fixup! add detection for custom libraries registered by ld.so.conf

Author: PeterMocary

repos/system_upgrade/common/actors/checkldconf/actor.py renamed to repos/system_upgrade/common/actors/checkldsoconf/actor.py

@@ -10,8 +10,8 @@ class CheckLdSoConfiguration(Actor):
 
     The ld.so configuration files are used to overwrite standard library links
     in order to use different custom libraries. The in-place upgrade does not
-    support customization of this configuration by user. This actor inhibits the
-    upgrade upon detecting such customization.
+    support customization of this configuration by user. This actor creates high
+    severity report upon detecting such customization.
     """
 
     name = 'check_ld_so_configuration'

repos/system_upgrade/common/actors/checkldconf/libraries/checkldsoconfiguration.py renamed to repos/system_upgrade/common/actors/checkldsoconf/libraries/checkldsoconfiguration.py

@@ -9,7 +9,8 @@
 LD_SO_CONF_DIR = '/etc/ld.so.conf.d'
 LD_SO_CONF_MAIN = '/etc/ld.so.conf'
 LD_SO_CONF_DEFAULT_INCLUDE = 'ld.so.conf.d/*.conf'
-LIST_FORMAT_PREFIX = '\n    - '
+LD_SO_CONF_COMMENT_PREFIX = '#'
+FMT_LIST_SEPARATOR = '\n    - '
 
 
 def _read_file(file_path):
@@ -20,29 +21,57 @@ def _read_file(file_path):
 def _report_custom_ld_so_configuration(summary):
     reporting.create_report([
         reporting.Title(
-            'Third party libraries linked with ld.so.conf are not supported for the in-place upgrade.'
+            'Third party libraries linked with ld.so.conf are not supported.'
         ),
         reporting.Summary(summary),
-        reporting.Remediation('Remove the custom ld.so configuration.'),
+        reporting.Remediation(hint=('Remove the custom ld.so configuration and apply the changes '
+                                    'using the ldconfig command.')),
         reporting.RelatedResource('file', '/etc/ld.so.conf'),
         reporting.RelatedResource('directory', '/etc/ld.so.conf.d'),
         reporting.Severity(reporting.Severity.HIGH),
-        reporting.Groups([reporting.Groups.OS_FACTS, reporting.Groups.INHIBITOR]),
+        reporting.Groups([reporting.Groups.OS_FACTS]),
     ])
 
 
+def _is_modified(config_path, package_name):
+    """ Decide if the configuration file was modified based on the package it belongs to. """
+    is_modified = False
+    try:
+        run(['rpm', '-Va', package_name])
+    except CalledProcessError as err:
+        modified_files = err.stdout
+        for line in modified_files.split('\n'):
+            line = line.split(' ')
+            modification_flags, file_path = line[0].strip(), line[-1].strip()
+            # Note that the condition is relaxed so that files different only
+            # in the modification timestamp won't be considered as modified.
+            is_modified |= config_path == file_path and modification_flags.strip('.') != 'T'
+    return is_modified
+
+
 def _is_included_ld_so_config_custom(config_path):
     if not os.path.isfile(config_path):
         return False
 
+    # Check if the config file has any lines that have an effect on ld.so configuration
+    has_effective_line = False
+    for line in _read_file(config_path):
+        line = line.strip()
+        if line and not line.startswith(LD_SO_CONF_COMMENT_PREFIX):
+            has_effective_line = True
+            break
+
+    if not has_effective_line:
+        # The config file has no effect on the ld.so configuration therefore we do not consider custom
+        return False
+
     is_custom = False
     try:
         package_name = run(['rpm', '-qf', '--queryformat', '%{NAME}', config_path])['stdout']
-        is_custom = not has_package(InstalledRedHatSignedRPM, package_name)
+        is_custom = not has_package(InstalledRedHatSignedRPM, package_name) or _is_modified(config_path, package_name)
     except CalledProcessError:
         is_custom = True
-    api.current_logger().debug('The following config file is{}considered a custom '
-                               'ld.so configuration: {}'.format(' ' if is_custom else ' NOT ', config_path))
+
     return is_custom
 
