diff --git a/.gitignore b/.gitignore index ea1cd1e..dc328ec 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/sos-4.5.0.tar.gz +SOURCES/sos-4.5.1.tar.gz SOURCES/sos-audit-0.3.tgz diff --git a/.sos.metadata b/.sos.metadata index 8c05a90..144aabb 100644 --- a/.sos.metadata +++ b/.sos.metadata @@ -1,2 +1,2 @@ -d5e166c75250aef01c86a3a9d8c9fcc8db335f4e SOURCES/sos-4.5.0.tar.gz +918b69741255038a99d969cc8b4ceecb7e18034f SOURCES/sos-4.5.1.tar.gz 9d478b9f0085da9178af103078bbf2fd77b0175a SOURCES/sos-audit-0.3.tgz diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/sos-bz2175650-microshift-plugin-oc-command.patch b/SOURCES/sos-bz2175650-microshift-plugin-oc-command.patch new file mode 100644 index 0000000..bc8f83c --- /dev/null +++ b/SOURCES/sos-bz2175650-microshift-plugin-oc-command.patch @@ -0,0 +1,46 @@ +From ff5e73b29b1fcc4c5531654d4f67f808408aa989 Mon Sep 17 00:00:00 2001 +From: Pablo Acevedo Montserrat +Date: Thu, 2 Mar 2023 12:12:06 +0100 +Subject: [PATCH] [microshift] Fix microshift get and add commands + +Drop microshift get usage in favor of oc get commands. +Add version and show-config commands before running inspect. + +Closes https://issues.redhat.com/browse/USHIFT-932 + +Signed-off-by: Pablo Acevedo Montserrat +--- + sos/report/plugins/microshift.py | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/sos/report/plugins/microshift.py b/sos/report/plugins/microshift.py +index 953eb88e..69981d63 100644 +--- a/sos/report/plugins/microshift.py ++++ b/sos/report/plugins/microshift.py +@@ -86,9 +86,10 @@ class Microshift(Plugin, RedHatPlugin): + + def _get_namespaces(self): + res = self.exec_cmd( +- 'microshift get namespaces' ++ 'oc get namespaces' + ' -o custom-columns=NAME:.metadata.name' +- ' --no-headers') ++ ' --no-headers' ++ ' --kubeconfig=%s' % self.get_option('kubeconfig')) + if res['status'] == 0: + return self._reduce_namespace_list(res['output'].split('\n')) + return [] +@@ -146,6 +147,10 @@ class Microshift(Plugin, RedHatPlugin): + which is used to retrieve all API resources from the cluster. + """ + self.add_forbidden_path('/var/lib/microshift') ++ self.add_cmd_output([ ++ 'microshift version', ++ 'microshift show-config -m effective' ++ ]) + + _cluster_resources_to_collect = ",".join( + self._get_cluster_resources()) +-- +2.39.2 + diff --git a/SOURCES/sos-bz2176086-iprconfig-sg-kmod.patch b/SOURCES/sos-bz2176086-iprconfig-sg-kmod.patch new file mode 100644 index 0000000..f39d12c --- /dev/null +++ b/SOURCES/sos-bz2176086-iprconfig-sg-kmod.patch @@ -0,0 +1,56 @@ +From e8dc0e55988b36d0476bcae741652208356f0f07 Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Tue, 7 Mar 2023 10:10:33 +0100 +Subject: [PATCH] [iprconfig] guard whole plugin by sg kmod predicate + +Calling any iprconfig command loads 'sg' kernel module. So guard +collecting anything from the plugin by that kmod predicate. + +Resolves: #3159 + +Signed-off-by: Pavel Moravec +--- + sos/report/plugins/iprconfig.py | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/sos/report/plugins/iprconfig.py b/sos/report/plugins/iprconfig.py +index 6b4fb895..a304107f 100644 +--- a/sos/report/plugins/iprconfig.py ++++ b/sos/report/plugins/iprconfig.py +@@ -9,7 +9,7 @@ + # This plugin enables collection of logs for Power systems + + import re +-from