[diskimage-builder] Don't trace RHEL registration scripts
slagle
slagle at fedoraproject.org
Mon Jan 5 17:22:31 UTC 2015
commit f7e4e0364d0002b10538b79623dfe45b5cdabb96
Author: James Slagle <jslagle at redhat.com>
Date: Mon Jan 5 12:22:33 2015 -0500
Don't trace RHEL registration scripts
Changelog:
- Don't trace RHEL registration scripts
- Allow for disabling rhel registration
- Deprecates username and password from boot time registration
- Fix repo enablement for RHEL during registration
...ctivation-Key-Support-For-Customer-Portal.patch | 197 ++++++++++++++++++++
0014-Allow-for-disabling-rhel-registration.patch | 45 -----
...o-enablement-for-RHEL-during-registration.patch | 91 +++++++++
...username-and-password-from-boot-time-regi.patch | 124 ++++++++++++
0017-Allow-for-disabling-rhel-registration.patch | 78 ++++++++
0018-Don-t-trace-RHEL-registration-scripts.patch | 40 ++++
diskimage-builder.spec | 18 ++-
7 files changed, 546 insertions(+), 47 deletions(-)
---
diff --git a/0014-Add-Activation-Key-Support-For-Customer-Portal.patch b/0014-Add-Activation-Key-Support-For-Customer-Portal.patch
new file mode 100644
index 0000000..4cf0bf6
--- /dev/null
+++ b/0014-Add-Activation-Key-Support-For-Customer-Portal.patch
@@ -0,0 +1,197 @@
+From bb91126803b313d11cde2223848d4dc28782c5bb Mon Sep 17 00:00:00 2001
+From: Ryan Brady <rbrady at redhat.com>
+Date: Wed, 26 Nov 2014 10:25:31 -0500
+Subject: [PATCH] Add Activation Key Support For Customer Portal
+
+This patch adds support to register with the hosted customer portal
+using activation keys. If an activation key is present in either
+the REG_ACTIVATION_KEY or rh_registration.activation_key, it will
+use that value instead of username and password credentials when
+registering with Satellite or the hosted Customer Portal. This
+patch also enforces that an org must be set in either the REG_ORG
+or rh_registration.org to use the activation key.
+
+Change-Id: If40dd78ba793d508afb1a5ab345470ee5929afb0
+---
+ .../pre-configure.d/06-rhel-registration | 47 ++++++++++----------
+ .../rhel-common/pre-install.d/00-rhel-registration | 51 +++++++++++-----------
+ 2 files changed, 51 insertions(+), 47 deletions(-)
+
+diff --git a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
+index f85569f..90306c2 100755
+--- a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
++++ b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
+@@ -64,12 +64,20 @@ if [ -n "${REG_SERVER_URL:-}" ]; then
+ opts="$opts --serverurl=$REG_SERVER_URL"
+ fi
+
+-if [ -n "${REG_USER:-}" ]; then
+- opts="$opts --username $REG_USER"
+-fi
++if [ -n "${REG_ACTIVATION_KEY:-}" ]; then
++ opts="$opts --activationkey=$REG_ACTIVATION_KEY"
++
++ if [ -z "${REG_ORG:-}" ]; then
++ echo "WARNING: REG_ACTIVATION_KEY set without REG_ORG."
++ fi
++else
++ if [ -n "${REG_PASSWORD:-}" ]; then
++ opts="$opts --password $REG_PASSWORD"
++ fi
+
+-if [ -n "${REG_PASSWORD:-}" ]; then
+- opts="$opts --password $REG_PASSWORD"
++ if [ -n "${REG_USER:-}" ]; then
++ opts="$opts --username $REG_USER"
++ fi
+ fi
+
+ if [ -n "${REG_MACHINE_NAME:-}" ]; then
+@@ -79,18 +87,19 @@ fi
+ if [ -n "${REG_ORG:-}" ]; then
+ opts="$opts --org $REG_ORG"
+ fi
+-case "${REG_METHOD:-}" in
+- portal)
+- if [ -n "${REG_ACTIVATION_KEY:-}" ]; then
+- echo "WARNING: Activation keys are not supported by the customer portal at this time."
