb-state - success_retcodes: - 255 - 0 diff --git a/susemanager-utils/susemanager-sls/salt/hardware/profileupdate.sls b/susemanager-utils/susemanager-sls/salt/hardware/profileupdate.sls index f7638cf68aee..cab16f14d93a 100644 --- a/susemanager-utils/susemanager-sls/salt/hardware/profileupdate.sls +++ b/susemanager-utils/susemanager-sls/salt/hardware/profileupdate.sls @@ -154,7 +154,7 @@ dns_fqdns: - mgrcompat: sync_states {%- endif %} - onlyif: - which host || which nslookup + /usr/bin/which host || /usr/bin/which nslookup {% endif%} {% if 'network.fqdns' in salt %} fqdns: diff --git a/susemanager-utils/susemanager-sls/salt/images/kiwi-image-build.sls b/susemanager-utils/susemanager-sls/salt/images/kiwi-image-build.sls index c2320b4437ca..765d3c235c12 100644 --- a/susemanager-utils/susemanager-sls/salt/images/kiwi-image-build.sls +++ b/susemanager-utils/susemanager-sls/salt/images/kiwi-image-build.sls @@ -42,7 +42,7 @@ mgr_buildimage_prepare_activation_key_in_source: {%- if use_kiwi_ng %} # KIWI NG # -{%- set kiwi = 'kiwi-ng' %} +{%- set kiwi = '/usr/bin/kiwi-ng' %} {%- set kiwi_options = pillar.get('kiwi_options', '') %} {%- set bootstrap_packages = ['findutils', 'rhn-org-trusted-ssl-cert-osimage'] %} @@ -91,7 +91,7 @@ mgr_buildimage_kiwi_bundle: # i586 build on x86_64 host must be called with linux32 # let's consider the build i586 if there is no x86_64 repo specified -{%- set kiwi = 'linux32 kiwi' if (pillar.get('kiwi_repositories')|join(' ')).find('x86_64') == -1 and grains.get('osarch') == 'x86_64' else 'kiwi' %} +{%- set kiwi = '/usr/bin/linux32 /usr/bin/kiwi' if (pillar.get('kiwi_repositories')|join(' ')).find('x86_64') == -1 and grains.get('osarch') == 'x86_64' else '/usr/bin/kiwi' %} # in SLES11 Kiwi the --add-repotype is required {%- macro kiwi_params() -%} diff --git a/susemanager-utils/susemanager-sls/salt/images/kiwi-image-inspect.sls b/susemanager-utils/susemanager-sls/salt/images/kiwi-image-inspect.sls index 5bb3d07d97f7..4734a3abe5a8 100644 --- a/susemanager-utils/susemanager-sls/salt/images/kiwi-image-inspect.sls +++ b/susemanager-utils/susemanager-sls/salt/images/kiwi-image-inspect.sls @@ -20,6 +20,6 @@ mgr_inspect_kiwi_image: mgr_kiwi_cleanup: cmd.run: - - name: "rm -rf '{{ root_dir }}'" + - name: "/usr/bin/rm -rf '{{ root_dir }}'" - require: - mgrcompat: mgr_inspect_kiwi_image diff --git a/susemanager-utils/susemanager-sls/salt/images/profileupdate.sls b/susemanager-utils/susemanager-sls/salt/images/profileupdate.sls index 72fedb2e6a52..3a73136dd10a 100644 --- a/susemanager-utils/susemanager-sls/salt/images/profileupdate.sls +++ b/susemanager-utils/susemanager-sls/salt/images/profileupdate.sls @@ -32,7 +32,7 @@ mgr_container_remove: - args: [ "{{ container_name }}" ] - force: False - onlyif: - - docker ps -a | grep "{{ container_name }}" >/dev/null + - /usr/bin/docker ps -a | /usr/bin/grep "{{ container_name }}" >/dev/null mgr_image_remove: mgrcompat.module_run: @@ -85,7 +85,7 @@ mgr_container_remove: - args: [ "{{ container_name }}" ] - force: False - onlyif: - - docker ps -a | grep "{{ container_name }}" >/dev/null + - /usr/bin/docker ps -a | /usr/bin/grep "{{ container_name }}" >/dev/null mgr_image_remove: mgrcompat.module_run: diff --git a/susemanager-utils/susemanager-sls/salt/packages/profileupdate.sls b/susemanager-utils/susemanager-sls/salt/packages/profileupdate.sls index e65b1e37f6de..a8a6e4c50f49 100644 --- a/susemanager-utils/susemanager-sls/salt/packages/profileupdate.sls +++ b/susemanager-utils/susemanager-sls/salt/packages/profileupdate.sls @@ -24,8 +24,8 @@ modules: {% elif grains['os_family'] == 