sos.report.plugins import Plugin, IndependentPlugin ++from sos.report.plugins import Plugin, IndependentPlugin, SoSPredicate + + + class IprConfig(Plugin, IndependentPlugin): +@@ -22,6 +22,13 @@ class IprConfig(Plugin, IndependentPlugin): + + def setup(self): + ++ show_ioas = self.collect_cmd_output( ++ "iprconfig -c show-ioas", ++ pred=SoSPredicate(self, kmods=['sg']) ++ ) ++ if not show_ioas['status'] == 0: ++ return ++ + self.add_cmd_output([ + "iprconfig -c show-config", + "iprconfig -c show-alt-config", +@@ -35,10 +42,6 @@ class IprConfig(Plugin, IndependentPlugin): + "iprconfig -c dump" + ]) + +- show_ioas = self.collect_cmd_output("iprconfig -c show-ioas") +- if not show_ioas['status'] == 0: +- return +- + devices = [] + if show_ioas['output']: + p = re.compile('sg') +-- +2.39.2 + diff --git a/SOURCES/sos-bz2176218-sos-clean-tmp.patch b/SOURCES/sos-bz2176218-sos-clean-tmp.patch new file mode 100644 index 0000000..05bb543 --- /dev/null +++ b/SOURCES/sos-bz2176218-sos-clean-tmp.patch @@ -0,0 +1,85 @@ +From d4d4d5509fe4f0e29260b33a1c51bf62297ef0b9 Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Tue, 7 Mar 2023 13:16:02 +0100 +Subject: [PATCH 1/2] [cleaner] dont clean sys_tmp from final_path + +When generating location of final tarball, apply cleaner obfuscation to +the filename but not to the tmp path itself. Otherwise + +sos clean --keywords tmp + +fails in attempt to move file to nonexisting /var/obfuscatedword0 +directory. + +Resolves: #3160 + +Signed-off-by: Pavel Moravec +--- + sos/cleaner/__init__.py | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/sos/cleaner/__init__.py b/sos/cleaner/__init__.py +index d3e32992..b8e4aafd 100644 +--- a/sos/cleaner/__init__.py ++++ b/sos/cleaner/__init__.py +@@ -400,8 +400,9 @@ third party. + cf.write(checksum) + self.write_cleaner_log() + +- final_path = self.obfuscate_string( +- os.path.join(self.sys_tmp, arc_path.split('/')[-1]) ++ final_path = os.path.join( ++ self.sys_tmp, ++ self.obfuscate_string(arc_path.split('/')[-1]) + ) + shutil.move(arc_path, final_path) + arcstat = os.stat(final_path) +-- +2.39.2 + + +From 622a26ee2faff91df03532892ca386c39e36a5fe Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Tue, 7 Mar 2023 17:55:19 +0100 +Subject: [PATCH 2/2] [tests] add a test covering #3160 + +Run the cleaner tests with obfuscating (also) "tmp" to cover files +handling under sys_tmp. + +Related to: #3160 + +Signed-off-by: Pavel Moravec +--- + tests/cleaner_tests/existing_archive.py | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/tests/cleaner_tests/existing_archive.py b/tests/cleaner_tests/existing_archive.py +index e13d1cae..7f31f88e 100644 +--- a/tests/cleaner_tests/existing_archive.py ++++ b/tests/cleaner_tests/existing_archive.py +@@ -89,3 +89,22 @@ class ExistingArchiveCleanTest(StageTwoReportTest): + """Ensure that the 'testuser1' user created at install is obfuscated + """ + self.assertFileNotHasContent('var/log/anaconda/journal.log', 'testuser1') ++ ++class ExistingArchiveCleanTmpTest(StageTwoReportTest): ++ """Continuation of above tests which requires cleaning var / tmp keywords ++ ++ Note that this copies heavily from the full_report_run test. ++ ++ :avocado: tags=stagetwo ++ """ ++ ++ sos_cmd = '-v --keywords var,tmp,avocado --disable-parsers