autopatch/scap-security-guide
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Sync with a10

Browse Source
This commit is contained in:
Andrew Lukoshko 2026-04-01 08:36:52 +00:00
parent 1d9d8566a0
commit 461bf22a2f
6 changed files with 384 additions and 5469 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
config.yaml
View File

@ -1,17 +1,37 @@
actions:
- add_files:
- type: "source"
name: "add-almalinux10-support.sh"
number: 9001
- type: "patch"
name: "1001-add-almalinux10-os-detection.patch"
number: 1001
- type: "patch"
name: "1002-update-ensure-almalinux-gpgkey-installed-for-10.patch"
number: 1002
- type: "patch"
name: "1003-exclude-almalinux-from-pqc-gpgkey-check.patch"
number: 1003
- replace:
- target: "spec"
find: |
%if 0%{?centos}
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON -DSSG_SCE_ENABLED:BOOL=ON
%endif
find: "%autosetup -p1"
replace: |
%if 0%{?centos}
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON -DSSG_SCE_ENABLED:BOOL=ON
%endif
%if 0%{?almalinux}
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_ALMALINUX%{rhel}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_SCE_ENABLED:BOOL=ON
%endif
%autosetup -p1
bash %{SOURCE9001}
count: 1
- target: "spec"
find: |
%if 0%{?centos}
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON -DSSG_SCE_ENABLED:BOOL=ON
%endif
replace: |
%if 0%{?centos}
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON -DSSG_SCE_ENABLED:BOOL=ON
%endif
%if 0%{?almalinux}
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_ALMALINUX%{rhel}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_SCE_ENABLED:BOOL=ON
%endif
count: 1
- modify_release:
@ -23,8 +43,3 @@ actions:
email: "alukoshko@almalinux.org"
line:
- "Add AlmaLinux 10 support"
- add_files:
- type: "patch"
name: "scap-security-guide-add-almalinux10-product.patch"
number: 1000

67
files/1001-add-almalinux10-os-detection.patch Normal file
View File

@ -0,0 +1,67 @@
From 11a53afdfb0e69e8d2773b078f0a2816a9e015c0 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@cloudlinux.com>
Date: Tue, 15 Jul 2025 08:59:00 +0000
Subject: [PATCH] Add AlmaLinux OS 10 detection
---
.../oval/shared.xml | 2 +-
.../oval/installed_OS_is_almalinux10.xml | 34 +++++++++++++++++++
2 files changed, 35 insertions(+), 1 deletion(-)
create mode 100644 shared/checks/oval/installed_OS_is_almalinux10.xml
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
index a028877c1..fd4e433c1 100644
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
@@ -4,7 +4,7 @@
The operating system installed on the system is supported by a vendor that provides security patches.
", rule_title=rule_title) }}}
<criteria comment="Installed operating system is supported by a vendor" operator="OR">
- <extend_definition comment="Installed OS is ALMALINUX9" definition_ref="installed_OS_is_almalinux9" />
+ <extend_definition comment="Installed OS is ALMALINUX10" definition_ref="installed_OS_is_almalinux10" />
<extend_definition comment="Installed OS is RHEL8" definition_ref="installed_OS_is_rhel8" />
<extend_definition comment="Installed OS is RHEL9" definition_ref="installed_OS_is_rhel9" />
<extend_definition comment="Installed OS is RHEL10" definition_ref="installed_OS_is_rhel10" />
diff --git a/shared/checks/oval/installed_OS_is_almalinux10.xml b/shared/checks/oval/installed_OS_is_almalinux10.xml
new file mode 100644
index 000000000..34f942d90
--- /dev/null
+++ b/shared/checks/oval/installed_OS_is_almalinux10.xml
@@ -0,0 +1,34 @@
+<def-group>
+ <definition class="inventory" id="installed_OS_is_almalinux10" version="3">
+ <metadata>
+ <title>AlmaLinux OS 10</title>
+ <affected family="unix">
+ <platform>multi_platform_all</platform>
+ </affected>
+ <reference ref_id="cpe:/o:almalinux:almalinux:10" source="CPE" />
+ <description>The operating system installed on the system is AlmaLinux OS 10</description>
+ </metadata>
+ <criteria comment="current OS is 10" operator="AND">
+ <extend_definition comment="Installed OS is part of the Unix family" definition_ref="installed_OS_is_part_of_Unix_family" />
+ <criterion comment="AlmaLinux OS is installed" test_ref="test_almalinux" />
+ <criterion comment="AlmaLinux OS 10 is installed" test_ref="test_almalinux10" />
+ </criteria>
+ </definition>
+
+ <unix:file_test check="all" check_existence="all_exist" comment="/etc/almalinux-release exists" id="test_almalinux" version="1">
+ <unix:object object_ref="obj_almalinux" />
+ </unix:file_test>
+ <unix:file_object comment="check /etc/almalinux file" id="obj_almalinux" version="1">
+ <unix:filepath>/etc/almalinux-release</unix:filepath>
+ </unix:file_object>
+
+ <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check Custom OS version" id="test_almalinux10" version="1">
+ <ind:object object_ref="obj_almalinux10" />
+ </ind:textfilecontent54_test>
+ <ind:textfilecontent54_object id="obj_almalinux10" version="1" comment="Check AlmaLinux OS version">
+ <ind:filepath>/etc/almalinux-release</ind:filepath>
+ <ind:pattern operation="pattern match">^AlmaLinux release 10.[0-9]+ .*$</ind:pattern>
+ <ind:instance datatype="int">1</ind:instance>
+ </ind:textfilecontent54_object>
+
+</def-group>
--
2.43.7

