import oscap-anaconda-addon-1.0-9.el8

.gitignore

@@ -0,0 +1 @@
+SOURCES/oscap-anaconda-addon-1.0.tar.gz

.oscap-anaconda-addon.metadata

@@ -0,0 +1 @@
+6edf7e4859de8e66837404c084405ea4318a319d SOURCES/oscap-anaconda-addon-1.0.tar.gz

SOURCES/bootloader.patch

@@ -0,0 +1,26 @@
+From 1e275a0da36595dd921732e0f60510171cdbe75c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
+Date: Tue, 15 Jan 2019 19:16:44 +0100
+Subject: [PATCH] Updated code to comply to the Bootloader proxy API.
+
+---
+ org_fedora_oscap/rule_handling.py | 4 ++--
+ tests/test_rule_handling.py       | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
+index 738465f..f3fd057 100644
+--- a/org_fedora_oscap/rule_handling.py
++++ b/org_fedora_oscap/rule_handling.py
+@@ -716,9 +716,9 @@ def eval_rules(self, ksdata, storage, report_only=False):
+ 
+         bootloader_proxy = STORAGE.get_proxy(BOOTLOADER)
+ 
+-        if self._require_password and not bootloader_proxy.password_is_set:
++        if self._require_password and not bootloader_proxy.IsPasswordSet:
+             # TODO: Anaconda provides a way to set bootloader password:
+-            # bootloader_proxy.set_password(...)
++            # bootloader_proxy.SetEncryptedPassword(...)
+             # We don't support setting the bootloader password yet,
+             # but we shouldn't stop the installation, just because of that.
+             return [RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING,

SOURCES/checksum.patch

@@ -0,0 +1,30 @@
+From fd1684358e212521abaf3ec7662aa97181868c0a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
+Date: Tue, 15 Jan 2019 18:19:28 +0100
+Subject: [PATCH] Fixed the checksum function to use forward-compatible rb
+ mode.
+
+On python3, there is a problem as contents of r-opened file is string,
+but they are treated as bytes later. rb mode is fully python2-compatible.
+---
+ org_fedora_oscap/utils.py |  4 ++--
+ tests/data/file           |  1 +
+ tests/test_utils.py       | 12 ++++++++++++
+ 3 files changed, 15 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/file
+
+diff --git a/org_fedora_oscap/utils.py b/org_fedora_oscap/utils.py
+index 6d5c157..3be8325 100644
+--- a/org_fedora_oscap/utils.py
++++ b/org_fedora_oscap/utils.py
+@@ -175,8 +175,8 @@ def get_file_fingerprint(fpath, hash_obj):
+ 
+     """
+ 
+-    with open(fpath, "r") as fobj:
+-        bsize = 4*1024
++    with open(fpath, "rb") as fobj:
++        bsize = 4 * 1024
+         # process file as 4 KB blocks
+         buf = fobj.read(bsize)
+         while buf:

SOURCES/help_id.patch

@@ -0,0 +1,30 @@
+From ccd4e2f078d00fa4570d2bd56802c726286d1020 Mon Sep 17 00:00:00 2001
+From: Martin Kolman <mkolman@redhat.com>
+Date: Wed, 10 Oct 2018 17:12:01 +0200
+Subject: [PATCH] Set help id for the OSCAP addon provided spoke (#1638068)
+
+The new Anaconda help system now operates on help ids instead of pointing to
+individual files.
+
+So drop the old property and replace it with a proper help_id.
+
+Resolves: rhbz#1638068
+---
+ org_fedora_oscap/gui/spokes/oscap.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
+index d9fe548..36fd656 100644
+--- a/org_fedora_oscap/gui/spokes/oscap.py
++++ b/org_fedora_oscap/gui/spokes/oscap.py
+@@ -179,8 +179,8 @@ class OSCAPSpoke(NormalSpoke):
+     # name of the .glade file in the same directory as this source
+     uiFile = "oscap.glade"
+ 
+-    # name of the file providing help content for this spoke
+-    helpFile = "SecurityPolicySpoke.xml"
++    # id of the help content for this spoke
++    help_id = "SecurityPolicySpoke"
+ 
+     # domain of oscap-anaconda-addon translations
+     translationDomain = "oscap-anaconda-addon"

SOURCES/oaa-api-update.patch

@@ -0,0 +1,256 @@
+diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
+index f712ac4..738465f 100644
+--- a/org_fedora_oscap/rule_handling.py
++++ b/org_fedora_oscap/rule_handling.py
+@@ -26,7 +26,13 @@
+ import optparse
+ import shlex
+ import logging
++
+ from pyanaconda.pwpolicy import F22_PwPolicyData
++from pyanaconda.core.constants import (
++    FIREWALL_ENABLED, FIREWALL_DISABLED, FIREWALL_USE_SYSTEM_DEFAULTS)
++from pyanaconda.modules.common.constants.objects import FIREWALL, BOOTLOADER
++from pyanaconda.modules.common.constants.services import NETWORK, STORAGE, USERS
++
+ from org_fedora_oscap import common
+ from org_fedora_oscap.common import OSCAPaddonError, RuleMessage
+ 
+@@ -496,7 +502,10 @@ def eval_rules(self, ksdata, storage, report_only=False):
+             return []
+ 
+         ret = []
+-        if not ksdata.rootpw.password:
++
++        users_proxy = USERS.get_proxy()
++
++        if not users_proxy.IsRootPasswordSet:
+             # root password was not set
+ 
+             msg = _("make sure to create password with minimal length of %d "
+@@ -505,12 +514,12 @@ def eval_rules(self, ksdata, storage, report_only=False):
+                                common.MESSAGE_TYPE_WARNING, msg)]
+         else:
+             # root password set
+-            if ksdata.rootpw.isCrypted:
++            if users_proxy.IsRootPasswordCrypted:
+                 msg = _("cannot check root password length (password is crypted)")
+                 log.warning("cannot check root password length (password is crypted)")
+                 return [RuleMessage(self.__class__,
+                                     common.MESSAGE_TYPE_WARNING, msg)]
+-            elif len(ksdata.rootpw.password) < self._minlen:
++            elif len(users_proxy.RootPassword) < self._minlen:
+                 # too short
+                 msg = _("root password is too short, a longer one with at "
+                         "least %d characters is required") % self._minlen
+@@ -705,10 +714,13 @@ def __str__(self):
+     def eval_rules(self, ksdata, storage, report_only=False):
+         """:see: RuleHandler.eval_rules"""
+ 
+-        if self._require_password and not storage.bootloader.password:
+-            # Anaconda doesn't provide a way to set bootloader password, so
+-            # users cannot do much about that --> we shouldn't stop the
+-            # installation, should we?
++        bootloader_proxy = STORAGE.get_proxy(BOOTLOADER)
++
++        if self._require_password and not bootloader_proxy.password_is_set:
++            # TODO: Anaconda provides a way to set bootloader password:
++            # bootloader_proxy.set_password(...)
++            # We don't support setting the bootloader password yet,
++            # but we shouldn't stop the installation, just because of that.
+             return [RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING,
+                                 "boot loader password not set up")]
+         else:
+@@ -802,8 +814,13 @@ def __init__(self):
+         self._added_trusts = set()
+         self._removed_svcs = set()
+ 
++        self._new_services_to_add = set()
++        self._new_ports_to_add = set()
++        self._new_trusts_to_add = set()
++        self._new_services_to_remove = set()
++
+         self._firewall_enabled = None
+-        self._firewall_default_enabled = None
++        self._firewall_default_state = None
+ 
+     def add_services(self, services):
+         """
+@@ -895,25 +912,26 @@ def __str__(self):
+     def eval_rules(self, ksdata, storage, report_only=False):
+         """:see: RuleHandler.eval_rules"""
+ 
++        firewall_proxy = NETWORK.get_proxy(FIREWALL)
+         messages = []
+ 
+-        if self._firewall_default_enabled is None:
++        if self._firewall_default_state is None:
+             # firewall default startup setting
+-            self._firewall_default_enabled = ksdata.firewall.enabled
