sig_core/toolkit
sig_core/toolkit
7
2
Fork 3
Code Issues 6 Pull Requests 2 Actions Projects Releases Wiki Activity

Compare commits

merge into: sig_core:fresh-empanadas
Branches Tags
sig_core:devel
sig_core:fresh-empanadas
sig_core:main
sig_core:update/readme
sig_core:feature/variant-images-download
sig_core:fixes/el8
sig_core:feature/imagebuild
sig_core:feature/iso-kube
...
pull from: sig_core:devel
Branches Tags
sig_core:devel
sig_core:fresh-empanadas
sig_core:main
sig_core:update/readme
sig_core:feature/variant-images-download
sig_core:fixes/el8
sig_core:feature/imagebuild
sig_core:feature/iso-kube

13 Commits
fresh-empa ... devel

Author SHA1 Message Date
Louis Abel
2cb5ae42b9
fix safednf
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 4s
Details
Build empanada container images for lorax / buildx (push) Successful in 1s
Details
2024-10-29 23:35:13 -07:00
Louis Abel
96f8877d1b
dnf4 is required for reposync
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 5s
Details
Build empanada container images for lorax / buildx (push) Successful in 1s
Details
2024-10-29 13:10:26 -07:00
Louis Abel
1470e590d3
add group auditor 1/?
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 4s
Details
Build empanada container images for lorax / buildx (push) Successful in 1s
Details
2024-10-18 14:24:26 -07:00
Louis Abel
546f8b4687
look at host category for ALL
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 4s
Details
Build empanada container images for lorax / buildx (push) Successful in 1s
Details
2024-10-18 12:35:08 -07:00
Louis Abel
7f3a4b4761
add shim unsigned to parser part 2
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 5s
Details
Build empanada container images for lorax / buildx (push) Successful in 1s
Details
2024-10-17 15:37:44 -07:00
Louis Abel
4906749ed0
add shim unsigned to parser 2024-10-17 15:37:15 -07:00
Louis Abel
1a45143b00
fix rs for generators
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 4s
Details
Build empanada container images for lorax / buildx (push) Successful in 1s
Details
2024-10-17 15:14:16 -07:00
Louis Abel
fc0b738c75
add notice for 0 hosts
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 4s
Details
Build empanada container images for lorax / buildx (push) Successful in 1s
Details
2024-10-17 12:25:31 -07:00
Louis Abel
689e7aa793
mangle: separate hbac hosts by lists
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 5s
Details
Build empanada container images for lorax / buildx (push) Successful in 1s
Details
2024-10-17 11:55:14 -07:00
Louis Abel
9c1b828ab7
remove resilient storage from r10
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 4s
Details
Build empanada container images for lorax / buildx (push) Successful in 1s
Details
2024-10-17 10:01:56 -07:00
Louis Abel
448b8c035b
mangle/ipa: all hbac access supersedes everything else
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 5s
Details
Build empanada container images for lorax / buildx (push) Successful in 1s
Details
2024-10-16 10:17:09 -07:00
Louis Abel
a6f4632d66
prepare for 9.5 builds
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 5s
Details
Build empanada container images for lorax / buildx (push) Successful in 1s
Details
2024-10-16 01:29:40 -07:00
Louis Abel
08d8995344
Use label=disable to prevent context changes
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 6s
Details
Build empanada container images for lorax / buildx (push) Successful in 1s
Details
2024-10-07 15:09:06 -07:00
22 changed files with 162 additions and 44 deletions
Show Stats Expand all files Collapse all files

4
iso/empanadas/empanadas/configs/el10.yaml
View File

@ -31,7 +31,6 @@
- 'AppStream' - 'AppStream'
- 'CRB' - 'CRB'
- 'HighAvailability' - 'HighAvailability'
- 'ResilientStorage'
- 'RT' - 'RT'
- 'NFV' - 'NFV'
- 'SAP' - 'SAP'
@ -190,9 +189,6 @@
HighAvailability: HighAvailability:
- BaseOS - BaseOS
- AppStream - AppStream
ResilientStorage:
- BaseOS
- AppStream
RT: RT:
- BaseOS - BaseOS
- AppStream - AppStream

