autopatch/scap-security-guide
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Replace monolithic patch with script + targeted patches

Browse Source 
Switch from a single large patch to add-almalinux8-support.sh script
and 4 smaller patches for maintainability. The script handles all sed/find
debranding operations while patches cover complex multi-file changes
(GPG key test, OS detection, Ansible whitelist, DISA delta cmake).
This commit is contained in:
Andrew Lukoshko 2026-03-31 13:29:15 +00:00
parent bad15c6374
commit fb8f9b5452
7 changed files with 437 additions and 14975 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
config.yaml
View File

@ -1,5 +1,28 @@
actions:
- add_files:
- type: "source"
name: "add-almalinux8-support.sh"
number: 9001
- type: "patch"
name: "1001-update-almalinux-gpgkey-test-for-second-key.patch"
number: 1001
- type: "patch"
name: "1002-add-almalinux-os-8-detection.patch"
number: 1002
- type: "patch"
name: "1003-add-almalinux-to-ansible-product-whitelist.patch"
number: 1003
- type: "patch"
name: "1004-enable-disa-delta-files-for-almalinux8.patch"
number: 1004
- replace:
- target: "spec"
find: "%setup -q -b1 -b2"
replace: |
%autosetup -p1 -b1 -b2
bash %{SOURCE9001}
count: 1
- target: "spec"
find: |
%if ( %{defined rhel} && (! %{defined centos}) )
@ -103,9 +126,3 @@ actions:
email: "alukoshko@almalinux.org"
line:
- "Add AlmaLinux support"
- add_files:
- type: "patch"
name: "scap-security-guide-add-almalinux8-product.patch"
no_backup: true
number: 1001

168
files/1001-update-almalinux-gpgkey-test-for-second-key.patch Normal file
View File