++            self._firewall_default_state = firewall_proxy.FirewallMode
+ 
+         if self._firewall_enabled is False:
+             msg = _("Firewall will be disabled on startup")
+             messages.append(RuleMessage(self.__class__,
+                                         common.MESSAGE_TYPE_INFO, msg))
+             if not report_only:
+-                ksdata.firewall.enabled = self._firewall_enabled
++                firewall_proxy.SetFirewallMode(FIREWALL_DISABLED)
+ 
+         elif self._firewall_enabled is True:
+             msg = _("Firewall will be enabled on startup")
+             messages.append(RuleMessage(self.__class__,
+                                         common.MESSAGE_TYPE_INFO, msg))
+             if not report_only:
+-                ksdata.firewall.enabled = self._firewall_enabled
++                firewall_proxy.SetFirewallMode(FIREWALL_ENABLED)
+ 
+         # add messages for the already added services
+         for svc in self._added_svcs:
+@@ -937,49 +955,58 @@ def eval_rules(self, ksdata, storage, report_only=False):
+                                         common.MESSAGE_TYPE_INFO, msg))
+ 
+         # services, that should be added
+-        services_to_add = (svc for svc in self._add_svcs
+-                           if svc not in ksdata.firewall.services)
++        self._new_services_to_add = {
++            svc for svc in self._add_svcs
++            if svc not in firewall_proxy.EnabledServices}
+ 
+         # ports, that should be added
+-        ports_to_add = (ports for ports in self._add_ports
+-                        if ports not in ksdata.firewall.ports)
++        self._new_ports_to_add = {
++            ports for ports in self._add_ports
++            if ports not in firewall_proxy.EnabledPorts}
+ 
+         # trusts, that should be added
+-        trusts_to_add = (trust for trust in self._add_trusts
+-                         if trust not in ksdata.firewall.trusts)
++        self._new_trusts_to_add = {
++            trust for trust in self._add_trusts
++            if trust not in firewall_proxy.Trusts}
+ 
+-        for svc in services_to_add:
++        for svc in self._new_services_to_add:
+             # add the service unless already added
+             if not report_only:
+                 self._added_svcs.add(svc)
+-                ksdata.firewall.services.append(svc)
+ 
+             msg = _("service '%s' has been added to the list of services to be "
+                     "added to the firewall" % svc)
+             messages.append(RuleMessage(self.__class__,
+                                         common.MESSAGE_TYPE_INFO, msg))
++        if not report_only:
++            all_services = list(self._add_svcs.union(set(firewall_proxy.EnabledServices)))
++            firewall_proxy.SetEnabledServices(all_services)
+ 
+-        for port in ports_to_add:
++        for port in self._new_ports_to_add:
+             # add the port unless already added
+             if not report_only:
+                 self._added_ports.add(port)
+-                ksdata.firewall.ports.append(port)
+ 
+             msg = _("port '%s' has been added to the list of ports to be "
+                     "added to the firewall" % port)
+             messages.append(RuleMessage(self.__class__,
+                                         common.MESSAGE_TYPE_INFO, msg))
++        if not report_only:
++            all_ports = list(self._add_ports.union(set(firewall_proxy.EnabledPorts)))
++            firewall_proxy.SetEnabledPorts(all_ports)
+ 
+-        for trust in trusts_to_add:
++        for trust in self._new_trusts_to_add:
+             # add the trust unless already added
+             if not report_only:
+                 self._added_trusts.add(trust)
+-                ksdata.firewall.trusts.append(trust)
+ 
+             msg = _("trust '%s' has been added to the list of trusts to be "
+                     "added to the firewall" % trust)
+             messages.append(RuleMessage(self.__class__,
+                                         common.MESSAGE_TYPE_INFO, msg))
++        if not report_only:
++            all_trusts = list(self._add_trusts.union(set(firewall_proxy.Trusts)))
++            firewall_proxy.SetTrusts(all_trusts)
+ 
+         # now do the same for the services that should be excluded
+ 
+@@ -990,52 +1017,56 @@ def eval_rules(self, ksdata, storage, report_only=False):
+             messages.append(RuleMessage(self.__class__,
+                                         common.MESSAGE_TYPE_INFO, msg))
+ 
+-        # services, that should be added
+-        services_to_remove = (svc for svc in self._remove_svcs
+-                              if svc not in ksdata.firewall.remove_services)
++        # services, that should be excluded
++        self._new_services_to_remove = {
++            svc for svc in self._remove_svcs
++            if svc not in firewall_proxy.DisabledServices}
+ 
+-        for svc in services_to_remove:
++        for svc in self._new_services_to_remove:
+             # exclude the service unless already excluded
+             if not report_only:
+                 self._removed_svcs.add(svc)
+-                ksdata.firewall.remove_services.append(svc)
+ 
+             msg = _("service '%s' has been added to the list of services to be "
+                     "removed from the firewall" % svc)
+             messages.append(RuleMessage(self.__class__,
+                                         common.MESSAGE_TYPE_INFO, msg))
++        if not report_only:
++            all_services = list(self._remove_svcs.union(set(firewall_proxy.DisabledServices)))
++            firewall_proxy.SetDisabledServices(all_services)
+ 
+         return messages
+ 
+     def revert_changes(self, ksdata, storage):
+         """:see: RuleHander.revert_changes"""
++        firewall_proxy = NETWORK.get_proxy(FIREWALL)
+ 
+         if self._firewall_enabled is not None:
+-            ksdata.firewall.enabled = self._firewall_default_enabled
++            firewall_proxy.SetFirewallMode(self._firewall_default_state)
+ 
+         # remove all services this handler added
+-        for svc in self._added_svcs:
+-            if svc in ksdata.firewall.services:
+-                ksdata.firewall.services.remove(svc)
++        all_services = firewall_proxy.EnabledServices
++        orig_services = set(all_services).difference(self._new_services_to_add)
++        firewall_proxy.SetEnabledServices(list(orig_services))
+ 
+         # remove all ports this handler added
+-        for port in self._added_ports:
+-            if port in ksdata.firewall.ports:
+-                ksdata.firewall.ports.remove(port)
++        all_ports = firewall_proxy.EnabledPorts
++        orig_ports = set(all_ports).difference(self._new_ports_to_add)
++        firewall_proxy.SetEnabledPorts(list(orig_ports))
+ 
+         # remove all trusts this handler added
+-        for trust in self._added_trusts:
+-            if trust in ksdata.firewall.trusts:
+-                ksdata.firewall.trusts.remove(trust)
++        all_trusts = firewall_proxy.Trusts
++        orig_trusts = set(all_trusts).difference(self._new_trusts_to_add)
++        firewall_proxy.SetTrusts(list(orig_trusts))
+ 
+         # remove all services this handler excluded
+-        for svc in self._removed_svcs:
+-            if svc in ksdata.firewall.remove_services:
+-                ksdata.firewall.remove_services.remove(svc)
++        all_services = firewall_proxy.DisabledServices
++        orig_services = set(all_services).difference(self._new_services_to_remove)
++        firewall_proxy.SetDisabledServices(list(orig_services))
+ 
+         self._added_svcs = set()
+         self._added_ports = set()
+         self._added_trusts = set()
+         self._removed_svcs = set()
+         self._firewall_enabled = None
+-        self._firewall_default_enabled = None
++        self._firewall_default_state = None

