Compare commits

..

26 commits

Author SHA1 Message Date
7bca2041bd
fix: more enablement for using non-peridot repos / local composes 2024-11-12 18:54:09 -05:00
3967432d3d
fix: extra repos processing 2024-11-12 18:54:09 -05:00
79e52d1302
WIP: support running toolkit against staging in addition to Peridot 2024-11-12 18:54:09 -05:00
84e18e6d8d
fix: pass extra repos 2024-11-12 18:54:09 -05:00
f72b1e2107
fix: build el8 isos 2024-11-12 18:54:08 -05:00
1cd70a267f
use /tmp instead of /workdir 2024-11-12 18:54:08 -05:00
163cd9ef66
make the rootfs tarball the main artifact for Containers 2024-11-12 18:54:08 -05:00
1d75180a86
fix: azure needs special handling 2024-11-12 18:54:08 -05:00
f85030a7b1
add EC2, Vagrant, Azure, OCP; upload step 2024-11-12 18:54:08 -05:00
59e613fdcc
implement kiwi backend 2024-11-12 18:54:08 -05:00
eefe2821cc
refactor and support multiple image backends 2024-11-12 18:54:08 -05:00
0bb3867c6a
empanadas: change el9.yaml for 9.5
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 5s
Build empanada container images for lorax / buildx (push) Successful in 1s
2024-11-12 10:27:27 -07:00
78301b7906
sync: change to 9.5
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 5s
Build empanada container images for lorax / buildx (push) Successful in 2s
2024-11-12 10:23:15 -07:00
2cb5ae42b9
fix safednf
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 4s
Build empanada container images for lorax / buildx (push) Successful in 1s
2024-10-29 23:35:13 -07:00
96f8877d1b
dnf4 is required for reposync
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 5s
Build empanada container images for lorax / buildx (push) Successful in 1s
2024-10-29 13:10:26 -07:00
1470e590d3
add group auditor 1/?
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 4s
Build empanada container images for lorax / buildx (push) Successful in 1s
2024-10-18 14:24:26 -07:00
546f8b4687
look at host category for ALL
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 4s
Build empanada container images for lorax / buildx (push) Successful in 1s
2024-10-18 12:35:08 -07:00
7f3a4b4761
add shim unsigned to parser part 2
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 5s
Build empanada container images for lorax / buildx (push) Successful in 1s
2024-10-17 15:37:44 -07:00
4906749ed0
add shim unsigned to parser 2024-10-17 15:37:15 -07:00
1a45143b00
fix rs for generators
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 4s
Build empanada container images for lorax / buildx (push) Successful in 1s
2024-10-17 15:14:16 -07:00
fc0b738c75
add notice for 0 hosts
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 4s
Build empanada container images for lorax / buildx (push) Successful in 1s
2024-10-17 12:25:31 -07:00
689e7aa793
mangle: separate hbac hosts by lists
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 5s
Build empanada container images for lorax / buildx (push) Successful in 1s
2024-10-17 11:55:14 -07:00
9c1b828ab7
remove resilient storage from r10
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 4s
Build empanada container images for lorax / buildx (push) Successful in 1s
2024-10-17 10:01:56 -07:00
448b8c035b
mangle/ipa: all hbac access supersedes everything else
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 5s
Build empanada container images for lorax / buildx (push) Successful in 1s
2024-10-16 10:17:09 -07:00
a6f4632d66
prepare for 9.5 builds
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 5s
Build empanada container images for lorax / buildx (push) Successful in 1s
2024-10-16 01:29:40 -07:00
08d8995344
Use label=disable to prevent context changes
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 6s
Build empanada container images for lorax / buildx (push) Successful in 1s
2024-10-07 15:09:06 -07:00
24 changed files with 172 additions and 54 deletions

View file

@ -31,7 +31,6 @@
- 'AppStream' - 'AppStream'
- 'CRB' - 'CRB'
- 'HighAvailability' - 'HighAvailability'
- 'ResilientStorage'
- 'RT' - 'RT'
- 'NFV' - 'NFV'
- 'SAP' - 'SAP'
@ -190,9 +189,6 @@
HighAvailability: HighAvailability:
- BaseOS - BaseOS
- AppStream - AppStream
ResilientStorage:
- BaseOS
- AppStream
RT: RT:
- BaseOS - BaseOS
- AppStream - AppStream

View file

@ -31,7 +31,6 @@
- 'AppStream' - 'AppStream'
- 'CRB' - 'CRB'
- 'HighAvailability' - 'HighAvailability'
- 'ResilientStorage'
- 'RT' - 'RT'
- 'NFV' - 'NFV'
- 'SAP' - 'SAP'
@ -190,9 +189,6 @@
HighAvailability: HighAvailability:
- BaseOS - BaseOS
- AppStream - AppStream
ResilientStorage:
- BaseOS
- AppStream
RT: RT:
- BaseOS - BaseOS
- AppStream - AppStream

View file

@ -1,10 +1,10 @@
--- ---
'9-beta': '9-beta':
fullname: 'Rocky Linux 9.4' fullname: 'Rocky Linux 9.6'
revision: '9.4' revision: '9.6'
rclvl: 'BETA1' rclvl: 'BETA1'
major: '9' major: '9'
minor: '4' minor: '6'
profile: '9-beta' profile: '9-beta'
disttag: 'el9' disttag: 'el9'
code: "Blue Onyx" code: "Blue Onyx"
@ -20,7 +20,7 @@
- ppc64le - ppc64le
- s390x - s390x
provide_multilib: True provide_multilib: True
project_id: 'df5bcbfc-ba83-4da8-84d6-ae0168921b4d' project_id: 'ae163d6a-f050-484f-bbaa-100ca673f146'
repo_symlinks: repo_symlinks:
NFV: 'nfv' NFV: 'nfv'
renames: renames:

View file

@ -1,10 +1,10 @@
--- ---
'9': '9':
fullname: 'Rocky Linux 9.4' fullname: 'Rocky Linux 9.5'
revision: '9.4' revision: '9.5'
rclvl: 'RC1' rclvl: 'RC1'
major: '9' major: '9'
minor: '4' minor: '5'
profile: '9' profile: '9'
disttag: 'el9' disttag: 'el9'
code: "Blue Onyx" code: "Blue Onyx"
@ -20,7 +20,7 @@
- ppc64le - ppc64le
- s390x - s390x
provide_multilib: True provide_multilib: True
project_id: 'df5bcbfc-ba83-4da8-84d6-ae0168921b4d' project_id: 'ae163d6a-f050-484f-bbaa-100ca673f146'
repo_symlinks: repo_symlinks:
NFV: 'nfv' NFV: 'nfv'
renames: renames:

View file

@ -1,10 +1,10 @@
--- ---
'9-lookahead': '9-lookahead':
fullname: 'Rocky Linux 9.5' fullname: 'Rocky Linux 9.6'
revision: '9.5' revision: '9.6'
rclvl: 'LH1' rclvl: 'LH1'
major: '9' major: '9'
minor: '5' minor: '6'
profile: '9-lookahead' profile: '9-lookahead'
disttag: 'el9' disttag: 'el9'
code: "Blue Onyx" code: "Blue Onyx"
@ -20,7 +20,7 @@
- ppc64le - ppc64le
- s390x - s390x
provide_multilib: True provide_multilib: True
project_id: '6794b5a8-290b-4d0d-ad5a-47164329cbb0' project_id: 'ae163d6a-f050-484f-bbaa-100ca673f146'
repo_symlinks: repo_symlinks:
NFV: 'nfv' NFV: 'nfv'
renames: renames:

View file

@ -568,7 +568,7 @@ class RepoSync:
#print(entry_name_list) #print(entry_name_list)
for pod in entry_name_list: for pod in entry_name_list:
podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}:z" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format(
cmd, cmd,
self.compose_root, self.compose_root,
self.compose_root, self.compose_root,
@ -722,7 +722,7 @@ class RepoSync:
self.log.info('Spawning pods for %s' % repo) self.log.info('Spawning pods for %s' % repo)
for pod in repoclosure_entry_name_list: for pod in repoclosure_entry_name_list:
podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}:z" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format(
cmd, cmd,
self.compose_root, self.compose_root,
self.compose_root, self.compose_root,
@ -1518,7 +1518,7 @@ class RepoSync:
self.log.info('Spawning pods for %s' % repo) self.log.info('Spawning pods for %s' % repo)
for pod in repoclosure_entry_name_list: for pod in repoclosure_entry_name_list:
podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}:z" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format(
cmd, cmd,
self.compose_root, self.compose_root,
self.compose_root, self.compose_root,
@ -2054,7 +2054,7 @@ class SigRepoSync:
#print(entry_name_list) #print(entry_name_list)
for pod in entry_name_list: for pod in entry_name_list:
podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}:z" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format(
cmd, cmd,
self.compose_root, self.compose_root,
self.compose_root, self.compose_root,