'Debian' %} debianrelease: cmd.run: - - name: cat /etc/os-release - - onlyif: test -f /etc/os-release + - name: /usr/bin/cat /etc/os-release + - onlyif: /usr/bin/test -f /etc/os-release {% endif %} include: diff --git a/susemanager-utils/susemanager-sls/salt/packages/redhatproductinfo.sls b/susemanager-utils/susemanager-sls/salt/packages/redhatproductinfo.sls index ab407823c4ac..2c9f6404164f 100644 --- a/susemanager-utils/susemanager-sls/salt/packages/redhatproductinfo.sls +++ b/susemanager-utils/susemanager-sls/salt/packages/redhatproductinfo.sls @@ -1,38 +1,38 @@ {% if grains['os_family'] == 'RedHat' %} rhelrelease: cmd.run: - - name: cat /etc/redhat-release - - onlyif: test -f /etc/redhat-release -a ! -L /etc/redhat-release + - name: /usr/bin/cat /etc/redhat-release + - onlyif: /usr/bin/test -f /etc/redhat-release -a ! -L /etc/redhat-release alibabarelease: cmd.run: - - name: cat /etc/alinux-release - - onlyif: test -f /etc/alinux-release + - name: /usr/bin/cat /etc/alinux-release + - onlyif: /usr/bin/test -f /etc/alinux-release centosrelease: cmd.run: - - name: cat /etc/centos-release - - onlyif: test -f /etc/centos-release + - name: /usr/bin/cat /etc/centos-release + - onlyif: /usr/bin/test -f /etc/centos-release oraclerelease: cmd.run: - - name: cat /etc/oracle-release - - onlyif: test -f /etc/oracle-release + - name: /usr/bin/cat /etc/oracle-release + - onlyif: /usr/bin/test -f /etc/oracle-release amazonrelease: cmd.run: - - name: cat /etc/system-release - - onlyif: test -f /etc/system-release && grep -qi Amazon /etc/system-release + - name: /usr/bin/cat /etc/system-release + - onlyif: /usr/bin/test -f /etc/system-release && /usr/bin/grep -qi Amazon /etc/system-release almarelease: cmd.run: - - name: cat /etc/almalinux-release - - onlyif: test -f /etc/almalinux-release + - name: /usr/bin/cat /etc/almalinux-release + - onlyif: /usr/bin/test -f /etc/almalinux-release rockyrelease: cmd.run: - - name: cat /etc/rocky-release - - onlyif: test -f /etc/rocky-release + - name: /usr/bin/cat /etc/rocky-release + - onlyif: /usr/bin/test -f /etc/rocky-release respkgquery: cmd.run: - - name: rpm -q --whatprovides 'sles_es-release-server' - - onlyif: rpm -q --whatprovides 'sles_es-release-server' + - name: /usr/bin/rpm -q --whatprovides 'sles_es-release-server' + - onlyif: /usr/bin/rpm -q --whatprovides 'sles_es-release-server' sllpkgquery: cmd.run: - - name: rpm -q --whatprovides 'sll-release' - - onlyif: rpm -q --whatprovides 'sll-release' + - name: /usr/bin/rpm -q --whatprovides 'sll-release' + - onlyif: /usr/bin/rpm -q --whatprovides 'sll-release' {% endif %} diff --git a/susemanager-utils/susemanager-sls/salt/reboot.sls b/susemanager-utils/susemanager-sls/salt/reboot.sls index 269f68616b3d..70861535d529 100644 --- a/susemanager-utils/susemanager-sls/salt/reboot.sls +++ b/susemanager-utils/susemanager-sls/salt/reboot.sls @@ -1,3 +1,3 @@ mgr_reboot: cmd.run: - - name: shutdown -r +5 + - name: /usr/sbin/shutdown -r +5 diff --git a/susemanager-utils/susemanager-sls/salt/rebootifneeded.sls b/susemanager-utils/susemanager-sls/salt/rebootifneeded.sls index dca67c7b399d..05f3adae45e4 100644 --- a/susemanager-utils/susemanager-sls/salt/rebootifneeded.sls +++ b/susemanager-utils/susemanager-sls/salt/rebootifneeded.sls @@ -1,18 +1,18 @@ {%- if salt['pillar.get']('mgr_reboot_if_needed', True) and salt['pillar.get']('custom_info:mgr_reboot_if_needed', 'true')|lower in ('true', '1', 'yes', 't') %} mgr_reboot_if_needed: cmd.run: - - name: shutdown -r +5 + - name: /usr/sbin/shutdown -r +5 {%- if grains['os_family'] == 'RedHat' and grains['osmajorrelease'] >= 