89
files/1002-update-ensure-almalinux-gpgkey-installed-for-10.patch Normal file
View File

@ -0,0 +1,89 @@
From b2c41a173e769e3540d080a0fabe6ee52a7e60ec Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@cloudlinux.com>
Date: Tue, 27 May 2025 08:04:50 +0000
Subject: [PATCH] Update ensure_almalinux_gpgkey_installed for 10
---
.../ensure_almalinux_gpgkey_installed/ansible/shared.yml | 6 +++---
.../ensure_almalinux_gpgkey_installed/bash/shared.sh | 2 +-
.../updating/ensure_almalinux_gpgkey_installed/rule.yml | 6 +++---
.../tests/key_installed.pass.sh | 4 ++--
4 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
index add0cd7dd..1cf05952d 100644
--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
@@ -13,7 +13,7 @@
- name: Read signatures in GPG key
# According to /usr/share/doc/gnupg2/DETAILS fingerprints are in "fpr" record in field 10
- ansible.builtin.command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9"
+ ansible.builtin.command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10"
changed_when: False
register: gpg_fingerprints
check_mode: no
@@ -30,9 +30,9 @@
- name: Import AlmaLinux GPG key
ansible.builtin.rpm_key:
state: present
- key: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9
+ key: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10
when:
- gpg_key_directory_permission.stat.mode <= '0755'
- (gpg_installed_fingerprints | difference(gpg_valid_fingerprints)) | length == 0
- gpg_installed_fingerprints | length > 0
- - ansible_distribution == "AlmaLinux" and ansible_distribution_version == "9"
+ - ansible_distribution == "AlmaLinux" and ansible_distribution_version == "10"
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
index f78a6fb82..10b7819c4 100644
--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
@@ -2,7 +2,7 @@
readonly ALMALINUX_RELEASE_FINGERPRINT="{{{ release_key_fingerprint }}}"
# Location of the key we would like to import (once it's integrity verified)
-readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9"
+readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10"
RPM_GPG_DIR_PERMS=$(stat -c %a "$(dirname "$ALMALINUX_RELEASE_KEY")")
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
index e9c73de58..c60a1b027 100644
--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
@@ -8,7 +8,7 @@ description: |-
come from AlmaLinux (and to connect to the AlmaLinux repositories to
receive them), the AlmaLinux GPG key must be properly installed. To install
the AlmaLinux GPG key, run:
- <pre>$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9</pre>
+ <pre>$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10</pre>
rationale: |-
Changes to software components can have significant effects on the overall
@@ -41,8 +41,8 @@ ocil: |-
To ensure that the GPG key is installed, run:
<pre>$ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey</pre>
The command should return the string below:
- <pre>AlmaLinux OS 9 &lt;packager@almalinux.org&gt; public key</pre>
+ <pre>AlmaLinux OS 10 &lt;packager@almalinux.org&gt; public key</pre>
fixtext: |-
Install {{{ full_name }}} GPG key. Run the following command:
- $ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9
+ $ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/tests/key_installed.pass.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/tests/key_installed.pass.sh
index 87b82cb01..ba588f308 100644
--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/tests/key_installed.pass.sh
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/tests/key_installed.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
#
-# platform = AlmaLinux OS 9
+# platform = AlmaLinux OS 10
-rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9
+rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10
--
2.43.7