SOURCES/rootpw.patch

@@ -0,0 +1,68 @@
+From 44a643f4c115d638d42f19f668cef1c220aab1b6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
+Date: Thu, 17 Jan 2019 18:06:02 +0100
+Subject: [PATCH] Updated the code to use the up-to-date Anaconda API.
+
+Fixes RHBZ#1665551
+---
+ org_fedora_oscap/gui/spokes/oscap.py | 29 +++++++++++++++++++---------
+ 1 file changed, 20 insertions(+), 9 deletions(-)
+
+diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
+index 36fd656..f16699b 100644
+--- a/org_fedora_oscap/gui/spokes/oscap.py
++++ b/org_fedora_oscap/gui/spokes/oscap.py
+@@ -38,6 +38,8 @@
+ from pyanaconda.ui.categories.system import SystemCategory
+ from pykickstart.errors import KickstartValueError
+ 
++from pyanaconda.modules.common.constants.services import USERS
++
+ # pylint: disable-msg=E0611
+ from gi.repository import Gdk
+ 
+@@ -650,26 +652,35 @@ def _update_message_store(self, report_only=False):
+ 
+     def _resolve_rootpw_issues(self, messages, report_only):
+         """Mitigate root password issues (which are not fatal in GUI)"""
+-        fatal_rootpw_msgs = [msg for msg in messages
+-                             if msg.origin == rule_handling.PasswdRules and msg.type == common.MESSAGE_TYPE_FATAL]
++        fatal_rootpw_msgs = [
++            msg for msg in messages
++            if msg.origin == rule_handling.PasswdRules and msg.type == common.MESSAGE_TYPE_FATAL]
++
+         if fatal_rootpw_msgs:
+             for msg in fatal_rootpw_msgs:
+                 # cannot just change the message type because it is a namedtuple
+                 messages.remove(msg)
+-                messages.append(common.RuleMessage(self.__class__,
+-                                                   common.MESSAGE_TYPE_WARNING,
+-                                                   msg.text))
++
++                msg = common.RuleMessage(
++                    self.__class__, common.MESSAGE_TYPE_WARNING, msg.text)
++                messages.append(msg)
++
+             if not report_only:
+-                self.__old_root_pw = self.data.rootpw.password
++                users_proxy = USERS.get_proxy()
++
++                self.__old_root_pw = users_proxy.RootPassword
+                 self.data.rootpw.password = None
+-                self.__old_root_pw_seen = self.data.rootpw.seen
++                self.__old_root_pw_seen = users_proxy.IsRootpwKickstarted
+                 self.data.rootpw.seen = False
+ 
+     def _revert_rootpw_changes(self):
+         if self.__old_root_pw is not None:
+-            self.data.rootpw.password = self.__old_root_pw
+-            self.data.rootpw.seen = self.__old_root_pw_seen
++            users_proxy = USERS.get_proxy()
++
++            users_proxy.SetRootPassword(self.__old_root_pw)
+             self.__old_root_pw = None
++
++            users_proxy.SetRootpwKickstarted(self.__old_root_pw_seen)
+             self.__old_root_pw_seen = None
+ 
+     @async_action_wait

SOURCES/translate_spoke_title.patch

@@ -0,0 +1,22 @@
+From c88dba4b9deeb78158bf2e239e4b7118a9e8b39f Mon Sep 17 00:00:00 2001
+From: Marek Haicman <mhaicman@redhat.com>
+Date: Thu, 7 Feb 2019 19:24:08 +0100
+Subject: [PATCH] Hack hub title to show translated.
+
+---
+ org_fedora_oscap/gui/spokes/oscap.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
+index 72c1501..594969a 100644
+--- a/org_fedora_oscap/gui/spokes/oscap.py
++++ b/org_fedora_oscap/gui/spokes/oscap.py
+@@ -190,6 +190,8 @@ def __init__(self, data, storage, payload, instclass):
+ 
+         NormalSpoke.__init__(self, data, storage, payload, instclass)
+         self._addon_data = self.data.addons.org_fedora_oscap
++        # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1673071
++        self.title = _(self.title)
+         self._storage = storage
+         self._ready = False
+ 