8 %} - - onlyif: 'dnf -q needs-restarting -r; [ $? -eq 1 ]' + - onlyif: '/usr/bin/dnf -q needs-restarting -r; /usr/bin/test $? -eq 1' {%- elif grains['os_family'] == 'RedHat' and grains['osmajorrelease'] >= 7 %} - - onlyif: 'needs-restarting -r; [ $? -eq 1 ]' + - onlyif: '/usr/bin/needs-restarting -r; /usr/bin/test $? -eq 1' {%- elif grains['os_family'] == 'Debian' %} - onlyif: - - test -e /var/run/reboot-required + - /usr/bin/test -e /var/run/reboot-required {%- elif grains['os_family'] == 'Suse' and grains['osmajorrelease'] <= 12 %} - onlyif: - - test -e /boot/do_purge_kernels + - /usr/bin/test -e /boot/do_purge_kernels {%- else %} - - onlyif: 'zypper ps -s; [ $? -eq 102 ] || [ {{ patch_need_reboot }} -eq 0 ]' + - onlyif: '/usr/bin/zypper ps -s; /usr/bin/test $? -eq 102 || /usr/bin/test {{ patch_need_reboot }} -eq 0 ' {%- endif %} {%- endif %} diff --git a/susemanager-utils/susemanager-sls/salt/services/salt-minion.sls b/susemanager-utils/susemanager-sls/salt/services/salt-minion.sls index bfb117b5444b..aeefeae8210b 100644 --- a/susemanager-utils/susemanager-sls/salt/services/salt-minion.sls +++ b/susemanager-utils/susemanager-sls/salt/services/salt-minion.sls @@ -28,7 +28,7 @@ mgr_salt_minion_inst: rm_old_venv_python_env: cmd.run: - name: /usr/lib/venv-salt-minion/bin/post_start_cleanup.sh - - onlyif: test -f /usr/lib/venv-salt-minion/bin/post_start_cleanup.sh + - onlyif: /usr/bin/test -f /usr/lib/venv-salt-minion/bin/post_start_cleanup.sh {%- endif %} mgr_salt_minion_run: diff --git a/susemanager-utils/susemanager-sls/salt/srvmonitoring/disable.sls b/susemanager-utils/susemanager-sls/salt/srvmonitoring/disable.sls index 67a8cb37cf25..cbcf5ded70be 100644 --- a/susemanager-utils/susemanager-sls/salt/srvmonitoring/disable.sls +++ b/susemanager-utils/susemanager-sls/salt/srvmonitoring/disable.sls @@ -28,8 +28,8 @@ jmx_taskomatic_config: mgr_enable_prometheus_self_monitoring: cmd.run: - - name: grep -q '^prometheus_monitoring_enabled.*=.*' /etc/rhn/rhn.conf && sed -i 's/^prometheus_monitoring_enabled.*/prometheus_monitoring_enabled = 0/' /etc/rhn/rhn.conf || echo 'prometheus_monitoring_enabled = 0' >> /etc/rhn/rhn.conf + - name: /usr/bin/grep -q '^prometheus_monitoring_enabled.*=.*' /etc/rhn/rhn.conf && /usr/bin/sed -i 's/^prometheus_monitoring_enabled.*/prometheus_monitoring_enabled = 0/' /etc/rhn/rhn.conf || /usr/bin/echo 'prometheus_monitoring_enabled = 0' >> /etc/rhn/rhn.conf mgr_is_prometheus_self_monitoring_disabled: cmd.run: - - name: grep -qF 'prometheus_monitoring_enabled = 0' /etc/rhn/rhn.conf + - name: /usr/bin/grep -qF 'prometheus_monitoring_enabled = 0' /etc/rhn/rhn.conf diff --git a/susemanager-utils/susemanager-sls/salt/srvmonitoring/enable.sls b/susemanager-utils/susemanager-sls/salt/srvmonitoring/enable.sls index f6e5fbb1350d..2c9579edc687 100644 --- a/susemanager-utils/susemanager-sls/salt/srvmonitoring/enable.sls +++ b/susemanager-utils/susemanager-sls/salt/srvmonitoring/enable.sls @@ -139,8 +139,8 @@ jmx_exporter_taskomatic_service_cleanup: mgr_enable_prometheus_self_monitoring: cmd.run: - - name: grep -q '^prometheus_monitoring_enabled.*=.*' /etc/rhn/rhn.conf && sed -i 's/^prometheus_monitoring_enabled.*/prometheus_monitoring_enabled = 1/' /etc/rhn/rhn.conf || echo 'prometheus_monitoring_enabled = 1' >> /etc/rhn/rhn.conf + - name: /usr/bin/grep -q '^prometheus_monitoring_enabled.*=.*' /etc/rhn/rhn.conf && /usr/bin/sed -i 's/^prometheus_monitoring_enabled.