rocky-linux/rocky-tools
4
0
Fork 0
mirror of https://github.com/rocky-linux/rocky-tools.git synced 2024-11-24 14:11:24 +00:00
Code Issues Projects Releases Activity

Merge remote-tracking branch 'origin/main' into set-mirror-url

Browse Source
This commit is contained in:
Maik Stuebner 2021-08-17 08:22:06 +02:00
commit dfcac6e04f
2 changed files with 499 additions and 353 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
migrate2rocky/README.md
View File

@ -71,7 +71,7 @@ dnf command or the migration. You may safely ignore this message.
#### Grub still shows kernel entries from previous installation #### Grub still shows kernel entries from previous installation
This is normal. The running kernel cannot be safely removed when migrate2rocky This is normal. The running kernel cannot be safely removed when migrate2rocky
is run. The RockyLinux kernel should come up as the default highlighed kernel is run. The RockyLinux kernel should come up as the default highlighted kernel
on reboot but the other ones will remain until they are removed or replaced by on reboot but the other ones will remain until they are removed or replaced by
newer kernels. If you want you can manually remove the old kernels after reboot newer kernels. If you want you can manually remove the old kernels after reboot
with dnf or rpm. with dnf or rpm.
@ -96,6 +96,21 @@ fix this issue run the following command after migration:
``` ```
ipa-server-upgrade --skip-version-check ipa-server-upgrade --skip-version-check
``` ```
> Note: Since ipa-server-upgrade is a java program you will likely have to run
> the command to mitigate the "Symbolic links to Java programs..." issue above
> before running this command.
#### CentOS SIG repositories disappear after migrating to RockyLinux.
This is because the centos-release-* packages that contain the .repo files for
the individual repositories depend on centos-release. Storage sig and related
release packages should be available soon from RockyLinux. In the meantine you
can use a command like the following to install the .repo files and continue to
use the repository from CentOS (note please substitute the URL to the release
package for the repo that you need):
```
rpm2cpio <(curl http://mirror.centos.org/centos/8/extras/x86_64/os/Packages/centos-release-gluster9-1.0-1.el8.noarch.rpm) | cpio -iD/ \*.repo
```
### Latest Version ### Latest Version

213
migrate2rocky/migrate2rocky.sh
View File

@ -46,7 +46,8 @@ fi
# Make sure we're root. # Make sure we're root.
if (( EUID != 0 )); then if (( EUID != 0 )); then
printf '%s\n' "You must run this script as root. Either use sudo or 'su -c ${0}'" >&2 printf '%s\n' \
"You must run this script as root. Either use sudo or 'su -c ${0}'" >&2
exit 1 exit 1
fi fi
@ -105,7 +106,8 @@ errmsg () {
printf '%s%s%s' "$errcolor" "$msg" "$nocolor" >&4 printf '%s%s%s' "$errcolor" "$msg" "$nocolor" >&4
} }
export LC_ALL=en_US.UTF-8 LANGUAGE=en_US export LC_ALL=C.UTF-8
unset LANGUAGE
shopt -s nullglob shopt -s nullglob
SUPPORTED_MAJOR="8" SUPPORTED_MAJOR="8"
@ -121,6 +123,15 @@ gpg_key_sha512="88fe66cf0a68648c2371120d56eb509835266d9efdf7c8b9ac8fc101bdf1f0e0
sm_ca_dir=/etc/rhsm/ca sm_ca_dir=/etc/rhsm/ca
unset tmp_sm_ca_dir unset tmp_sm_ca_dir
# The repos package for CentOS stream requires special handling.
declare -g -A stream_repos_pkgs
stream_repos_pkgs=(
[rocky-repos]=centos-stream-repos
[epel-release]=epel-next-release
)
# Prefix to add to CentOS stream repo names when renaming them.
stream_prefix=stream-
unset CDPATH unset CDPATH
exit_message() { exit_message() {
@ -182,14 +193,21 @@ exit_clean () {
if [[ -d "$tmp_dir" ]]; then if [[ -d "$tmp_dir" ]]; then
rm -rf "$tmp_dir" rm -rf "$tmp_dir"
fi fi
if [[ -f "$container_macros" ]]; then
rm -f "$container_macros"
fi
} }
pre_check () { pre_check () {
if [[ -e /etc/rhsm/ca/katello-server-ca.pem ]]; then if [[ -e /etc/rhsm/ca/katello-server-ca.pem ]]; then
exit_message "Migration from Katello-modified systems is not supported by migrate2rocky. See the README file for details." exit_message \
'Migration from Katello-modified systems is not supported by migrate2rocky. '\
'See the README file for details.'
fi fi
if [[ -e /etc/salt/minion.d/susemanager.conf ]]; then if [[ -e /etc/salt/minion.d/susemanager.conf ]]; then
exit_message "Migration from Uyuni/SUSE Manager-modified systems is not supported by migrate2rocky. See the README file for details." exit_message \
'Migration from Uyuni/SUSE Manager-modified systems is not supported by '\
'migrate2rocky. See the README file for details.'
fi fi
} }
@ -259,19 +277,20 @@ create_repo_files () {
# All of the binaries used by this script are available in a EL8 minimal install # All of the binaries used by this script are available in a EL8 minimal install
# and are in /bin, so we should not encounter a system where the script doesn't # and are in /bin, so we should not encounter a system where the script doesn't
# work unless it's severly broken. This is just a simple check that will cause # work unless it's severely broken. This is just a simple check that will cause
# the script to bail if any expected system utilities are missing. # the script to bail if any expected system utilities are missing.
bin_check() { bin_check() {
# Check the platform. # Check the platform.
if [[ $(os-release PLATFORM_ID) != "$SUPPORTED_PLATFORM" ]]; then if [[ $(os-release PLATFORM_ID) != "$SUPPORTED_PLATFORM" ]]; then
exit_message "This script must be run on an EL8 distribution. Migration from other distributions is not supported." exit_message \
'This script must be run on an EL8 distribution. Migration from other '\
'distributions is not supported.'
fi fi
local -a missing bins local -a missing bins
bins=( bins=(
rpm dnf awk column tee tput mkdir rpm dnf awk column tee tput mkdir cat arch sort uniq rmdir
cat arch sort uniq rmdir rm head rm head curl sha512sum mktemp systemd-detect-virt sed
curl sha512sum mktemp
) )
if [[ $update_efi ]]; then if [[ $update_efi ]]; then
bins+=(findmnt grub2-mkconfig efibootmgr grep mokutil lsblk) bins+=(findmnt grub2-mkconfig efibootmgr grep mokutil lsblk)
@ -299,7 +318,9 @@ bin_check() {
done; done;
if (( ${#missing[@]} )); then if (( ${#missing[@]} )); then
exit_message "Commands not found: ${missing[*]}. Possible bad PATH setting or corrupt installation." exit_message \
"Commands not found: ${missing[*]}. Possible bad PATH setting or corrupt "\
"installation."
fi fi
} }
@ -309,7 +330,7 @@ bin_check() {
repoquery () { repoquery () {
local name val prev result local name val prev result
result=$( result=$(
dnf -q --setopt=epel.excludepkgs=epel-release repoquery -i "$1" || dnf -y -q --setopt=epel.excludepkgs=epel-release repoquery -i "$1" ||
exit_message "Failed to fetch info for package $1." exit_message "Failed to fetch info for package $1."
) )
if ! [[ $result ]]; then if ! [[ $result ]]; then
@ -331,7 +352,7 @@ repoquery () {
# info for the resulting repository. # info for the resulting repository.
repoinfo () { repoinfo () {
local name val result local name val result
result=$(dnf -q repoinfo "$1") || result=$(dnf -y -q repoinfo "$1") ||
exit_message "Failed to fetch info for repository $1." exit_message "Failed to fetch info for repository $1."
if [[ $result == 'Total packages: 0' ]]; then if [[ $result == 'Total packages: 0' ]]; then
# We didn't match this repo. # We didn't match this repo.
@ -385,17 +406,17 @@ provides_pkg () (
fi fi
set -o pipefail set -o pipefail
provides=$(dnf -q provides "$1" | awk '{print $1; nextfile}') || provides=$(dnf -y -q provides "$1" | awk '{print $1; nextfile}') ||
return 1 return 1
set +o pipefail set +o pipefail
pkg=$(rpm -q --queryformat '%{NAME}\n' "$provides") || pkg=$(rpm -q --queryformat '%{NAME}\n' "$provides") ||
pkg=$(dnf -q repoquery --queryformat '%{NAME}\n' "$provides") || pkg=$(dnf -y -q repoquery --queryformat '%{NAME}\n' "$provides") ||
exit_message "Can't get package name for $provides." exit_message "Can't get package name for $provides."
printf '%s\n' "$pkg" printf '%s\n' "$pkg"
) )
# If you pass an empty arg as one of the package specs to rpm it will match # If you pass an empty arg as one of the package specs to rpm it will match
# every package on the system. This funtion simply strips out any empty args # every package on the system. This function simply strips out any empty args
# and passes the rest to rpm to avoid this side-effect. # and passes the rest to rpm to avoid this side-effect.
saferpm () ( saferpm () (
args=() args=()
@ -462,7 +483,9 @@ collect_system_info () {
# check if EFI secure boot is enabled # check if EFI secure boot is enabled
if [[ $update_efi ]]; then if [[ $update_efi ]]; then
if mokutil --sb-state 2>&1 | grep -q "SecureBoot enabled"; then if mokutil --sb-state 2>&1 | grep -q "SecureBoot enabled"; then
exit_message "EFI Secure Boot is enabled but Rocky Linux doesn't provide a signed shim yet. Disable EFI Secure Boot and reboot." exit_message \
"EFI Secure Boot is enabled but Rocky Linux doesn't provide a signed shim yet."\
" Disable EFI Secure Boot and reboot."
fi fi
fi fi
@ -509,10 +532,13 @@ collect_system_info () {
repo_map[$r]=${repoquery_results[Repository]} repo_map[$r]=${repoquery_results[Repository]}
done done
printf '%s\n' '' '' "Found the following repositories which map from $PRETTY_NAME to Rocky Linux 8:" printf '%s\n' '' '' \
column -t -s $'\t' -N "$PRETTY_NAME,Rocky Linux 8" < <(for r in "${!repo_map[@]}"; do "Found the following repositories which map from $PRETTY_NAME to Rocky Linux 8:"
column -t -s $'\t' -N "$PRETTY_NAME,Rocky Linux 8" < <(
for r in "${!repo_map[@]}"; do
printf '%s\t%s\n' "${repo_map[$r]}" "$r" printf '%s\t%s\n' "${repo_map[$r]}" "$r"
done) done
)
infomsg $'\n'"Getting system package names for $PRETTY_NAME" infomsg $'\n'"Getting system package names for $PRETTY_NAME"
@ -584,14 +610,20 @@ $'because continuing with the migration could cause further damage to system.'
