diff --git a/config.yaml b/config.yaml index 1830d6b..12c4d0a 100644 --- a/config.yaml +++ b/config.yaml @@ -47,6 +47,7 @@ actions: - modify_release: - suffix: ".alma.1" enabled: true + auto_increment: true - changelog_entry: - name: "Andrew Lukoshko" diff --git a/files/add-almalinux9-support.sh b/files/add-almalinux9-support.sh index 9cb5a6e..834e1e9 100644 --- a/files/add-almalinux9-support.sh +++ b/files/add-almalinux9-support.sh @@ -29,9 +29,20 @@ find ./shared -type f -exec sed -i \ -e 's|multi_platform_rhel|multi_platform_rhel\nmulti_platform_almalinux|g' {} \; # 4. Improve Ansible support in conditionals +# Two product-gating idioms are used in the shared rule templates: +# - list membership: {% if product in [..., "rhel9"] %} +# - equality: {% if product == "rhel9" %} +# The list form is rewritten below. The equality form is NOT a substring of +# the list form, so it must be handled separately, otherwise almalinux9 +# silently falls through to the generic `else` branch of those rules (e.g. +# configure_custom_crypto_policy_cis drops NO-SSHWEAKCIPHERS/NO-SSHWEAKMACS/ +# NO-WEAKMAC/NO-RPMSHA1, weakening the CIS crypto remediation vs the rhel9 base). find ./linux_os -type d -name ensure_redhat_gpgkey_installed -prune -o -type f -exec sed -i \ -e '/if product in/ s/"rhel9"/"rhel9", "almalinux9"/g' {} \; +find ./linux_os ./shared -type d -name ensure_redhat_gpgkey_installed -prune -o -type f -exec sed -i -E \ + -e 's/product == (["'\''])rhel9\1/(product == \1rhel9\1 or product == \1almalinux9\1)/g' {} \; + # 5. Add disa references symlinks for AlmaLinux for xml in $(find shared/references/ -type f -name 'disa-stig-rhel*.xml'); do target="$(echo "$xml" | sed 's/rhel/almalinux/g')"