diff --git a/repos/system_upgrade/common/actors/distributionsignedrpmcheck/actor.py b/repos/system_upgrade/common/actors/distributionsignedrpmcheck/actor.py new file mode 100644 index 0000000000..81a91ee1ec --- /dev/null +++ b/repos/system_upgrade/common/actors/distributionsignedrpmcheck/actor.py @@ -0,0 +1,36 @@ +from leapp.actors import Actor +from leapp.libraries.actor.distributionsignedrpmcheck import check_unsigned_packages +from leapp.models import InstalledUnsignedRPM +from leapp.reporting import Report +from leapp.tags import ChecksPhaseTag, IPUWorkflowTag + + +class DistributionSignedRpmCheck(Actor): + """ + Check if there are any packages that are not signed by distribution GPG keys. + + We are recognizing two (three) types of packages: + * RPMs that are part of the system distribution (RHEL, Centos Stream, + Fedora, ...) - which are recognized based on the signature by known GPG + keys for the particular distribution. + * RPMs that are not signed by such GPG keys - including RPMs not signed + at all. Such RPMs are considered in general as third party content. + ( + * some packages are known to not be signed as they are created by + delivered product (which can be part of the distribution). This includes + e.g. katello RPMs created in a Satellite server. We do not report + such packages known to us. + ) + + If any such non-distribution installed RPMs are detected, report it + to inform that user needs to take care about them before/during/after + the upgrade. + """ + + name = 'distribution_signed_rpm_check' + consumes = (InstalledUnsignedRPM,) + produces = (Report,) + tags = (IPUWorkflowTag, ChecksPhaseTag) + + def process(self): + check_unsigned_packages() diff --git a/repos/system_upgrade/common/actors/redhatsignedrpmcheck/libraries/redhatsignedrpmcheck.py b/repos/system_upgrade/common/actors/distributionsignedrpmcheck/libraries/distributionsignedrpmcheck.py similarity index 100% rename from repos/system_upgrade/common/actors/redhatsignedrpmcheck/libraries/redhatsignedrpmcheck.py rename to repos/system_upgrade/common/actors/distributionsignedrpmcheck/libraries/distributionsignedrpmcheck.py diff --git a/repos/system_upgrade/common/actors/redhatsignedrpmcheck/tests/test_redhatsignedrpmcheck.py b/repos/system_upgrade/common/actors/distributionsignedrpmcheck/tests/test_distributionsignedrpmcheck.py similarity index 87% rename from repos/system_upgrade/common/actors/redhatsignedrpmcheck/tests/test_redhatsignedrpmcheck.py rename to repos/system_upgrade/common/actors/distributionsignedrpmcheck/tests/test_distributionsignedrpmcheck.py index 8ec4c16f50..2ed9b00660 100644 --- a/repos/system_upgrade/common/actors/redhatsignedrpmcheck/tests/test_redhatsignedrpmcheck.py +++ b/repos/system_upgrade/common/actors/distributionsignedrpmcheck/tests/test_distributionsignedrpmcheck.py @@ -1,5 +1,5 @@ from leapp import reporting -from leapp.libraries.actor import redhatsignedrpmcheck +from leapp.libraries.actor import distributionsignedrpmcheck from leapp.libraries.common.testutils import create_report_mocked, produce_mocked from leapp.libraries.stdlib import api from leapp.models import InstalledUnsignedRPM, RPM @@ -16,9 +16,9 @@ def consume_unsigned_message_mocked(*models): monkeypatch.setattr(api, "show_message", lambda x: True) monkeypatch.setattr(reporting, "create_report", create_report_mocked()) - packages = redhatsignedrpmcheck.get_unsigned_packages() + packages = distributionsignedrpmcheck.get_unsigned_packages() assert not packages - redhatsignedrpmcheck.generate_report(packages) + distributionsignedrpmcheck.generate_report(packages) assert reporting.create_report.called == 0 @@ -40,8 +40,8 @@ def consume_unsigned_message_mocked(*models): monkeypatch.setattr(api, "show_message", lambda x: True) monkeypatch.setattr(reporting, "create_report", create_report_mocked()) - packages = redhatsignedrpmcheck.get_unsigned_packages() + packages = distributionsignedrpmcheck.get_unsigned_packages() assert len(packages) == 4 - redhatsignedrpmcheck.generate_report(packages) + distributionsignedrpmcheck.generate_report(packages) assert reporting.create_report.called == 1 assert 'Packages not signed by Red Hat found' in reporting.create_report.report_fields['title'] diff --git a/repos/system_upgrade/common/actors/redhatsignedrpmcheck/actor.py b/repos/system_upgrade/common/actors/redhatsignedrpmcheck/actor.py deleted file mode 100644 index a3555e523f..0000000000 --- a/repos/system_upgrade/common/actors/redhatsignedrpmcheck/actor.py +++ /dev/null @@ -1,22 +0,0 @@ -from leapp.actors import Actor -from leapp.libraries.actor.redhatsignedrpmcheck import check_unsigned_packages -from leapp.models import InstalledUnsignedRPM -from leapp.reporting import Report -from leapp.tags import ChecksPhaseTag, IPUWorkflowTag - - -class RedHatSignedRpmCheck(Actor): - """ - Check if there are packages not signed by Red Hat in use. If yes, warn user about it. - - If any any installed RPM package does not contain a valid signature from Red Hat, a message - containing a warning is produced. - """ - - name = 'red_hat_signed_rpm_check' - consumes = (InstalledUnsignedRPM,) - produces = (Report,) - tags = (IPUWorkflowTag, ChecksPhaseTag) - - def process(self): - check_unsigned_packages()