-
Bug
-
Resolution: Done-Errata
-
Normal
-
rhel-7.9.z
-
leapp-repository-0.19.0-2.el7_9
-
None
-
Moderate
-
rhel-sst-upgrades
-
None
-
QE ack, Dev ack
-
False
-
-
None
-
None
-
If docs needed, set a value
-
-
All
-
None
Description of problem:
Customer uses custom repositories hosted behind an HTTPS server.
They use a dedicated certificate which is not copied into the target userspace, leading to an error while trying to retrieve the metadata.
Version-Release number of selected component (if applicable):
leapp-upgrade-el7toel8-0.15.0-6.el7_9
How reproducible:
Always
Steps to Reproduce:
1. Setup an HTTPS server hosting your repositories
2. Specify the certificate in sslcacert in the repo file
Actual results:
[MIRROR] libcgroup-0.41-19.el8.x86_64.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://<HIDDEN_HOSTNAME>/pulp/content/ci-rhel8-baseos2/Packages/l/libcgroup-0.41-19.el8.x86_64.rpm [SSL certificate problem: unable to get local issuer certificate]
Additional info:
- Setting sslverify=0 is a workaround, but this is not what the customer wants.
- The issue was workarounded by bind-mounting the /etc/pki/ca-trust directory into the container (by modifying ALWAYS_BIND in mounting.py).
- I think something allowing to simply add files into the target userspace could help. With the below patch, a user can execute the following command to move forward:
- for f in $(find /etc/pki/ca-trust -type f); do echo $f:$f >> /etc/leapp/filesfortargetuserspace.conf; done
— /usr/share/leapp-repository/repositories/system_upgrade/common/actors/scanfilesfortargetuserspace/libraries/scanfilesfortargetuserspace.py.orig 2022-01-14 15:55:58.698593070 +0100
+++ /usr/share/leapp-repository/repositories/system_upgrade/common/actors/scanfilesfortargetuserspace/libraries/scanfilesfortargetuserspace.py 2022-01-14 16:08:35.738180885 +0100
@@ -8,6 +8,8 @@
'/etc/hosts': '/etc/hosts'
}
+FILES_FOR_TARGET_USERSPACE_CFG = '/etc/leapp/filesfortargetuserspace.conf'
+
def scan_files_to_copy():
"""
@@ -21,6 +23,17 @@
dst_path = FILES_TO_COPY_IF_PRESENT[src_path]
files_to_copy.append(CopyFile(src=src_path, dst=dst_path))
+ if os.path.exists(FILES_FOR_TARGET_USERSPACE_CFG):
+ try:
+ with open(FILES_FOR_TARGET_USERSPACE_CFG, "r") as f:
+ additional_files = f.readlines()
+ for line in additional_files:
+ src_path, dst_path = line.split(':')
+ files_to_copy.append(CopyFile(src=src_path, dst=dst_path))
+ except:
+ # silence any error (EACCES, EPERM, bad file format, ...)
+ pass
+
preupgrade_task = TargetUserSpacePreupgradeTasks(copy_files=files_to_copy)
api.produce(preupgrade_task)