import oscap-anaconda-addon-1.0-9.el8

This commit is contained in:
CentOS Sources 2019-05-07 06:01:12 -04:00 committed by Andrew Lukoshko
commit 593fdb986c
10 changed files with 5363 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/oscap-anaconda-addon-1.0.tar.gz

View File

@ -0,0 +1 @@
6edf7e4859de8e66837404c084405ea4318a319d SOURCES/oscap-anaconda-addon-1.0.tar.gz

26
SOURCES/bootloader.patch Normal file
View File

@ -0,0 +1,26 @@
From 1e275a0da36595dd921732e0f60510171cdbe75c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Tue, 15 Jan 2019 19:16:44 +0100
Subject: [PATCH] Updated code to comply to the Bootloader proxy API.
---
org_fedora_oscap/rule_handling.py | 4 ++--
tests/test_rule_handling.py | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
index 738465f..f3fd057 100644
--- a/org_fedora_oscap/rule_handling.py
+++ b/org_fedora_oscap/rule_handling.py
@@ -716,9 +716,9 @@ def eval_rules(self, ksdata, storage, report_only=False):
bootloader_proxy = STORAGE.get_proxy(BOOTLOADER)
- if self._require_password and not bootloader_proxy.password_is_set:
+ if self._require_password and not bootloader_proxy.IsPasswordSet:
# TODO: Anaconda provides a way to set bootloader password:
- # bootloader_proxy.set_password(...)
+ # bootloader_proxy.SetEncryptedPassword(...)
# We don't support setting the bootloader password yet,
# but we shouldn't stop the installation, just because of that.
return [RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING,

30
SOURCES/checksum.patch Normal file
View File

@ -0,0 +1,30 @@
From fd1684358e212521abaf3ec7662aa97181868c0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Tue, 15 Jan 2019 18:19:28 +0100
Subject: [PATCH] Fixed the checksum function to use forward-compatible rb
mode.
On python3, there is a problem as contents of r-opened file is string,
but they are treated as bytes later. rb mode is fully python2-compatible.
---
org_fedora_oscap/utils.py | 4 ++--
tests/data/file | 1 +
tests/test_utils.py | 12 ++++++++++++
3 files changed, 15 insertions(+), 2 deletions(-)
create mode 100644 tests/data/file
diff --git a/org_fedora_oscap/utils.py b/org_fedora_oscap/utils.py
index 6d5c157..3be8325 100644
--- a/org_fedora_oscap/utils.py
+++ b/org_fedora_oscap/utils.py
@@ -175,8 +175,8 @@ def get_file_fingerprint(fpath, hash_obj):
"""
- with open(fpath, "r") as fobj:
- bsize = 4*1024
+ with open(fpath, "rb") as fobj:
+ bsize = 4 * 1024
# process file as 4 KB blocks
buf = fobj.read(bsize)
while buf:

30
SOURCES/help_id.patch Normal file
View File

@ -0,0 +1,30 @@
From ccd4e2f078d00fa4570d2bd56802c726286d1020 Mon Sep 17 00:00:00 2001
From: Martin Kolman <mkolman@redhat.com>
Date: Wed, 10 Oct 2018 17:12:01 +0200
Subject: [PATCH] Set help id for the OSCAP addon provided spoke (#1638068)
The new Anaconda help system now operates on help ids instead of pointing to
individual files.
So drop the old property and replace it with a proper help_id.
Resolves: rhbz#1638068
---
org_fedora_oscap/gui/spokes/oscap.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
index d9fe548..36fd656 100644
--- a/org_fedora_oscap/gui/spokes/oscap.py
+++ b/org_fedora_oscap/gui/spokes/oscap.py
@@ -179,8 +179,8 @@ class OSCAPSpoke(NormalSpoke):
# name of the .glade file in the same directory as this source
uiFile = "oscap.glade"
- # name of the file providing help content for this spoke
- helpFile = "SecurityPolicySpoke.xml"
+ # id of the help content for this spoke
+ help_id = "SecurityPolicySpoke"
# domain of oscap-anaconda-addon translations
translationDomain = "oscap-anaconda-addon"