View file

@ -1026,7 +1026,7 @@ class IsoBuild:
checksum_list.append(latestname) checksum_list.append(latestname)
for pod in entry_name_list: for pod in entry_name_list:
podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format(
cmd, cmd,
self.compose_root, self.compose_root,
self.compose_root, self.compose_root,

View file

@ -47,7 +47,6 @@ class common:
'CRB': ['aarch64', 'ppc64le', 's390x', 'x86_64'], 'CRB': ['aarch64', 'ppc64le', 's390x', 'x86_64'],
'HighAvailability': ['aarch64', 'ppc64le', 's390x', 'x86_64'], 'HighAvailability': ['aarch64', 'ppc64le', 's390x', 'x86_64'],
'NFV': ['x86_64'], 'NFV': ['x86_64'],
'ResilientStorage': ['ppc64le', 's390x', 'x86_64'],
'RT': ['x86_64'], 'RT': ['x86_64'],
'SAP': ['ppc64le', 's390x', 'x86_64'], 'SAP': ['ppc64le', 's390x', 'x86_64'],
'SAPHANA': ['ppc64le', 'x86_64'] 'SAPHANA': ['ppc64le', 'x86_64']

View file

@ -1,6 +1,6 @@
# To be sourced by scripts to use # To be sourced by scripts to use
REPO=("BaseOS" "AppStream" "CRB" "HighAvailability" "ResilientStorage" "NFV" "RT" "SAP" "SAPHANA") REPO=("BaseOS" "AppStream" "CRB" "HighAvailability" "NFV" "RT" "SAP" "SAPHANA")
ARCH=("aarch64" "ppc64le" "s390x" "x86_64") ARCH=("aarch64" "ppc64le" "s390x" "x86_64")
MAJOR="10" MAJOR="10"

View file

@ -9,6 +9,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER=$MAJOR export RLVER=$MAJOR
source common source common
@ -20,7 +26,7 @@ eln_repo_url="${ELN_KOJI_REPO}/${tag_template}/latest"
pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; } pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${tag_template},${eln_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${tag_template},${eln_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${tag_template}/${y}/repodata" mkdir -p "${tag_template}/${y}/repodata"
pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

View file

@ -9,6 +9,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER=$MAJOR export RLVER=$MAJOR
source common source common
@ -20,7 +26,7 @@ stream_repo_url="${STREAM_KOJI_REPO}/${tag_template}/latest"
pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; } pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${tag_template},${stream_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${tag_template},${stream_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${tag_template}/${y}/repodata" mkdir -p "${tag_template}/${y}/repodata"
pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

View file

@ -10,6 +10,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
# Verify the date format # Verify the date format
echo "${DATE}" | grep -Eq '[0-9]+\.[0-9]' echo "${DATE}" | grep -Eq '[0-9]+\.[0-9]'
grep_val=$? grep_val=$?

View file

@ -9,6 +9,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER=$MAJOR export RLVER=$MAJOR
source common source common

View file

@ -9,6 +9,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER=$MAJOR export RLVER=$MAJOR
source common source common
@ -21,7 +27,7 @@ stream_repo_url="https://kojidev.rockylinux.org/kojifiles/repos/${tag_template}/
pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; } pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for y in x86_64 aarch64 i386; do for y in x86_64 aarch64 i386; do
repodatas=( $(dnf reposync --repofrompath ${str_template},${stream_repo_url}/${y} --download-metadata --repoid=${str_template} -p ${str_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${str_template},${stream_repo_url}/${y} --download-metadata --repoid=${str_template} -p ${str_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${str_template}/${y}/repodata" mkdir -p "${str_template}/${y}/repodata"
pushd "${str_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${str_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