*/prometheus_monitoring_enabled = 1/' /etc/rhn/rhn.conf || /usr/bin/echo 'prometheus_monitoring_enabled = 1' >> /etc/rhn/rhn.conf mgr_is_prometheus_self_monitoring_enabled: cmd.run: - - name: grep -qF 'prometheus_monitoring_enabled = 1' /etc/rhn/rhn.conf + - name: /usr/bin/grep -qF 'prometheus_monitoring_enabled = 1' /etc/rhn/rhn.conf diff --git a/susemanager-utils/susemanager-sls/salt/srvmonitoring/removejmxprops.sls b/susemanager-utils/susemanager-sls/salt/srvmonitoring/removejmxprops.sls index 6948281ada28..f98efc24cf7c 100644 --- a/susemanager-utils/susemanager-sls/salt/srvmonitoring/removejmxprops.sls +++ b/susemanager-utils/susemanager-sls/salt/srvmonitoring/removejmxprops.sls @@ -1,24 +1,24 @@ remove_{{remove_jmx_props.service}}_jmx_host: cmd.run: - - name: sed -ri 's/JAVA_OPTS="(.*)-Dcom\.sun\.management\.jmxremote\.host=\S*(.*)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}} - - onlyif: grep -F -- '-Dcom.sun.management.jmxremote.host=' {{remove_jmx_props.file}} + - name: /usr/bin/sed -ri 's/JAVA_OPTS="(.*)-Dcom\.sun\.management\.jmxremote\.host=\S*(.*)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}} + - onlyif: /usr/bin/grep -F -- '-Dcom.sun.management.jmxremote.host=' {{remove_jmx_props.file}} remove_{{remove_jmx_props.service}}_jmx_port: cmd.run: - - name: sed -ri 's/JAVA_OPTS="(.*)-Dcom\.sun\.management\.jmxremote\.port=[0-9]*(.*)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}} - - onlyif: grep -E -- '-Dcom\.sun\.management\.jmxremote\.port=[0-9]+' {{remove_jmx_props.file}} + - name: /usr/bin/sed -ri 's/JAVA_OPTS="(.*)-Dcom\.sun\.management\.jmxremote\.port=[0-9]*(.*)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}} + - onlyif: /usr/bin/grep -E -- '-Dcom\.sun\.management\.jmxremote\.port=[0-9]+' {{remove_jmx_props.file}} remove_{{remove_jmx_props.service}}_jmx_ssl: cmd.run: - - name: sed -i 's/JAVA_OPTS="\(.*\)-Dcom\.sun\.management\.jmxremote\.ssl=false\(.*\)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}} - - onlyif: grep -F -- '-Dcom.sun.management.jmxremote.ssl=false' {{remove_jmx_props.file}} + - name: /usr/bin/sed -i 's/JAVA_OPTS="\(.*\)-Dcom\.sun\.management\.jmxremote\.ssl=false\(.*\)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}} + - onlyif: /usr/bin/grep -F -- '-Dcom.sun.management.jmxremote.ssl=false' {{remove_jmx_props.file}} remove_{{remove_jmx_props.service}}_jmx_auth: cmd.run: - - name: sed -i 's/JAVA_OPTS="\(.*\)-Dcom\.sun\.management\.jmxremote\.authenticate=false\(.*\)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}} - - onlyif: grep -F -- '-Dcom.sun.management.jmxremote.authenticate=false' {{remove_jmx_props.file}} + - name: /usr/bin/sed -i 's/JAVA_OPTS="\(.*\)-Dcom\.sun\.management\.jmxremote\.authenticate=false\(.*\)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}} + - onlyif: /usr/bin/grep -F -- '-Dcom.sun.management.jmxremote.authenticate=false' {{remove_jmx_props.file}} remove_{{remove_jmx_props.service}}_jmx_hostname: cmd.run: - - name: sed -ri 's/JAVA_OPTS="(.*)-Djava\.rmi\.server\.hostname=\S*(.*)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}} - - onlyif: grep -F -- '-Djava.rmi.server.hostname=' {{remove_jmx_props.file}} + - name: /usr/bin/sed -ri 's/JAVA_OPTS="(.*)-Djava\.rmi\.server\.hostname=\S*(.