@ -0,0 +1,168 @@
From b4b41cefe35ee5582fbb13c3d64baa8089e912db Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@cloudlinux.com>
Date: Fri, 25 Apr 2025 10:15:00 +0000
Subject: [PATCH] Update AlmaLinux GPG key test to check for second key
---
.../ansible/shared.yml | 7 +++---
.../bash/shared.sh | 6 +++--
.../oval/shared.xml | 19 ++++++++++++++-
.../rule.yml | 24 ++++++++++++++-----
.../tests/key_installed.pass.sh | 4 ++--
5 files changed, 46 insertions(+), 14 deletions(-)
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
index add0cd7dd..4182d50d6 100644
--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
@@ -13,7 +13,7 @@
- name: Read signatures in GPG key
# According to /usr/share/doc/gnupg2/DETAILS fingerprints are in "fpr" record in field 10
- ansible.builtin.command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9"
+ ansible.builtin.command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux"
changed_when: False
register: gpg_fingerprints
check_mode: no
@@ -26,13 +26,14 @@
ansible.builtin.set_fact:
gpg_valid_fingerprints:
- "{{{ release_key_fingerprint }}}"
+ - "{{{ auxiliary_key_fingerprint }}}"
- name: Import AlmaLinux GPG key
ansible.builtin.rpm_key:
state: present
- key: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9
+ key: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
when:
- gpg_key_directory_permission.stat.mode <= '0755'
- (gpg_installed_fingerprints | difference(gpg_valid_fingerprints)) | length == 0
- gpg_installed_fingerprints | length > 0
- - ansible_distribution == "AlmaLinux" and ansible_distribution_version == "9"
+ - ansible_distribution == "AlmaLinux" and ansible_distribution_version == "8"
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
index f78a6fb82..23a034be4 100644
--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
@@ -1,8 +1,10 @@
# platform = multi_platform_almalinux
+# The two fingerprints below are retrieved from https://almalinux.org/security/
readonly ALMALINUX_RELEASE_FINGERPRINT="{{{ release_key_fingerprint }}}"
+readonly ALMALINUX_AUXILIARY_FINGERPRINT="{{{ auxiliary_key_fingerprint }}}"
# Location of the key we would like to import (once it's integrity verified)
-readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9"
+readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux"
RPM_GPG_DIR_PERMS=$(stat -c %a "$(dirname "$ALMALINUX_RELEASE_KEY")")
@@ -16,7 +18,7 @@ then
# No CRC error, safe to proceed
if [ "${GPG_RESULT}" -eq "0" ]
then
- echo "${GPG_OUT[*]}" | grep -vE "${ALMALINUX_RELEASE_FINGERPRINT}" || {
+ echo "${GPG_OUT[*]}" | grep -vE "${ALMALINUX_RELEASE_FINGERPRINT}|${ALMALINUX_AUXILIARY_FINGERPRINT}" || {
# If $ALMALINUX_RELEASE_KEY file doesn't contain any keys with unknown fingerprint, import it
rpm --import "${ALMALINUX_RELEASE_KEY}"
}
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml
index dbadbd669..9a10f3fd3 100644
--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml
@@ -2,7 +2,7 @@
{{# If pkg_version isn't defined, then the rule should be NOTCHECKED, because we don't have data needed for the check #}}
<def-group>
<definition class="compliance" id="ensure_almalinux_gpgkey_installed" version="2">
- {{{ oval_metadata("The AlmaLinux release packages are required to be installed.", rule_title=rule_title) }}}
+ {{{ oval_metadata("The AlmaLinux release and auxiliary key packages are required to be installed.", rule_title=rule_title) }}}
<criteria comment="Vendor GPG keys" operator="OR">
<criteria comment="AlmaLinux Vendor Keys" operator="AND">
<criteria comment="AlmaLinux Installed" operator="OR">
@@ -10,6 +10,10 @@
</criteria>
<criterion comment="package gpg-pubkey-{{{ pkg_version }}}-{{{ pkg_release }}} is installed"
test_ref="test_almalinux_package_gpgkey-{{{ pkg_version }}}-{{{ pkg_release }}}_installed" />
+ <criteria comment="Auxiliary AlmaLinux Key Installed" operator="OR">
+ <criterion comment="package gpg-pubkey-{{{ aux_pkg_version }}}-{{{ aux_pkg_release }}} is installed"
+ test_ref="test_almalinux_package_gpgkey-{{{ aux_pkg_version }}}-{{{ aux_pkg_release }}}_installed" />
+ </criteria>
</criteria>
</criteria>
</definition>
@@ -33,5 +37,18 @@
<linux:version>{{{ pkg_version }}}</linux:version>
</linux:rpminfo_state>
+ <!-- Test for AlmaLinux auxiliary key -->
+ <linux:rpminfo_test check="only one" check_existence="at_least_one_exists"
+ id="test_almalinux_package_gpgkey-{{{ aux_pkg_version }}}-{{{ aux_pkg_release }}}_installed" version="1"
+ comment="AlmaLinux auxiliary key package is installed">
+ <linux:object object_ref="object_almalinux_package_gpg-pubkey" />
+ <linux:state state_ref="state_almalinux_package_gpg-pubkey-{{{ aux_pkg_version }}}-{{{ aux_pkg_release }}}" />
+ </linux:rpminfo_test>
+
+ <linux:rpminfo_state id="state_almalinux_package_gpg-pubkey-{{{ aux_pkg_version }}}-{{{ aux_pkg_release }}}" version="1">
+ <linux:release>{{{ aux_pkg_release }}}</linux:release>
+ <linux:version>{{{ aux_pkg_version }}}</linux:version>
+ </linux:rpminfo_state>
+
</def-group>
{{% endif %}}
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
index e9c73de58..6108f159c 100644
--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
@@ -5,10 +5,22 @@ title: 'Ensure AlmaLinux GPG Key Installed'
description: |-
To ensure the system can cryptographically verify base software packages
- come from AlmaLinux (and to connect to the AlmaLinux repositories to
- receive them), the AlmaLinux GPG key must be properly installed. To install
- the AlmaLinux GPG key, run:
- <pre>$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9</pre>
+ come from AlmaLinux (and to connect to the AlmaLinux repos to receive them),
+ the AlmaLinux GPG key must properly be installed. To install the AlmaLinux GPG
+ key, run:
+ <pre>$ sudo rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux</pre>
+
+ If the system is not connected to the Internet, then
+ install the AlmaLinux GPG key from trusted media such as the AlmaLinux
+ installation CD-ROM or DVD. Assuming the disc is mounted in
+ <tt>/media/cdrom</tt>, use the following command as the root user to import
+ it into the keyring:
+ <pre>$ sudo rpm --import /media/cdrom/RPM-GPG-KEY-AlmaLinux</pre>
+
+ Alternatively, the key may be pre-loaded during the AlmaLinux installation. In
+ such cases, the key can be installed by running the following command:
+ <pre>sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux</pre>
+
rationale: |-
Changes to software components can have significant effects on the overall
@@ -41,8 +53,8 @@ ocil: |-
To ensure that the GPG key is installed, run:
<pre>$ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey</pre>
The command should return the string below:
- <pre>AlmaLinux OS 9 &lt;packager@almalinux.org&gt; public key</pre>
+ <pre>gpg(AlmaLinux OS 8 &lt;packager@almalinux.org&gt;</pre>
fixtext: |-
Install {{{ full_name }}} GPG key. Run the following command:
- $ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9
+ $ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/tests/key_installed.pass.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/tests/key_installed.pass.sh
index 87b82cb01..01721fcba 100644
--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/tests/key_installed.pass.sh
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/tests/key_installed.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
#
-# platform = AlmaLinux OS 9
+# platform = AlmaLinux OS 8
-rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9
+rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
--
2.43.7

