diff --git a/config.yaml b/config.yaml index 1c38f26..d8149c3 100644 --- a/config.yaml +++ b/config.yaml @@ -9,6 +9,9 @@ actions: - type: "patch" name: "1002-update-ensure-almalinux-gpgkey-installed-for-10.patch" number: 1002 + - type: "patch" + name: "1003-exclude-almalinux-from-pqc-gpgkey-check.patch" + number: 1003 - replace: - target: "spec" diff --git a/files/1003-exclude-almalinux-from-pqc-gpgkey-check.patch b/files/1003-exclude-almalinux-from-pqc-gpgkey-check.patch new file mode 100644 index 0000000..1cf0ec8 --- /dev/null +++ b/files/1003-exclude-almalinux-from-pqc-gpgkey-check.patch @@ -0,0 +1,70 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Andrew Lukoshko +Date: Mon, 31 Mar 2026 00:00:00 +0000 +Subject: [PATCH] Exclude AlmaLinux from PQC GPG key check + +AlmaLinux does not have PQC keys. Exclude it from the PQC key +conditionals in ensure_redhat_gpgkey_installed to prevent duplicate +OVAL entity IDs when pqc_pkg_version/pqc_pkg_release are empty. + +--- + .../ensure_redhat_gpgkey_installed/ansible/shared.yml | 4 ++-- + .../ensure_redhat_gpgkey_installed/oval/shared.xml | 6 +++--- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml +index 1111111..2222222 100644 +--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml ++++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml +@@ -11,7 +11,7 @@ + + # It should fail if it doesn't find any fingerprints in file - maybe file was not parsed well. + +-{{% if "rhel" in families and major_version_ordinal >= 10 %}} ++{{% if "rhel" in families and major_version_ordinal >= 10 and "almalinux" not in product %}} + # RHEL >= 10: Use sq command from sequoia-sq package + - name: "{{{ rule_title }}}: Read signatures in GPG key using sq" + ansible.builtin.command: sq inspect /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +@@ -40,7 +40,7 @@ + + {{% endif %}} + +-{{% if "rhel" in families and major_version_ordinal >= 10 %}} ++{{% if "rhel" in families and major_version_ordinal >= 10 and "almalinux" not in product %}} + - name: "{{{ rule_title }}}: Set Fact - Valid fingerprints (without PQC)" + ansible.builtin.set_fact: + gpg_valid_fingerprints: +diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml +index 3333333..4444444 100644 +--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml ++++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml +@@ -12,7 +12,7 @@ + test_ref="test_redhat_package_gpgkey-{{{ pkg_version }}}-{{{ pkg_release }}}_installed" /> + +-{{% if "rhel" in families and major_version_ordinal >= 10 %}} ++{{% if "rhel" in families and major_version_ordinal >= 10 and "almalinux" not in product %}} + + + +@@ -64,7 +64,7 @@ + {{{ aux_pkg_version }}} + + +-{{% if "rhel" in families and major_version_ordinal >= 10 %}} ++{{% if "rhel" in families and major_version_ordinal >= 10 and "almalinux" not in product %}} + + + {{%- endif %}} + +-{{% if "rhel" in families and major_version_ordinal >= 10 %}} ++{{% if "rhel" in families and major_version_ordinal >= 10 and "almalinux" not in product %}} + + + +-- +2.43.7 +