 
@@ -57,7 +86,7 @@ def _parse_main_ld_so_config():
             cfg_glob = line.split(' ', 1)[1].strip()
             cfg_glob = os.path.join('/etc', cfg_glob) if not os.path.isabs(cfg_glob) else cfg_glob
             included_configs.append(cfg_glob)
-        elif line:
+        elif line and not line.startswith(LD_SO_CONF_COMMENT_PREFIX):
             other_lines.append(line)
 
     return included_configs, other_lines
@@ -70,8 +99,8 @@ def check_ld_so_configuration():
     if other_lines:
         # The main ld.so config file is expected to only include additional configs that are owned by a package
         summary += ('The /etc/ld.so.conf file has unexpected contents:'
-                    '{}{}'.format(LIST_FORMAT_PREFIX,
-                                  LIST_FORMAT_PREFIX.join(other_lines)))
+                    '{}{}'.format(FMT_LIST_SEPARATOR,
+                                  FMT_LIST_SEPARATOR.join(other_lines)))
 
     is_default_include_present = '/etc/' + LD_SO_CONF_DEFAULT_INCLUDE in included_configs
     if not is_default_include_present:
@@ -91,8 +120,8 @@ def check_ld_so_configuration():
 
     if custom_ld_configs:
         summary += ('\nThe following config files were marked as unsupported:'
-                    '{}{}'.format(LIST_FORMAT_PREFIX,
-                                  LIST_FORMAT_PREFIX.join(custom_ld_configs)))
+                    '{}{}'.format(FMT_LIST_SEPARATOR,
+                                  FMT_LIST_SEPARATOR.join(custom_ld_configs)))
 
     if summary:
         _report_custom_ld_so_configuration(summary)

repos/system_upgrade/common/actors/checkldconf/tests/test_checkldsoconfiguration.py renamed to repos/system_upgrade/common/actors/checkldsoconf/tests/test_checkldsoconfiguration.py

@@ -79,10 +79,12 @@ def test_check_ld_so_configuration(monkeypatch, included_configs_glob_dict, othe
                          [
                             (['include ld.so.conf.d/*.conf\n'],
                              ['/etc/ld.so.conf.d/*.conf'], []),
-                            (['include ld.so.conf.d/*.conf\n', '\n', '/custom/path.lib\n'],
+                            (['include ld.so.conf.d/*.conf\n', '\n', '/custom/path.lib\n', '#comment'],
                              ['/etc/ld.so.conf.d/*.conf'], ['/custom/path.lib']),
                             (['include ld.so.conf.d/*.conf\n', 'include /custom/path.conf\n'],
                              ['/etc/ld.so.conf.d/*.conf', '/custom/path.conf'], []),
+                            (['include ld.so.conf.d/*.conf\n', '#include /custom/path.conf\n', '#/custom/path.conf\n'],
+                             ['/etc/ld.so.conf.d/*.conf'], []),
                             ([' \n'],
                              [], [])
                          ])
@@ -99,27 +101,75 @@ def mocked_read_file(path):
     assert _other_lines == other_lines
 
