You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The recently introduced actor check_custom_modifications_actor is reporting a "Detected custom leapp actors or files" high severity finding if leapp-rhui-aws package is installed. The finding summary lists files provides by the leapp-rhui-aws package even though this is a legit Red Hat-signed package, i.e., not from third-party vendor, etc.
To Reproduce
Steps to reproduce the behavior
On RHEL8 PAYG EC2 instance:
install leapp-rhui-aws
install leapp-upgrade-el8toel9-0.20.0-2.el8 or later version
run leapp preupgrade --no-rhsm --debug
observe unfounded finding in leapp-report.txt, e.g.,
Risk Factor: high
Title: Detected custom leapp actors or files.
Summary: We have detected installed custom actors or files on the system. These can be provided e.g. by third party vendors, Red Hat consultants, or can be created by users to customize the upgrade (e.g. to migrate custom applications). This is allowed and appreciated. However Red Hat is not responsible for any issues caused by these custom leapp actors. Note that upgrade tooling is under agile development which could require more frequent update of custom actors.
The list of custom leapp actors and files:
- /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/aws/cdn.redhat.com-chain.crt
- /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/aws/content-rhel9.crt
- /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/aws/content-rhel9.key
- /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/aws/leapp-aws.repo
- /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/aws/rhui-client-config-server-9.crt
- /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/aws/rhui-client-config-server-9.key
Related links:
- Customizing your Red Hat Enterprise Linux in-place upgrade: https://red.ht/customize-rhel-upgrade
Remediation: [hint] In case of any issues connected to custom or third party actors, contact vendor of such actors. Also we suggest to ensure the installed custom leapp actors are up to date, compatible with the installed packages.
Key: 2064870018370ce2bde3f977cf753ed8c59848d0
Expected behavior
The finding should not be reported for leapp actors or files provided by a signed package supported by Red Hat.
System information (please complete the following information):
[root@neat7ray ~]# cat /etc/system-release
Red Hat Enterprise Linux release 8.10 (Ootpa)
[root@neat7ray ~]# uname -a
Linux neat7ray.example.com 4.18.0-553.el8_10.x86_64 #1 SMP Fri May 10 15:19:13 EDT 2024 x86_64 x86_64 x86_64 GNU/Linux
[root@neat7ray ~]# rpm -qa "*leapp*"
leapp-upgrade-el8toel9-deps-0.20.0-2.el8.noarch
leapp-rhui-aws-1.0.11-1.el8.noarch
leapp-0.17.0-1.el8.noarch
python3-leapp-0.17.0-1.el8.noarch
leapp-deps-0.17.0-1.el8.noarch
leapp-upgrade-el8toel9-0.20.0-2.el8.noarch
Attach (or provide link to) log files if applicable (optional - may contain confidential information):
# tar -czf leapp-logs.tar.gz /var/log/leapp /var/lib/leapp/leapp.db
Hi @swapdisk, thank you for reporting this unfortunate behavior. I created https://issues.redhat.com/browse/RHEL-40115 for better tracking within RH team. We will fix it in some future release (note it will be RHEL 8.10 and newer).
Actual behavior
The recently introduced actor
check_custom_modifications_actor
is reporting a "Detected custom leapp actors or files" high severity finding ifleapp-rhui-aws
package is installed. The finding summary lists files provides by theleapp-rhui-aws
package even though this is a legit Red Hat-signed package, i.e., not from third-party vendor, etc.To Reproduce
Steps to reproduce the behavior
On RHEL8 PAYG EC2 instance:
leapp-rhui-aws
leapp-upgrade-el8toel9-0.20.0-2.el8
or later versionleapp preupgrade --no-rhsm --debug
leapp-report.txt
, e.g.,Expected behavior
The finding should not be reported for leapp actors or files provided by a signed package supported by Red Hat.
System information (please complete the following information):
Attach (or provide link to) log files if applicable (optional - may contain confidential information):
# tar -czf leapp-logs.tar.gz /var/log/leapp /var/lib/leapp/leapp.db
leapp-logs.tar.gz
Additional context
The same issue exists with a RHEL7 PAYG EC2 instance.
The text was updated successfully, but these errors were encountered: