def _get_rhsm_cert_on_centos_7():
"""There's a RHSM-related bug on CentOS 7: https://bugs.centos.org/view.php?id=14785
- The subscription-manager-rhsm-certificates is missing the necessary /etc/rhsm/ca/redhat-uep.pem.
- This cert is still available in the python-rhsm-certificates package which is not possible to install
(because it is obsoleted by the subscription-manager-rhsm-certificates).
The workaround is to download the python-rhsm-certificates and extract the certificate from it.
"""
loggerinst = logging.getLogger(__name__)
cert_pkg_path = utils.download_pkg(pkg="python-rhsm-certificates",
dest=_RHSM_TMP_DIR,
reposdir=_RHSM_TMP_DIR)
exit_on_failed_download([cert_pkg_path])
output, ret_code = utils.run_subprocess("rpm2cpio %s" % cert_pkg_path,
print_output=False)
if ret_code != 0:
loggerinst.critical(
"Failed to extract cpio archive from the %s package." %
cert_pkg_path)
cpio_filepath = cert_pkg_path + ".cpio"
utils.store_content_to_file(filename=cpio_filepath, content=output)
cert_path = "/etc/rhsm/ca/redhat-uep.pem"
utils.mkdir_p("/etc/rhsm/ca/")
output, ret_code = utils.run_subprocess(
"cpio --quiet -F %s -iv --to-stdout .%s" % (cpio_filepath, cert_path),
print_output=False)
# cpio return code 0 even if the requested file is not in the archive - but then the output is 0 chars
if ret_code != 0 or not output:
loggerinst.critical(
"Failed to extract the %s certificate from the %s archive." %
(cert_path, cpio_filepath))
utils.store_content_to_file(cert_path, output)
def perform_java_openjdk_workaround():
"""Resolve a yum transaction failure on CentOS/OL 6 related to the java-1.7.0-openjdk package.
The java-1.7.0-openjdk package expects that the /var/lib/rpm-state/ directory is present. Yet, it may be missing.
This directory is supposed to be created by the copy-jdk-configs package during the system installation, but it does
not do that: https://bugzilla.redhat.com/show_bug.cgi?id=1620053#c14.
If the original system has an older version of copy-jdk-configs installed than the one available in RHEL repos, the
issue does not occur because the copy-jdk-configs is updated together with the java-1.7.0-openjdk package and a
pretrans script of the copy-jdk-configs creates the dir.
In case there's no newer version of copy-jdk-configs available in RHEL but a newer version of java-1.7.0-openjdk is
available, we need to create the /var/lib/rpm-state/ directory as suggested in
https://access.redhat.com/solutions/3573891.
"""
logger.info("Checking if java-1.7.0-openjdk is installed.")
if system_info.is_rpm_installed(name="java-1.7.0-openjdk"):
logger.info(
"Package java-1.7.0-openjdk found. Applying workaround in"
"accordance with https://access.redhat.com/solutions/3573891.")
try:
mkdir_p(OPENJDK_RPM_STATE_DIR)
except OSError:
logger.warning("Unable to create the %s directory." %
OPENJDK_RPM_STATE_DIR)
else:
logger.info("openjdk workaround applied successfully.")
else:
logger.info("java-1.7.0-openjdk not installed.")
def download_rhsm_pkgs():
"""Download all the packages necessary for a successful registration to the Red Hat Subscription Management.
The packages are available in non-standard repositories, so additional repofiles need to be used. The downloaded
RPMs are to be installed in a later stage of the conversion.
"""
utils.mkdir_p(_RHSM_TMP_DIR)
pkgs_to_download = [
"subscription-manager", "subscription-manager-rhsm-certificates"
]
if system_info.version.major == 6:
pkgs_to_download.append("subscription-manager-rhsm")
_download_rhsm_pkgs(pkgs_to_download, _CENTOS_6_REPO_PATH,
_CENTOS_6_REPO_CONTENT)
elif system_info.version.major == 7:
pkgs_to_download += ["subscription-manager-rhsm", "python-syspurpose"]
_download_rhsm_pkgs(pkgs_to_download, _CENTOS_7_REPO_PATH,
_CENTOS_7_REPO_CONTENT)
_get_rhsm_cert_on_centos_7()
elif system_info.version.major == 8:
pkgs_to_download += [
"python3-subscription-manager-rhsm",
"dnf-plugin-subscription-manager", "python3-syspurpose"
]
_download_rhsm_pkgs(pkgs_to_download, _UBI_8_REPO_PATH,
_UBI_8_REPO_CONTENT)
def download_rhsm_pkgs():
"""Download all the packages necessary for a successful registration to the Red Hat Subscription Management.