4
iso/empanadas/empanadas/configs/el10lh.yaml
View File

@ -31,7 +31,6 @@
- 'AppStream' - 'AppStream'
- 'CRB' - 'CRB'
- 'HighAvailability' - 'HighAvailability'
- 'ResilientStorage'
- 'RT' - 'RT'
- 'NFV' - 'NFV'
- 'SAP' - 'SAP'
@ -190,9 +189,6 @@
HighAvailability: HighAvailability:
- BaseOS - BaseOS
- AppStream - AppStream
ResilientStorage:
- BaseOS
- AppStream
RT: RT:
- BaseOS - BaseOS
- AppStream - AppStream

8
iso/empanadas/empanadas/configs/el9-beta.yaml
View File

@ -1,10 +1,10 @@
--- ---
'9-beta': '9-beta':
fullname: 'Rocky Linux 9.4' fullname: 'Rocky Linux 9.5'
revision: '9.4' revision: '9.5'
rclvl: 'BETA1' rclvl: 'BETA1'
major: '9' major: '9'
minor: '4' minor: '5'
profile: '9-beta' profile: '9-beta'
disttag: 'el9' disttag: 'el9'
code: "Blue Onyx" code: "Blue Onyx"
@ -20,7 +20,7 @@
- ppc64le - ppc64le
- s390x - s390x
provide_multilib: True provide_multilib: True
project_id: 'df5bcbfc-ba83-4da8-84d6-ae0168921b4d' project_id: 'ae163d6a-f050-484f-bbaa-100ca673f146'
repo_symlinks: repo_symlinks:
NFV: 'nfv' NFV: 'nfv'
renames: renames:

8
iso/empanadas/empanadas/configs/el9lh.yaml
View File

@ -1,10 +1,10 @@
--- ---
'9-lookahead': '9-lookahead':
fullname: 'Rocky Linux 9.5' fullname: 'Rocky Linux 9.6'
revision: '9.5' revision: '9.6'
rclvl: 'LH1' rclvl: 'LH1'
major: '9' major: '9'
minor: '5' minor: '6'
profile: '9-lookahead' profile: '9-lookahead'
disttag: 'el9' disttag: 'el9'
code: "Blue Onyx" code: "Blue Onyx"
@ -20,7 +20,7 @@
- ppc64le - ppc64le
- s390x - s390x
provide_multilib: True provide_multilib: True
project_id: '6794b5a8-290b-4d0d-ad5a-47164329cbb0' project_id: 'ae163d6a-f050-484f-bbaa-100ca673f146'
repo_symlinks: repo_symlinks:
NFV: 'nfv' NFV: 'nfv'
renames: renames:

8
iso/empanadas/empanadas/util/dnf_utils.py
View File

@ -560,7 +560,7 @@ class RepoSync:
#print(entry_name_list) #print(entry_name_list)
for pod in entry_name_list: for pod in entry_name_list:
podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}:z" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format(
cmd, cmd,
self.compose_root, self.compose_root,
self.compose_root, self.compose_root,
@ -714,7 +714,7 @@ class RepoSync:
self.log.info('Spawning pods for %s' % repo) self.log.info('Spawning pods for %s' % repo)
for pod in repoclosure_entry_name_list: for pod in repoclosure_entry_name_list:
podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}:z" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format(
cmd, cmd,
self.compose_root, self.compose_root,
self.compose_root, self.compose_root,
@ -1509,7 +1509,7 @@ class RepoSync:
self.log.info('Spawning pods for %s' % repo) self.log.info('Spawning pods for %s' % repo)
for pod in repoclosure_entry_name_list: for pod in repoclosure_entry_name_list:
podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}:z" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format(
cmd, cmd,
self.compose_root, self.compose_root,
self.compose_root, self.compose_root,
@ -2045,7 +2045,7 @@ class SigRepoSync:
#print(entry_name_list) #print(entry_name_list)
for pod in entry_name_list: for pod in entry_name_list:
podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}:z" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format(
cmd, cmd,
self.compose_root, self.compose_root,
self.compose_root, self.compose_root,