SPECS/oscap-anaconda-addon.spec

@@ -0,0 +1,317 @@
+# Patch0 applies correctly but with mismatch and we dont't want backup file
+%global _default_patch_flags --no-backup-if-mismatch
+
+Name:           oscap-anaconda-addon
+Version:        1.0
+Release:        9%{?dist}
+Summary:        Anaconda addon integrating OpenSCAP to the installation process
+
+License:        GPLv2+
+URL:            https://github.com/OpenSCAP/oscap-anaconda-addon
+
+# This is a Red Hat maintained package which is specific to
+# our distribution.
+#
+# The source is thus available only from within this SRPM
+# or via direct git checkout:
+# git clone https://github.com/OpenSCAP/oscap-anaconda-addon.git
+Source0:        %{name}-%{version}.tar.gz
+Patch1: 	lang.patch
+Patch2: 	oaa-api-update.patch
+Patch3:		help_id.patch
+Patch4:		rootpw.patch
+Patch5:		bootloader.patch
+Patch6:		checksum.patch
+Patch7:		translate_spoke_title.patch
+
+BuildArch:      noarch
+BuildRequires:  gettext
+BuildRequires:	python3-devel
+BuildRequires:  python3-pycurl
+#BuildRequires:  python-mock
+#BuildRequires:  python-nose
+#BuildRequires:  python3-cpio
+BuildRequires:  openscap openscap-utils openscap-python3
+BuildRequires:  anaconda-core >= 28.22.10
+Requires:       anaconda-core >= 28.22.10
+Requires:       python3-cpio
+Requires:       python3-pycurl
+Requires:       python3-kickstart
+Requires:       openscap openscap-utils openscap-python3
+Requires:       scap-security-guide
+
+%description
+This is an addon that integrates OpenSCAP utilities with the Anaconda installer
+and allows installation of systems following restrictions given by a SCAP
+content.
+
+%prep
+%setup -q -n %{name}-%{version}
+
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+
+%build
+
+#%check
+#make test
+
+
+%install
+make install DESTDIR=%{buildroot}
+%find_lang %{name}
+
+%files -f %{name}.lang
+%{_datadir}/anaconda/addons/org_fedora_oscap
+
+%doc COPYING ChangeLog README.md
+
+%changelog
+* Wed Feb 13 2019 Matěj Týč <matyc@redhat.com> - 1.0-9
+- Updated translations: RHBZ#1645924
+
+* Fri Feb 08 2019 Watson Yuuma Sato <wsato@redhat.com> - 1.0-8
+- Fixed translation of spoke title: RHBZ#1673044
+
+* Fri Jan 18 2019 Matěj Týč <matyc@redhat.com> - 1.0-7
+- Fixed bootloader-related Anaconda API usage: RHBZ#1664036
+- Fixed root password-related Anaconda API usage: RHBZ#1665551
+- Fixed checksum-related Python2->3 issue: RHBZ#1665147
+
+* Thu Jan 17 2019 Matěj Týč <matyc@redhat.com> - 1.0-6
+- Updated translations: RHBZ#1645924
+
+* Mon Dec 17 2018 Matěj Týč <matyc@redhat.com> - 1.0-5
+- Applied the HelpFile -> help_id patch
+
+* Fri Dec 14 2018 Matěj Týč <matyc@redhat.com> - 1.0-4
+- Updated translations: RHBZ#1608331, RHBZ#1645924
+
+* Wed Oct 10 2018 Matěj Týč <matyc@redhat.com> - 1.0-3
+- Updated to the latest Anaconda API: RHBZ#1637635
+- Added updated translations: RHBZ#1608331
+
+* Mon Oct 01 2018 Matěj Týč <matyc@redhat.com> - 1.0-2
+- Added the missing pycurl dependency.
+
+* Tue Jul 03 2018 Matěj Týč <matyc@redhat.com> - 1.0-1
+- Rebased to upstream version 1.0
+- Python3 support, anaconda 28 support.
+
+* Tue Dec 12 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.8-3
+- Return empty string when there is no tailoring file
+  Resolves: rhbz#1520276
+
+* Mon Dec 11 2017 Watson Sato <wsato@redhat.com> - 0.8-2
+- Add japanese translation
+- Update other translations
+  Resolves: rhbz#1481190
+- Fix selection of RHEL datastream
+  Resolves: rhbz#1520358
+
+* Mon Nov 27 2017 Watson Sato <wsato@redhat.com> - 0.8-1
+- Rebase to the upstream version 0.8
+  Related: rhbz#1472419
+
+* Tue May 30 2017 Watson Sato <wsato@redhat.com> - 0.7-15
+- Add japanese translation
+- Update other translations
+  Resolves: rhbz#1383181
+
+* Thu Apr 20 2017 Raphael Sanchez Prudencio <rsprudencio@redhat.com> - 0.7-14
+- Fixed gtk warning messages when anaconda is starting.
+  Resolves: rhbz#1437106
+
+* Tue Mar 28 2017 Martin Preisler <mpreisle@redhat.com> - 0.7-13
