From b2ad00cb66bd38ec6179d3bd1bf41556b966dc8c Mon Sep 17 00:00:00 2001
From: Alfredo Moralejo <amoralej@redhat.com>
Date: Wed, 24 May 2023 21:03:28 +0200
Subject: [PATCH] Use RDO official CloudSIG mirrors for C9S deployments

Instead of using RDO Trunk repo server, CentOS official mirrors provide
a most reliable infrastructure and supports EMS which is required when
enabling FIPS in C9S.

In order to install the rdo-release rpm from repo.fedoraproject.org,
which does not support EMS, I'm using a workaround to wget, which works
with non-EMS servers because it uses gnutls instead of openssl, and
install it locally with rpm.

This is also consistent to CentOS 8 implementatioin.

Closes-Bug: #2020661
Closes-Bug: #2020434
Change-Id: Icd99f467d47aaafaaf3ee8f2a3c4da08842cb672
---
 stack.sh | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/stack.sh b/stack.sh
index be3c9dda11..1d32ed8156 100755
--- a/stack.sh
+++ b/stack.sh
@@ -311,7 +311,22 @@ function _install_rdo {
             sudo dnf -y install https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el8.rpm
         fi
     elif [[ $DISTRO == "rhel9" ]]; then
-        sudo curl -L -o /etc/yum.repos.d/delorean-deps.repo http://trunk.rdoproject.org/centos9-master/delorean-deps.repo
+        install_package wget
+        # We need to download rdo-release package using wget as installing with dnf from repo.fedoraproject.org fails in
+        # FIPS enabled systems after https://bugzilla.redhat.com/show_bug.cgi?id=2157951
+        # Until we can pull rdo-release from a server which supports EMS, this workaround is doing wget, which does
+        # not relies on openssl but on gnutls, and then install it locally using rpm
+        TEMPRDODIR=$(mktemp -d)
+        if [[ "$TARGET_BRANCH" == "master" ]]; then
+            # rdo-release.el9.rpm points to latest RDO release, use that for master
+            wget -P $TEMPRDODIR  https://rdoproject.org/repos/rdo-release.el9.rpm
+        else
+            # For stable branches use corresponding release rpm
+            rdo_release=$(echo $TARGET_BRANCH | sed "s|stable/||g")
+            wget -P $TEMPRDODIR https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el9.rpm
+        fi
+        sudo rpm -ivh $TEMPRDODIR/rdo-release*rpm
+        rm -rf $TEMPRDODIR
     fi
     sudo dnf -y update
 }