Fix unreadable output in upgrade log #1323
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit resolves an issue where unwanted escape sequences (e.g., ANSI codes) appear in the output of certain commands like `dnf` during upgrades. The issue arises because, starting with version 242, `systemd-nspawn` introduced new pseudo-TTY capabilities (see the `Input/Output Options` section in `systemd-nspawn(1)`). As a result, commands run within container may include these escape sequences. To address this, pseudo-TTY support is explicitly disabled in `systemd-nspawn` for upgrades on RHEL9 and later. JIRA: RHEL-69829
Thank you for contributing to the Leapp project!Please note that every PR needs to comply with the Leapp Guidelines and must pass all tests in order to be mergeable.
Packit will automatically schedule regression tests for this PR's build and latest upstream leapp build.
Note that first time contributors cannot run tests automatically - they need to be started by a reviewer. It is possible to schedule specific on-demand tests as well. Currently 2 test sets are supported,
See other labels for particular jobs defined in the Please open ticket in case you experience technical problem with the CI. (RH internal only) Note: In case there are problems with tests not being triggered automatically on new PR/commit or pending for a long time, please contact leapp-infra. |
|
Also note that there is a warning in the man page for using Is this applicable to us? |
|
Another consideration, this issue will arise on any system with |
@dkubek great job! Checking the system version is ok. Systemd will not be rebased in RHEL 8 and we are sure that RHEL 9 will not contain any older systemd version. Staying with the system version check is ok from this POV. Let's keep it simple. |
hmm.. not sure I understand it right. As far as I understand this, it should not affect us as we consider the container fully trusted as we created them and we know what we are executing. The question could be what if a user create custom actor calling custom / third party apps. But that is not different from the situation when we would like to operate without container at all and we use the container just to be able to affect the host system using tooling from the target OS. If someone is able to put malign content into the container, why they would need to escape from it when they could affect the system from inside already? |
pirat89
approved these changes
Jan 9, 2025
pirat89
added
the
changelog-checked
pirat89
added a commit
to pirat89/leapp-repository
that referenced
this pull request
Feb 14, 2025
## Announce This is the last upstream release covering IPU 7 -> 8. The system_upgrade_el7toel8 repository is going to be removed from further releases. Other artifacts related to IPU 7 -> 8 are going to be removed too. In the same time it's the last release compatible with Python 2.7. Since now we are going to develope and test the code only for Python 3.6 and newer. ## Packaging - [IPU 9 -> 10] Require libdb-utils on RHEL 9 (oamg#1289) - Require leapp-framework 6.0+ (oamg#1142) - Update leapp-deps package to satisfy leapp_framework_deps 6 (oamg#1142) ## Upgrade handling ### Fixes - Activate LVM VGs with `--sysinit` option to correct the use in the upgrade initramfs (oamg#1329) - Cap max size of the sparse files to 1TiB when storage with large amount of space (oamg#1294) - Fix IPU being blocked by resource limitations (oamg#1256) - Fix pes events scanner crashing when there are duplicate packages in the received instructions (oamg#1296) - Fix pes events scanner not respecting user’s transaction configuration (oamg#1296) - Fix storage scanner crashing when command outputs contain colon character (oamg#1258) - Fix the report when handling broken parsing of kernel cmdline (oamg#1290) - Generate proper error message instead ModelViolationError when parsing invalid repository