ip,ipv6,mac,username \ ++ --no-update tests/test_data/%s.tar.xz' % ARCHIVE ++ sos_component = 'clean' ++ ++ def test_sys_tmp_not_obfuscated(self): ++ """ Ensure that keywords var, tmp and avocado remains in the final archive ++ path despite they are parts of the --tmp-dir ++ """ ++ self.assertTrue(self.archive.startswith(os.getenv('AVOCADO_TESTS_COMMON_TMPDIR'))) ++ +-- +2.39.2 + diff --git a/SPECS/sos.spec b/SPECS/sos.spec index 3ee52aa..6d0027c 100644 --- a/SPECS/sos.spec +++ b/SPECS/sos.spec @@ -4,8 +4,8 @@ Summary: A set of tools to gather troubleshooting information from a system Name: sos -Version: 4.5.0 -Release: 1%{?dist} +Version: 4.5.1 +Release: 3%{?dist} Group: Applications/System Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz Source1: sos-audit-%{auditversion}.tgz @@ -24,6 +24,9 @@ Recommends: python3-pexpect Recommends: python3-pyyaml Conflicts: vdsm < 4.40 Obsoletes: sos-collector <= 1.9 +Patch1: sos-bz2175650-microshift-plugin-oc-command.patch +Patch2: sos-bz2176086-iprconfig-sg-kmod.patch +Patch3: sos-bz2176218-sos-clean-tmp.patch %description @@ -35,6 +38,10 @@ support technicians and developers. %prep %setup -qn %{name}-%{version} %setup -T -D -a1 -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + %build %py3_build @@ -104,36 +111,33 @@ of the system. Currently storage and filesystem commands are audited. %changelog -* Thu Mar 16 2023 CentOS Sources - 4.5.0-1.el9.centos -- Apply debranding changes +* Mon Mar 06 2023 Pavel Moravec = 4.5.1-3 +- Rebase on upstream 4.5.1 + Resolves: bz2175808 +- [microshift] Fix microshift get and add commands + Resolves: bz2175650 -* Tue Feb 07 2023 Pavel Moravec = 4.5.0-1 +* Thu Feb 02 2023 Pavel Moravec = 4.5.0-1 - Rebase on upstream 4.5.0 - Resolves: bz2082615 + Resolves: bz2166621 +- [report] Prevent obfuscating tmpDir path before tarbal move + Resolves: bz2166582 +- [collector] Prevent appending local host in strict_node_list mode + Resolves: bz2166583 +- [policies] set case_id before prompting for upload credentials + Resolves: bz2166585 +- [ovn_central] Add support to OVN DBs clustering and non-clustered + Resolves: bz2166584 + +* Mon Oct 03 2022 Pavel Moravec = 4.3-5 +- [ovn_central] Rename container responsable of Red Hat + Resolves: bz2042966 +- [PATCH] [host] Skip entire /etc/sos/cleaner directory + Resolves: bz2023867 -* Thu Nov 03 2022 Pavel Moravec = 4.4-4 +* Thu Sep 29 2022 Pavel Moravec = 4.3-4 - [ocp] Add newly required labels to temp OCP namespace - Resolves: bz2130976 - -* Fri Oct 28 2022 Pavel Moravec = 4.4-3 -- [cleaner] Apply compile_regexes after a regular parse line - Resolves: bz2138174 - -* Thu Sep 22 2022 Pavel Moravec = 4.4-2 -- [utilities] Relax from hard dependency of python3-magic - Resolves: bz2126089 -- [dnf] Collect legacy yum config symlinks, properly obfuscate pwds - Resolves: bz2125499 - -* Fri Sep 09 2022 Pavel Moravec = 4.4-1 -- Rebase on upstream 4.4 - Resolves: bz2082615 -- [redhat] Honour credential-less --upload-url on RedHat distro properly - Resolves: bz2059573 -- [md] Restrict data capture to raid members - Resolves: bz2062283 -- [sos] Fix unhandled exception when concurrently removing temp dir - Resolves: bz2088440 + Resolves: bz2130209 * Mon Aug 29 2022 Pavel Moravec = 4.3-3 - [vdsm] Set LVM option use_devicesfile=0