Add detection for third-party target Python modules

[tomasfratrik]

Introduce actors to detect presence of third-party
Python modules installed for target Python. Those modules could
interfere with the upgrade process or cause issues after rebooting
into the target system.

Scanner (scanthirdpartytargetpythonmodules):
- Identifies the target Python interpreter
- Queries the target Python's sys.path to determine where it searches
  for modules
- Recursively scans these directories for Python files (.py, .so, .pyc)
- Cross-references found files against the RPM database to determine
  ownership and categorize them

Checker (checkthirdpartytargetpythonmodules) creates a high severity
report to inform users about findings and presents full list of them
 in logs and short version in report.

Jira: RHEL-71882

[github-actions]

Thank you for contributing to the Leapp project!

Please note that every PR needs to comply with the Leapp Guidelines and must pass all tests in order to be mergeable.
If you want to request a review or rebuild a package in copr, you can use following commands as a comment:

• review please @oamg/developers to notify leapp developers of the review request
• /packit copr-build to submit a public copr build using packit

Packit will automatically schedule regression tests for this PR's build and latest upstream leapp build.
However, here are additional useful commands for packit:

• /packit test to re-run manually the default tests
• /packit retest-failed to re-run failed tests manually
• /packit test oamg/leapp#42 to run tests with leapp builds for the leapp PR#42 (default is latest upstream - main - build)

Note that first time contributors cannot run tests automatically - they need to be started by a reviewer.

It is possible to schedule specific on-demand tests as well. Currently 2 test sets are supported, beaker-minimal and kernel-rt, both can be used to be run on all upgrade paths or just a couple of specific ones.
To launch on-demand tests with packit:

• /packit test --labels kernel-rt to schedule kernel-rt tests set for all upgrade paths
• /packit test --labels beaker-minimal-8.10to9.4,kernel-rt-8.10to9.4 to schedule kernel-rt and beaker-minimal test sets for 8.10->9.4 upgrade path

See other labels for particular jobs defined in the .packit.yaml file.

Please open ticket in case you experience technical problem with the CI. (RH internal only)

Note: In case there are problems with tests not being triggered automatically on new PR/commit or pending for a long time, please contact leapp-infra.

[tomasfratrik]

Note that current solution doesn't have solution for preventing actual broken system after reboot.
This just introduces concept of an actor (not yet finished and without tests yet)

[karolinku]

/packit copr-build

[pirat89]

It needs yet some changes. See my comments for more details.

[pirat89]

it's a question whether it has a value if third party python modules are listed. but currently they are not listed in the model et

[pirat89]

possibly we could hav ethe list of such third party python modules for the target python version listed here as well

[pirat89]

use please the FMT_LIST_SEPARATOR = '\n - ' here as well - that's for all other logs as well. also I suggest to use the _formatted_list_output function, so the refactoring in future will be easier.

[MichalHe]

Solution looks good logic-wise 👍 . Probably the biggest issue is the code emitting warnings into the upgrade log about something that is considered normal and should not have a potential to negatively impact the upgrade process.

[MichalHe]

What if there are no third party rpms? The output would contain only:

Non-distribution RPM packages detected:

Non-distribution modules detected (list possibly incomplete): ...

Which I think will be confusing for the user.

[karolinku]

This report will be created only if there are found any modules or RPMs, however, you are right that it's possible that only one of it will be present.

[MichalHe]

You are frequently ad-hoc constructing a Path object and then throwing it away (when resolving symlinks, when using rglob). Why not construct it once, and use it where required?

Suggested change

	result = run([python_interpreter, '-c', 'import sys, json; print(json.dumps(sys.path))'])['stdout']
	return json.loads(result)
	result = run([python_interpreter, '-c', 'import sys, json; print(json.dumps(sys.path))'])['stdout']
	raw_paths = json.loads(result)
	paths = [Path(raw_path) for raw_path in raw_paths]
	return paths

[MichalHe]

Files should already be a list of strings, right?

Suggested change

	third_party_files.extend([str(f) for f in files])
	third_party_files.extend(files)

[MichalHe]

The name is confusing, I was not sure whether these files come from signed or unsigned RPMs (= whether they are problematic or not)

Suggested change

	third_party_rpms, rpm_owned_files = identify_unsigned_rpms(rpms_to_check)
	third_party_rpms, unsigned_rpm_files = identify_unsigned_rpms(rpms_to_check)