comps
commented
1 month ago Added a condition to exclude RHEL-8 after a brief message with Evgeny - we probably want to support/test RHEL-9 in addition to RHEL-10.
One last step is to add waivers.
Closed comps closed 3 weeks ago
comps
commented
1 month ago Added a condition to exclude RHEL-8 after a brief message with Evgeny - we probably want to support/test RHEL-9 in addition to RHEL-10.
One last step is to add waivers.
comps
commented
1 month ago I didn't join the /hardening/anaconda waivers with /hardening/kickstart because
/hardening/anacondacomps
commented
3 weeks ago Changed /hardening/image-builder to be more like the kickstart test,
--- hardening/kickstart/test.py 2024-08-08 21:21:32.803772075 +0200
+++ hardening/image-builder/test.py 2024-08-15 13:38:57.474565165 +0200
@@ -3,3 +3 @@
-import os
-
-from lib import util, results, virt, oscap
+from lib import results, oscap, osbuild, util
@@ -9 +7 @@
-virt.Host.setup()
+osbuild.Host.setup()
@@ -11 +9 @@
-g = virt.Guest()
+g = osbuild.Guest()
@@ -18 +16 @@
-# tell the 'oscap xccdf eval --remediate' in %post to use it
+# tell the 'oscap xccdf eval --remediate' called by osbuild-composer to use it
@@ -24 +22 @@
- 'fix', '--fix-type', 'kickstart',
+ 'fix', '--fix-type', 'blueprint',
@@ -28,4 +26 @@
-ks = virt.translate_oscap_kickstart(lines, '/root/remediation-ds.xml')
-
-if os.environ.get('USE_SERVER_WITH_GUI'):
- ks.packages.append('@Server with GUI')
+blueprint = osbuild.translate_oscap_blueprint(lines, '/root/remediation-ds.xml')
@@ -33 +28 @@
-g.install(kickstart=ks, rpmpack=rpmpack)
+g.create(blueprint=blueprint, rpmpack=rpmpack)
@@ -52 +47 @@
-results.report_and_exit(logs=['report.html', 'results-arf.xml.gz'])
+results.report_and_exit(logs=['report.html', 'results-arf.xml.gz', g.osbuild_log])
(Probably best to go commit-by-commit - the early ones are about cleanup.)
The image-builder (osbuild) rework is mainly to unify the API with
/hardening/kickstart. I would have done the same for/hardening/anaconda, but (IIRC) openscap%addoncannot readfile://URLs or point to local files on the installed OS, it can only reliably use remote HTTP URLs.