 
-@pytest.mark.parametrize(('config_path', 'run_result', 'package_exists', 'is_custom'),
+@pytest.mark.parametrize(('config_path', 'package_name', 'run_result', 'is_modified'),
                          [
-                            ('/etc/ld.so.conf.d/dyninst-x86_64.conf', 'dyninst', True, False),
-                            ('/etc/ld.so.conf.d/somelib.conf', CalledProcessError, False, True),
-                            ('/etc/custom/custom.conf', 'custom', False, True)
+                            ('/etc/ld.so.conf.d/dyninst-x86_64.conf', 'dyninst',
+                             '.......T.  c /etc/ld.so.conf.d/dyninst-x86_64.conf', False),
+                            ('/etc/ld.so.conf.d/dyninst-x86_64.conf', 'dyninst',
+                             'S.5....T.  c /etc/ld.so.conf.d/dyninst-x86_64.conf', True),
+                            ('/etc/ld.so.conf.d/kernel-3.10.0-1160.el7.x86_64.conf', 'kernel',
+                             '', False)
                          ])
-def test_is_included_ld_so_config_custom(monkeypatch, config_path, run_result, package_exists, is_custom):
+def test_is_modified(monkeypatch, config_path, package_name, run_result, is_modified):
+    def mocked_run(command):
+        assert package_name in command
+        if run_result:
+            raise CalledProcessError("message", command, {'stdout': run_result})
+        return ''
+
+    monkeypatch.setattr(checkldsoconfiguration, 'run', mocked_run)
+
+    _is_modified = checkldsoconfiguration._is_modified(config_path, package_name)
+    assert _is_modified == is_modified
+
+
+@pytest.mark.parametrize(('config_path',
+                          'config_contents', 'run_result',
+                          'is_installed_rh_signed_package', 'is_modified', 'has_effective_lines'),
+                         [
+                            ('/etc/ld.so.conf.d/dyninst-x86_64.conf',
+                             ['/usr/lib64/dyninst\n'], 'dyninst',
+                             True, False, True),  # RH sighend package without modification - Not custom
+                            ('/etc/ld.so.conf.d/dyninst-x86_64.conf',
+                             ['/usr/lib64/my_dyninst\n'], 'dyninst',
+                             True, True, True),  # Was modified by user - Custom
+                            ('/etc/custom/custom.conf',
+                             ['/usr/lib64/custom'], 'custom',
+                             False, None, True),  # Third-party package - Custom
+                            ('/etc/custom/custom.conf',
+                             ['#/usr/lib64/custom\n'], 'custom',
+                             False, None, False),  # Third-party package without effective lines - Not custom
+                            ('/etc/ld.so.conf.d/somelib.conf',
+                             ['/usr/lib64/somelib\n'], CalledProcessError,
+                             None, None, True),  # User created configuration file - Custom
+                            ('/etc/ld.so.conf.d/somelib.conf',
+                             ['#/usr/lib64/somelib\n'], CalledProcessError,
+                             None, None, False)  # User created configuration file without effective lines - Not custom
+                         ])
+def test_is_included_ld_so_config_custom(monkeypatch, config_path, config_contents, run_result,
+                                         is_installed_rh_signed_package, is_modified, has_effective_lines):
     def mocked_run(command):
         assert config_path in command
         if run_result and not isinstance(run_result, str):
-            raise CalledProcessError("message", ["command"], "result")
+            raise CalledProcessError("message", command, "result")
         return {'stdout': run_result}
 
     def mocked_has_package(model, package_name):
         assert model is InstalledRedHatSignedRPM
         assert package_name == run_result
-        return package_exists
+        return is_installed_rh_signed_package
+
+    def mocked_read_file(path):
+        assert path == config_path
+        return config_contents
 
     monkeypatch.setattr(checkldsoconfiguration, 'run', mocked_run)
     monkeypatch.setattr(checkldsoconfiguration, 'has_package', mocked_has_package)
+    monkeypatch.setattr(checkldsoconfiguration, '_read_file', mocked_read_file)
+    monkeypatch.setattr(checkldsoconfiguration, '_is_modified', lambda *_: is_modified)
     monkeypatch.setattr(os.path, 'isfile', lambda _: True)
 
     result = checkldsoconfiguration._is_included_ld_so_config_custom(config_path)
+    is_custom = not isinstance(run_result, str) or not is_installed_rh_signed_package or is_modified
+    is_custom &= has_effective_lines
     assert result == is_custom