definition (oamg#1266) - Handle default kernel cmdline when multiple boot entries for the default kernel are defined (oamg#1302) - Load all available obsoleted keys (oamg#1286) - Prevent a possible crash with LiveMode when adding the upgrade boot entry on LVM systems (oamg#1313) - Prevent failure for upgrade paths when obsoleted keys are not defined (oamg#1285) - [IPU 7 -> 8] Ignore invalid firewalld configuration (oamg#1341) - [IPU 7 -> 8] scangrubdevpartitionlayout: Skip warning msgs from fdisk (oamg#1306) - [IPU 8 -> 9] Fix problems with the bootloader when upgrading to RHEL 9.6 on ARM (oamg#1275, oamg#1331, oamg#1339) - [IPU 9 -> 10] Fix output of commands executed inside systemd-nspawn containers (oamg#1323) - [IPU 9 -> 10] Fix remediation instructions for deprecated NM configuration (oamg#1330) - [IPU 9 -> 10] Obsolete RHEL9 GPG key signed with SHA1 (oamg#1325) ### Enhancements - Add RHEL 9.6 and 10.0 product certificates (oamg#1287, oamg#1309) - Introduce new IPU paths 8.10 -> 9.6 and 9.6 -> 10.0 (oamg#1309) - Add possibility to use net.naming-scheme (for IPU 8 -> 9 only for now) (oamg#1215, oamg#1312) - Drop upgrade paths related to RHEL 8.8, 9.2, and 9.5 (oamg#1309, oamg#1344) - Enable upgrade for EL8+ systems with LUKS bound to Clevis with TPM 2.0 token (oamg#1200) - Enable upgrade with RHUI on Alibaba cloud for ARM machines (oamg#1277) - Introduce a possibility to configure leapp actors covering RHUI on clouds (oamg#1142) - Minor improvements in preupgrade reports (oamg#1315, oamg#1326, oamg#1342) - Raise an inhibitor if unsupported target version supplied instead of error (oamg#1328) - Skip checking of (PKI) `directory-hash` dir to speedup the upgrade process and clean logs (oamg#1297) - Update leapp upgrade data files (oamg#1307) - [IPU 9 -> 10] Cover upgrades for MySQL and PostgreSQL databases (oamg#1316, oamg#1343) - [IPU 9 -> 10] Detect OpenSSL engines configured in /etc/pki/tls/openssl.cnf (oamg#1338) - [IPU 9 -> 10] Detect XFS file systems with problematic parameters (oamg#1318) - [IPU 9 -> 10] Detect deprecated network-scripts (ifcfg) files (oamg#1332, oamg#1347) - [IPU 9 -> 10] Detect whether subscribed systems are using SCA (oamg#1333) - [IPU 9 -> 10] Handle correctly switch of symlink to directory when upgrading Ruby IRB (oamg#1304) - [IPU 9 -> 10] Inform user about Libdb removal if present (oamg#1319) - [IPU 9 -> 10] Inhibit the upgrade for Intel CPUs with microarchitecture x86_64-v2 (oamg#1196) - [IPU 9 -> 10] Move crypto-policies related actors to the system_upgrade_common repository to apply it for IPU 9 -> 10 as well - [IPU 9 -> 10] Update checks for SAP HANA (oamg#1346) - [IPU 9 -> 10] Update pam_userdb database backend for RHEL10 (oamg#1289)
pirat89
added a commit
to pirat89/leapp-repository
that referenced
this pull request
Feb 14, 2025
## Announce This is the last upstream release covering IPU 7 -> 8. The system_upgrade_el7toel8 repository is going to be removed from further releases. Other artifacts related to IPU 7 -> 8 are going to be removed too. In the same time it's the last release compatible with Python 2.7. Since now we are going to develope and test the code only for Python 3.6 and newer. ## Packaging - [IPU 9 -> 10] Require libdb-utils on RHEL 9 (oamg#1289) - Require leapp-framework 6.0+ (oamg#1142) - Update leapp-deps package to satisfy leapp_framework_deps 6 (oamg#1142) ## Upgrade handling ### Fixes - Activate LVM VGs with `--sysinit` option to correct the use in the upgrade initramfs (oamg#1329) - Cap max size of the sparse files to 1TiB when storage with large amount of space (oamg#1294) - Fix IPU being blocked by resource limitations (oamg#1256) - Fix pes events scanner crashing when there are duplicate packages in the received instructions (oamg#1296) - Fix pes events scanner not respecting user’s transaction configuration (oamg#1296) - Fix storage scanner crashing when command outputs