addl_pkg_removes+=("$pkg") addl_pkg_removes+=("$pkg")
done done
printf '%s\n' '' '' "Found the following system packages which map from $PRETTY_NAME to Rocky Linux 8:" printf '%s\n' '' '' \
column -t -s $'\t' -N "$PRETTY_NAME,Rocky Linux 8" < <(for p in "${!pkg_map[@]}"; do "Found the following system packages which map from $PRETTY_NAME to Rocky "\
"Linux 8:"
column -t -s $'\t' -N "$PRETTY_NAME,Rocky Linux 8" < <(
for p in "${!pkg_map[@]}"; do
printf '%s\t%s\n' "${pkg_map[$p]}" "$p" printf '%s\t%s\n' "${pkg_map[$p]}" "$p"
done) done
)
infomsg $'\n'"Getting list of installed system packages."$'\n' infomsg $'\n'"Getting list of installed system packages."$'\n'
readarray -t installed_packages < <(saferpm -qa --queryformat="%{NAME}\n" "${pkg_map[@]}") readarray -t installed_packages < <(
saferpm -qa --queryformat="%{NAME}\n" "${pkg_map[@]}"
)
declare -g -A installed_pkg_check installed_pkg_map declare -g -A installed_pkg_check installed_pkg_map
for p in "${installed_packages[@]}"; do for p in "${installed_packages[@]}"; do
installed_pkg_check[$p]=1 installed_pkg_check[$p]=1
@ -602,22 +634,56 @@ $'because continuing with the migration could cause further damage to system.'
fi fi
done; done;
printf '%s\n' '' "We will replace the following $PRETTY_NAME packages with their Rocky Linux 8 equivalents" # Special Handling for CentOS Stream Repos
installed_sys_stream_repos_pkgs=()
installed_stream_repos_pkgs=()
for p in "${!stream_repos_pkgs[@]}"; do
if [[ ${installed_pkg_map[$p]} &&
${installed_pkg_map[$p]} == "${stream_repos_pkgs[$p]}" ]]
then
# System package that needs to be swapped / disabled
installed_pkg_map[$p]=
installed_sys_stream_repos_pkgs+=( ${stream_repos_pkgs[$p]} )
elif rpm --quiet -q "${stream_repos_pkgs[$p]}"; then
# Non-system package, repos just need to be disabled.
installed_stream_repos_pkgs+=( ${stream_repos_pkgs[$p]} )
fi
done
printf '%s\n' '' \
"We will replace the following $PRETTY_NAME packages with their Rocky Linux 8 "\
"equivalents"
column -t -s $'\t' -N "Packages to be Removed,Packages to be Installed" < <( column -t -s $'\t' -N "Packages to be Removed,Packages to be Installed" < <(
for p in "${!installed_pkg_map[@]}"; do for p in "${!installed_pkg_map[@]}"; do
printf '%s\t%s\n' "${installed_pkg_map[$p]}" "$p" printf '%s\t%s\n' "${installed_pkg_map[$p]}" "$p"
done done
) )
if (( ${#installed_sys_stream_repos_pkgs[@]} )); then
printf '%s\n' '' \
'Also to aid the transition from CentOS Stream the following packages will be '\
'removed from the rpm database but the included repos will be renamed and '\
'retained but disabled:' \
"${installed_sys_stream_repos_pkgs[@]}"
fi
if (( ${#installed_stream_repos_pkgs[@]} )); then
printf '%s\n' '' \
'Also to aid the transition from CentOS Stream the repos included in the '\
'following packages will be renamed and retained but disabled:' \
"${installed_stream_repos_pkgs[@]}"
fi
if (( ${#addl_pkg_removes[@]} )); then if (( ${#addl_pkg_removes[@]} )); then
printf '%s\n' '' "In addition to the above the following system packages will be removed:" \ printf '%s\n' '' \
"In addition to the above the following system packages will be removed:" \
"${addl_pkg_removes[@]}" "${addl_pkg_removes[@]}"
fi fi
# Release packages that are part of SIG's should be listed below when they # Release packages that are part of SIG's should be listed below when they
# are available. # are available.
# UPDATE: We may or may not do something with SIG's here, it could just be # UPDATE: We may or may not do something with SIG's here, it could just be
# left as a separate excersize to swap out the sig repos. # left as a separate exercise to swap out the sig repos.
#sigs_to_swap=() #sigs_to_swap=()
infomsg '%s' $'\n' \ infomsg '%s' $'\n' \
@ -626,7 +692,7 @@ $'because continuing with the migration could cause further damage to system.'
# Get a list of system enabled modules. # Get a list of system enabled modules.
readarray -t enabled_modules < <( readarray -t enabled_modules < <(
set -e -o pipefail set -e -o pipefail
safednf -q "${repo_map[@]/#/--repo=}" module list --enabled | safednf -y -q "${repo_map[@]/#/--repo=}" module list --enabled |
awk ' awk '
$1 == "@modulefailsafe", /^$/ {next} $1 == "@modulefailsafe", /^$/ {next}
$1 == "Name", /^$/ {if ($1!="Name" && !/^$/) print $1":"$2} $1 == "Name", /^$/ {if ($1!="Name" && !/^$/) print $1":"$2}
@ -669,13 +735,16 @@ $'because continuing with the migration could cause further damage to system.'
"${enabled_modules[@]}" '' "${enabled_modules[@]}" ''
if (( ${#managed_repos[@]} )); then if (( ${#managed_repos[@]} )); then
printf '%s\n' '' "In addition, since this system uses subscription-manger the following managed repos will be disabled:" \ printf '%s\n' '' \
'In addition, since this system uses subscription-manager the following '\
'managed repos will be disabled:' \
"${managed_repos[@]}" "${managed_repos[@]}"
fi fi
} }
convert_info_dir=/root/convert convert_info_dir=/root/convert
unset convert_to_rocky reinstall_all_rpms verify_all_rpms update_efi unset convert_to_rocky reinstall_all_rpms verify_all_rpms update_efi \
container_macros
usage() { usage() {
printf '%s\n' \ printf '%s\n' \
@ -697,9 +766,13 @@ usage() {
generate_rpm_info() { generate_rpm_info() {
mkdir /root/convert mkdir /root/convert
infomsg "Creating a list of RPMs installed: $1"$'\n' infomsg "Creating a list of RPMs installed: $1"$'\n'
rpm -qa --qf "%{NAME}|%{VERSION}|%{RELEASE}|%{INSTALLTIME}|%{VENDOR}|%{BUILDTIME}|%{BUILDHOST}|%{SOURCERPM}|%{LICENSE}|%{PACKAGER}\n" | sort > "${convert_info_dir}/$HOSTNAME-rpm-list-$1.log" rpm -qa --qf \
"%{NAME}|%{VERSION}|%{RELEASE}|%{INSTALLTIME}|%{VENDOR}|%{BUILDTIME}|"\
"%{BUILDHOST}|%{SOURCERPM}|%{LICENSE}|%{PACKAGER}\n" |
sort > "${convert_info_dir}/$HOSTNAME-rpm-list-$1.log"
infomsg "Verifying RPMs installed against RPM database: $1"$'\n\n' infomsg "Verifying RPMs installed against RPM database: $1"$'\n\n'
rpm -Va | sort -k3 > "${convert_info_dir}/$HOSTNAME-rpm-list-verified-$1.log" rpm -Va | sort -k3 > \
"${convert_info_dir}/$HOSTNAME-rpm-list-verified-$1.log"
} }
# Run a dnf update before the actual migration. # Run a dnf update before the actual migration.
@ -711,7 +784,7 @@ $'unstable state. Please correct the issues shown here and try again.'
} }
package_swaps() { package_swaps() {
# Save off any subscription-manger keys, just in case. # Save off any subscription-manager keys, just in case.
if ( shopt -s failglob dotglob; : "$sm_ca_dir"/* ) 2>/dev/null ; then if ( shopt -s failglob dotglob; : "$sm_ca_dir"/* ) 2>/dev/null ; then
tmp_sm_ca_dir=$tmp_dir/sm-certs tmp_sm_ca_dir=$tmp_dir/sm-certs
mkdir "$tmp_sm_ca_dir" || mkdir "$tmp_sm_ca_dir" ||
@ -728,6 +801,25 @@ package_swaps() {
dnfparameters+=( "--setopt=${repo}.gpgkey=file://${gpg_key_file}" ) dnfparameters+=( "--setopt=${repo}.gpgkey=file://${gpg_key_file}" )