4612
SOURCES/lang.patch Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,256 @@
diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
index f712ac4..738465f 100644
--- a/org_fedora_oscap/rule_handling.py
+++ b/org_fedora_oscap/rule_handling.py
@@ -26,7 +26,13 @@
import optparse
import shlex
import logging
+
from pyanaconda.pwpolicy import F22_PwPolicyData
+from pyanaconda.core.constants import (
+ FIREWALL_ENABLED, FIREWALL_DISABLED, FIREWALL_USE_SYSTEM_DEFAULTS)
+from pyanaconda.modules.common.constants.objects import FIREWALL, BOOTLOADER
+from pyanaconda.modules.common.constants.services import NETWORK, STORAGE, USERS
+
from org_fedora_oscap import common
from org_fedora_oscap.common import OSCAPaddonError, RuleMessage
@@ -496,7 +502,10 @@ def eval_rules(self, ksdata, storage, report_only=False):
return []
ret = []
- if not ksdata.rootpw.password:
+
+ users_proxy = USERS.get_proxy()
+
+ if not users_proxy.IsRootPasswordSet:
# root password was not set
msg = _("make sure to create password with minimal length of %d "
@@ -505,12 +514,12 @@ def eval_rules(self, ksdata, storage, report_only=False):
common.MESSAGE_TYPE_WARNING, msg)]
else:
# root password set
- if ksdata.rootpw.isCrypted:
+ if users_proxy.IsRootPasswordCrypted:
msg = _("cannot check root password length (password is crypted)")
log.warning("cannot check root password length (password is crypted)")
return [RuleMessage(self.__class__,
common.MESSAGE_TYPE_WARNING, msg)]
- elif len(ksdata.rootpw.password) < self._minlen:
+ elif len(users_proxy.RootPassword) < self._minlen:
# too short
msg = _("root password is too short, a longer one with at "
"least %d characters is required") % self._minlen
@@ -705,10 +714,13 @@ def __str__(self):
def eval_rules(self, ksdata, storage, report_only=False):
""":see: RuleHandler.eval_rules"""
- if self._require_password and not storage.bootloader.password:
- # Anaconda doesn't provide a way to set bootloader password, so
- # users cannot do much about that --> we shouldn't stop the
- # installation, should we?
+ bootloader_proxy = STORAGE.get_proxy(BOOTLOADER)
+
+ if self._require_password and not bootloader_proxy.password_is_set:
+ # TODO: Anaconda provides a way to set bootloader password:
+ # bootloader_proxy.set_password(...)
+ # We don't support setting the bootloader password yet,
+ # but we shouldn't stop the installation, just because of that.
return [RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING,
"boot loader password not set up")]
else:
@@ -802,8 +814,13 @@ def __init__(self):
self._added_trusts = set()
self._removed_svcs = set()
+ self._new_services_to_add = set()
+ self._new_ports_to_add = set()
+ self._new_trusts_to_add = set()
+ self._new_services_to_remove = set()
+
self._firewall_enabled = None
- self._firewall_default_enabled = None
+ self._firewall_default_state = None
def add_services(self, services):
"""
@@ -895,25 +912,26 @@ def __str__(self):
def eval_rules(self, ksdata, storage, report_only=False):
""":see: RuleHandler.eval_rules"""
+ firewall_proxy = NETWORK.get_proxy(FIREWALL)
messages = []
- if self._firewall_default_enabled is None:
+ if self._firewall_default_state is None:
# firewall default startup setting
- self._firewall_default_enabled = ksdata.firewall.enabled
+ self._firewall_default_state = firewall_proxy.FirewallMode
if self._firewall_enabled is False:
msg = _("Firewall will be disabled on startup")
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
if not report_only:
- ksdata.firewall.enabled = self._firewall_enabled
+ firewall_proxy.SetFirewallMode(FIREWALL_DISABLED)
elif self._firewall_enabled is True:
msg = _("Firewall will be enabled on startup")
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
if not report_only:
- ksdata.firewall.enabled = self._firewall_enabled
+ firewall_proxy.SetFirewallMode(FIREWALL_ENABLED)
# add messages for the already added services
for svc in self._added_svcs:
@@ -937,49 +955,58 @@ def eval_rules(self, ksdata, storage, report_only=False):
common.MESSAGE_TYPE_INFO, msg))
# services, that should be added
- services_to_add = (svc for svc in self._add_svcs
- if svc not in ksdata.firewall.services)
+ self._new_services_to_add = {
+ svc for svc in self._add_svcs
+ if svc not in firewall_proxy.EnabledServices}
# ports, that should be added
- ports_to_add = (ports for ports in self._add_ports
- if ports not in ksdata.firewall.ports)
+ self._new_ports_to_add = {
+ ports for ports in self._add_ports
+ if ports not in firewall_proxy.EnabledPorts}
# trusts, that should be added
- trusts_to_add = (trust for trust in self._add_trusts
- if trust not in ksdata.firewall.trusts)
+ self._new_trusts_to_add = {
+ trust for trust in self._add_trusts
+ if trust not in firewall_proxy.Trusts}
- for svc in services_to_add:
+ for svc in self._new_services_to_add:
# add the service unless already added
if not report_only:
self._added_svcs.add(svc)
- ksdata.firewall.services.append(svc)
