Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-40115

"Detected custom leapp actors or files" false positive

XMLWordPrintable

    • None
    • None
    • 1
    • sst_upgrades
    • 20
    • 2
    • False
    • Hide

      None

      Show
      None
    • None
    • Leapp: 9.6 & 10.0
    • None
    • None
    • None

      What were you trying to do that didn't work?

      The recently introduced actor check_custom_modifications_actor is reporting a "Detected custom leapp actors or files" high severity finding if leapp-rhui-aws package is installed. The finding summary lists files provides by the leapp-rhui-aws package even though this is a legit Red Hat-signed package, i.e., not from third-party vendor, etc.

      Please provide the package NVR for which bug is seen:

      leapp-upgrade-el8toel9-deps-0.20.0-2.el8.noarch
leapp-rhui-aws-1.0.11-1.el8.noarch
leapp-0.17.0-1.el8.noarch
python3-leapp-0.17.0-1.el8.noarch
leapp-deps-0.17.0-1.el8.noarch
leapp-upgrade-el8toel9-0.20.0-2.el8.noarch

      How reproducible:

      Always

      Steps to reproduce

      Steps to reproduce the behavior

      On RHEL8 PAYG EC2 instance:

      1. install leapp-rhui-aws
      2. install leapp-upgrade-el8toel9-0.20.0-2.el8 or later version
      3. run leapp preupgrade --no-rhsm --debug

      Expected results

      The finding should not be reported for leapp actors or files provided by a signed package supported by Red Hat.

      Actual results

      Unfounded finding in leapp-report.txt, e.g.,

      Risk Factor: high 
Title: Detected custom leapp actors or files.
Summary: We have detected installed custom actors or files on the system. These can be provided e.g. by third party vendors, Red Hat consultants, or can be created by users to customize the upgrade (e.g. to migrate custom applications). This is allowed and appreciated. However Red Hat is not responsible for any issues caused by these custom leapp actors. Note that upgrade tooling is under agile development which could require more frequent update of custom actors.
The list of custom leapp actors and files:
    - /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/aws/cdn.redhat.com-chain.crt
    - /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/aws/content-rhel9.crt
    - /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/aws/content-rhel9.key
    - /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/aws/leapp-aws.repo
    - /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/aws/rhui-client-config-server-9.crt
    - /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/aws/rhui-client-config-server-9.key
Related links:
    - Customizing your Red Hat Enterprise Linux in-place upgrade: https://red.ht/customize-rhel-upgrade
Remediation: [hint] In case of any issues connected to custom or third party actors, contact vendor of such actors. Also we suggest to ensure the installed custom leapp actors are up to date, compatible with the installed packages.
Key: 2064870018370ce2bde3f977cf753ed8c59848d0

      Originally filed by rh-ee-bmader in https://github.com/oamg/leapp-repository/issues/1251

            leapp-notifications leapp-notifications
            rhn-support-mkluson Martin Kluson
            leapp-notifications leapp-notifications
            RHEL Upgrades QE Team RHEL Upgrades QE Team
            Miriam Portman Miriam Portman
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: