Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rhel9 content paths #227

Merged
merged 3 commits into from
Nov 24, 2022
Merged

Rhel9 content paths #227

merged 3 commits into from
Nov 24, 2022

Conversation

matejak
Copy link
Contributor

@matejak matejak commented Nov 22, 2022

Description:

Port of #225 to RHEL9. From its description:

Archives and ready-to-use content use paths differently.

Archives get unpacked into a directory, where they need to be unpacked, analyzed, and cross-checked with e.g. the supplied content path, whereas ready-to-use content can be used directly.

As the current codebase doesn't untangle all possible ways how to obtain existing content in a way of decomposing those into layers, this change just makes the current code working at the expense of making it worse to maintain.

Rationale:

  • Before this PR, the simple use case of hardening a system with the system content was not working.

Review Hints:

The PR makes use of the preinst_content_path that refers to absolute filepaths. content_path was supplied by users in case of archives, and represented the relative path to the content file in the context of the archive. In order to make it work, conversion of absolute filenames to relative filenames in the dictionary holding file labels has been dropped, and a subsequent "absolutization" of paths could be dropped too.
However, as the code assumes that the contents of content_path is always relative in case of archives and RPMs, this had to be moved to the method use_downloaded_content.

@matejak matejak added this to the 2.1.0 milestone Nov 22, 2022
@matejak
Fix handling of content paths
e2c4742 
Archives and ready-to-use content use paths differently.

Archives get unpacked into a directory, where they need to be unpacked,
analyzed, and cross-checked with e.g. the supplied content path,
whereas ready-to-use content can be used directly.

As the current codebase doesn't untangle all possible ways how to obtain
existing content in a way of decomposing those into layers, this change
just makes the current code working at the expense of making it worse to
maintain.
@matejak
Compare paths according to their equivalence
9808e21 
not according their arbitrary string form
@matejak matejak force-pushed the rhel9_content_paths branch 6 times, most recently from da465c7 to 3da51d4 Compare November 22, 2022 16:07
@matejak matejak force-pushed the rhel9_content_paths branch from 3da51d4 to b422abb Compare November 23, 2022 13:16
@matejak matejak marked this pull request as ready for review November 23, 2022 13:16
@scrutinizer-notifier
Copy link

The inspection completed: 4 updated code elements

@jan-cerny jan-cerny self-assigned this Nov 24, 2022
@jan-cerny
Copy link
Member

I have verified that this PR fixes the installation fail when using content-type = scap-security-guide in the %addon org_fedora_oscap section in the kickstart. I tested that with both text and GUI installation of RHEL 9.1. In both cases it worked as expected and the installations finished successfully. I used the following command: virt-install --connect qemu:///system --name oaa_test_rhel9 --memory 4096 --vcpus 2 --disk size=8 --os-variant rhel9.1 --location http://YOUR_URL/released/rhel-9/RHEL-9/9.1.0/BaseOS/x86_64/os/ -x inst.ks=http://192.168.122.1:8000/rhel9_ks_with_ssg.cfg -x inst.updates=http://192.168.122.1:8000/update.img --network default

Then, I checked the installation with content-type = rpm in the %addon org_fedora_oscap section in the kickstart. I tested that with both text and GUI installation of RHEL 9.1. I used the scap-security-guide-0.1.64-1.fc36.noarch.rpm RPM as external content served via http. I used the same command as above, only with a different kickstart file name. These also went fine and worked as expected.

@jan-cerny jan-cerny merged commit 84c8b3f into OpenSCAP:rhel9-branch Nov 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny jan-cerny approved these changes

Assignees

@jan-cerny jan-cerny

Labels
None yet
Projects
None yet
Milestone
2.1.0
Development

Successfully merging this pull request may close these issues.
3 participants
@matejak @scrutinizer-notifier @jan-cerny