mirror of
https://github.com/rocky-linux/rocky-tools.git
synced 2024-11-22 13:11:26 +00:00
Fix subscription-manger issues.
After a RHEL conversion any attempt to run subscription-manager would result in an error. this was due to the RedHat certs having been replaced on the system during the migration. To fix this we now copy any subscription-manager certs to a temporary directory and if they have been removed during the migration we copy them back at the finish. This means that subscription-manager now won't stop working after a migration from RHEL.
This commit is contained in:
parent
51378a2efc
commit
5dc03bc40d
@ -114,6 +114,9 @@ ARCH=$(arch)
|
|||||||
gpg_key_url="https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-rockyofficial"
|
gpg_key_url="https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-rockyofficial"
|
||||||
gpg_key_sha512="88fe66cf0a68648c2371120d56eb509835266d9efdf7c8b9ac8fc101bdf1f0e0197030d3ea65f4b5be89dc9d1ef08581adb068815c88d7b1dc40aa1c32990f6a"
|
gpg_key_sha512="88fe66cf0a68648c2371120d56eb509835266d9efdf7c8b9ac8fc101bdf1f0e0197030d3ea65f4b5be89dc9d1ef08581adb068815c88d7b1dc40aa1c32990f6a"
|
||||||
|
|
||||||
|
sm_ca_dir=/etc/rhsm/ca
|
||||||
|
unset tmp_sm_ca_dir
|
||||||
|
|
||||||
# all repos must be signed with the same key given in $gpg_key_url
|
# all repos must be signed with the same key given in $gpg_key_url
|
||||||
declare -A repo_urls
|
declare -A repo_urls
|
||||||
repo_urls=(
|
repo_urls=(
|
||||||
@ -165,6 +168,25 @@ pkg_ver() (
|
|||||||
return 0
|
return 0
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Set up a temporary directory.
|
||||||
|
pre_setup () {
|
||||||
|
if ! tmp_dir=$(mktemp -d) || [[ ! -d "$tmp_dir" ]]; then
|
||||||
|
exit_message "Error creating temp dir"
|
||||||
|
fi
|
||||||
|
# failglob makes pathname expansion fail if empty, dotglob adds files
|
||||||
|
# starting with . to pathname expansion
|
||||||
|
if ( shopt -s failglob dotglob; : "$tmp_dir"/* ) 2>/dev/null ; then
|
||||||
|
exit_message "Temp dir not empty"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Cleanup function gets rid of the temporary directory.
|
||||||
|
exit_clean () {
|
||||||
|
if [[ -d "$tmp_dir" ]]; then
|
||||||
|
rm -rf "$tmp_dir"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
pre_check () {
|
pre_check () {
|
||||||
if [[ -e /etc/rhsm/ca/katello-server-ca.pem ]]; then
|
if [[ -e /etc/rhsm/ca/katello-server-ca.pem ]]; then
|
||||||
exit_message "Migration from Katello-modified systems is not supported by migrate2rocky."
|
exit_message "Migration from Katello-modified systems is not supported by migrate2rocky."
|
||||||
@ -524,6 +546,15 @@ generate_rpm_info() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
package_swaps() {
|
package_swaps() {
|
||||||
|
# Save off any subscription-manger keys, just in case.
|
||||||
|
if ( shopt -s failglob dotglob; : "$sm_ca_dir"/* ) 2>/dev/null ; then
|
||||||
|
tmp_sm_ca_dir=$tmp_dir/sm-certs
|
||||||
|
mkdir "$tmp_sm_ca_dir" ||
|
||||||
|
exit_message "Could not create directory: $tmp_sm_ca_dir"
|
||||||
|
cp -f -dR --preserve=all "$sm_ca_dir"/* "$tmp_sm_ca_dir/" ||
|
||||||
|
exit_message "Could not copy certs to $tmp_sm_ca_dir"
|
||||||
|
fi
|
||||||
|
|
||||||
# prepare repo parameters
|
# prepare repo parameters
|
||||||
local -a dnfparameters
|
local -a dnfparameters
|
||||||
for repo in "${!repo_urls[@]}"; do
|
for repo in "${!repo_urls[@]}"; do
|
||||||
@ -660,6 +691,52 @@ EOF
|
|||||||
|
|
||||||
infomsg $'\nSyncing packages\n\n'
|
infomsg $'\nSyncing packages\n\n'
|
||||||
dnf -y distro-sync || exit_message "Error during distro-sync."
|
dnf -y distro-sync || exit_message "Error during distro-sync."
|
||||||
|
|
||||||
|
if rpm --quiet -q subscription-manager; then
|
||||||
|
infomsg $'Subscription Manager found on system.\n'
|
||||||
|
cat <<EOF
|
||||||
|
If you're converting from a subscription-managed distribution such as RHEL then
|
||||||
|
you may no longer need subscription-manager. While it won't hurt anything to
|
||||||
|
have it on your system you may be able to safely remove it with
|
||||||
|
"dnf remove subscription-manager". Take care that it doesn't remove something
|
||||||
|
that you want to keep.
|
||||||
|
|
||||||
|
The subscription-manager dnf plugin may be enabled for the benefit of
|
||||||
|
Subscription Management. If no longer desired, you can use
|
||||||
|
"subscription-manager config --rhsm.auto_enable_yum_plugins=0" to block this
|
||||||
|
behavior.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
if [[ $tmp_sm_ca_dir ]]; then
|
||||||
|
# Check to see if there's Subscription Manager certs which have been
|
||||||
|
# removed
|
||||||
|
local -a removed_certs
|
||||||
|
readarray -t removed_certs < <((
|
||||||
|
shopt -s nullglob dotglob
|
||||||
|
local -a certs
|
||||||
|
cd "$sm_ca_dir" && certs=(*)
|
||||||
|
cd "$tmp_sm_ca_dir" && certs+=(*)
|
||||||
|
IFS=$'\n'
|
||||||
|
printf '%s' "${certs[*]}"
|
||||||
|
) | sort | uniq -u)
|
||||||
|
|
||||||
|
if (( ${#removed_certs[@]} )); then
|
||||||
|
cp -n -dR --preserve=all "$tmp_sm_ca_dir"/* "$sm_ca_dir/" ||
|
||||||
|
exit_message "Could not copy certs back to $sm_ca_dir"
|
||||||
|
|
||||||
|
infomsg '%s' \
|
||||||
|
$'Some Subscription Manager certificates ' \
|
||||||
|
"were restored to $sm_ca_dir after"$'\n' \
|
||||||
|
$'migration so that the subscription-manager ' \
|
||||||
|
$'command will continue to work:\n\n'
|
||||||
|
printf '%s\n' "${removed_certs[@]}" ''
|
||||||
|
cat <<EOF
|
||||||
|
If you no longer need to use the subscription-manager command then you may
|
||||||
|
safely remove these files.
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check if this system is running on EFI
|
# Check if this system is running on EFI
|
||||||
@ -689,7 +766,8 @@ fix_efi () (
|
|||||||
establish_gpg_trust () {
|
establish_gpg_trust () {
|
||||||
# create temp dir and verify it is really created and empty, so we are sure deleting it afterwards won't cause any harm
|
# create temp dir and verify it is really created and empty, so we are sure deleting it afterwards won't cause any harm
|
||||||
declare -g gpg_tmp_dir
|
declare -g gpg_tmp_dir
|
||||||
if ! gpg_tmp_dir=$(mktemp -d) || [[ ! -d "$gpg_tmp_dir" ]]; then
|
gpg_tmp_dir=$tmp_dir/gpg
|
||||||
|
if ! mkdir "$gpg_tmp_dir" || [[ ! -d "$gpg_tmp_dir" ]]; then
|
||||||
exit_message "Error creating temp dir"
|
exit_message "Error creating temp dir"
|
||||||
fi
|
fi
|
||||||
# failglob makes pathname expansion fail if empty, dotglob adds files starting with . to pathname expansion
|
# failglob makes pathname expansion fail if empty, dotglob adds files starting with . to pathname expansion
|
||||||
@ -736,6 +814,8 @@ if (( ! noopts )); then
|
|||||||
usage
|
usage
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
pre_setup
|
||||||
|
trap exit_clean EXIT
|
||||||
pre_check
|
pre_check
|
||||||
efi_check
|
efi_check
|
||||||
bin_check
|
bin_check
|
||||||
|
Loading…
Reference in New Issue
Block a user