The packages are available in non-standard repositories, so additional repofiles need to be used. The downloaded
RPMs are to be installed in a later stage of the conversion.
"""
if tool_opts.keep_rhsm:
loggerinst.info("Skipping due to the use of --keep-rhsm.")
return
utils.mkdir_p(_RHSM_TMP_DIR)
pkgs_to_download = [
"subscription-manager",
"subscription-manager-rhsm-certificates",
]
if system_info.version.major == 6:
pkgs_to_download.append("subscription-manager-rhsm")
_download_rhsm_pkgs(pkgs_to_download, _CENTOS_6_REPO_PATH,
_CENTOS_6_REPO_CONTENT)
elif system_info.version.major == 7:
pkgs_to_download += ["subscription-manager-rhsm", "python-syspurpose"]
_download_rhsm_pkgs(pkgs_to_download, _UBI_7_REPO_PATH,
_UBI_7_REPO_CONTENT)
elif system_info.version.major == 8:
pkgs_to_download += [
"python3-subscription-manager-rhsm",
"dnf-plugin-subscription-manager",
"python3-syspurpose",
"python3-cloud-what",
"json-c.x86_64", # there's also an i686 version which we don't need
]
_download_rhsm_pkgs(pkgs_to_download, _UBI_8_REPO_PATH,
_UBI_8_REPO_CONTENT)
def test_get_cert_path_missing_cert(self):
# Create temporary directory that has no certificate
cert_dir = os.path.join(utils.DATA_DIR, "rhel-certs", system_info.arch)
utils.mkdir_p(cert_dir)
# Check response for the non-existing certificate in the temporary dir
self.assertRaises(SystemExit, cert.SystemCert._get_cert)
self.assertEqual(len(cert.loggerinst.critical_msgs), 1)
# Remove the temporary directory tree
shutil.rmtree(os.path.join(utils.DATA_DIR, "rhel-certs"))
def install(self):
"""RHEL certificate (.pem) is used by subscription-manager to
determine the running system type/version.
"""
try:
utils.mkdir_p(self._target_cert_dir)
shutil.copy(self._source_cert_path, self._target_cert_dir)
except OSError as err:
loggerinst.critical("OSError({0}): {1}".format(err.errno, err.strerror))
loggerinst.info("Certificate %s copied to %s." % (self._cert_filename, self._target_cert_dir))
def copy_cert_for_rhel_5():
"""RHEL certificate (.pem) is used by subscription-manager to determine
the running system type/version. On RHEL 5, subscription-manager looks for
the certificates in /etc/pki/product/ even though the redhat-release
package installs it in /etc/pki/product-default/. This discrepancy has been
reported in https://bugzilla.redhat.com/show_bug.cgi?id=1321012 with
WONTFIX status.
"""
if system_info.version == "5":
for cert in glob.glob(_REDHAT_RELEASE_CERT_DIR + "*.pem"):
utils.mkdir_p(_SUBSCRIPTION_MANAGER_CERT_DIR)
shutil.copy(cert, _SUBSCRIPTION_MANAGER_CERT_DIR)
def perform_java_openjdk_workaround():
if system_info.is_rpm_installed(name="java-1.7.0-openjdk"):
logger.info(
"Package java-1.7.0-openjdk found. Applying workaround in"
"accordance with https://access.redhat.com/solutions/3573891")
try:
mkdir_p(OPENJDK_RPM_STATE_DIR)
except OSError:
logger.warning("Can't create %s directory." %
OPENJDK_RPM_STATE_DIR)
else:
logger.info("openjdk workaround applied successfully.")
def install(self):
"""RHEL certificate (.pem) is used by subscription-manager to
determine the running system type/version.
"""
loggerinst.info("Installing RHEL certificate to the system.")
try:
utils.mkdir_p(self._system_cert_dir)
shutil.copy(self._cert_path, self._system_cert_dir)
except OSError as err:
loggerinst.critical("OSError({0}): {1}".format(err.errno, err.strerror))
loggerinst.debug("Certificate copied to %s." % self._system_cert_dir)
def resolve_system_info(self):
self.logger = logging.getLogger(__name__)
self.system_release_file_content = self._get_system_release_file_content()
self.name = self._get_system_name()
self.id = self.name.split()[0].lower()
self.version = self._get_system_version()
self.arch = self._get_architecture()
utils.mkdir_p(utils.TMP_DIR)
self.cfg_filename = self._get_cfg_filename()
self.cfg_content = self._get_cfg_content()
self.pkg_blacklist = self._get_pkg_blacklist()
self.default_repository_id = self._get_default_repository_id()
self.fingerprints_orig_os = self._get_gpg_key_fingerprints()
self._generate_rpm_va()