+- Avoid long delay before a GeoIP related timeout in case internet is not available
+  Resolves: rhbz#1379479
+
+* Tue Sep 13 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-12
+- Properly handle tailoring files for datastreams
+  Resolves: rhbz#1364929
+
+* Thu Aug 25 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-11
+- Don't require blank stderr when running the oscap tool
+  Resolves: rhbz#1360765
+- Beware of the invalid profiles
+  Resolves: rhbz#1365130
+- Properly set the seen property for root passwords
+  Resolves: rhbz#1357603
+
+* Thu Jun 30 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-10
+- Clear spoke's info before setting an error
+  Resolves: rhbz#1349446
+
+* Wed Jun  1 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-9
+- Use the System hub category provided by Anaconda
+  Resolves: rhbz#1269211
+- Wait for Anaconda to settle before evaluation
+  Resolves: rhbz#1265552
+- Make the changes overview scrollable and smaller
+  Related: rhbz#1263582
+- Make the list of profiles scrollable
+  Resolves: rhbz#1263582
+- Do not try to create a single file multiple times
+  Related: rhbz#1263315
+- Avoid crashes on extraction errors
+  Resolves: rhbz#1263315
+- Disable GPG checks when installing content to the system
+  Resolves: rhbz#1263216
+- Allow fixing root password in graphical installations
+  Resolves: rhbz#1265116
+- Enforce the minimal root password length
+  Resolves: rhbz#1238281
+- Just report misconfiguration instead of crashing in text mode
+  Resolves: rhbz#1263207
+- Do not verify SSL if inst.noverifyssl was given
+  Resolves: rhbz#1263257
+- Also catch data_fetch.DataFetchError when trying to get content
+  Resolves: rhbz#1263239
+- Use new method signature with payload class
+  Related: rhbz#1288636
+
+* Wed Sep 16 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-8
+- Do not remove the root password behind user's back
+  Resolves: rhbz#1263254
+
+* Mon Sep 7 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-7
+- Completely skip the execute() part if no profile is selected
+  Resolves: rhbz#1254973
+
+* Mon Aug 24 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-6
+- Specify the name of the help content file
+  Resolves: rhbz#1254884
+- Skip files unrecognized by the 'oscap info' command
+  Resolves: rhbz#1255075
+- Only allow DS and XCCDF ID selection if it makes sense
+  Resolves: rhbz#1254876
+
+* Tue Aug 4 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-5
+- Make sure DS and XCCDF ID lists are correctly refreshed
+  Resolves: rhbz#1240946
+- Make sure the DS and XCCDF ID combo boxes are visible for DS content
+  Resolves: rhbz#1249951
+- Try to load the OSCAP session early for DS content
+  Resolves: rhbz#1247654
+- Test preinst_content_path before raw_preinst_content_path
+  Resolves: rhbz#1249937
+- Clear any error if switching to the dry-run mode
+  Related: rhbz#1247677
+- Do not continue with and invalid profile ID
+  Resolves: rhbz#1247677
+- Cover all potential places with a non-main thread changing Gtk stuff
+  Resolves: rhbz#1240967
+
+* Thu Jul 23 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-4
+- Better handle and report erroneous states
+  Resolves: rhbz#1241064
+- Make sure (some more) GUI actions run in the main thread
+  Resolves: rhbz#1240967
+- Beware of RPM->cpio entries' paths having absolute paths
+  Related: rhbz#1241064
+- Only output the kickstart section with content and profile set
+  Resolves: rhbz#1241395
+- Just report integrity check failure instead of traceback
+  Resolves: rhbz#1240710
+- Properly react on download/loading issues in text+kickstart mode
+  Related: rhbz#1240710
+- Fetch and process the content even if GUI doesn't take care of it
+  Resolves: rhbz#1240625
+
+* Tue Jul 7 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-3
+- Do not output redundant/invalid fields for the SSG content (vpodzime)
+  Resolves: rhbz#1240285
+- Better handle unsupported URL types (vpodzime)