67
files/1002-add-almalinux-os-8-detection.patch Normal file
View File

@ -0,0 +1,67 @@
From 67e1c1fa522d8cbf6e4b0f5c0a4e066017cfaf94 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@cloudlinux.com>
Date: Tue, 15 Jul 2025 12:18:29 +0000
Subject: [PATCH] Add AlmaLinux OS 8 detection
---
.../oval/shared.xml | 2 +-
.../oval/installed_OS_is_almalinux8.xml | 34 +++++++++++++++++++
2 files changed, 35 insertions(+), 1 deletion(-)
create mode 100644 shared/checks/oval/installed_OS_is_almalinux8.xml
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
index a028877c1..12cbed169 100644
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
@@ -4,7 +4,7 @@
The operating system installed on the system is supported by a vendor that provides security patches.
", rule_title=rule_title) }}}
<criteria comment="Installed operating system is supported by a vendor" operator="OR">
- <extend_definition comment="Installed OS is ALMALINUX9" definition_ref="installed_OS_is_almalinux9" />
+ <extend_definition comment="Installed OS is ALMALINUX8" definition_ref="installed_OS_is_almalinux8" />
<extend_definition comment="Installed OS is RHEL8" definition_ref="installed_OS_is_rhel8" />
<extend_definition comment="Installed OS is RHEL9" definition_ref="installed_OS_is_rhel9" />
<extend_definition comment="Installed OS is RHEL10" definition_ref="installed_OS_is_rhel10" />
diff --git a/shared/checks/oval/installed_OS_is_almalinux8.xml b/shared/checks/oval/installed_OS_is_almalinux8.xml
new file mode 100644
index 000000000..1d94fd870
--- /dev/null
+++ b/shared/checks/oval/installed_OS_is_almalinux8.xml
@@ -0,0 +1,34 @@
+<def-group>
+ <definition class="inventory" id="installed_OS_is_almalinux8" version="3">
+ <metadata>
+ <title>AlmaLinux OS 8</title>
+ <affected family="unix">
+ <platform>multi_platform_all</platform>
+ </affected>
+ <reference ref_id="cpe:/o:almalinux:almalinux:8" source="CPE" />
+ <description>The operating system installed on the system is AlmaLinux OS 8</description>
+ </metadata>
+ <criteria comment="current OS is 8" operator="AND">
+ <extend_definition comment="Installed OS is part of the Unix family" definition_ref="installed_OS_is_part_of_Unix_family" />
+ <criterion comment="AlmaLinux OS is installed" test_ref="test_almalinux" />
+ <criterion comment="AlmaLinux OS 8 is installed" test_ref="test_almalinux8" />
+ </criteria>
+ </definition>
+
+ <unix:file_test check="all" check_existence="all_exist" comment="/etc/almalinux-release exists" id="test_almalinux" version="1">
+ <unix:object object_ref="obj_almalinux" />
+ </unix:file_test>
+ <unix:file_object comment="check /etc/almalinux file" id="obj_almalinux" version="1">
+ <unix:filepath>/etc/almalinux-release</unix:filepath>
+ </unix:file_object>
+
+ <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check Custom OS version" id="test_almalinux8" version="1">
+ <ind:object object_ref="obj_almalinux8" />
+ </ind:textfilecontent54_test>
+ <ind:textfilecontent54_object id="obj_almalinux8" version="1" comment="Check AlmaLinux OS version">
+ <ind:filepath>/etc/almalinux-release</ind:filepath>
+ <ind:pattern operation="pattern match">^AlmaLinux release 8.[0-9]+ .*$</ind:pattern>
+ <ind:instance datatype="int">1</ind:instance>
+ </ind:textfilecontent54_object>
+
+</def-group>
--
2.43.7

