# RHEL 8

## Subscriptions

```bash
# Re-up subscription
subscription-manager register
subscription-manager release --show
subscription-manager release --set=8_10
```

`dnf update` will sometimes throw an error like:

```bash
Updating Subscription Management repositories.
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)                                       0.0  B/s |   0  B     00:00    
Errors during downloading metadata for repository 'rhel-8-for-x86_64-baseos-rpms':
  - Curl error (77): Problem with the SSL CA cert (path? access rights?) for https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml [error setting certificate verify locations:
  CAfile: %(ca_cert_dir)sredhat-uep.pem
  CApath: none]
Error: Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-rpms': Cannot download repomd.xml: Curl error (77): Problem with the SSL CA cert (path? access rights?) for https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml [error setting certificate verify locations:
  CAfile: %(ca_cert_dir)sredhat-uep.pem
  CApath: none]
```

It can be fixed by adding the correct details to /etc/rhsm/rhsm.conf

<https://access.redhat.com/solutions/7098119>

```bash
# /etc/rhsm/rhsm.conf

[rhsm]
# Content base URL:
baseurl = https://cdn.redhat.com

# Repository metadata GPG key URL:
repomd_gpg_url =

# Server CA certificate location:
ca_cert_dir = /etc/rhsm/ca/

# Default CA cert to use when generating yum repo configs:
repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem
```

## DNF Repo Hotfixes

Fixes an issue where dnf would fail to install a package due to multiple
modules or "conflicting requests" or "filtered out by modular filtering".

<https://dnf.readthedocs.io/en/latest/modularity.html#hotfix-repositories>

```ini
# Add this to all conflicting rpm sources in /etc/yum.repos.d
module_hotfixes=1
```

## Patching an RPM

### Creating the patch

1. Create your patch by checking out the tag matching the rpm version of the software you want to patch
2. Cherry pick the commits you want to patch in: `git cherry-pick 3392a857c^..782a6dd54 --strategy-option=theirs`
3. Create a diff: `git format-patch  20ddeab85^..0cf92b3d4 --stdout > p11child.patch`
4. Copy the patch to your rhel instance

### Applying the patch

1. Enable the `codeready-builder-for-...-source-rpms` rpm source in `/etc/yum.repos.d/redhat.repo`
2. For RHEL 8: Add `module_hotfixes=1` to appstream and codebuild in `/etc/yum.repos.d/redhat.repo`
3. `dnf download --source sssd`
4. `rpm -i sssd-2.9.4-5.el8_10.2.src.rpm`
5. `cd rpmbuild/SPECS`
6. Edit `sssd.spec` and change `Release: 5%{?dist}.2` to match your release: e.g. `Release: 5%{?dist}_10.2`
7. `dnf builddep sssd.spec`
8. `rpmbuild -bb sssd.spec --nocheck`
9. `cd ~/rpmbuild/RPMS/x86_64`
10. For RHEL 8 `rpm -ivh ./sssd-2.9.4-5.el8_10.2.x86_64.rpm --force`
11. For RHEL 9 `dnf install ./sssd-2.9.4-5.el8_10.2.x86_64.rpm`

## VM Passthrough

If you get "device or resource busy" while trying to pass through a smart card
to a VM, you'll probably need to `systemctl stop pcscd` on the host.