+- fi
+
+- if [ -n "${REG_REPOS:-}" ]; then
+- for repo in $REG_REPOS; do
+- repos="$repos --enable $repo"
+- done
+- fi
++if [ -n "${REG_REPOS:-}" ]; then
++ for repo in $REG_REPOS; do
++ repos="$repos --enable $repo"
++ done
++fi
++
++if [ -n "${REG_TYPE:-}" ]; then
++ opts="$opts --type=$REG_TYPE"
++fi
+
++case "${REG_METHOD:-}" in
++ portal)
+ subscription-manager register $opts
+ if [ -z "${REG_AUTO_ATTACH:-}" ]; then
+ subscription-manager attach $attach_opts
+@@ -99,12 +108,6 @@ case "${REG_METHOD:-}" in
+ ;;
+ satellite)
+ repos="$repos --enable ${satellite_repo}"
+- if [ -n "${REG_REPOS:-}" ]; then
+- for repo in $REG_REPOS; do
+- repos="$repos --enable $repo"
+- done
+- fi
+-
+ rpm -Uvh "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" || true
+ subscription-manager register $opts
+ subscription-manager $repos
+@@ -115,5 +118,5 @@ case "${REG_METHOD:-}" in
+ ;;
+ *)
+ echo "WARNING: only 'portal' and 'satellite' are valid values for REG_METHOD."
+- exit 0
++ exit 0 # keeps the stack from failing if you don't set a value in REG_METHOD
+ esac
+diff --git a/elements/rhel-common/pre-install.d/00-rhel-registration b/elements/rhel-common/pre-install.d/00-rhel-registration
+index ced9529..f1a528d 100755
+--- a/elements/rhel-common/pre-install.d/00-rhel-registration
++++ b/elements/rhel-common/pre-install.d/00-rhel-registration
+@@ -5,6 +5,7 @@ set -o pipefail
+ opts=
+ attach_opts=
+ repos="repos --enable rhel-7-server-rpms"
++satellite_repo="rhel-7-server-rh-common-beta-rpms"
+
+ if [ -n "${REG_AUTO_ATTACH:-}" ]; then
+ opts="$opts --auto-attach"
+@@ -30,8 +31,6 @@ else
+ fi
+ fi
+
+-
+-
+ if [ -n "${REG_BASE_URL:-}" ]; then
+ opts="$opts --baseurl=$REG_BASE_URL"
+ fi
+@@ -48,12 +47,20 @@ if [ -n "${REG_SERVER_URL:-}" ]; then
+ opts="$opts --serverurl=$REG_SERVER_URL"
+ fi
+
+-if [ -n "${REG_USER:-}" ]; then
+- opts="$opts --username $REG_USER"
+-fi
++if [ -n "${REG_ACTIVATION_KEY:-}" ]; then
++ opts="$opts --activationkey=$REG_ACTIVATION_KEY"
+
+-if [ -n "${REG_PASSWORD:-}" ]; then
+- opts="$opts --password $REG_PASSWORD"
++ if [ -z "${REG_ORG:-}" ]; then
++ echo "WARNING: REG_ACTIVATION_KEY set without REG_ORG."
++ fi
++else
++ if [ -n "${REG_PASSWORD:-}" ]; then
++ opts="$opts --password $REG_PASSWORD"
++ fi
++
++ if [ -n "${REG_USER:-}" ]; then
++ opts="$opts --username $REG_USER"
++ fi
+ fi
+
+ if [ -n "${REG_MACHINE_NAME:-}" ]; then
+@@ -64,18 +71,18 @@ if [ -n "${REG_ORG:-}" ]; then
+ opts="$opts --org $REG_ORG"
+ fi
+
+-case "${REG_METHOD:-}" in
+- portal)
+- if [ -n "${REG_ACTIVATION_KEY:-}" ]; then
+- echo "WARNING: Activation keys are not supported by the customer portal at this time."
+- fi
++if [ -n "${REG_REPOS:-}" ]; then
++ for repo in $REG_REPOS; do
++ repos="$repos --enable $repo"
++ done
++fi
+
+- if [ -n "${REG_REPOS:-}" ]; then
+- for repo in $REG_REPOS; do
+- repos="$repos --enable $repo"
+- done
+- fi
++if [ -n "${REG_TYPE:-}" ]; then
++ opts="$opts --type=$REG_TYPE"
++fi
+
++case "${REG_METHOD:-}" in
++ portal)
+ subscription-manager register $opts
+ if [ -z "${REG_AUTO_ATTACH:-}" ]; then
+ subscription-manager attach $attach_opts
+@@ -83,13 +90,7 @@ case "${REG_METHOD:-}" in
+ subscription-manager $repos
+ ;;
+ satellite)
+- repos="$repos --enable rhel-7-server-rh-common-beta-rpms"
+- if [ -n "${REG_REPOS:-}" ]; then
+- for repo in $REG_REPOS; do
+- repos="$repos --enable $repo"
+- done
+- fi
+-
++ repos="$repos --enable ${satellite_repo}"
+ rpm -Uvh "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" || true
+ subscription-manager register $opts
+ subscription-manager $repos
+@@ -98,5 +99,5 @@ case "${REG_METHOD:-}" in
+ ;;
+ *)
+ echo "WARNING: only 'portal' and 'satellite' are valid values for REG_METHOD."
+- exit 1
++ exit 1 # RHEL requires registration, fail image build if REG_Method isn't set
+ esac
diff --git a/0015-Fix-repo-enablement-for-RHEL-during-registration.patch b/0015-Fix-repo-enablement-for-RHEL-during-registration.patch
new file mode 100644
index 0000000..0b95711
--- /dev/null
+++ b/0015-Fix-repo-enablement-for-RHEL-during-registration.patch
@@ -0,0 +1,91 @@
+From b4e6e579d106c75dd5a5142b4e09d1805bdd4711 Mon Sep 17 00:00:00 2001
+From: Ryan Brady <rbrady at redhat.com>
+Date: Thu, 4 Dec 2014 16:09:18 -0500
+Subject: [PATCH] Fix repo enablement for RHEL during registration
+
+Previously the REG_REPOS value was a space delimited list of repo
+names, but the spaces were incompatible with passing through json.
+If you pass a list in json through the heat parameter, the output
+is the string representation of a python list of unicode vaules.
+This patch changes the rhel-registration scripts to process the
+REG_REPOS value as a comma delimited list which is more easily
+passed through json. Both scripts have been updated to remain
+consistent.
+
+Change-Id: I21b3fd115e53aa3b0fa4af9bbfb1f08b6fe163ab
+---
+ elements/rhel-common/README.md | 12 ++++++------
+ .../os-refresh-config/pre-configure.d/06-rhel-registration | 2 +-
+ elements/rhel-common/pre-install.d/00-rhel-registration | 2 +-
+ 3 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/elements/rhel-common/README.md b/elements/rhel-common/README.md
+index 4cdd184..d57d165 100644
+--- a/elements/rhel-common/README.md
++++ b/elements/rhel-common/README.md
+@@ -81,8 +81,8 @@ It will change over time as new releases come out. There are also variants
+
+ #### REG\_REPOS
+ A single string representing a list of repository names separated by a
+-space. Each of the repositories in this string are enabled through
+-subscription manager. Once you've attached a subscription, you can
++comma (No spaces). Each of the repositories in this string are enabled
++through subscription manager. Once you've attached a subscription, you can
+ find available repositories by running subscription-manager repos --list.
+
+ #### REG\_SERVER\_URL
+@@ -119,7 +119,7 @@ REG_METHOD=satellite
+ To register with the Red Hat Customer Portal, a common example would be to
+ set the following variables:
+
+-REG_REPOS='rhel-7-server-optional-rpms rhel-7-server-extras-rpms'
++REG_REPOS='rhel-7-server-optional-rpms,rhel-7-server-extras-rpms'
+ REG_AUTO_ATTACH=true
+ REG_USER='tripleo'
+ REG_PASSWORD='tripleo'
+@@ -165,8 +165,8 @@ Heat metadata can be used to configure the rhel-common element.
+ # minor release version. This is only used with the auto_attach
+ # option.
+ repos:
+- # A single string representing a list of repository names separated
+- # by a space. Each of the repositories in this string are enabled
++ # A single string representing a list of repository names separated by a
++ # comma (No spaces). Each of the repositories in this string are enabled
+ # through subscription manager.
+ satellite_url:
+ # The url of the Satellite instance to register with. Required for
+@@ -214,7 +214,7 @@ use the following metadata:
+
+ {
+ "rh_registration":{
+- "repos":"rhel-7-server-optional-rpms rhel-7-server-extras-rpms",
++ "repos":"rhel-7-server-optional-rpms,rhel-7-server-extras-rpms",
+ "auto_attach":true,
+ "user":"tripleo",
+ "password":"tripleo",
+diff --git a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
+index 90306c2..53ef58a 100755
+--- a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
++++ b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
+@@ -89,7 +89,7 @@ if [ -n "${REG_ORG:-}" ]; then
+ fi
+
+ if [ -n "${REG_REPOS:-}" ]; then
+- for repo in $REG_REPOS; do
++ for repo in $(echo $REG_REPOS | tr ',' '\n'); do
+ repos="$repos --enable $repo"
+ done
+ fi
+diff --git a/elements/rhel-common/pre-install.d/00-rhel-registration b/elements/rhel-common/pre-install.d/00-rhel-registration
+index f1a528d..fe19593 100755
+--- a/elements/rhel-common/pre-install.d/00-rhel-registration
++++ b/elements/rhel-common/pre-install.d/00-rhel-registration
+@@ -72,7 +72,7 @@ if [ -n "${REG_ORG:-}" ]; then
+ fi
+
+ if [ -n "${REG_REPOS:-}" ]; then
+- for repo in $REG_REPOS; do
++ for repo in $(echo $REG_REPOS | tr ',' '\n'); do
+ repos="$repos --enable $repo"
+ done
+ fi
diff --git a/0016-Deprecates-username-and-password-from-boot-time-regi.patch b/0016-Deprecates-username-and-password-from-boot-time-regi.patch
new file mode 100644
index 0000000..e318ad2
--- /dev/null
+++ b/0016-Deprecates-username-and-password-from-boot-time-regi.patch
@@ -0,0 +1,124 @@
+From 59f13915cc7beb5df6cf9028d03e3c708d85ced5 Mon Sep 17 00:00:00 2001
+From: Ryan Brady <rbrady at redhat.com>
+Date: Tue, 9 Dec 2014 10:46:00 -0500
+Subject: [PATCH] Deprecates username and password from boot time registration
+
+The username and password combination is considered insecure to store in
+the metadata passed to the stack as they can easily be obtained and
+possibly used in an unathorized manner by logging into one of the
+registration systems. The use of an activation key is more desirable
+as it can only be used in conjunction with subscription-manager to
+register a RHEL system.
+
+This patch deprecates the username and password support from the script
+that registers RHEL with either Satellite or RH Customer Portal during
+boot-time. This patch also adds a warning if the username and password
+combination is used in the stack metadata. The documentation and examples
+have also been updated to warn operators of the deprecation of username
+and password.
+
+This patch does not affect the username and password support for
+registration activities while building images with diskimage-builder.
+
+Change-Id: I05b7a18e910d31ad2273042409f8657ad9dee36a
+---
+ elements/rhel-common/README.md | 21 +++++++++++++++++----
+ .../pre-configure.d/06-rhel-registration | 4 +++-
+ .../rhel-common/pre-install.d/00-rhel-registration | 2 +-
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+diff --git a/elements/rhel-common/README.md b/elements/rhel-common/README.md
+index d57d165..f2eb64c 100644
+--- a/elements/rhel-common/README.md
++++ b/elements/rhel-common/README.md
+@@ -9,6 +9,18 @@ Portal or Satellite to enable software installation from official
+ repositories. After the end of the image creation process, the image will
+ unregister itself so an entitlement will not be decremented from the account.
