search

cloudigrade / houndigrade

Tool for inspecting mounted volumes for presence of Red Hat software
GNU General Public License v3.0
1 stars 2 forks source link

Looking for 69.pem in all the wrong places #100

Closed ghost closed 3 years ago

ghost commented 3 years ago

In GitLab by @infinitewarp on Feb 22, 2019, 18:57

Summary

houndigrade looks for 69.pem in /etc/pki/product/, but sometimes that file lives elsewhere.

Steps to Reproduce

  1. start an EC2 instance with RHEL7 from the marketplace
  2. ssh into the running instance
  3. sudo find /etc/pki -name 69.pem

Expected Result

Actual Result

Additional context

/etc/pki/product/ is the path we were given in #34.

houndigrade only looks in /etc/pki/product/ for 69.pem which means if houndigrade were to inspect an image set up like this marketplace image, it would not identify as RHEL-positive for product certs.

Yes, I'm aware that we don't inspect marketplace images. However, if this image has 69.pem not under our expected path, I think it's likely other customer installations may also.

Perhaps we should just look recursively under /etc/pki/.

QE says adding unit tests should be sufficient for verification. No need to expand the integration test suite.

ghost commented 3 years ago

In GitLab by @infinitewarp on Feb 22, 2019, 21:39

Based on outside conversations, it seems that the expected location of this file has moved in RHEL 7.6 and 8.0 to this product-default path. We should check in both the old and new paths going forward.

ghost commented 3 years ago

In GitLab by @infinitewarp on Feb 26, 2019, 15:08

We had a chat with Dan about this, and we believe that the pem file should always only live in one of two places: /etc/pki/product/ or /etc/pki/product-default/.

So, let's simply check both. No need for recursive or wildcard patterns.

ghost commented 3 years ago

In GitLab by @infinitewarp on Feb 26, 2019, 15:08

changed the description

ghost commented 3 years ago

In GitLab by @infinitewarp on Feb 26, 2019, 15:11

changed the description

ghost commented 3 years ago

In GitLab by @werwty on Mar 4, 2019, 10:19

assigned to @werwty

ghost commented 3 years ago

In GitLab by @werwty on Mar 5, 2019, 13:17

mentioned in commit ae648d71b33b3e3919d1dfd1c170279c141d3e80

ghost commented 3 years ago

In GitLab by @infinitewarp on Mar 5, 2019, 14:29

mentioned in merge request !74

ghost commented 3 years ago

In GitLab by @infinitewarp on Mar 21, 2019, 14:37

:ship: :it:

ghost commented 3 years ago

In GitLab by @infinitewarp on Mar 21, 2019, 14:37

closed