70
files/1003-exclude-almalinux-from-pqc-gpgkey-check.patch Normal file
View File

@ -0,0 +1,70 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Mon, 31 Mar 2026 00:00:00 +0000
Subject: [PATCH] Exclude AlmaLinux from PQC GPG key check
AlmaLinux does not have PQC keys. Exclude it from the PQC key
conditionals in ensure_redhat_gpgkey_installed to prevent duplicate
OVAL entity IDs when pqc_pkg_version/pqc_pkg_release are empty.
---
.../ensure_redhat_gpgkey_installed/ansible/shared.yml | 4 ++--
.../ensure_redhat_gpgkey_installed/oval/shared.xml | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml
index 1111111..2222222 100644
--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml
@@ -11,7 +11,7 @@
# It should fail if it doesn't find any fingerprints in file - maybe file was not parsed well.
-{{% if "rhel" in families and major_version_ordinal >= 10 %}}
+{{% if "rhel" in families and major_version_ordinal >= 10 and "almalinux" not in product %}}
# RHEL >= 10: Use sq command from sequoia-sq package
- name: "{{{ rule_title }}}: Read signatures in GPG key using sq"
ansible.builtin.command: sq inspect /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
@@ -40,7 +40,7 @@
{{% endif %}}
-{{% if "rhel" in families and major_version_ordinal >= 10 %}}
+{{% if "rhel" in families and major_version_ordinal >= 10 and "almalinux" not in product %}}
- name: "{{{ rule_title }}}: Set Fact - Valid fingerprints (without PQC)"
ansible.builtin.set_fact:
gpg_valid_fingerprints:
diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml
index 3333333..4444444 100644
--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml
+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml
@@ -12,7 +12,7 @@
test_ref="test_redhat_package_gpgkey-{{{ pkg_version }}}-{{{ pkg_release }}}_installed" />
<criterion comment="package gpg-pubkey-{{{ aux_pkg_version }}}-{{{ aux_pkg_release }}} is installed"
test_ref="test_redhat_package_gpgkey-{{{ aux_pkg_version }}}-{{{ aux_pkg_release }}}_installed" />
-{{% if "rhel" in families and major_version_ordinal >= 10 %}}
+{{% if "rhel" in families and major_version_ordinal >= 10 and "almalinux" not in product %}}
<criteria comment="If RHEL is 10.1 or newer then PQC key must be installed" operator="OR">
<criterion comment="RHEL is older than 10.1" test_ref="test_{{{ rule_id }}}_rhel_is_10_1_or_newer" negate="true" />
<criteria comment="RHEL is 10.1 or newer AND PQC is installed" operator="AND">
@@ -64,7 +64,7 @@
<linux:version>{{{ aux_pkg_version }}}</linux:version>
</linux:rpminfo_state>
-{{% if "rhel" in families and major_version_ordinal >= 10 %}}
+{{% if "rhel" in families and major_version_ordinal >= 10 and "almalinux" not in product %}}
<!-- Test for Red Hat post quantum cryptography key -->
<linux:rpminfo_test check="only one" check_existence="at_least_one_exists"
id="test_redhat_package_gpgkey-{{{ pqc_pkg_version }}}-{{{ pqc_pkg_release }}}_installed" version="1"
@@ -93,7 +93,7 @@
</linux:rpminfo_state>
{{%- endif %}}
-{{% if "rhel" in families and major_version_ordinal >= 10 %}}
+{{% if "rhel" in families and major_version_ordinal >= 10 and "almalinux" not in product %}}
<ind:textfilecontent54_test check="all" comment="VERSION_ID in os-release is greater than or equal 10.1" id="test_{{{ rule_id }}}_rhel_is_10_1_or_newer" version="1">
<ind:object object_ref="obj_{{{ rule_id }}}_rhel_is_10_1_or_newer" />
<ind:state state_ref="state_{{{ rule_id }}}_rhel_is_10_1_or_newer" />
--
2.43.7