+
++
++SECURITY WARNING:
++-----------------
++While the image building workflow will allow you to register with a username
++and password combination, that feature is deprecated in the boot process via
++Heat as it will expose your username and password in clear text for anyone
++that has rights to run heat stack-show. A compromised username and password
++can be used to login to the Red Hat Customer Portal or an instance of
++Satellite. An activation key can only be used for registration purposes using
++the subscription-manager command line tool and is considered a lower security
++risk.
++
+ IMPORTANT NOTE:
+ ----------------
+ The 00-rhsm script is specific to RHEL6. If you use the REG_ variables to
+@@ -158,6 +170,7 @@ Heat metadata can be used to configure the rhel-common element.
+ org:
+ # Gives the organization to which to join the system.
+ password:
++ # DEPRECATED
+ # Gives the password for the user account.
+ release:
+ # Sets the operating system minor release to use for subscriptions
+@@ -180,6 +193,7 @@ Heat metadata can be used to configure the rhel-common element.
+ # Sets the service level to use for subscriptions on that machine.
+ # This is only used with the auto_attach option.
+ user:
++ # DEPRECATED
+ # Gives the content server user account name.
+ type:
+ # Sets what type of consumer is being registered. The default is
+@@ -202,8 +216,7 @@ metadata:
+ "satellite_url": "http://my-sat06.server.org",
+ "org": "tripleo",
+ "environment": "Library",
+- "user":"tripleo",
+- "password":"tripleo",
++ "activation_key": "my-key-SQQkh4",
+ "method":"satellite"
+ "repos": "rhel-ha-for-rhel-7-server-rpms"
+ }
+@@ -216,8 +229,8 @@ use the following metadata:
+ "rh_registration":{
+ "repos":"rhel-7-server-optional-rpms,rhel-7-server-extras-rpms",
+ "auto_attach":true,
+- "user":"tripleo",
+- "password":"tripleo",
++ "activation_key": "my-key-SQQkh4",
++ "org": "5643002",
+ "method":"portal"
+ }
+ }
+diff --git a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
+index 53ef58a..12a92b0 100755
+--- a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
++++ b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
+@@ -71,6 +71,8 @@ if [ -n "${REG_ACTIVATION_KEY:-}" ]; then
+ echo "WARNING: REG_ACTIVATION_KEY set without REG_ORG."
+ fi
+ else
++ echo "WARNING: Support for registering with a username and password is deprecated."
++ echo "Please use activation keys instead. See the README for more information."
+ if [ -n "${REG_PASSWORD:-}" ]; then
+ opts="$opts --password $REG_PASSWORD"
+ fi
+@@ -85,7 +87,7 @@ if [ -n "${REG_MACHINE_NAME:-}" ]; then
+ fi
+
+ if [ -n "${REG_ORG:-}" ]; then
+- opts="$opts --org $REG_ORG"
++ opts="$opts --org=$REG_ORG"
+ fi
+
+ if [ -n "${REG_REPOS:-}" ]; then
+diff --git a/elements/rhel-common/pre-install.d/00-rhel-registration b/elements/rhel-common/pre-install.d/00-rhel-registration
+index fe19593..02b6fca 100755
+--- a/elements/rhel-common/pre-install.d/00-rhel-registration
++++ b/elements/rhel-common/pre-install.d/00-rhel-registration
+@@ -68,7 +68,7 @@ if [ -n "${REG_MACHINE_NAME:-}" ]; then
+ fi
+
+ if [ -n "${REG_ORG:-}" ]; then
+- opts="$opts --org $REG_ORG"
++ opts="$opts --org=$REG_ORG"
+ fi
+
+ if [ -n "${REG_REPOS:-}" ]; then
diff --git a/0017-Allow-for-disabling-rhel-registration.patch b/0017-Allow-for-disabling-rhel-registration.patch
new file mode 100644
index 0000000..ebd81f4
--- /dev/null
+++ b/0017-Allow-for-disabling-rhel-registration.patch
@@ -0,0 +1,78 @@
+From 98116726fcb90248d7a28f8f7305e48d21378f44 Mon Sep 17 00:00:00 2001
+From: James Slagle <jslagle at redhat.com>
+Date: Tue, 9 Dec 2014 14:14:53 -0500
+Subject: [PATCH] Allow for disabling rhel registration
+
+When using the rhel element, it can be uesful to disable registration.