*)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}} + - onlyif: /usr/bin/grep -F -- '-Djava.rmi.server.hostname=' {{remove_jmx_props.file}} diff --git a/susemanager-utils/susemanager-sls/salt/srvmonitoring/status.sls b/susemanager-utils/susemanager-sls/salt/srvmonitoring/status.sls index 5362dfcbbef5..00a1acb80d6f 100644 --- a/susemanager-utils/susemanager-sls/salt/srvmonitoring/status.sls +++ b/susemanager-utils/susemanager-sls/salt/srvmonitoring/status.sls @@ -22,7 +22,7 @@ jmx_taskomatic_java_config: mgr_is_prometheus_self_monitoring_enabled: cmd.run: - - name: grep -q -E 'prometheus_monitoring_enabled\s*=\s*(1|y|true|yes|on)\s*$' /etc/rhn/rhn.conf + - name: /usr/bin/grep -q -E 'prometheus_monitoring_enabled\s*=\s*(1|y|true|yes|on)\s*$' /etc/rhn/rhn.conf include: - util.syncstates diff --git a/susemanager-utils/susemanager-sls/salt/ssh_bootstrap/init.sls b/susemanager-utils/susemanager-sls/salt/ssh_bootstrap/init.sls index 6112cce7a6dd..873c09ef0f8a 100644 --- a/susemanager-utils/susemanager-sls/salt/ssh_bootstrap/init.sls +++ b/susemanager-utils/susemanager-sls/salt/ssh_bootstrap/init.sls @@ -37,7 +37,7 @@ proxy_ssh_identity: generate_own_ssh_key: cmd.run: - - name: ssh-keygen -N '' -C 'susemanager-own-ssh-push' -f {{ home }}/.ssh/mgr_own_id -t rsa -q + - name: /usr/bin/ssh-keygen -N '' -C 'susemanager-own-ssh-push' -f {{ home }}/.ssh/mgr_own_id -t rsa -q - creates: {{ home }}/.ssh/mgr_own_id.pub ownership_own_ssh_key: diff --git a/susemanager-utils/susemanager-sls/salt/uptodate.sls b/susemanager-utils/susemanager-sls/salt/uptodate.sls index e4a4b19dbe3f..58392554a89b 100644 --- a/susemanager-utils/susemanager-sls/salt/uptodate.sls +++ b/susemanager-utils/susemanager-sls/salt/uptodate.sls @@ -4,17 +4,17 @@ include: {%- if grains['os_family'] == 'Suse' %} mgr_keep_system_up2date_updatestack: cmd.run: - - name: zypper --non-interactive patch --updatestack-only + - name: /usr/bin/zypper --non-interactive patch --updatestack-only - success_retcodes: - 104 - 103 - 106 - 0 - - onlyif: 'zypper patch-check --updatestack-only; r=$?; test $r -eq 100 || test $r -eq 101' + - onlyif: '/usr/bin/zypper patch-check --updatestack-only; r=$?; /usr/bin/test $r -eq 100 || /usr/bin/test $r -eq 101' - require: - sls: channels -{% set patch_need_reboot = salt['cmd.retcode']('zypper -x list-patches | grep \'restart="true"\' > /dev/null', python_shell=True) %} +{% set patch_need_reboot = salt['cmd.retcode']('/usr/bin/zypper -x list-patches | /usr/bin/grep \'restart="true"\' > /dev/null', python_shell=True) %} {% else %} diff --git a/susemanager-utils/susemanager-sls/salt/util/mgr_disable_fqdns_grain.sls b/susemanager-utils/susemanager-sls/salt/util/mgr_disable_fqdns_grain.sls index b2b17e65c9d8..6d93f3f36ba8 100644 --- a/susemanager-utils/susemanager-sls/salt/util/mgr_disable_fqdns_grain.sls +++ b/susemanager-utils/susemanager-sls/salt/util/mgr_disable_fqdns_grain.sls @@ -9,7 +9,7 @@ mgr_disable_fqdns_grains: file.append: - name: {{ susemanager_minion_config }} - text: "enable_fqdns_grains: False" - - unless: grep 'enable_fqdns_grains:' {{ susemanager_minion_config }} + - unless: /usr/bin/grep 'enable_fqdns_grains:' {{ susemanager_minion_config }} mgr_salt_minion: service.running: diff --git a/susemanager-utils/susemanager-sls/salt/util/mgr_mine_config_clean_up.sls b/susemanager-utils/susemanager-sls/salt/util/mgr_mine_config_clean_up.sls index 121f83174e46..9e92aa7134b8 100644 --- a/susemanager-utils/susemanager-sls/salt/util/mgr_mine_config_clean_up.sls +++ b/susemanager-utils/susemanager-sls/salt/util/mgr_mine_config_clean_up.sls @@ -10,7 +10,7 @@ mgr_disable_mine: file.managed: - name: {{ susemanager_minion_config }} - contents: "mine_enabled: False" - - unless: grep 'mine_enabled:' {{ susemanager_minion_config }} + - unless: /usr/bin/grep 'mine_enabled:' {{ susemanager_minion_config }} mgr_salt_minion: service.running: diff --git a/susemanager-utils/susemanager-sls/salt/util/mgr_rotate_saltssh_key.sls b/susemanager-utils/susemanager-sls/salt/util/mgr_rotate_saltssh_key.sls index da4ca57b68a9..c8bf9bcc9f17 100644 --- a/susemanager-utils/susemanager-sls/salt/util/mgr_rotate_saltssh_key.sls +++ b/susemanager-utils/susemanager-sls/salt/util/mgr_rotate_saltssh_key.sls @@ -12,7 +12,7 @@ proxy_new_mgr_ssh_identity: ssh_auth.present: - user: mgrsshtunnel - source: salt://salt_ssh/new_mgr_ssh_id.pub - - onlyif: grep -q mgrsshtunnel /etc/passwd + - onlyif: /usr/bin/grep -q mgrsshtunnel /etc/passwd {% endif %} {% if salt['cp.list_master'](prefix='salt_ssh/disabled_mgr_ssh_id.pub') %} @@ -33,12 +33,12 @@ proxy_old_mgr_ssh_identity: ssh_auth.absent: - user: mgrsshtunnel - source: salt://salt_ssh/disabled_mgr_ssh_id.pub - - onlyif: grep -q mgrsshtunnel /etc/passwd + - onlyif: /usr/bin/grep -q mgrsshtunnel /etc/passwd # to prevent to lock out yourself proxy_current_mgr_ssh_identity: ssh_auth.present: - user: mgrsshtunnel - source: salt://salt_ssh/mgr_ssh_id.pub - - onlyif: grep -q mgrsshtunnel /etc/passwd + - onlyif: /usr/bin/grep -q mgrsshtunnel /etc/passwd {% endif %} diff --git a/susemanager-utils/susemanager-sls/salt/util/mgr_start_event_grains.sls b/susemanager-utils/susemanager-sls/salt/util/mgr_start_event_grains.sls index 0314fc82b28a..2d1faba4e22c 100644 --- a/susemanager-utils/susemanager-sls/salt/util/mgr_start_event_grains.sls +++ b/susemanager-utils/susemanager-sls/salt/util/mgr_start_event_grains.sls @@ -8,4 +8,4 @@ mgr_start_event_grains: - name: {{ susemanager_minion_config }} - text: | start_event_grains: [machine_id, saltboot_initrd, susemanager] - - unless: grep 'start_event_grains:' {{ susemanager_minion_config }} + - unless: /usr/bin/grep 'start_event_grains:' {{ susemanager_minion_config }} diff --git a/susemanager-utils/susemanager-sls/salt/util/mgr_switch_to_venv_minion.sls b/susemanager-utils/susemanager-sls/salt/util/mgr_switch_to_venv_minion.sls index b241bed1671f..5c889a0a8962 100644 --- a/susemanager-utils/susemanager-sls/salt/util/mgr_switch_to_venv_minion.sls +++ b/susemanager-utils/susemanager-sls/salt/util/mgr_switch_to_venv_minion.sls @@ -27,11 +27,11 @@ mgr_copy_salt_minion_id: - require: - pkg: mgr_venv_salt_minion_pkg - onlyif: - - test -f /etc/salt/minion_id + - /usr/bin/test -f /etc/salt/minion_id mgr_copy_salt_minion_configs: cmd.run: - - name: cp -r /etc/salt/minion.d /etc/venv-salt-minion/ + - name: /usr/bin/cp -r /etc/salt/minion.d /etc/venv-salt-minion/ - require: - pkg: mgr_venv_salt_minion_pkg - onlyif: @@ -44,17 +44,17 @@ mgr_copy_salt_minion_grains: - require: - pkg: mgr_venv_salt_minion_pkg - onlyif: - - test -f /etc/salt/grains + - /usr/bin/test -f /etc/salt/grains mgr_copy_salt_minion_keys: cmd.run: - - name: cp -r /etc/salt/pki/minion/minion* /etc/venv-salt-minion/pki/minion/ + - name: /usr/bin/cp -r /etc/salt/pki/minion/minion* /etc/venv-salt-minion/pki/minion/ - require: - cmd: mgr_copy_salt_minion_configs - onlyif: - - test -f /etc/salt/pki/minion/minion_master.pub + - /usr/bin/test -f /etc/salt/pki/minion/minion_master.pub - unless: - - test -f /etc/venv-salt-minion/pki/minion/minion_master.pub + - /usr/bin/test -f /etc/venv-salt-minion/pki/minion/minion_master.pub mgr_enable_venv_salt_minion: service.running: @@ -87,9 +87,9 @@ mgr_purge_non_venv_salt_packages: {%- if salt['pillar.get']('mgr_purge_non_venv_salt_files') %} mgr_purge_non_venv_salt_pki_dir: cmd.run: - - name: rm -rf /etc/salt/minion* /etc/salt/pki/minion + - name: /usr/bin/rm -rf /etc/salt/minion* /etc/salt/pki/minion - onlyif: - - test -d /etc/salt/pki/minion + - /usr/bin/test -d /etc/salt/pki/minion - require: - service: mgr_disable_salt_minion @@ -97,7 +97,7 @@ mgr_purge_non_venv_salt_conf_dir: file.absent: - name: /etc/salt - unless: - - find /etc/salt -type f -print -quit | grep -q . + - /usr/bin/find /etc/salt -type f -print -quit | /usr/bin/grep -q . - require: - cmd: mgr_purge_non_venv_salt_pki_dir {%- endif %} diff --git a/susemanager-utils/susemanager-sls/salt/virt/create-vm.sls b/susemanager-utils/susemanager-sls/salt/virt/create-vm.sls index 24aa02523e6d..b365a2c83ba9 100644 --- a/susemanager-utils/susemanager-sls/salt/virt/create-vm.sls +++ b/susemanager-utils/susemanager-sls/salt/virt/create-vm.sls @@ -139,7 +139,7 @@ domain_define: {{ pillar['cluster_definitions'] }}/{{ pillar['name'] }}.xml: mgrutils.cmd_dump: - - cmd: 'virsh dumpxml --inactive {{ pillar['name'] }}' + - cmd: '/usr/bin/virsh dumpxml --inactive {{ pillar['name'] }}' - require: - virt: {{ "domain_define" if cdrom_boot or ks_boot else "domain_first_boot_define" }} @@ -156,7 +156,7 @@ domain_define: define_primitive: cmd.run: - - name: 'crm configure load update /tmp/{{ pillar['name'] }}-primitive.conf' + - name: '/usr/sbin/crm configure load update /tmp/{{ pillar['name'] }}-primitive.conf' - require: - file: /tmp/{{ pillar['name'] }}-primitive.conf diff --git a/susemanager-utils/susemanager-sls/susemanager-sls.changes.mackdk.avoid-executing-commands-from-PATH b/susemanager-utils/susemanager-sls/susemanager-sls.changes.mackdk.avoid-executing-commands-from-PATH new file mode 100644 index 000000000000..6d01454e939f --- /dev/null +++ b/susemanager-utils/susemanager-sls/susemanager-sls.changes.mackdk.avoid-executing-commands-from-PATH @@ -0,0 +1 @@ +- Use absolute paths when invoking external commands From 55f71b025555d9cb6d7aebf545243602c74a7557 Mon Sep 17 00:00:00 2001 From: Thomas Florio Date: Thu, 27 Jun 2024 17:24:52 +0200 Subject: [PATCH 4/4] More usage of absolute paths in salt scripts --- .../susemanager-sls/salt/bootloader/autoinstall.sls | 6 +++--- susemanager-utils/susemanager-sls/salt/bootstrap/init.sls | 4 ++-- susemanager-utils/susemanager-sls/salt/channels/init.sls | 2 +- .../susemanager-sls/salt/images/kiwi-image-build.sls | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/susemanager-utils/susemanager-sls/salt/bootloader/autoinstall.sls b/susemanager-utils/susemanager-sls/salt/bootloader/autoinstall.sls index 57c68223ad20..63208933fc9b 100644 --- a/susemanager-utils/susemanager-sls/salt/bootloader/autoinstall.sls +++ b/susemanager-utils/susemanager-sls/salt/bootloader/autoinstall.sls @@ -11,8 +11,8 @@ mgr_copy_initrd: {% set loader_type = salt['cmd.run']('if [ -f /etc/sysconfig/bootloader ]; then source /etc/sysconfig/bootloader 2> /dev/null; fi; if [ -z "${LOADER_TYPE}" ]; then -if [ $(which grubonce 2> /dev/null) ] && [ !$(which grub2-mkconfig 2> /dev/null) ]; then LOADER_TYPE="grub"; -elif [ $(which elilo 2> /dev/null) ] && [ !$(which grub2-mkconfig 2> /dev/null) ]; then LOADER_TYPE="elilo"; +if [ $(/usr/bin/which grubonce 2> /dev/null) ] && [ !$(/usr/bin/which grub2-mkconfig 2> /dev/null) ]; then LOADER_TYPE="grub"; +elif [ $(/usr/bin/which elilo 2> /dev/null) ] && [ !$(/usr/bin/which grub2-mkconfig 2> /dev/null) ]; then LOADER_TYPE="elilo"; fi; fi; echo "${LOADER_TYPE}"', python_shell=True) %} {% if loader_type == 'grub' %} @@ -27,7 +27,7 @@ mgr_create_grub_entry: mgr_grub_boot_once: cmd.run: - - name: grubonce "{{ pillar.get('uyuni-reinstall-name') }}" + - name: /usr/sbin/grubonce "{{ pillar.get('uyuni-reinstall-name') }}" - onchanges: - file: mgr_create_grub_entry {% elif loader_type == 'elilo' %} diff --git a/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls b/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls index 022b490823fc..6c0298d9851a 100644 --- a/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls +++ b/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls @@ -192,10 +192,10 @@ salt-minion-package: {# hack until transactional_update.run is fixed to use venv-salt-call #} {# Writing to the future - find latest etc overlay which was created for package installation and use that as etc root #} {# this only works here in bootstrap when we are not running in transaction #} -{%- set pending_transaction_id = salt['cmd.run']('snapper --no-dbus list --columns=number | grep "+" | tr -d "+"', python_shell=True) %} +{%- set pending_transaction_id = salt['cmd.run']('/usr/bin/snapper --no-dbus list --columns=number | /usr/bin/grep "+" | tr -d "+"', python_shell=True) %} {%- if not pending_transaction_id %} {# if we did not get pending transaction id, write to current upperdir #} -{%- set pending_transaction_id = salt['cmd.run']('snapper --no-dbus list --columns number | grep "*" | tr -d "*"', python_shell=True) %} +{%- set pending_transaction_id = salt['cmd.run']('/usr/bin/snapper --no-dbus list --columns number | /usr/bin/grep "*" | tr -d "*"', python_shell=True) %} {%- endif %} {# increase transaction id by 1 since jinja is doing this before new transaction for package install is created #} {# this is working under assumption there will be only one transaction between jinja render and actual package installation #} diff --git a/susemanager-utils/susemanager-sls/salt/channels/init.sls b/susemanager-utils/susemanager-sls/salt/channels/init.sls index 1db77c8472cd..b6aac50eba1b 100644 --- a/susemanager-utils/susemanager-sls/salt/channels/init.sls +++ b/susemanager-utils/susemanager-sls/salt/channels/init.sls @@ -16,7 +16,7 @@ include: {%- set is_dnf = salt['pkg.version']("dnf") %} {%- if is_dnf %} -{%- set dnf_plugins = salt['cmd.run']("find /usr/lib -type d -name dnf-plugins -printf '%T@ %p\n' | sort -nr | cut -d ' ' -s -f 2- | head -n 1", python_shell=True) %} +{%- set dnf_plugins = salt['cmd.run']("/usr/bin/find /usr/lib -type d -name dnf-plugins -printf '%T@ %p\n' | /usr/bin/sort -nr | /usr/bin/cut -d ' ' -s -f 2- | /usr/bin/head -n 1", python_shell=True) %} {%- if dnf_plugins %} mgrchannels_susemanagerplugin_dnf: file.managed: diff --git a/susemanager-utils/susemanager-sls/salt/images/kiwi-image-build.sls b/susemanager-utils/susemanager-sls/salt/images/kiwi-image-build.sls index 765d3c235c12..e930928a0cf2 100644 --- a/susemanager-utils/susemanager-sls/salt/images/kiwi-image-build.sls +++ b/susemanager-utils/susemanager-sls/salt/images/kiwi-image-build.sls @@ -86,7 +86,7 @@ mgr_buildimage_kiwi_bundle: # KIWI Legacy # -{%- set kiwi_help = salt['cmd.run']('kiwi --help') %} +{%- set kiwi_help = salt['cmd.run']('/usr/bin/kiwi --help') %} {%- set have_bundle_build = kiwi_help.find('--bundle-build') > 0 %} # i586 build on x86_64 host must be called with linux32 @@ -141,13 +141,13 @@ mgr_buildimage_kiwi_bundle_dir: mgr_buildimage_kiwi_bundle_tarball: cmd.run: - - name: "cd '{{ dest_dir }}' && tar czf '{{ bundle_dir }}'`basename *.packages .packages`-{{ bundle_id }}.tgz --no-recursion `find . -maxdepth 1 -type f`" + - name: "cd '{{ dest_dir }}' && /usr/bin/tar czf '{{ bundle_dir }}'`basename *.packages .packages`-{{ bundle_id }}.tgz --no-recursion `/usr/bin/find . -maxdepth 1 -type f`" - require: - file: mgr_buildimage_kiwi_bundle_dir mgr_buildimage_kiwi_bundle: cmd.run: - - name: "cd '{{ bundle_dir }}' && sha256sum *.tgz > `echo *.tgz`.sha256" + - name: "cd '{{ bundle_dir }}' && /usr/bin/sha256sum *.tgz > `/usr/bin/echo *.tgz`.sha256" - require: - cmd: mgr_buildimage_kiwi_bundle_tarball