contain colon character (oamg#1258) - Fix the report when handling broken parsing of kernel cmdline (oamg#1290) - Generate proper error message instead ModelViolationError when parsing invalid repository definition (oamg#1266) - Handle default kernel cmdline when multiple boot entries for the default kernel are defined (oamg#1302) - Load all available obsoleted keys (oamg#1286) - Prevent a possible crash with LiveMode when adding the upgrade boot entry on LVM systems (oamg#1313) - Prevent failure for upgrade paths when obsoleted keys are not defined (oamg#1285) - [IPU 7 -> 8] Ignore invalid firewalld configuration (oamg#1341) - [IPU 7 -> 8] scangrubdevpartitionlayout: Skip warning msgs from fdisk (oamg#1306) - [IPU 8 -> 9] Fix problems with the bootloader when upgrading to RHEL 9.6 on ARM (oamg#1275, oamg#1331, oamg#1339) - [IPU 9 -> 10] Fix output of commands executed inside systemd-nspawn containers (oamg#1323) - [IPU 9 -> 10] Fix remediation instructions for deprecated NM configuration (oamg#1330) - [IPU 9 -> 10] Obsolete RHEL9 GPG key signed with SHA1 (oamg#1325) ### Enhancements - Add RHEL 9.6 and 10.0 product certificates (oamg#1287, oamg#1309) - Introduce new IPU paths 8.10 -> 9.6 and 9.6 -> 10.0 (oamg#1309) - Add possibility to use net.naming-scheme (for IPU 8 -> 9 only for now) (oamg#1215, oamg#1312) - Drop upgrade paths related to RHEL 8.8, 9.2, and 9.5 (oamg#1309, oamg#1344) - Enable upgrade for EL8+ systems with LUKS bound to Clevis with TPM 2.0 token (oamg#1200) - Enable upgrade with RHUI on Alibaba cloud for ARM machines (oamg#1277) - Introduce a possibility to configure leapp actors covering RHUI on clouds (oamg#1142) - Minor improvements in preupgrade reports (oamg#1315, oamg#1326, oamg#1342) - Raise an inhibitor if unsupported target version supplied instead of error (oamg#1328) - Skip checking of (PKI) `directory-hash` dir to speedup the upgrade process and clean logs (oamg#1297) - Update leapp upgrade data files (oamg#1307) - [IPU 9 -> 10] Cover upgrades for MySQL and PostgreSQL databases (oamg#1316, oamg#1343) - [IPU 9 -> 10] Detect OpenSSL engines configured in /etc/pki/tls/openssl.cnf (oamg#1338) - [IPU 9 -> 10] Detect XFS file systems with problematic parameters (oamg#1318) - [IPU 9 -> 10] Detect deprecated network-scripts (ifcfg) files (oamg#1332, oamg#1347) - [IPU 9 -> 10] Detect whether subscribed systems are using SCA (oamg#1333) - [IPU 9 -> 10] Handle correctly switch of symlink to directory when upgrading Ruby IRB (oamg#1304) - [IPU 9 -> 10] Inform user about Libdb removal if present (oamg#1319) - [IPU 9 -> 10] Inhibit the upgrade for Intel CPUs with microarchitecture x86_64-v2 (oamg#1196) - [IPU 9 -> 10] Move crypto-policies related actors to the system_upgrade_common repository to apply it for IPU 9 -> 10 as well - [IPU 9 -> 10] Update checks for SAP HANA (oamg#1346) - [IPU 9 -> 10] Update pam_userdb database backend for RHEL10 (oamg#1289) ## Additional changes interesting for devels - Introducing new upstream documentation focused on the leapp-repository project at https://leapp-repository.readthedocs.io/introduce-docs/. The documentation is still under reconstruction at this time, however we consider it a big step. All PRs impacting stuff that should be documented will be required to do so before they could be merged.
Merged
pirat89
added a commit
to pirat89/leapp-repository
that referenced
this pull request
Feb 14, 2025