+  Resolves: rhbz#1232631
+- React better on network issues (vpodzime)
+  Resolves: rhbz#1236657
+- Improve the description of the default profile (vpodzime)
+  Resolves: rhbz#1238080
+- Use the openscap-scanner package instead of openscap-utils (vpodzime)
+  Resolves: rhbz#1240249
+- Better handle the case with no profile selected (vpodzime)
+  Resolves: rhbz#1235750
+- Add newline and one blank line after the %%addon section (vpodzime)
+  Resolves: rhbz#1238267
+- Word-wrap profile descriptions (vpodzime)
+  Resolves: rhbz#1236644
+
+* Wed Jun 17 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-2
+- Add gettext to BuildRequires (vpodzime)
+  Related: rhbz#1204640
+
+* Tue Jun 16 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-1
+- Rebase to the upstream version 0.7
+  Related: rhbz#1204640
+
+* Tue Apr 28 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.6-1
+- Rebase to the upstream version 0.6
+  Resolves: rhbz#1204640
+
+* Mon Aug 04 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.4-3
+- Don't distribute backup files
+  Resolves: rhbz#1065906
+* Wed Jan 15 2014 Vratislav Podizmek <vpodzime@redhat.com> - 0.4-2
+- Skip running tests on RHEL builds
+  Related: rhbz#1035662
+* Tue Jan 14 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.4-1
+- Beware of running Gtk actions from a non-main thread
+- Fix path to the tailoring file when getting rules
+- A git hook for running tests when pushing
+- Inform user if no profile is selected
+- Visually mark the selected profile
+- Better UX with content URL entry and progress label
+- React on invalid content properly (#1032846)
+- Stop spinner when data fetching is finished
+- Make the data fetching thread non-fatal (#1049989)
+- Exit code 2 from the oscap tool is not an error for us (#1050913)
+- Be ready to work with archives/RPMs containing data streams
+- Add unit tests for the keep_type_map function
+- Add support for namedtuples to keep_type_map
+- Add target for running pylint check
+- Add target for running just unittests
+- On the way to tailoring
+- Tests for kickstart XCCDF tailoring handling
+- Kickstart support for XCCDF tailoring
+- Check session validity also when using XCCDF benchmark
+
+* Tue Dec 10 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.3-1
+- Implement and use our own better function for joining paths
+- The content entry should have focus if there is no content
+- RPM is just a weird archive in the pre-installation phase
+- Ignore RPM files as well
+- Adapt tests to dir constants now ending with "/"
+- CpioArchive cannot be created from a piped output
+- Fix namespace definitions in the testing XCCDF file
+- Prevent putting None into xccdf_session_is_sds
+- Fix the __all__ variable in the common module
+- Strip content dir prefix when setting xccdf/cpe paths
+- Inform user we now support archive URLs as well
+- Ignore various file types in the git repository
+- Try to find content files in the fetched archive or RPM
+- Run pylint -E as part of the test target
+- Return list of extracted files/directories when extracting archive
+- Do not try to search for empty file paths in archives
+- Properly set the content type based on the URL's suffix
+- Switch profiles on double-click
+- Hook urlEntry's activate signal to fetchButton click
+- Save the spoke's glade file with a new Glade
+- The addon now requires the python-cpio package
+- Use really_hide for the UI elements for datastream-id and xccdf-id
+- Support for RPM content in the GUI spoke
+- RPM content support for kickstart processing
+- Add property for the raw post-installation content path
+- Make content type case insensitive
+- Rest of the code needed for RPM extraction
+- Actually look for the file path in entry names
+- Basic stuff needed for the RPM content support
+- Run tests in paralel
+- Specify files in a better way in spec
+
+* Mon Oct 21 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.2-1
+- Initial RPM for the oscap-anaconda-addon