+For instance, if using an internal mirror repository that does not
+require registration/authentication.
+
+Change-Id: I42fa34e7f146137e5b1b9c5d7785702311e1dca1
+
+Conflicts:
+ elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
+ elements/rhel-common/pre-install.d/00-rhel-registration
+---
+ elements/rhel-common/README.md | 5 +++--
+ .../os-refresh-config/pre-configure.d/06-rhel-registration | 7 +++++--
+ elements/rhel-common/pre-install.d/00-rhel-registration | 8 ++++++--
+ 3 files changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/elements/rhel-common/README.md b/elements/rhel-common/README.md
+index f2eb64c..807e924 100644
+--- a/elements/rhel-common/README.md
++++ b/elements/rhel-common/README.md
+@@ -71,7 +71,7 @@ the hostname.
+ #### REG\_METHOD
+ Sets the method of registration. Use "portal" to register a system with the
+ Red Hat Customer Portal. Use "satellite" to register a system with Red
+-Hat Satellite 6.
++Hat Satellite 6. Use "disable" to skip the registration process.
+
+ #### REG\_ORG
+ Gives the organization to which to join the system.
+@@ -204,7 +204,8 @@ Heat metadata can be used to configure the rhel-common element.
+ method:
+ # Sets the method of registration. Use "portal" to register a
+ # system with the Red Hat Customer Portal. Use "satellite" to
+- # register a system with Red Hat Satellite 6.
++ # register a system with Red Hat Satellite 6. Use "disable" to
++ # skip the registration process.
+
+ Configuration Registration Examples
+ ------------------------------------
+diff --git a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
+index 12a92b0..e33598d 100755
+--- a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
++++ b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
+@@ -118,7 +118,10 @@ case "${REG_METHOD:-}" in
+ # beta-rpms repo only needed to support the katello-ca rpm above.
+ subscription-manager repos --disable ${satellite_repo}
+ ;;
++ disable)
++ echo "Disabling RHEL registration"
++ ;;
+ *)
+- echo "WARNING: only 'portal' and 'satellite' are valid values for REG_METHOD."
+- exit 0 # keeps the stack from failing if you don't set a value in REG_METHOD
++ echo "WARNING: only 'portal', 'satellite', and 'disable' are valid values for REG_METHOD."
++ exit 0
+ esac
+diff --git a/elements/rhel-common/pre-install.d/00-rhel-registration b/elements/rhel-common/pre-install.d/00-rhel-registration
+index 02b6fca..97cfddf 100755
+--- a/elements/rhel-common/pre-install.d/00-rhel-registration
++++ b/elements/rhel-common/pre-install.d/00-rhel-registration
+@@ -97,7 +97,11 @@ case "${REG_METHOD:-}" in
+ # beta-rpms repo only needed to support the katello-ca rpm above.
+ subscription-manager repos --disable rhel-7-server-rh-common-beta-rpms
+ ;;
++ disable)
++ echo "Disabling RHEL registration"
++ export REG_HALT_UNREGISTER=1 # stops attempt to unregister
++ ;;
+ *)
+- echo "WARNING: only 'portal' and 'satellite' are valid values for REG_METHOD."
+- exit 1 # RHEL requires registration, fail image build if REG_Method isn't set
++ echo "WARNING: only 'portal', 'satellite', and 'disable' are valid values for REG_METHOD."