26
files/1003-add-almalinux-to-ansible-product-whitelist.patch Normal file
View File

@ -0,0 +1,26 @@
From 79cc96c2b5cd9b93a36269a05a2e4b9bc95bbfdb Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@cloudlinux.com>
Date: Mon, 14 Jul 2025 13:26:40 +0000
Subject: [PATCH] Add almalinux8,9,10 to ansible's PRODUCT_WHITELIST
---
utils/ansible_playbook_to_role.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/utils/ansible_playbook_to_role.py b/utils/ansible_playbook_to_role.py
index 3eede4fcb..a7c03e1e7 100755
--- a/utils/ansible_playbook_to_role.py
+++ b/utils/ansible_playbook_to_role.py
@@ -65,6 +65,9 @@ PRODUCT_ALLOWLIST = set([
"rhel8",
"rhel9",
"rhel10",
+ "almalinux8",
+ "almalinux9",
+ "almalinux10",
])
PROFILE_DENYLIST = set([
--
2.43.7

25
files/1004-enable-disa-delta-files-for-almalinux8.patch Normal file
View File

@ -0,0 +1,25 @@
From 2984568061342ddbad516121cca04c4e2cf16dbd Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@cloudlinux.com>
Date: Tue, 15 Jul 2025 12:34:38 +0000
Subject: [PATCH] Enable SSG_BUILD_DISA_DELTA_FILES for AlmaLinux8
---
cmake/SSGCommon.cmake | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
index 0a8b98d6c..1e4f115d4 100644
--- a/cmake/SSGCommon.cmake
+++ b/cmake/SSGCommon.cmake
@@ -811,7 +811,7 @@ macro(ssg_build_product PRODUCT)
ssg_render_policies_for_product(${PRODUCT})
add_dependencies(render-policies ${PRODUCT}-render-policies)
- if(SSG_BUILD_DISA_DELTA_FILES AND "${PRODUCT}" MATCHES "rhel8|ol8")
+ if(SSG_BUILD_DISA_DELTA_FILES AND "${PRODUCT}" MATCHES "rhel8|ol8|almalinux8")
ssg_build_disa_delta(${PRODUCT} "stig")
add_dependencies(${PRODUCT} generate-ssg-delta-${PRODUCT}-stig)
endif()
--
2.43.7

