diff --git a/repos/system_upgrade/common/libraries/rhui.py b/repos/system_upgrade/common/libraries/rhui.py index 4578ecd21f..73aa7042f0 100644 --- a/repos/system_upgrade/common/libraries/rhui.py +++ b/repos/system_upgrade/common/libraries/rhui.py @@ -229,6 +229,17 @@ ('leapp-google-sap.repo', YUM_REPOS_PATH) ], }, + 'alibaba': { + 'src_pkg': 'aliyun_rhui_rhel8', + 'target_pkg': 'aliyun_rhui_rhel9', + 'leapp_pkg': 'leapp-rhui-alibaba', + 'leapp_pkg_repo': 'leapp-alibaba.repo', + 'files_map': [ + ('content.crt', RHUI_PKI_PRODUCT_DIR), + ('key.pem', RHUI_PKI_DIR), + ('leapp-alibaba.repo', YUM_REPOS_PATH) + ], + }, }, } diff --git a/repos/system_upgrade/el8toel9/actors/checkdeprecatedrpmsignature/libraries/checkdeprecatedrpmsignature.py b/repos/system_upgrade/el8toel9/actors/checkdeprecatedrpmsignature/libraries/checkdeprecatedrpmsignature.py index 0ab594959e..2d817ba90b 100644 --- a/repos/system_upgrade/el8toel9/actors/checkdeprecatedrpmsignature/libraries/checkdeprecatedrpmsignature.py +++ b/repos/system_upgrade/el8toel9/actors/checkdeprecatedrpmsignature/libraries/checkdeprecatedrpmsignature.py @@ -1,4 +1,5 @@ from leapp import reporting +from leapp.libraries.common import rhui from leapp.libraries.stdlib import api from leapp.models import CryptoPolicyInfo, InstalledRPM @@ -59,6 +60,19 @@ def _is_sha1_allowed(current_policy): def process(): # TODO(pstodulk): add link to the official announce of the change in crypto policies bad_rpms = _get_rpms_with_sha1_sig() + + # Alibaba RHUI packages (on rhel8) have to be whitelisted because it was signed with SHA1 + upg_path = rhui.get_upg_path() + whitelisted_cloud_flavours = ( + 'alibaba', + ) + whitelisted_cloud_pkgs = { + rhui.RHUI_CLOUD_MAP[upg_path].get(flavour, {}).get('src_pkg') for flavour in whitelisted_cloud_flavours + } + for bad_rpm in bad_rpms: + if bad_rpm.name in whitelisted_cloud_pkgs: + bad_rpms.remove(bad_rpm) + cpi = next(api.consume(CryptoPolicyInfo), None) if bad_rpms: bad_rpms_str = ''.join([