++ exit 1
+ esac
diff --git a/0018-Don-t-trace-RHEL-registration-scripts.patch b/0018-Don-t-trace-RHEL-registration-scripts.patch
new file mode 100644
index 0000000..0edabbe
--- /dev/null
+++ b/0018-Don-t-trace-RHEL-registration-scripts.patch
@@ -0,0 +1,40 @@
+From b37c823293334fa0d49e4c27fd7956072adc72d1 Mon Sep 17 00:00:00 2001
+From: Ben Nemec <bnemec at redhat.com>
+Date: Wed, 17 Dec 2014 16:39:27 -0600
+Subject: [PATCH] Don't trace RHEL registration scripts
+
+These scripts are littered with references to passwords and keys,
+so rather than try to disable tracing in every one of those places
+I propose we simply turn it off for the scripts. This will likely
+need to be revisited after the global tracing discussion is
+resolved anyway.
+
+Change-Id: I805015300bf01b2f8eec9f70ccfdf533dd9386b3
+Related-Bug: 1298205
+---
+ .../rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration | 2 +-
+ elements/rhel-common/pre-install.d/00-rhel-registration | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
+index e33598d..306e242 100755
+--- a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
++++ b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-set -eux
++set -eu
+ set -o pipefail
+
+ REG_ACTIVATION_KEY="$(os-apply-config --key rh_registration.activation_key --type raw --key-default '')"
+diff --git a/elements/rhel-common/pre-install.d/00-rhel-registration b/elements/rhel-common/pre-install.d/00-rhel-registration
+index 97cfddf..bb979f8 100755
+--- a/elements/rhel-common/pre-install.d/00-rhel-registration
++++ b/elements/rhel-common/pre-install.d/00-rhel-registration
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-set -eux
++set -eu
+ set -o pipefail
+
+ opts=
diff --git a/diskimage-builder.spec b/diskimage-builder.spec
index b76e88c..0d64ae1 100644
--- a/diskimage-builder.spec
+++ b/diskimage-builder.spec
@@ -1,7 +1,7 @@
Name: diskimage-builder
Summary: Image building tools for OpenStack
Version: 0.1.34
-Release: 18%{?dist}
+Release: 19%{?dist}
License: ASL 2.0
Group: System Environment/Base
URL: https://launchpad.net/diskimage-builder
@@ -20,7 +20,11 @@ Patch0010: 0010-Update-RHEL-Registration.patch
Patch0011: 0011-Allow-source-repositories-to-be-disabled-completely.patch
Patch0012: 0012-Allow-injecting-arbitrary-yum-repo-configuration.patch
Patch0013: 0013-Convert-deploy-ramdisk-to-targetcli.patch
-Patch0014: 0014-Allow-for-disabling-rhel-registration.patch
+Patch0014: 0014-Add-Activation-Key-Support-For-Customer-Portal.patch
+Patch0015: 0015-Fix-repo-enablement-for-RHEL-during-registration.patch
+Patch0016: 0016-Deprecates-username-and-password-from-boot-time-regi.patch
+Patch0017: 0017-Allow-for-disabling-rhel-registration.patch
+Patch0018: 0018-Don-t-trace-RHEL-registration-scripts.patch
BuildArch: noarch
BuildRequires: python2-devel
@@ -53,6 +57,10 @@ Requires: dib-utils
%patch0012 -p1
%patch0013 -p1
%patch0014 -p1
+%patch0015 -p1
+%patch0016 -p1
+%patch0017 -p1
+%patch0018 -p1
%build
%{__python} setup.py build
@@ -105,6 +113,12 @@ Components of TripleO that are responsible for building disk images.
%{_datadir}/%{name}/elements
%changelog
+* Mon Jan 05 2015 James Slagle <jslagle at redhat.com> 0.1.34-19
+- Don't trace RHEL registration scripts
+- Allow for disabling rhel registration
+- Deprecates username and password from boot time registration
+- Fix repo enablement for RHEL during registration
+
* Tue Dec 09 2014 James Slagle <jslagle at redhat.com> 0.1.34-18
- Allow for disabling rhel registration
More information about the scm-commits
mailing list