128
files/add-almalinux10-support.sh Normal file
View File

@ -0,0 +1,128 @@
#!/bin/bash
# Add AlmaLinux 10 support to scap-security-guide
# This script is intended to run from the unpacked source root during %prep
set -euo pipefail
# 1. Change GRUB EFI dir to /boot/efi/EFI/almalinux everywhere
find ./shared ./linux_os ./tests -type f -exec sed -i 's|EFI/redhat|EFI/almalinux|g' {} \;
# 2. Use ensure_almalinux_gpgkey_installed where applicable in controls
find ./controls -maxdepth 1 -type f -exec sed -i 's|ensure_redhat_gpgkey_installed|ensure_almalinux_gpgkey_installed|g' {} \;
# 3. Add ALMALINUX10 product to build scripts instead of ALMALINUX9
sed -i \
-e 's/ALMALINUX9/ALMALINUX10/g' \
-e 's/AlmaLinux OS 9/AlmaLinux OS 10/g' \
-e 's/almalinux9/almalinux10/g' \
CMakeLists.txt build_product
# 4. Add AlmaLinux support to linux_os, tests, and shared
find ./linux_os -type d -name ensure_redhat_gpgkey_installed -prune -o -type f -exec sed -i \
-e '/prodtype:/s/rhel10/rhel10,almalinux10/g' \
-e '/# platform =/{ /multi_platform_almalinux/! s/multi_platform_rhel/multi_platform_rhel,multi_platform_almalinux/g }' \
-e '/# platform =/s/Red Hat Enterprise Linux 10/Red Hat Enterprise Linux 10,AlmaLinux OS 10/g' {} \;
find ./tests -type f -exec sed -i \
-e '/prodtype:/s/rhel10/rhel10,almalinux10/g' \
-e '/# platform =/{ /multi_platform_almalinux/! s/multi_platform_rhel/multi_platform_rhel,multi_platform_almalinux/g }' \
-e '/# platform =/s/Red Hat Enterprise Linux 10/Red Hat Enterprise Linux 10,AlmaLinux OS 10/g' {} \;
find ./shared -type f -exec sed -i \
-e '/prodtype:/s/rhel10/rhel10,almalinux10/g' \
-e '/# platform =/{ /multi_platform_almalinux/! s/multi_platform_rhel/multi_platform_rhel,multi_platform_almalinux/g }' \
-e '/# platform =/s/Red Hat Enterprise Linux 10/Red Hat Enterprise Linux 10,AlmaLinux OS 10/g' \
-e 's|<platform>Red Hat Enterprise Linux 10</platform>|<platform>Red Hat Enterprise Linux 10</platform>\n<platform>AlmaLinux OS 10</platform>|g' \
-e 's|<platform>multi_platform_rhel</platform>|<platform>multi_platform_rhel</platform>\n<platform>multi_platform_almalinux</platform>|g' {} \;
# 5. Improve Ansible support in conditionals
find ./linux_os -type d -name ensure_redhat_gpgkey_installed -prune -o -type f -exec sed -i \
-e '/if product in/ s/"rhel10"/"rhel10", "almalinux10"/g' {} \;
# 6. Add AlmaLinux 10 constants
sed -i \
-e 's/ALMALINUX9/ALMALINUX10/g' \
-e 's/AlmaLinux OS 9/AlmaLinux OS 10/g' \
-e 's/almalinux9/almalinux10/g' \
ssg/constants.py
# 7. Add AlmaLinux 10 product (copy from rhel10 and rebrand)
rm -fr products/almalinux10
cp -r products/rhel10 products/almalinux10
if [ -d products/almalinux10/kickstart ]; then
for cfg in $(find products/almalinux10/kickstart/ -type f); do
mv "$cfg" "$(echo "$cfg" | sed 's/rhel10/almalinux10/g')"
done
sed -i 's/Red Hat Enterprise Linux 10.*/AlmaLinux OS 10/g' products/almalinux10/kickstart/*
fi
if [ -d products/almalinux10/transforms ]; then
sed -i \
-e 's/Red Hat Enterprise Linux/AlmaLinux OS/g' \
-e 's/RHEL */AL/g' \
-e 's/rhel/almalinux/g' \
-e 's/red_hat_linux/almalinuxos_linux/g' \
products/almalinux10/transforms/*
fi
if [ -d products/almalinux10/overlays ]; then
sed -i \
-e 's/Red Hat Enterprise Linux/AlmaLinux OS/g' \
-e 's/Red Hat Network or a Satellite Server/Foreman/g' \
-e 's/Red Hat/AlmaLinux/g' \
-e 's/RHEL10/AlmaLinux OS 10/g' \
-e 's/RHEL/AlmaLinux OS/g' \
products/almalinux10/overlays/*
fi
if [ -d products/almalinux10/controls ]; then
for ctl in $(find products/almalinux10/controls/ -type f -name '*rhel10*'); do
mv "$ctl" "$(echo "$ctl" | sed 's/rhel10/almalinux10/g')"
done
find products/almalinux10/controls -type f -exec sed -i \
-e 's/Red Hat Enterprise Linux/AlmaLinux OS/g' \
-e 's/RHEL10/ALMALINUX10/g' \
-e 's/RHEL-10/ALMALINUX-10/g' \
-e 's/RHEL/AlmaLinux/g' \
-e 's/Red Hat/AlmaLinux/g' \
-e '/^id:/s/rhel10/almalinux10/g' \
-e '/^product:/s/rhel10/almalinux10/g' \
-e 's/ensure_redhat_gpgkey_installed/ensure_almalinux_gpgkey_installed/g' {} \;
fi
sed -i \
-e 's/rhel10/almalinux10/' \
-e 's/Red Hat Enterprise Linux/AlmaLinux OS/g' \
-e 's/RHEL-10/ALMALINUX-10/g' \
-e 's#https://access.redhat.com/security/team/key#https://almalinux.org/security/#' \
-e 's/^pkg_release:.*/pkg_release: "668fe8ef"/g' \
-e 's/^pkg_version:.*/pkg_version: "c2a1e572"/g' \
-e '/^aux_pkg_release:/d' \
-e '/^aux_pkg_version:/d' \
-e 's/release_key_fingerprint:.*/release_key_fingerprint: "EE6DB7B98F5BF5EDD9DA0DE5DEE5C11CC2A1E572"/g' \
-e '/^release_key_fingerprint:/a oval_feed_url: "https://security.almalinux.org/oval/org.almalinux.alsa-10.xml.bz2"' \
-e '/^auxiliary_key_fingerprint:/d' \
-e '/^pqc_key_fingerprint:/d' \
-e '/^pqc_pkg_release:/d' \
-e '/^pqc_pkg_version:/d' \
-e 's/redhat:enterprise_linux/almalinux:almalinux/g' \
-e 's/red_hat_linux/almalinuxos_linux/g' \
-e '/^centos_/d' \
products/almalinux10/product.yml
sed -i 's/rhel/almalinux/g' products/almalinux10/CMakeLists.txt
sed -i -z \
-e 's/Red Hat Enterprise Linux/AlmaLinux OS/g' \
-e 's/red_hat_linux/almalinuxos_linux/g' \
-e 's/Red Hat Enterprise\n Linux/\n AlmaLinux OS/g' \
-e 's/released ....-..-../released 2025-09-30/g' \
-e 's/RHEL/AlmaLinux OS/g' \
products/almalinux10/profiles/*
sed -i \
-e 's/ensure_redhat_gpgkey_installed/ensure_almalinux_gpgkey_installed/g' \
-e 's/rhel10:/almalinux10:/g' \
-e "s/'\!ensure_almalinux_gpgkey_installed'/ensure_almalinux_gpgkey_installed/g" \
products/almalinux10/profiles/*

5454
files/scap-security-guide-add-almalinux10-product.patch
View File

File diff suppressed because it is too large Load Diff