View file

@ -10,6 +10,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
# Verify the date format # Verify the date format
echo "${DATE}" | grep -Eq '[0-9]+\.[0-9]' echo "${DATE}" | grep -Eq '[0-9]+\.[0-9]'
grep_val=$? grep_val=$?
@ -31,7 +37,7 @@ pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for x in "${REPO[@]}"; do for x in "${REPO[@]}"; do
echo "Working on ${x}" echo "Working on ${x}"
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${x}/${y}/repodata" mkdir -p "${x}/${y}/repodata"
pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

View file

@ -10,6 +10,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
# Verify the date format # Verify the date format
echo "${DATE}" | grep -Eq '[0-9]+\.[0-9]' echo "${DATE}" | grep -Eq '[0-9]+\.[0-9]'
grep_val=$? grep_val=$?
@ -27,11 +33,17 @@ current=$(pwd)
tmpdir=$(mktemp -d) tmpdir=$(mktemp -d)
stream_compose_url="https://composes.stream.centos.org/stream-${MAJOR}/production/CentOS-Stream-${MAJOR}-${DATE}/compose" stream_compose_url="https://composes.stream.centos.org/stream-${MAJOR}/production/CentOS-Stream-${MAJOR}-${DATE}/compose"
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; } pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for x in "${REPO[@]}"; do for x in "${REPO[@]}"; do
echo "Working on ${x}" echo "Working on ${x}"
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${x}/${y}/repodata" mkdir -p "${x}/${y}/repodata"
pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

View file

@ -9,6 +9,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER="${MAJOR}" export RLVER="${MAJOR}"
source common source common
@ -20,7 +26,7 @@ stream_repo_url="${STREAM_KOJI_REPO}/${tag_template}/latest"
pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; } pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${tag_template},${stream_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${tag_template},${stream_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${tag_template}/${y}/repodata" mkdir -p "${tag_template}/${y}/repodata"
pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

View file

@ -13,6 +13,12 @@ if [ -n "$2" ] && [[ "$2" == "lh" ]]; then
export LH="lh" export LH="lh"
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER="${MAJOR}" export RLVER="${MAJOR}"
source common source common
@ -24,7 +30,7 @@ peridot_repo_url="${PERIDOT_REPO}/${PERIDOT_PROJECT_ID}/repo/${tag_template}"
pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; } pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${tag_template},${peridot_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${tag_template},${peridot_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${tag_template}/${y}/repodata" mkdir -p "${tag_template}/${y}/repodata"
pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

View file

@ -18,6 +18,12 @@ if [ "$grep_val" -ne 0 ]; then
echo "Date format incorrect. You must use: YYYYMMDD.X" echo "Date format incorrect. You must use: YYYYMMDD.X"
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER="${MAJOR}" export RLVER="${MAJOR}"
source common source common
@ -30,7 +36,7 @@ pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for x in "${REPO[@]}"; do for x in "${REPO[@]}"; do
echo "Working on ${x}" echo "Working on ${x}"
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${x}/${y}/repodata" mkdir -p "${x}/${y}/repodata"
pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

View file

@ -18,6 +18,12 @@ if [ "$grep_val" -ne 0 ]; then
echo "Date format incorrect. You must use: YYYYMMDD.X" echo "Date format incorrect. You must use: YYYYMMDD.X"
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER="${MAJOR}" export RLVER="${MAJOR}"
source common source common
@ -31,7 +37,7 @@ pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for x in "${REPO[@]}"; do for x in "${REPO[@]}"; do
echo "Working on ${x}" echo "Working on ${x}"
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${x}/${y}/repodata" mkdir -p "${x}/${y}/repodata"
pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

View file

@ -12,6 +12,8 @@ IGNORES = [
'insights-client', 'insights-client',
'lorax-templates-rhel', 'lorax-templates-rhel',
'shim', 'shim',
'shim-unsigned-x64',
'shim-unsigned-aarch64',
'redhat-cloud-client-configuration', 'redhat-cloud-client-configuration',
'rhc', 'rhc',
'rhc-worker-playbook', 'rhc-worker-playbook',

