From 7d4a71a97701f55da94796c7ea6720e413a22de7 Mon Sep 17 00:00:00 2001
From: Slawomir Strehlau <slawomir.strehlau@intel.com>
Date: Wed, 23 Jun 2021 07:22:04 -0400
Subject: [build][centos8] Update versions of dependencies

The varnish and intel-cmt-cat v3.x packages have been flagged as insecure.
``dnf builddep collectd`` was installing the deps for the 5.8 version of
collectd from the epel repo, which included these vulnerable packages.
The build scripts for centos 8 have been updated to unstall dependencies
from opstools instead, which provide a newer version of collectd.

Change-Id: I3d2a1496e3524c4bf7bd56ecbd11e7ceeed01f01
Signed-off-by: Slawomir Strehlau <slawomir.strehlau@intel.com>
Signed-off-by: Emma Foley <efoley@redhat.com>
---
 systems/centos/8/build_base_machine.sh | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/systems/centos/8/build_base_machine.sh b/systems/centos/8/build_base_machine.sh
index f345e677..1a590841 100755
--- a/systems/centos/8/build_base_machine.sh
+++ b/systems/centos/8/build_base_machine.sh
@@ -28,17 +28,14 @@ dnf -y update
 
 # For collectd
 dnf install -y yum-utils
-dnf install -y epel-release
 dnf install -y centos-release-opstools
 
 # For CentOS 8, a lot of the dependencies are from PowerTools repo
 dnf install -y 'dnf-command(config-manager)' &&  dnf config-manager --set-enabled powertools
 
-dnf builddep -y collectd
-
-# CentOS 8 doesn't have intel-cmt-cat-devel packaged, so use the version from CentOS7
-dnf install -y http://mirror.centos.org/centos/7/os/x86_64/Packages/intel-cmt-cat-3.0.1-1.el7.x86_64.rpm \
-     http://mirror.centos.org/centos/7/os/x86_64/Packages/intel-cmt-cat-devel-3.0.1-1.el7.x86_64.rpm
+# Use collectd.spec from centos-opstools to install deps since
+# ``dnf builddep -y collectd`` isn't finding collectd in centos-opstools
+dnf builddep -y https://raw.githubusercontent.com/centos-opstools/collectd/master/collectd.spec
 
 # Install required packages
 dnf -y install $(echo "
@@ -85,10 +82,9 @@ qpid-proton-c-devel
 # ping collectd-6
 liboping-devel
 
-#install epel release required for git-review
-epel-release
-python3-libvirt
 python3-pip
 python36-devel
 numactl-devel
+intel-cmt-cat
+intel-cmt-cat-devel
 " | grep -v ^#)
-- 
cgit 1.2.3-korg