The reason is that the key that we use to test the customization uses
SHA-1 in its signature. And this algorithm is no longer allowed by
default on el10 / c10s.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add support for RHSM customizations, which currently allow various
aspects of RHSM. Specifically enabling / disabling DNF plugins shipped
by subscription-manager package and setting a subset of options in the
rhsm.conf.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add support for RPM customizations, which currently allow to import RPM
GPG key from a file installed in the image. This is e.g. done for the
Azure RHUI image type.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Do not schedule gcp.sh on rhel-10 and centos-stream-10. Also improve
loggin for aws.sh and azure.sh as the cloud-image-val testing is
currently not preformed there.
both are defined in CI, but the GOVC_ prefix doesn't match anything
else. Additionally this value is slightly different for vCenter8 and may
lead to failures if not unified.
The cleanup() function cats the httpd log and error file, but did not
use sudo, which failed on permissions. Fix that.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The test case mistakenly takes into consideration also upstream repo
definitions with the 'no-aux-key' suffix, which are however never
installed by RPMs with this name.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
When cleaning up api tests, the build job results are dumped from the
database to store in build-result.txt and are printed to the runner log
at the same time. This makes it very difficult to read results as the
database dump prints very long lines that flood the job log. The result
isn't really readable (or useful) unless the file is downloaded
separately.
Silence the `tee` command so that the file is created but no output is
printed from the db dump.
The regex check is now not needed since we create other shared image metadata on the fly. Plus it was not a good solution for an upstream project, as the regex was only affecting our RH teams internally.
Don't upgrade centos-9-stream repos in the Schutzfile, the newer ones
are broken. Considering CI is broken on main right now, that takes
priority, fixing centos-9 can be done in a followup.
The RPM GPG release key used by Red Hat to sign its content used to be
signed using SHA-1. SHA-1 is no longer accepted on RHEL-10 / c10s and as
a result, such key can't be imported during image build. The RH GPG
release key has been resigned using SHA256 some time ago. Let's use this
version of the key for all RHEL repositories.
The key is taken from:
https://access.redhat.com/security/team/key
Specifically:
https://access.redhat.com/security/data/fd431d51.txt
The second key (auxiliary key 3) was not changed.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
