Because the RHUI client RPMs for RHEL-9 don't exist yet, these test
cases use the RHUI client RPMs for RHEL-8 to satisfy the required
package set. These RPMs contain the entitlement certificate and repo
definitions for RHEL-8 AWS RHUI repos, but RHUI will not work without
the image being imported with the proper Billing Code to AWS. So these
installed RHUI RPMs are technically useless on the RHEL-9 image, but
this approach is good enough to allow us to at least build and test
these images from configuration point of view.
Regenerate all image test cases because of the updated repositories.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Temporarily use the RHEL-8 RHUI client repo, because RHUI for RHEL-9
does not exist yet. Using at least RHEL-8 RHUI repo for EC2 images
allows us to at least successfully build them and inspect them.
Update all RHEL-9 repos to the latest snapshot to ensure the consistency
of package split among repositories.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
The content of `/usr/lib/tmpfiles.d/rpm-ostree-1-autovar.conf` is
dynamically created and its lines are not ordered deterministically.
This causes the rpm-ostree based image test cases to fail often on
Fedora, because the diff of the expected and actual image-info report
always produces some different lines.
Add a new option `-skip-tmpfilesd-path` to `osbuild-image-tests`
accepting a tmpfiles.d configuration path, which should be ignored when
comparing the expected and actual image-info report. The option can be
specified multiple times and all paths will be ignored.
Modify the `image_tests.sh` test case to use the new option and ignore the
`/usr/lib/tmpfiles.d/rpm-ostree-1-autovar.conf` file when testing Fedora
images.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Regenerate affected image test cases with the image-info fix (affecting
mainly `tar` image type) and with the latest upstream `osbuild` build
(affecting rhel-85 qcow2 images).
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Add a new option `--repofrompath` allowing to specify additional DNF
repositories, which will be used on the Runner when installing any
packages (such as osbuild).
Extend the `test/README.md` to mention the new option. In addition,
specify some aspects of the script in more detail, because some of
them were not easy to figure out by users.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
In some cases, e.g. when analysing an extracted `tar` image, it could
happen that the tools used by `image-info` to analyse the image could
modify its content (e.g. create new files which were originally not on
the image). This is especially an issue with `rpm`, which DB backend
seemed to create files in `/var/lib/rpm/` when run.
Ensure that the analysed directory can not be modified by bind-mounting
it as a read only, before the analysis.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
This is a confusing part of the startup process. We have changed the naming
and we also added the cross distro building feature. It is unclear which
files are loaded and from where (if /etc or /usr).
Log the files that are loaded so every user can clearly see what
configuration osbuild-composer uses. This complements the log of loaded
configuration.
Never expiring metadata by default leads to surprising behavior
especially for our long-running services. The overhead of expiration
is small but noticeable, attempt some compromise.
This should all be revisited to make dnf-json handle caches better
and be more performant.
One branch of the analyse_directory() function's if statement used
undefined variable `repo`. Copy its existing definition already used in
the function.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Use the `subprocess_check_output()` wrapper function in the
`read_selinux_ctx_mismatch()` parser function, instead of
directly calling `subprocess.check_output()`.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Extend the report to list also all documentation files, which are
normally part of the installed RPM packages, but were not installed
on the system. This can happen e.g. when '--excludedocs' option
is used when installing packages using rpm.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Read uncommented lined from /etc/resolv.conf and add them as a list to
the image-info report. The list of lines is present in the report even
if it is empty, so that the report is explicit about the file content
and presence.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Extend image-info to read systemd service unit drop-ins from
multiple paths:
- /etc/systemd/system/*.service.d
- /usr/lib/systemd/system/*.service.d
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Add a .gitleaks.toml file that lists all the test passwords and paths to
keys that should be ignored by the security scanner. This avoids false
positives so we can enable the scanner to catch actual leaks.
Closes#1747
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