128
files/add-almalinux8-support.sh Normal file
View File

@ -0,0 +1,128 @@
#!/bin/bash
# Add AlmaLinux 8 support to scap-security-guide
# This script is intended to run from the unpacked source root during %prep
set -euo pipefail
# 1. Change GRUB EFI dir to /boot/efi/EFI/almalinux everywhere
find ./shared ./linux_os ./tests -type f -exec sed -i 's|EFI/redhat|EFI/almalinux|g' {} \;
# 2. Use ensure_almalinux_gpgkey_installed where applicable in controls
find ./controls -maxdepth 1 -type f -exec sed -i 's|ensure_redhat_gpgkey_installed|ensure_almalinux_gpgkey_installed|g' {} \;
# 3. Add ALMALINUX8 product to build scripts and constants
sed -i \
-e 's/ALMALINUX9/ALMALINUX8/g' \
-e 's/AlmaLinux OS 9/AlmaLinux OS 8/g' \
-e 's/almalinux9/almalinux8/g' \
CMakeLists.txt build_product ssg/constants.py
# 4. Add AlmaLinux support to linux_os, tests, and shared
find ./linux_os -type d -name ensure_redhat_gpgkey_installed -prune -o -type f -exec sed -i \
-e '/prodtype:/s/rhel8/rhel8,almalinux8/g' \
-e '/# platform =/{ /multi_platform_almalinux/! s/multi_platform_rhel/multi_platform_rhel,multi_platform_almalinux/g }' \
-e '/# platform =/s/Red Hat Enterprise Linux 8/Red Hat Enterprise Linux 8,AlmaLinux OS 8/g' {} \;
find ./tests -type f -exec sed -i \
-e '/prodtype:/s/rhel8/rhel8,almalinux8/g' \
-e '/# platform =/{ /multi_platform_almalinux/! s/multi_platform_rhel/multi_platform_rhel,multi_platform_almalinux/g }' \
-e '/# platform =/s/Red Hat Enterprise Linux 8/Red Hat Enterprise Linux 8,AlmaLinux OS 8/g' {} \;
find ./shared -type f -exec sed -i \
-e '/prodtype:/s/rhel8/rhel8,almalinux8/g' \
-e '/# platform =/{ /multi_platform_almalinux/! s/multi_platform_rhel/multi_platform_rhel,multi_platform_almalinux/g }' \
-e '/# platform =/s/Red Hat Enterprise Linux 8/Red Hat Enterprise Linux 8,AlmaLinux OS 8/g' \
-e 's|<platform>Red Hat Enterprise Linux 8</platform>|<platform>Red Hat Enterprise Linux 8</platform>\n<platform>AlmaLinux OS 8</platform>|g' \
-e 's|<platform>multi_platform_rhel</platform>|<platform>multi_platform_rhel</platform>\n<platform>multi_platform_almalinux</platform>|g' {} \;
# 5. Improve Ansible support in conditionals
find ./linux_os -type d -name ensure_redhat_gpgkey_installed -prune -o -type f -exec sed -i \
-e '/if product in/ s/"rhel8"/"rhel8", "almalinux8"/g' {} \;
# 6. Add disa references symlinks for AlmaLinux
for xml in $(find shared/references/ -type f -name 'disa-stig-rhel*.xml'); do
target="$(echo "$xml" | sed 's/rhel/almalinux/g')"
if [ ! -e "$target" ]; then
ln -s "$(basename "$xml")" "$target"
fi
done
# 7. Add AlmaLinux 8 product (copy from rhel8 and rebrand)
rm -fr products/almalinux8
cp -r products/rhel8 products/almalinux8
if [ -d products/almalinux8/kickstart ]; then
for cfg in $(find products/almalinux8/kickstart/ -type f); do
mv "$cfg" "$(echo "$cfg" | sed 's/rhel8/almalinux8/g')"
done
