After a RHEL conversion any attempt to run subscription-manager would result in
an error. this was due to the RedHat certs having been replaced on the system
during the migration. To fix this we now copy any subscription-manager certs to
a temporary directory and if they have been removed during the migration we copy
them back at the finish. This means that subscription-manager now won't stop
working after a migration from RHEL.
We previously removed color because (1) it was outputting the color codes to the
log file, which we do not want and (2) nobody could agree on what colors to use.
I've reintroduced color now fixing (1) by allowing for separate output to the
log file and the console and only sending the color codes to the console and (2)
well, I've changed the blue for info messages to cyan, hopefully everyone's
happy with that, but I'm open to suggestions on the info color.
There are now three more file descriptors for specialized output control, making a total of 5:
fd1 - This sends to stdout and to the log file.
fd2 - This sends to stderr and the log file.
fd3 - This just sends to stdout.
fd4 - This just sends to stderr.
fd5 - This just sends to the logfile.
There are also three additional functions:
msg_format - Intended to be used by infomsg and errmsg, this accepts a variable
name and one or more string args. If there is just one string after the
variable name then it is copied to the variable verbatim. If there is more than
one then it is taken to be a format specifier and additional args to be passed
to printf (output going to the variable).
infomsg - This will accept either a single arg which contains a verbatim string
or multiple format / args to be processed by printf. The output of this will be
sent to the log file and also color coded and sent to stdout.
errmsg - Like infomsg but it uses the error color and sends output to stderr
instead of stdout.
/etc/issue used to contain a nice ascii-art RockyLinux logo that we would output
when this script was finished, but it doesn't anymore so there is no longer any
value to outputting this file.
Clean up the rocky-tools root dir, the mirror script has it's own subdir too.
This makes rocky-tools scale better. As this breaks existing links, we should
do it as early as possible, before GA.
Katello breaks EL systems to the point where migrate2rocky can't properly
migrate them and any attempt to do so causes major corruption. This prevents
migrate2rocky from running on Katello systems.
When attempting to check if a package exists for a particular provide string
what happened is if an older version of the package was on the system but a
newer version in the repositories then the older (system) version would be
returned by dnf provides, but this could not be translated into a package name
with dnf repoquery because that specific version could not be found in the
repos. The solution was to check rpm first to translate the package name on the
system and then dnf repoquery if rpm doesn't find it.
This brought to light issues when passing arrays of package names to rpm and dnf
which might happen to contain an empty element. In this case rpm and dnf would
consider the empty arg an indicator that it should match all packages on the
system, or all available packages. While we should try to avoid passing arrays
with empty elements, this highlighed a need to make rpm and dnf safer in this
regard, and so there are now saferpm and sfednf functions which simply strip any
empty args before calling the appropriate command with the rest of the args
untouched.
This commit also fixes an issue with output column formatting.
Changed variable names to lowerspace
Added doublequotes to variable usage
Converted opts to an array
Doublebrackets instead of [ ]
Changed to printf instead of echo for logging
Added force to rm
Before this commit, the Rocky system packages like rocky-repos,
rocky-release and similar, were not checked for their gpg signature,
while the rest of the packages were signature checked.
While the system packages were downloaded from https://dl.rockylinux.org,
this still created the risk that someone could attack the CDN infrastructure
behind dl.rockylinux.org and place malicous files there.
With this patch the GPG key is downloaded separately and then compared
against a checksum contained in the script. This adds an extra layer of
security.