View file

@ -20,6 +20,9 @@ REPOS = switcher.rlver(results.version,
# Source packages we do not ship or are rocky branded # Source packages we do not ship or are rocky branded
IGNORES = [ IGNORES = [
'insights-client', 'insights-client',
'shim',
'shim-unsigned-x64',
'shim-unsigned-aarch64',
'redhat-cloud-client-configuration', 'redhat-cloud-client-configuration',
'rhc', 'rhc',
'rhc-worker-playbook', 'rhc-worker-playbook',

View file

@ -304,7 +304,7 @@ class IPAAudit:
} }
print('User Information') print('User Information')
print('----------------------------------------') print('------------------------------------------')
for key, value in starter_user.items(): for key, value in starter_user.items():
if len(value) > 0: if len(value) > 0:
print(f'{key: <16}{value}') print(f'{key: <16}{value}')
@ -312,14 +312,54 @@ class IPAAudit:
if deep: if deep:
group_list = [] if not user_results.get('memberof_group', None) else user_results['memberof_group'] group_list = [] if not user_results.get('memberof_group', None) else user_results['memberof_group']
IPAAudit.user_deep_list(api, name, group_list) hbac_list = [] if not user_results.get('memberof_hbacrule', None) else user_results['memberof_hbacrule']
IPAAudit.user_deep_list(api, name, group_list, hbac_list)
@staticmethod @staticmethod
def group_pull(api, name, deep): def group_pull(api, name, deep):
""" """
Gets requested rbac info Gets requested rbac info
""" """
print() try:
group_results = IPAQuery.group_data(api, name)
except:
print(f'Could not find {name}', sys.stderr)
sys.exit(1)
group_name = '' if not group_results.get('cn', None) else group_results['cn'][0]
group_gidnum = '' if not group_results.get('gidnumber', None) else group_results['gidnumber'][0]
group_members_direct = [] if not group_results.get('member_user', None) else group_results['member_user']
group_members_indirect = [] if not group_results.get('memberindirect_user', None) else group_results['memberindirect_user']
group_members = list(group_members_direct) + list(group_members_indirect)
num_of_group_members = str(len(group_members))
group_hbacs_direct = [] if not group_results.get('memberof_hbacrule', None) else group_results['memberof_hbacrule']
group_hbacs_indirect = [] if not group_results.get('memberofindirect_hbacrule', None) else group_results['memberofindirect_hbacrule']
group_hbacs = list(group_hbacs_direct) + list(group_hbacs_indirect)
num_of_hbacs = str(len(group_hbacs))
group_sudo_direct = [] if not group_results.get('memberof_sudorule', None) else group_results['memberof_sudorule']
group_sudo_indirect = [] if not group_results.get('memberofindirect_sudorule', None) else group_results['memberofindirect_sudorule']
group_sudos = list(group_sudo_direct) + list(group_sudo_indirect)
num_of_sudos = str(len(group_sudos))
starter_group = {
'Group name': group_name,
'GID': group_gidnum,
'Number of Users': num_of_group_members,
'Number of HBAC Rules': num_of_hbacs,
'Number of SUDO Rules': num_of_sudos,
}
print('Group Information')
print('------------------------------------------')
for key, value in starter_group.items():
if len(value) > 0:
print(f'{key: <24}{value}')
print('')
if deep:
IPAAudit.group_deep_list(api, name, group_members, group_hbacs, group_sudos)
@staticmethod @staticmethod
def hbac_pull(api, name, deep): def hbac_pull(api, name, deep):
@ -463,14 +503,13 @@ class IPAAudit:
print(f'{key: <24}{value}') print(f'{key: <24}{value}')
@staticmethod @staticmethod
def user_deep_list(api, user, groups): def user_deep_list(api, user, groups, hbacs):
""" """
Does a recursive dig on a user Does a recursive dig on a user
""" """