2
iso/empanadas/empanadas/util/iso_utils.py
View File

@ -1022,7 +1022,7 @@ class IsoBuild:
checksum_list.append(latestname) checksum_list.append(latestname)
for pod in entry_name_list: for pod in entry_name_list:
podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format(
cmd, cmd,
self.compose_root, self.compose_root,
self.compose_root, self.compose_root,

1
mangle/generators/common.py
View File

@ -47,7 +47,6 @@ class common:
'CRB': ['aarch64', 'ppc64le', 's390x', 'x86_64'], 'CRB': ['aarch64', 'ppc64le', 's390x', 'x86_64'],
'HighAvailability': ['aarch64', 'ppc64le', 's390x', 'x86_64'], 'HighAvailability': ['aarch64', 'ppc64le', 's390x', 'x86_64'],
'NFV': ['x86_64'], 'NFV': ['x86_64'],
'ResilientStorage': ['ppc64le', 's390x', 'x86_64'],
'RT': ['x86_64'], 'RT': ['x86_64'],
'SAP': ['ppc64le', 's390x', 'x86_64'], 'SAP': ['ppc64le', 's390x', 'x86_64'],
'SAPHANA': ['ppc64le', 'x86_64'] 'SAPHANA': ['ppc64le', 'x86_64']

2
mangle/generators/common_10
View File

@ -1,6 +1,6 @@
# To be sourced by scripts to use # To be sourced by scripts to use
REPO=("BaseOS" "AppStream" "CRB" "HighAvailability" "ResilientStorage" "NFV" "RT" "SAP" "SAPHANA") REPO=("BaseOS" "AppStream" "CRB" "HighAvailability" "NFV" "RT" "SAP" "SAPHANA")
ARCH=("aarch64" "ppc64le" "s390x" "x86_64") ARCH=("aarch64" "ppc64le" "s390x" "x86_64")
MAJOR="10" MAJOR="10"

8
mangle/generators/generate_prepopulate_from_epr
View File

@ -9,6 +9,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER=$MAJOR export RLVER=$MAJOR
source common source common
@ -20,7 +26,7 @@ eln_repo_url="${ELN_KOJI_REPO}/${tag_template}/latest"
pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; } pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${tag_template},${eln_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${tag_template},${eln_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${tag_template}/${y}/repodata" mkdir -p "${tag_template}/${y}/repodata"
pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

8
mangle/generators/generate_prepopulate_from_kpr
View File

@ -9,6 +9,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER=$MAJOR export RLVER=$MAJOR
source common source common
@ -20,7 +26,7 @@ stream_repo_url="${STREAM_KOJI_REPO}/${tag_template}/latest"
pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; } pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${tag_template},${stream_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${tag_template},${stream_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${tag_template}/${y}/repodata" mkdir -p "${tag_template}/${y}/repodata"
pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

6
mangle/generators/generate_prepopulate_from_pungi
View File

@ -10,6 +10,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
# Verify the date format # Verify the date format
echo "${DATE}" | grep -Eq '[0-9]+\.[0-9]' echo "${DATE}" | grep -Eq '[0-9]+\.[0-9]'
grep_val=$? grep_val=$?

6
mangle/generators/generate_prepopulate_from_pungi_latest
View File

@ -9,6 +9,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER=$MAJOR export RLVER=$MAJOR
source common source common

8
mangle/generators/generate_prepopulate_from_self_lh
View File

@ -9,6 +9,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER=$MAJOR export RLVER=$MAJOR
source common source common
@ -21,7 +27,7 @@ stream_repo_url="https://kojidev.rockylinux.org/kojifiles/repos/${tag_template}/
pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; } pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for y in x86_64 aarch64 i386; do for y in x86_64 aarch64 i386; do
repodatas=( $(dnf reposync --repofrompath ${str_template},${stream_repo_url}/${y} --download-metadata --repoid=${str_template} -p ${str_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${str_template},${stream_repo_url}/${y} --download-metadata --repoid=${str_template} -p ${str_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${str_template}/${y}/repodata" mkdir -p "${str_template}/${y}/repodata"
pushd "${str_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${str_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

