Testing farm CS 9 job broken

[jan-cerny]

Description of problem:

The test /Sanity/ansible-machine-hardening/ospp fails because the Ansible Playbook fails to install the required package.

The reason is most likely that the test runs OSPP hardening and it sets the system-wide cryptography policies to FIPS:OSPP, however, after the update of crypto-policies package in CentOS Stream 9 to version crypto-policies-20230920-1.git8dcf74d.el9.noarch, the cryptography policy disables some algorithms that are probably used by the repository infrastructure, effectively preventing the system from installing any package using dnf.

SCAP Security Guide Version:

Current upstream master branch as of 2023-10-05 as of HEAD 86020819fb9157ec86302dbc651411057ea76817

Operating System Version:

CentOS Stream 9

Steps to Reproduce:

1. Open a PR in this repository
2. See the testing-farm:centos-stream-9-x86_64 action details

Actual Results:

TASK [Ensure gnutls-utils is installed] ****************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to download packages: unbound-libs-1.16.2-3.el9.x86_64: Cannot download, all mirrors were already tried without success", "results": []}

Expected Results:

Ansible Playbook finishes and as a result the test passes.

Additional Information/Debugging Steps:

No

[jan-cerny]

This has been worked around by https://src.fedoraproject.org/tests/scap-security-guide/pull-request/42 and https://src.fedoraproject.org/tests/scap-security-guide/pull-request/43.