Fix product=="rhel9" equality gates for almalinux9; enable auto_increment
Step 4 only rewrote the list-membership form (product in [...,"rhel9"]), so the shared rules using the equality form (product == "rhel9") fell through to the generic else branch for almalinux9. Most visibly, configure_custom_crypto_policy_cis dropped NO-SSHWEAKCIPHERS/NO-SSHWEAKMACS/ NO-WEAKMAC/NO-RPMSHA1, weakening the CIS crypto remediation vs the rhel9 base (no hard failure since NO-SHA1 still ships on EL9). Now almalinux9 follows the rhel9 branch. Also set auto_increment on the .alma.1 release suffix.
This commit is contained in:
parent
40d9eaa713
commit
33778642ca
@ -47,6 +47,7 @@ actions:
|
||||
- modify_release:
|
||||
- suffix: ".alma.1"
|
||||
enabled: true
|
||||
auto_increment: true
|
||||
|
||||
- changelog_entry:
|
||||
- name: "Andrew Lukoshko"
|
||||
|
||||
@ -29,9 +29,20 @@ find ./shared -type f -exec sed -i \
|
||||
-e 's|<platform>multi_platform_rhel</platform>|<platform>multi_platform_rhel</platform>\n<platform>multi_platform_almalinux</platform>|g' {} \;
|
||||
|
||||
# 4. Improve Ansible support in conditionals
|
||||
# Two product-gating idioms are used in the shared rule templates:
|
||||
# - list membership: {% if product in [..., "rhel9"] %}
|
||||
# - equality: {% if product == "rhel9" %}
|
||||
# The list form is rewritten below. The equality form is NOT a substring of
|
||||
# the list form, so it must be handled separately, otherwise almalinux9
|
||||
# silently falls through to the generic `else` branch of those rules (e.g.
|
||||
# configure_custom_crypto_policy_cis drops NO-SSHWEAKCIPHERS/NO-SSHWEAKMACS/
|
||||
# NO-WEAKMAC/NO-RPMSHA1, weakening the CIS crypto remediation vs the rhel9 base).
|
||||
find ./linux_os -type d -name ensure_redhat_gpgkey_installed -prune -o -type f -exec sed -i \
|
||||
-e '/if product in/ s/"rhel9"/"rhel9", "almalinux9"/g' {} \;
|
||||
|
||||
find ./linux_os ./shared -type d -name ensure_redhat_gpgkey_installed -prune -o -type f -exec sed -i -E \
|
||||
-e 's/product == (["'\''])rhel9\1/(product == \1rhel9\1 or product == \1almalinux9\1)/g' {} \;
|
||||
|
||||
# 5. Add disa references symlinks for AlmaLinux
|
||||
for xml in $(find shared/references/ -type f -name 'disa-stig-rhel*.xml'); do
|
||||
target="$(echo "$xml" | sed 's/rhel/almalinux/g')"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user