8
mangle/generators/generate_prepopulate_from_stream
View File

@ -10,6 +10,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
# Verify the date format # Verify the date format
echo "${DATE}" | grep -Eq '[0-9]+\.[0-9]' echo "${DATE}" | grep -Eq '[0-9]+\.[0-9]'
grep_val=$? grep_val=$?
@ -31,7 +37,7 @@ pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for x in "${REPO[@]}"; do for x in "${REPO[@]}"; do
echo "Working on ${x}" echo "Working on ${x}"
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${x}/${y}/repodata" mkdir -p "${x}/${y}/repodata"
pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

14
mangle/generators/generate_prepopulate_from_stream_10
View File

@ -10,6 +10,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
# Verify the date format # Verify the date format
echo "${DATE}" | grep -Eq '[0-9]+\.[0-9]' echo "${DATE}" | grep -Eq '[0-9]+\.[0-9]'
grep_val=$? grep_val=$?
@ -27,11 +33,17 @@ current=$(pwd)
tmpdir=$(mktemp -d) tmpdir=$(mktemp -d)
stream_compose_url="https://composes.stream.centos.org/stream-${MAJOR}/production/CentOS-Stream-${MAJOR}-${DATE}/compose" stream_compose_url="https://composes.stream.centos.org/stream-${MAJOR}/production/CentOS-Stream-${MAJOR}-${DATE}/compose"
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; } pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for x in "${REPO[@]}"; do for x in "${REPO[@]}"; do
echo "Working on ${x}" echo "Working on ${x}"
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${x}/${y}/repodata" mkdir -p "${x}/${y}/repodata"
pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

8
mangle/generators/generate_versions_from_kpr
View File

@ -9,6 +9,12 @@ else
exit 1 exit 1
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER="${MAJOR}" export RLVER="${MAJOR}"
source common source common
@ -20,7 +26,7 @@ stream_repo_url="${STREAM_KOJI_REPO}/${tag_template}/latest"
pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; } pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${tag_template},${stream_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${tag_template},${stream_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${tag_template}/${y}/repodata" mkdir -p "${tag_template}/${y}/repodata"
pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

8
mangle/generators/generate_versions_from_ppr
View File

@ -13,6 +13,12 @@ if [ -n "$2" ] && [[ "$2" == "lh" ]]; then
export LH="lh" export LH="lh"
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER="${MAJOR}" export RLVER="${MAJOR}"
source common source common
@ -24,7 +30,7 @@ peridot_repo_url="${PERIDOT_REPO}/${PERIDOT_PROJECT_ID}/repo/${tag_template}"
pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; } pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${tag_template},${peridot_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${tag_template},${peridot_repo_url}/${y} --download-metadata --repoid=${tag_template} -p ${tag_template}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${tag_template}/${y}/repodata" mkdir -p "${tag_template}/${y}/repodata"
pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${tag_template}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

8
mangle/generators/generate_versions_from_stream
View File

@ -18,6 +18,12 @@ if [ "$grep_val" -ne 0 ]; then
echo "Date format incorrect. You must use: YYYYMMDD.X" echo "Date format incorrect. You must use: YYYYMMDD.X"
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER="${MAJOR}" export RLVER="${MAJOR}"
source common source common
@ -30,7 +36,7 @@ pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for x in "${REPO[@]}"; do for x in "${REPO[@]}"; do
echo "Working on ${x}" echo "Working on ${x}"
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${x}/${y}/repodata" mkdir -p "${x}/${y}/repodata"
pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

8
mangle/generators/generate_versions_from_stream_10
View File

@ -18,6 +18,12 @@ if [ "$grep_val" -ne 0 ]; then
echo "Date format incorrect. You must use: YYYYMMDD.X" echo "Date format incorrect. You must use: YYYYMMDD.X"
fi fi
if [ -f /usr/bin/dnf4 ]; then
SAFEDNF=/usr/bin/dnf4
else
SAFEDNF=/usr/bin/dnf
fi
export RLVER="${MAJOR}" export RLVER="${MAJOR}"
source common source common
@ -31,7 +37,7 @@ pushd "${tmpdir}" || { echo "Could not change directory"; exit 1; }
for x in "${REPO[@]}"; do for x in "${REPO[@]}"; do
echo "Working on ${x}" echo "Working on ${x}"
for y in "${ARCH[@]}"; do for y in "${ARCH[@]}"; do
repodatas=( $(dnf reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) ) repodatas=( $($SAFEDNF reposync --repofrompath ${x},${stream_compose_url}/${x}/${y}/os --download-metadata --repoid=${x} -p ${x}/${y} --forcearch ${y} --norepopath --remote-time --assumeyes -u | grep repodata) )
mkdir -p "${x}/${y}/repodata" mkdir -p "${x}/${y}/repodata"
pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; } pushd "${x}/${y}/repodata" || { echo "Could not change directory"; exit 1; }
for z in "${repodatas[@]}"; do for z in "${repodatas[@]}"; do

