The RPM GPG release key used by Red Hat to sign its content used to be
signed using SHA-1. SHA-1 is no longer accepted on RHEL-10 / c10s and as
a result, such key can't be imported during image build. The RH GPG
release key has been resigned using SHA256 some time ago. Let's use this
version of the key for all RHEL repositories.
The key is taken from:
https://access.redhat.com/security/team/key
Specifically:
https://access.redhat.com/security/data/fd431d51.txt
The second key (auxiliary key 3) was not changed.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The `assert.Equal()` expects that the "expected" value is put
first. Which is not what I'm used to. It's also slightly inconsistent
because `assert.EqualError()` expects the "actual" err first and
then the expected string. But this commit is not about ranting :)
This commit fixes the order in the tests assert.Equal() so that
mismatches actually are displayed correctly.
This is an alternative/complementary fix for PR#4137. It is very
simple so should be uncontroverisal.
It fixes an issue that @schuellerf discovered, i.e. that when an error
interface is passed into clienterrors.Error.Details the details get
lost because the json.Marshaler will not know how to handler an
error interface.
To find the problematic uses of `error` a custom vet checker was
build in https://github.com/mvo5/osbuild-cvet. With that the
result is:
```
$ go run github.com/mvo5/osbuild-cvet@latest ./...
/home/mvogt/devel/osbuild/osbuild-composer/cmd/osbuild-worker/jobimpl-depsolve.go:93:26: do not pass 'error' to WorkerClientError() details, use error.Error() instead
/home/mvogt/devel/osbuild/osbuild-composer/cmd/osbuild-worker/jobimpl-osbuild.go:404:31: do not pass 'error' to WorkerClientError() details, use error.Error() instead
/home/mvogt/devel/osbuild/osbuild-composer/cmd/osbuild-worker/jobimpl-osbuild.go:519:31: do not pass 'error' to WorkerClientError() details, use error.Error() instead
/home/mvogt/devel/osbuild/osbuild-composer/cmd/osbuild-worker/jobimpl-osbuild.go:556:31: do not pass '[]error' to WorkerClientError() details, use []string instead
```
and once this commit is in no more errors.
Just like PR#4137 this is not perfect because it will not do a
recursive check for the passed argument.
Pass the mock logger directly to `run()` instead of mocking
`logrus.New`. Doing the later leads to a data race when multiple
parallel tests modify the (global) `var logrusNew logrus.New`.
Thanks to Tomas Hozza for reporting.
Do not use the global logger but pass instead the locally created
logger. This means the test output is silent again.
Sadly using the global logger is difficult because it is a global
resource so replacing it in tests means all tests (that are
potentially run in parallel) will write to it which makes testing
specific log output hard.
Note that gosec IMHO is a bit silly here, the heuristics used are
note very good, i.e. the code is already validating the external
inputs and it's not clear to me that "filepath.Clean()" will help
but it seems to supress the error. I hope gosec provides value
in other places, here it seems to be adding work :/
I also excluded "gosec" from any _test.go files, I do not see
why we should gosec tests?
EPEL-10 can't be installed on any of c10s and el10. Previously, the
script would try to install EPEL repositories package on el10 and fail.
In addition, use our "workaround" repository with c10s builds of some
packages (such as koji) also on el10.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
rpmrepo snapshot enumeration is timing out, which is effectively
blocking GitLab CI from running. Disable the check for now to unblock
CI.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
TestMultilibBlueprintDepsolveV0 unit test relies on 'gsl' package and
the availability of its 32 bit and 64 bit versions in the distribution
repositories. However, the package is no longer available in c10s /
el10. Moreover, there are no 32 bit RPMs in the repositories.
Conditionally compile the test only if 'rhel10' build tag is not
specified. Modify the SPEC file to define 'rhelX' build tag when
compiling tests on RHEL, where X is the major version.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
There is no EPEL for RHEL-10 at this moment. Use our own COPR repository
with c10s builds of some packages required by our tests.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
New releases are landing in 9.5 already, so the on-prem version should
reflect that. The service can and does override this using a
configuration.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Previously, the SPEC file was written in the way that c9s and el9 were
the latest major releases of the respective distributions and as such,
they could build images for all previous major versions of the same
distro. With c10s and el10, this is no longer true. Amend the section
which installs repository definitions.
The idea is that:
- c10s / el10 are the latest major version and can build any previous
major version of the same distro.
- Any cs and el distro version can build images for the same major
version.
- c9s can build also c8s / el9 can build also el8 images.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Ansible on fedora 40 seems broken, the default python 3.12 interpreter
doesn't work, 3.10 works but then the dnf module breaks.
Use 3.10 and stop using the dnf module.
