From 1d5df1a90560f4ddb944633b59805fa6008a1a87 Mon Sep 17 00:00:00 2001
From: Martin Pitt <martin@piware.de>
Date: Wed, 13 Nov 2024 17:39:45 +0100
Subject: [PATCH 1/3] images: Move rhel-10-0 from beta to final

---
 images/scripts/rhel-10-0.bootstrap | 2 +-
 images/scripts/rhel.setup          | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/images/scripts/rhel-10-0.bootstrap b/images/scripts/rhel-10-0.bootstrap
index ebb1f319fa..43b7d397d9 100755
--- a/images/scripts/rhel-10-0.bootstrap
+++ b/images/scripts/rhel-10-0.bootstrap
@@ -1,7 +1,7 @@
 #!/bin/bash
 set -ex
 
-URL=http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10/compose/BaseOS/x86_64/images/
+URL=http://download.devel.redhat.com/rhel-10/nightly/RHEL-10/latest-RHEL-10/compose/BaseOS/x86_64/images/
 IMAGE=$(curl -L -s "$URL" | sed -n '/<a href=.*rhel-guest-image.*qcow2"/ { s/^.*href="//; s_".*$__; p }')
 [ -n "$IMAGE" ]
 
diff --git a/images/scripts/rhel.setup b/images/scripts/rhel.setup
index 4aaee217b2..f0e5896add 100755
--- a/images/scripts/rhel.setup
+++ b/images/scripts/rhel.setup
@@ -62,7 +62,6 @@ EOF
         case "$VERSION" in
             10.0)
                 VERSION=10
-                RELSUFFIX="-Public-Beta"
                 TREE=nightly;
                 UPDATES="" ;;
 

From 3ccb672625008d2917c68ce8ab0c59afbc51034c Mon Sep 17 00:00:00 2001
From: Martin Pitt <martin@piware.de>
Date: Thu, 14 Nov 2024 11:47:48 +0100
Subject: [PATCH 2/3] images: Install kernel with fixed FIPS on rhel-10-0

Current nightly RHEL 10 images oops the kernel in FIPS mode
(https://issues.redhat.com/browse/RHEL-65498). This breaks Cockpit's
crypto-policies tests in a really awkward way that takes > 15 minutes to
eventually fail, and so handling this through a naughty is awkward.
Install the fixed kernel instead.

This automatically becomes a no-op as soon as the next kernel lands.
---
 images/scripts/rhel.setup | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/images/scripts/rhel.setup b/images/scripts/rhel.setup
index f0e5896add..a64caa0416 100755
--- a/images/scripts/rhel.setup
+++ b/images/scripts/rhel.setup
@@ -297,6 +297,12 @@ stratisd
 
 dnf install -y $TEST_PACKAGES $COCKPIT_DEPS $IPA_CLIENT_PACKAGES
 
+# HACK: broken kernel which oopses with FIPS (https://issues.redhat.com/browse/RHEL-65498); failing and recovering
+# takes ages, so too expensive/intrusive for a naughty to work around; install the proposed fix instead
+if  [ "$IMAGE" = "rhel-10-0" ] && [ "$(uname -r)" = "6.11.0-28.el10.x86_64" ]; then
+    dnf update -y https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1538040565/publish_x86_64/8332871928/artifacts/repo/6.11.0-29.3_1538040423.el10.x86_64/kernel-6.11.0-29.3_1538040423.el10.x86_64.rpm https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1538040565/publish_x86_64/8332871928/artifacts/repo/6.11.0-29.3_1538040423.el10.x86_64/kernel-core-6.11.0-29.3_1538040423.el10.x86_64.rpm https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1538040565/publish_x86_64/8332871928/artifacts/repo/6.11.0-29.3_1538040423.el10.x86_64/kernel-modules-6.11.0-29.3_1538040423.el10.x86_64.rpm https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1538040565/publish_x86_64/8332871928/artifacts/repo/6.11.0-29.3_1538040423.el10.x86_64/kernel-modules-core-6.11.0-29.3_1538040423.el10.x86_64.rpm https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1538040565/publish_x86_64/8332871928/artifacts/repo/6.11.0-29.3_1538040423.el10.x86_64/kernel-tools-6.11.0-29.3_1538040423.el10.x86_64.rpm https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1538040565/publish_x86_64/8332871928/artifacts/repo/6.11.0-29.3_1538040423.el10.x86_64/kernel-tools-libs-6.11.0-29.3_1538040423.el10.x86_64.rpm https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1538040565/publish_x86_64/8332871928/artifacts/repo/6.11.0-29.3_1538040423.el10.x86_64/python3-perf-6.11.0-29.3_1538040423.el10.x86_64.rpm
+fi
+
 # HACK: wireguard-tools pulls in systemd-resolved, but installing that doesn't start the service,
 # thus breaking DNS; https://issues.redhat.com/browse/RHEL-37686
 if  [ "$IMAGE" = "centos-10" ] || [ "${IMAGE#rhel-10*}" != "$IMAGE" ]; then

From 582eaaf2660068d73cf8c07d7b3fd977c6d1c27c Mon Sep 17 00:00:00 2001
From: Cockpituous <cockpituous@cockpit-project.org>
Date: Thu, 14 Nov 2024 11:09:09 +0000
Subject: [PATCH 3/3] images: Update rhel-10-0 image

---
 images/rhel-10-0 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/images/rhel-10-0 b/images/rhel-10-0
index e5ce80a534..bbdda78cf0 120000
--- a/images/rhel-10-0
+++ b/images/rhel-10-0
@@ -1 +1 @@
-rhel-10-0-4e8c386eb2dd8ab4dfa34f1bfa7f40a75f7703cea277006aab04f639e3a39415.qcow2
\ No newline at end of file
+rhel-10-0-75945efa4e06aeb0580a7b30b34af653145209e36bcd7070cd896067621f6b2b.qcow2
\ No newline at end of file