2
mangle/generators/prepopulate_parser.py
View File

@ -12,6 +12,8 @@ IGNORES = [
'insights-client', 'insights-client',
'lorax-templates-rhel', 'lorax-templates-rhel',
'shim', 'shim',
'shim-unsigned-x64',
'shim-unsigned-aarch64',
'redhat-cloud-client-configuration', 'redhat-cloud-client-configuration',
'rhc', 'rhc',
'rhc-worker-playbook', 'rhc-worker-playbook',

3
mangle/generators/version_parser.py
View File

@ -20,6 +20,9 @@ REPOS = switcher.rlver(results.version,
# Source packages we do not ship or are rocky branded # Source packages we do not ship or are rocky branded
IGNORES = [ IGNORES = [
'insights-client', 'insights-client',
'shim',
'shim-unsigned-x64',
'shim-unsigned-aarch64',
'redhat-cloud-client-configuration', 'redhat-cloud-client-configuration',
'rhc', 'rhc',
'rhc-worker-playbook', 'rhc-worker-playbook',

74
mangle/ipa/ipaauditor.py
View File

@ -304,7 +304,7 @@ class IPAAudit:
} }
print('User Information') print('User Information')
print('----------------------------------------') print('------------------------------------------')
for key, value in starter_user.items(): for key, value in starter_user.items():
if len(value) > 0: if len(value) > 0:
print(f'{key: <16}{value}') print(f'{key: <16}{value}')
@ -312,14 +312,54 @@ class IPAAudit:
if deep: if deep:
group_list = [] if not user_results.get('memberof_group', None) else user_results['memberof_group'] group_list = [] if not user_results.get('memberof_group', None) else user_results['memberof_group']
IPAAudit.user_deep_list(api, name, group_list) hbac_list = [] if not user_results.get('memberof_hbacrule', None) else user_results['memberof_hbacrule']
IPAAudit.user_deep_list(api, name, group_list, hbac_list)
@staticmethod @staticmethod
def group_pull(api, name, deep): def group_pull(api, name, deep):
""" """
Gets requested rbac info Gets requested rbac info
""" """
print() try:
group_results = IPAQuery.group_data(api, name)
except:
print(f'Could not find {name}', sys.stderr)
sys.exit(1)
group_name = '' if not group_results.get('cn', None) else group_results['cn'][0]
group_gidnum = '' if not group_results.get('gidnumber', None) else group_results['gidnumber'][0]
group_members_direct = [] if not group_results.get('member_user', None) else group_results['member_user']
group_members_indirect = [] if not group_results.get('memberindirect_user', None) else group_results['memberindirect_user']
group_members = list(group_members_direct) + list(group_members_indirect)
num_of_group_members = str(len(group_members))
group_hbacs_direct = [] if not group_results.get('memberof_hbacrule', None) else group_results['memberof_hbacrule']
group_hbacs_indirect = [] if not group_results.get('memberofindirect_hbacrule', None) else group_results['memberofindirect_hbacrule']
group_hbacs = list(group_hbacs_direct) + list(group_hbacs_indirect)
num_of_hbacs = str(len(group_hbacs))
group_sudo_direct = [] if not group_results.get('memberof_sudorule', None) else group_results['memberof_sudorule']
group_sudo_indirect = [] if not group_results.get('memberofindirect_sudorule', None) else group_results['memberofindirect_sudorule']
group_sudos = list(group_sudo_direct) + list(group_sudo_indirect)
num_of_sudos = str(len(group_sudos))
starter_group = {
'Group name': group_name,
'GID': group_gidnum,
'Number of Users': num_of_group_members,
'Number of HBAC Rules': num_of_hbacs,
'Number of SUDO Rules': num_of_sudos,
}
print('Group Information')
print('------------------------------------------')
for key, value in starter_group.items():
if len(value) > 0:
print(f'{key: <24}{value}')
print('')
if deep:
IPAAudit.group_deep_list(api, name, group_members, group_hbacs, group_sudos)
@staticmethod @staticmethod
def hbac_pull(api, name, deep): def hbac_pull(api, name, deep):
@ -463,14 +503,13 @@ class IPAAudit:
print(f'{key: <24}{value}') print(f'{key: <24}{value}')
@staticmethod @staticmethod
def user_deep_list(api, user, groups): def user_deep_list(api, user, groups, hbacs):
""" """
Does a recursive dig on a user Does a recursive dig on a user
""" """
hbac_rule_list = [] hbac_rule_list = list(hbacs)
hbac_rule_all_hosts = [] hbac_rule_all_hosts = []
host_list = [] host_list = []
hostgroup_list = []
for group in groups: for group in groups:
group_results = IPAQuery.group_data(api, group) group_results = IPAQuery.group_data(api, group)
hbac_list = [] if not group_results.get('memberof_hbacrule', None) else group_results['memberof_hbacrule'] hbac_list = [] if not group_results.get('memberof_hbacrule', None) else group_results['memberof_hbacrule']
@ -481,12 +520,13 @@ class IPAAudit:
# TODO: Add HBAC list (including services) # TODO: Add HBAC list (including services)
# TODO: Add RBAC list # TODO: Add RBAC list
hbac_hosts = [] hbac_host_dict = {}
for hbac in hbac_rule_list: for hbac in hbac_rule_list:
hbac_hosts = []
hbac_results = IPAQuery.hbac_data(api, hbac) hbac_results = IPAQuery.hbac_data(api, hbac)
hbac_host_list = [] if not hbac_results.get('memberhost_host', None) else hbac_results['memberhost_host'] hbac_host_list = [] if not hbac_results.get('memberhost_host', None) else hbac_results['memberhost_host']
hbac_hostgroup_list = [] if not hbac_results.get('memberhost_hostgroup', None) else hbac_results['memberhost_hostgroup'] hbac_hostgroup_list = [] if not hbac_results.get('memberhost_hostgroup', None) else hbac_results['memberhost_hostgroup']
if hbac_results.get('servicecategory'): if hbac_results.get('hostcategory'):
hbac_rule_all_hosts.append(hbac) hbac_rule_all_hosts.append(hbac)
for host in hbac_host_list: for host in hbac_host_list:
@ -497,19 +537,29 @@ class IPAAudit:
host_list = [] if not hostgroup_data.get('member_host', None) else hostgroup_data['member_host'] host_list = [] if not hostgroup_data.get('member_host', None) else hostgroup_data['member_host']
hbac_hosts.extend(host_list) hbac_hosts.extend(host_list)
new_hbac_hosts = sorted(set(hbac_hosts)) hbac_host_dict[hbac] = hbac_hosts
#new_hbac_hosts = sorted(set(hbac_hosts))
print('User Has Access To These Hosts') print('User Has Access To These Hosts')
print('------------------------------------------') print('------------------------------------------')
for hhost in new_hbac_hosts:
print(hhost)
if len(hbac_rule_all_hosts) > 0: if len(hbac_rule_all_hosts) > 0:
print('!! Notice: User has access to ALL hosts from the following rules:') print('!! Notice: User has access to ALL hosts from the following rules:')
hbac_rule_all_hosts = sorted(set(hbac_rule_all_hosts)) hbac_rule_all_hosts = sorted(set(hbac_rule_all_hosts))
for allrule in hbac_rule_all_hosts: for allrule in hbac_rule_all_hosts:
print(allrule) print(allrule)
else:
for hrule in hbac_host_dict:
print()
print(f'HBAC Rule: {hrule}')
print('==========================================')
for h in hbac_host_dict[hrule]:
print(h)
if len(hbac_host_dict[hrule]) == 0:
print('(No hosts set for this rule)')
@staticmethod @staticmethod
def group_deep_list(api, group): def group_deep_list(api, group, members, hbacs, sudos):
""" """
Does a recursive dig on a group Does a recursive dig on a group
""" """