## Announce This is the last upstream release covering IPU 7 -> 8. The system_upgrade_el7toel8 repository is going to be removed from further releases. Other artifacts related to IPU 7 -> 8 are going to be removed too. In the same time it's the last release compatible with Python 2.7. Since now we are going to develope and test the code only for Python 3.6 and newer. ## Packaging - [IPU 9 -> 10] Require libdb-utils on RHEL 9 (oamg#1289) - Require leapp-framework 6.0+ (oamg#1142) - Update leapp-deps package to satisfy leapp_framework_deps 6 (oamg#1142) ## Upgrade handling ### Fixes - Activate LVM VGs with `--sysinit` option to correct the use in the upgrade initramfs (oamg#1329) - Cap max size of the sparse files to 1TiB when storage with large amount of space (oamg#1294) - Fix IPU being blocked by resource limitations (oamg#1256) - Fix pes events scanner crashing when there are duplicate packages in the received instructions (oamg#1296) - Fix pes events scanner not respecting user’s transaction configuration (oamg#1296) - Fix storage scanner crashing when command outputs contain colon character (oamg#1258) - Fix the report when handling broken parsing of kernel cmdline (oamg#1290) - Generate proper error message instead ModelViolationError when parsing invalid repository definition (oamg#1266) - Handle default kernel cmdline when multiple boot entries for the default kernel are defined (oamg#1302) - Load all available obsoleted keys (oamg#1286) - Prevent a possible crash with LiveMode when adding the upgrade boot entry on LVM systems (oamg#1313) - Prevent failure for upgrade paths when obsoleted keys are not defined (oamg#1285) - [IPU 7 -> 8] Ignore invalid firewalld configuration (oamg#1341) - [IPU 7 -> 8] scangrubdevpartitionlayout: Skip warning msgs from fdisk (oamg#1306) - [IPU 8 -> 9] Fix problems with the bootloader when upgrading to RHEL 9.6 on ARM (oamg#1275, oamg#1331, oamg#1339) - [IPU 9 -> 10] Fix output of commands executed inside systemd-nspawn containers (oamg#1323) - [IPU 9 -> 10] Fix remediation instructions for deprecated NM configuration (oamg#1330) - [IPU 9 -> 10] Obsolete RHEL9 GPG key signed with SHA1 (oamg#1325) ### Enhancements - Add RHEL 9.6 and 10.0 product certificates (oamg#1287, oamg#1309) - Introduce new IPU paths 8.10 -> 9.6 and 9.6 -> 10.0 (oamg#1309) - Add possibility to use net.naming-scheme (for IPU 8 -> 9 only for now) (oamg#1215, oamg#1312) - Drop upgrade paths related to RHEL 8.8, 9.2, and 9.5 (oamg#1309, oamg#1344) - Enable upgrade for EL8+ systems with LUKS bound to Clevis with TPM 2.0 token (oamg#1200) - Enable upgrade with RHUI on Alibaba cloud for ARM machines (oamg#1277) - Introduce a possibility to configure leapp actors covering RHUI on clouds (oamg#1142) - Minor improvements in preupgrade reports (oamg#1315, oamg#1326, oamg#1342) - Raise an inhibitor if unsupported target version supplied instead of error (oamg#1328) - Skip checking of (PKI) `directory-hash` dir to speedup the upgrade process and clean logs (oamg#1297) - Update leapp upgrade data files (oamg#1307) - [IPU 9 -> 10] Cover upgrades for MySQL and PostgreSQL databases (oamg#1316, oamg#1343) - [IPU 9 -> 10] Detect OpenSSL engines configured in /etc/pki/tls/openssl.cnf (oamg#1338) - [IPU 9 -> 10] Detect XFS file systems with problematic parameters (oamg#1318) - [IPU 9 -> 10] Detect deprecated network-scripts (ifcfg) files (oamg#1332, oamg#1347) - [IPU 9 -> 10] Detect whether subscribed systems are using SCA (oamg#1333) - [IPU 9 -> 10] Handle correctly switch of symlink to directory when upgrading Ruby IRB (oamg#1304) - [IPU 9 -> 10] Inform user about Libdb removal if present (oamg#1319) - [IPU 9 -> 10] Inhibit the upgrade for Intel CPUs with microarchitecture x86_64-v2 (oamg#1196) - [IPU 9 -> 10] Move crypto-policies related actors to the system_upgrade_common repository to apply it for IPU 9 -> 10 as well - [IPU 9 -> 10] Update checks for SAP HANA (oamg#1346) - [IPU 9 -> 10] Update pam_userdb database backend for RHEL10 (oamg#1289) ## Additional changes interesting for devels - Introducing new upstream documentation focused on the leapp-repository project at https://leapp-repository.readthedocs.io/introduce-docs/. The documentation is still under reconstruction at this time, however we consider it a big step. All PRs impacting stuff that should be documented will be required to do so before they could be merged.