done done
# CentOS Stream specific processing
if (( ${#installed_stream_repos_pkgs[@]} )); then
# Get a list of the repo files.
local -a repos_files
readarray -t repos_files < <(
saferpm -ql "${installed_sys_stream_repos_pkgs[@]}" \
"${installed_stream_repos_pkgs[@]}" |
grep '^/etc/yum\.repos\.d/.\+\.repo$'
)
# Remove the package from the rpm db.
saferpm -e --justdb --nodeps -a "${installed_sys_stream_repos_pkgs[@]}" ||
exit_message \
"Could not remove packages from the rpm db: ${installed_sys_stream_repos_pkgs[@]}"
# Rename the stream repos with a prefix.
sed -i 's/^\[/['"$stream_prefix"'/' "${repos_files[@]}"
fi
# Use dnf shell to swap the system packages out. # Use dnf shell to swap the system packages out.
safednf -y shell --disablerepo=\* --noautoremove \ safednf -y shell --disablerepo=\* --noautoremove \
--setopt=protected_packages= --setopt=keepcache=True \ --setopt=protected_packages= --setopt=keepcache=True \
@ -739,7 +831,8 @@ package_swaps() {
exit exit
EOF EOF
# rocky-repos and rocky-gpg-keys are now installed, so we don't need the key file anymore # rocky-repos and rocky-gpg-keys are now installed, so we don't need the
# key file anymore
rm -rf "$gpg_tmp_dir" rm -rf "$gpg_tmp_dir"
# when you want to migrate with internal mirror repo server, we create repo files # when you want to migrate with internal mirror repo server, we create repo files
@ -838,7 +931,8 @@ EOF
if (( ${#managed_repos[@]} )); then if (( ${#managed_repos[@]} )); then
# Filter the managed repos for ones still in the system. # Filter the managed repos for ones still in the system.
readarray -t managed_repos < <( readarray -t managed_repos < <(
safednf -q repolist "${managed_repos[@]}" | awk '$1!="repo" {print $1}' safednf -y -q repolist "${managed_repos[@]}" |
awk '$1!="repo" {print $1}'
) )
if (( ${#managed_repos[@]} )); then if (( ${#managed_repos[@]} )); then
@ -860,7 +954,7 @@ EOF
exit_message "Can't enable modules ${enabled_modules[*]}" exit_message "Can't enable modules ${enabled_modules[*]}"
fi fi
# Make sure that excluded repos are disabled. # Make sure that excluded modules are disabled.
infomsg $'Disabling excluded modules\n\n' infomsg $'Disabling excluded modules\n\n'
safednf -y module disable "${module_excludes[@]}" || safednf -y module disable "${module_excludes[@]}" ||
exit_message "Can't disable modules ${module_excludes[*]}" exit_message "Can't disable modules ${module_excludes[*]}"
@ -868,8 +962,39 @@ EOF
infomsg $'\nSyncing packages\n\n' infomsg $'\nSyncing packages\n\n'
dnf -y distro-sync || exit_message "Error during distro-sync." dnf -y distro-sync || exit_message "Error during distro-sync."
# Disable Stream repos.
if (( ${#installed_sys_stream_repos_pkgs[@]} ||
${#installed_stream_repos_pkgs[@]} )); then
dnf -y --enableplugin=config_manager config-manager --set-disabled \
"$stream_prefix*" ||
errmsg \
$'Failed to disable CentOS Stream repos, please check and disable manually.\n'
infomsg $'\nCentOS Stream Migration Notes:\n\n'
cat <<EOF
Because CentOS Stream leads RockyLinux by the next point release many packages
in Stream will have higher version numbers than those in RockyLinux, some will
even be rebased to a new upstream version. Downgrading these packages to the
versions in RockyLinux carries the risk that the older version may not
recognize config files, data or other files generated by the newer version in
Stream.