hbac_rule_list = [] hbac_rule_list = list(hbacs)
hbac_rule_all_hosts = [] hbac_rule_all_hosts = []
host_list = [] host_list = []
hostgroup_list = []
for group in groups: for group in groups:
group_results = IPAQuery.group_data(api, group) group_results = IPAQuery.group_data(api, group)
hbac_list = [] if not group_results.get('memberof_hbacrule', None) else group_results['memberof_hbacrule'] hbac_list = [] if not group_results.get('memberof_hbacrule', None) else group_results['memberof_hbacrule']
@ -481,12 +520,13 @@ class IPAAudit:
# TODO: Add HBAC list (including services) # TODO: Add HBAC list (including services)
# TODO: Add RBAC list # TODO: Add RBAC list
hbac_hosts = [] hbac_host_dict = {}
for hbac in hbac_rule_list: for hbac in hbac_rule_list:
hbac_hosts = []
hbac_results = IPAQuery.hbac_data(api, hbac) hbac_results = IPAQuery.hbac_data(api, hbac)
hbac_host_list = [] if not hbac_results.get('memberhost_host', None) else hbac_results['memberhost_host'] hbac_host_list = [] if not hbac_results.get('memberhost_host', None) else hbac_results['memberhost_host']
hbac_hostgroup_list = [] if not hbac_results.get('memberhost_hostgroup', None) else hbac_results['memberhost_hostgroup'] hbac_hostgroup_list = [] if not hbac_results.get('memberhost_hostgroup', None) else hbac_results['memberhost_hostgroup']
if hbac_results.get('servicecategory'): if hbac_results.get('hostcategory'):
hbac_rule_all_hosts.append(hbac) hbac_rule_all_hosts.append(hbac)
for host in hbac_host_list: for host in hbac_host_list:
@ -497,19 +537,29 @@ class IPAAudit:
host_list = [] if not hostgroup_data.get('member_host', None) else hostgroup_data['member_host'] host_list = [] if not hostgroup_data.get('member_host', None) else hostgroup_data['member_host']
hbac_hosts.extend(host_list) hbac_hosts.extend(host_list)
new_hbac_hosts = sorted(set(hbac_hosts)) hbac_host_dict[hbac] = hbac_hosts
#new_hbac_hosts = sorted(set(hbac_hosts))
print('User Has Access To These Hosts') print('User Has Access To These Hosts')
print('------------------------------------------') print('------------------------------------------')
for hhost in new_hbac_hosts:
print(hhost)
if len(hbac_rule_all_hosts) > 0: if len(hbac_rule_all_hosts) > 0:
print('!! Notice: User has access to ALL hosts from the following rules:') print('!! Notice: User has access to ALL hosts from the following rules:')
hbac_rule_all_hosts = sorted(set(hbac_rule_all_hosts)) hbac_rule_all_hosts = sorted(set(hbac_rule_all_hosts))
for allrule in hbac_rule_all_hosts: for allrule in hbac_rule_all_hosts:
print(allrule) print(allrule)
else:
for hrule in hbac_host_dict:
print()
print(f'HBAC Rule: {hrule}')
print('==========================================')
for h in hbac_host_dict[hrule]:
print(h)
if len(hbac_host_dict[hrule]) == 0:
print('(No hosts set for this rule)')
@staticmethod @staticmethod
def group_deep_list(api, group): def group_deep_list(api, group, members, hbacs, sudos):
""" """
Does a recursive dig on a group Does a recursive dig on a group
""" """

View file

@ -3,19 +3,19 @@
# Revision must always start with a major number # Revision must always start with a major number
case "${RLREL}" in case "${RLREL}" in
stable) stable)
REVISION=9.4 REVISION=9.5
PREREV=9.3 PREREV=9.4
APPEND_TO_DIR="-RC1" APPEND_TO_DIR="-RC1"
;; ;;
beta) beta)
REVISION=9.5 REVISION=9.6
PREREV=9.4 PREREV=9.5
APPEND_TO_DIR="-beta" APPEND_TO_DIR="-beta"
COMPOSE_APPEND="-beta" COMPOSE_APPEND="-beta"
;; ;;
lh) lh)
REVISION=9.5 REVISION=9.6
PREREV=9.4 PREREV=9.5
APPEND_TO_DIR="-lookahead" APPEND_TO_DIR="-lookahead"
COMPOSE_APPEND="-lookahead" COMPOSE_APPEND="-lookahead"
;; ;;