pirat89
added a commit
that referenced
this pull request
Feb 14, 2025
## Announce This is the last upstream release covering IPU 7 -> 8. The system_upgrade_el7toel8 repository is going to be removed from further releases. Other artifacts related to IPU 7 -> 8 are going to be removed too. In the same time it's the last release compatible with Python 2.7. Since now we are going to develope and test the code only for Python 3.6 and newer. ## Packaging - [IPU 9 -> 10] Require libdb-utils on RHEL 9 (#1289) - Require leapp-framework 6.0+ (#1142) - Update leapp-deps package to satisfy leapp_framework_deps 6 (#1142) ## Upgrade handling ### Fixes - Activate LVM VGs with `--sysinit` option to correct the use in the upgrade initramfs (#1329) - Cap max size of the sparse files to 1TiB when storage with large amount of space (#1294) - Fix IPU being blocked by resource limitations (#1256) - Fix pes events scanner crashing when there are duplicate packages in the received instructions (#1296) - Fix pes events scanner not respecting user’s transaction configuration (#1296) - Fix storage scanner crashing when command outputs contain colon character (#1258) - Fix the report when handling broken parsing of kernel cmdline (#1290) - Generate proper error message instead ModelViolationError when parsing invalid repository definition (#1266) - Handle default kernel cmdline when multiple boot entries for the default kernel are defined (#1302) - Load all available obsoleted keys (#1286) - Prevent a possible crash with LiveMode when adding the upgrade boot entry on LVM systems (#1313) - Prevent failure for upgrade paths when obsoleted keys are not defined (#1285) - [IPU 7 -> 8] Ignore invalid firewalld configuration (#1341) - [IPU 7 -> 8] scangrubdevpartitionlayout: Skip warning msgs from fdisk (#1306) - [IPU 8 -> 9] Fix problems with the bootloader when upgrading to RHEL 9.6 on ARM (#1275, #1331, #1339) - [IPU 9 -> 10] Fix output of commands executed inside systemd-nspawn containers (#1323) - [IPU 9 -> 10] Fix remediation instructions for deprecated NM configuration (#1330) - [IPU 9 -> 10] Obsolete RHEL9 GPG key signed with SHA1 (#1325) ### Enhancements - Add RHEL 9.6 and 10.0 product certificates (#1287, #1309) - Introduce new IPU paths 8.10 -> 9.6 and 9.6 -> 10.0 (#1309) - Add possibility to use net.naming-scheme (for IPU 8 -> 9 only for now) (#1215, #1312) - Drop upgrade paths related to RHEL 8.8, 9.2, and 9.5 (#1309, #1344) - Enable upgrade for EL8+ systems with LUKS bound to Clevis with TPM 2.0 token (#1200) - Enable upgrade with RHUI on Alibaba cloud for ARM machines (#1277) - Introduce a possibility to configure leapp actors covering RHUI on clouds (#1142) - Minor improvements in preupgrade reports (#1315, #1326, #1342) - Raise an inhibitor if unsupported target version supplied instead of error (#1328) - Skip checking of (PKI) `directory-hash` dir to speedup the upgrade process and clean logs (#1297) - Update leapp upgrade data files (#1307) - [IPU 9 -> 10] Cover upgrades for MySQL and PostgreSQL databases (#1316, #1343) - [IPU 9 -> 10] Detect OpenSSL engines configured in /etc/pki/tls/openssl.cnf (#1338) - [IPU 9 -> 10] Detect XFS file systems with problematic parameters (#1318) - [IPU 9 -> 10] Detect deprecated network-scripts (ifcfg) files (#1332, #1347) - [IPU 9 -> 10] Detect whether subscribed systems are using SCA (#1333) - [IPU 9 -> 10] Handle correctly switch of symlink to directory when upgrading Ruby IRB (#1304) - [IPU 9 -> 10] Inform user about Libdb removal if present (#1319) - [IPU 9 -> 10] Inhibit the upgrade for Intel CPUs with microarchitecture x86_64-v2 (#1196) - [IPU 9 -> 10] Move crypto-policies related actors to the system_upgrade_common repository to apply it for IPU 9 -> 10 as well - [IPU 9 -> 10] Update checks for SAP HANA (#1346) - [IPU 9 -> 10] Update pam_userdb database backend for RHEL10 (#1289) ## Additional changes interesting for devels - Introducing new upstream documentation focused on the leapp-repository project at https://leapp-repository.readthedocs.io/introduce-docs/. The documentation is still under reconstruction at this time, however we consider it a big step. All PRs impacting stuff that should be documented will be required to do so before they could be merged.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit resolves an issue where unwanted escape sequences (e.g., ANSI codes) appear in the output of certain commands like
dnfduring upgrades.The issue seems to arise because, starting with version 242,
systemd-nspawnintroduced new pseudo-TTY capabilities (see theInput/Output Optionssection insystemd-nspawn(1)). As a result, commands run within container may include these escape sequences.To address this, pseudo-TTY support is explicitly disabled in
systemd-nspawnfor upgrades on RHEL9 and later.JIRA: RHEL-69829