To avoid issues with this the newer package versions from CentOS Stream have
been retained. Also the CentOS Stream repositories have been retained but
renamed with a prefix of "stream-" to avoid clashing with RockyLinux
repositories, but these same repos have also been disabled so that future
package installs will come from the stock RockyLinux repositories.
If you do nothing except update to the next point release of RockyLinux when it
becomes available then the packages retained from Stream should be replaced at
that time. If you need to update a package from Stream (eg: to fix a bug or
security issue) then you will need to enable the appropriate repository to do
so.
EOF
fi
if rpm --quiet -q subscription-manager; then if rpm --quiet -q subscription-manager; then
infomsg $'Subscription Manager found on system.\n' infomsg $'Subscription Manager found on system.\n\n'
cat <<EOF cat <<EOF
If you're converting from a subscription-managed distribution such as RHEL then If you're converting from a subscription-managed distribution such as RHEL then
you may no longer need subscription-manager or dnf-plugin-subscription-manager. you may no longer need subscription-manager or dnf-plugin-subscription-manager.
@ -884,7 +1009,6 @@ The subscription-manager dnf plugin may be enabled for the benefit of
Subscription Management. If no longer desired, you can use Subscription Management. If no longer desired, you can use
"subscription-manager config --rhsm.auto_enable_yum_plugins=0" to block this "subscription-manager config --rhsm.auto_enable_yum_plugins=0" to block this
behavior. behavior.
EOF EOF
fi fi
if [[ $tmp_sm_ca_dir ]]; then if [[ $tmp_sm_ca_dir ]]; then
@ -926,8 +1050,13 @@ efi_check () {
exit_message "/sys is not accessible." exit_message "/sys is not accessible."
fi fi
# Now that we know /sys is reliable, use it to check if we are running on EFI or not # Now that we know /sys is reliable, use it to check if we are running on
if [[ -d /sys/firmware/efi/ ]]; then # EFI or not
if systemd-detect-virt --quiet --container; then
declare -g container_macros
container_macros=$(mktemp /etc/rpm/macros.zXXXXXX)
printf '%s\n' '%_netsharedpath /sys:/proc' > "$container_macros"
elif [[ -d /sys/firmware/efi/ ]]; then
declare -g update_efi declare -g update_efi
update_efi=true update_efi=true
fi fi
@ -946,13 +1075,15 @@ fix_efi () (
# Download and verify the Rocky Linux package signing key # Download and verify the Rocky Linux package signing key
establish_gpg_trust () { establish_gpg_trust () {
# create temp dir and verify it is really created and empty, so we are sure deleting it afterwards won't cause any harm # create temp dir and verify it is really created and empty, so we are sure
# deleting it afterwards won't cause any harm
declare -g gpg_tmp_dir declare -g gpg_tmp_dir
gpg_tmp_dir=$tmp_dir/gpg gpg_tmp_dir=$tmp_dir/gpg
if ! mkdir "$gpg_tmp_dir" || [[ ! -d "$gpg_tmp_dir" ]]; then if ! mkdir "$gpg_tmp_dir" || [[ ! -d "$gpg_tmp_dir" ]]; then
exit_message "Error creating temp dir" exit_message "Error creating temp dir"
fi fi
# failglob makes pathname expansion fail if empty, dotglob adds files starting with . to pathname expansion # failglob makes pathname expansion fail if empty, dotglob adds files
# starting with . to pathname expansion
if ( shopt -s failglob dotglob; : "$gpg_tmp_dir"/* ) 2>/dev/null ; then if ( shopt -s failglob dotglob; : "$gpg_tmp_dir"/* ) 2>/dev/null ; then
exit_message "Temp dir not empty" exit_message "Temp dir not empty"
fi fi