sed -i 's/Red Hat Enterprise Linux 8.*/AlmaLinux OS 8/g' products/almalinux8/kickstart/*
fi
if [ -d products/almalinux8/transforms ]; then
sed -i \
-e 's/Red Hat Enterprise Linux/AlmaLinux OS/g' \
-e 's/RHEL */AL/g' \
-e 's/rhel/almalinux/g' \
-e 's/red_hat_linux/almalinuxos_linux/g' \
products/almalinux8/transforms/*
fi
if [ -d products/almalinux8/overlays ]; then
sed -i \
-e 's/Red Hat Enterprise Linux/AlmaLinux OS/g' \
-e 's/Red Hat Network or a Satellite Server/Foreman/g' \
-e 's/Red Hat/AlmaLinux/g' \
-e 's/RHEL8/AlmaLinux OS 8/g' \
-e 's/RHEL/AlmaLinux OS/g' \
products/almalinux8/overlays/*
fi
if [ -d products/almalinux8/controls ]; then
for ctl in $(find products/almalinux8/controls/ -type f -name '*rhel8*'); do
mv "$ctl" "$(echo "$ctl" | sed 's/rhel8/almalinux8/g')"
done
find products/almalinux8/controls -type f -exec sed -i \
-e 's/Red Hat Enterprise Linux/AlmaLinux OS/g' \
-e 's/RHEL8/ALMALINUX8/g' \
-e 's/RHEL-8/ALMALINUX-8/g' \
-e '/^id:/s/rhel8/almalinux8/g' \
-e '/^product:/s/rhel8/almalinux8/g' \
-e 's/ensure_redhat_gpgkey_installed/ensure_almalinux_gpgkey_installed/g' {} \;
fi
sed -i \
-e 's/rhel8/almalinux8/' \
-e 's/Red Hat Enterprise Linux/AlmaLinux OS/g' \
-e 's/RHEL-8/ALMALINUX-8/g' \
-e 's#https://access.redhat.com/security/team/key#https://almalinux.org/security/#' \
-e 's/^pkg_release:.*/pkg_release: "5ffd890e"/g' \
-e 's/^pkg_version:.*/pkg_version: "3abb34f8"/g' \
-e 's/^aux_pkg_release:.*/aux_pkg_release: "6525146f"/g' \
-e 's/^aux_pkg_version:.*/aux_pkg_version: "ced7258b"/g' \
-e 's/release_key_fingerprint:.*/release_key_fingerprint: "5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8"/g' \
-e 's/auxiliary_key_fingerprint:.*/auxiliary_key_fingerprint: "BC5EDDCADF502C077F1582882AE81E8ACED7258B"/g' \
-e '/^auxiliary_key_fingerprint:/a oval_feed_url: "https://security.almalinux.org/oval/org.almalinux.alsa-8.xml.bz2"' \
-e 's/redhat:enterprise_linux/almalinux:almalinux/g' \
-e 's/red_hat_linux/almalinuxos_linux/g' \
-e '/^centos_/d' \
products/almalinux8/product.yml
# 8. Drop minor version CPEs (almalinux8.0 through almalinux8.10)
sed -i '/^ - almalinux8\.[0-9]/,/^$/d' products/almalinux8/product.yml
sed -i 's/rhel/almalinux/g' products/almalinux8/CMakeLists.txt
sed -i -z \
-e 's/Red Hat Enterprise Linux/AlmaLinux OS/g' \
-e 's/red_hat_linux/almalinuxos_linux/g' \
-e 's/Red Hat Enterprise\n Linux/\n AlmaLinux OS/g' \
-e 's/released ....-..-../released 2025-08-28/g' \
-e 's/RHEL/AlmaLinux OS/g' \
products/almalinux8/profiles/*
sed -i \
-e 's/ensure_redhat_gpgkey_installed/ensure_almalinux_gpgkey_installed/g' \
-e 's/rhel8:/almalinux8:/g' \
-e "s/'\!ensure_almalinux_gpgkey_installed'/ensure_almalinux_gpgkey_installed/g" \
-e '/"!ensure_almalinux_gpgkey_installed"/d' \
products/almalinux8/profiles/*

14969
files/scap-security-guide-add-almalinux8-product.patch
View File

File diff suppressed because it is too large Load Diff