msg = _("service '%s' has been added to the list of services to be "
"added to the firewall" % svc)
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
+ if not report_only:
+ all_services = list(self._add_svcs.union(set(firewall_proxy.EnabledServices)))
+ firewall_proxy.SetEnabledServices(all_services)
- for port in ports_to_add:
+ for port in self._new_ports_to_add:
# add the port unless already added
if not report_only:
self._added_ports.add(port)
- ksdata.firewall.ports.append(port)
msg = _("port '%s' has been added to the list of ports to be "
"added to the firewall" % port)
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
+ if not report_only:
+ all_ports = list(self._add_ports.union(set(firewall_proxy.EnabledPorts)))
+ firewall_proxy.SetEnabledPorts(all_ports)
- for trust in trusts_to_add:
+ for trust in self._new_trusts_to_add:
# add the trust unless already added
if not report_only:
self._added_trusts.add(trust)
- ksdata.firewall.trusts.append(trust)
msg = _("trust '%s' has been added to the list of trusts to be "
"added to the firewall" % trust)
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
+ if not report_only:
+ all_trusts = list(self._add_trusts.union(set(firewall_proxy.Trusts)))
+ firewall_proxy.SetTrusts(all_trusts)
# now do the same for the services that should be excluded
@@ -990,52 +1017,56 @@ def eval_rules(self, ksdata, storage, report_only=False):
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
- # services, that should be added
- services_to_remove = (svc for svc in self._remove_svcs
- if svc not in ksdata.firewall.remove_services)
+ # services, that should be excluded
+ self._new_services_to_remove = {
+ svc for svc in self._remove_svcs
+ if svc not in firewall_proxy.DisabledServices}
- for svc in services_to_remove:
+ for svc in self._new_services_to_remove:
# exclude the service unless already excluded
if not report_only:
self._removed_svcs.add(svc)
- ksdata.firewall.remove_services.append(svc)
msg = _("service '%s' has been added to the list of services to be "
"removed from the firewall" % svc)
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
+ if not report_only:
+ all_services = list(self._remove_svcs.union(set(firewall_proxy.DisabledServices)))
+ firewall_proxy.SetDisabledServices(all_services)
return messages
def revert_changes(self, ksdata, storage):
""":see: RuleHander.revert_changes"""
+ firewall_proxy = NETWORK.get_proxy(FIREWALL)
if self._firewall_enabled is not None:
- ksdata.firewall.enabled = self._firewall_default_enabled
+ firewall_proxy.SetFirewallMode(self._firewall_default_state)
# remove all services this handler added
- for svc in self._added_svcs:
- if svc in ksdata.firewall.services:
- ksdata.firewall.services.remove(svc)
+ all_services = firewall_proxy.EnabledServices
+ orig_services = set(all_services).difference(self._new_services_to_add)
+ firewall_proxy.SetEnabledServices(list(orig_services))
# remove all ports this handler added
- for port in self._added_ports:
- if port in ksdata.firewall.ports:
- ksdata.firewall.ports.remove(port)
+ all_ports = firewall_proxy.EnabledPorts
+ orig_ports = set(all_ports).difference(self._new_ports_to_add)
+ firewall_proxy.SetEnabledPorts(list(orig_ports))
# remove all trusts this handler added
- for trust in self._added_trusts:
- if trust in ksdata.firewall.trusts:
- ksdata.firewall.trusts.remove(trust)
+ all_trusts = firewall_proxy.Trusts
+ orig_trusts = set(all_trusts).difference(self._new_trusts_to_add)
+ firewall_proxy.SetTrusts(list(orig_trusts))
# remove all services this handler excluded
- for svc in self._removed_svcs:
- if svc in ksdata.firewall.remove_services:
- ksdata.firewall.remove_services.remove(svc)
+ all_services = firewall_proxy.DisabledServices
+ orig_services = set(all_services).difference(self._new_services_to_remove)
+ firewall_proxy.SetDisabledServices(list(orig_services))
self._added_svcs = set()
self._added_ports = set()
self._added_trusts = set()
self._removed_svcs = set()
self._firewall_enabled = None
- self._firewall_default_enabled = None
+ self._firewall_default_state = None

68
SOURCES/rootpw.patch Normal file
View File

@ -0,0 +1,68 @@
From 44a643f4c115d638d42f19f668cef1c220aab1b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Thu, 17 Jan 2019 18:06:02 +0100
Subject: [PATCH] Updated the code to use the up-to-date Anaconda API.
Fixes RHBZ#1665551
---
org_fedora_oscap/gui/spokes/oscap.py | 29 +++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
index 36fd656..f16699b 100644
--- a/org_fedora_oscap/gui/spokes/oscap.py
+++ b/org_fedora_oscap/gui/spokes/oscap.py
@@ -38,6 +38,8 @@
from pyanaconda.ui.categories.system import SystemCategory
from pykickstart.errors import KickstartValueError
+from pyanaconda.modules.common.constants.services import USERS
+
# pylint: disable-msg=E0611
from gi.repository import Gdk
@@ -650,26 +652,35 @@ def _update_message_store(self, report_only=False):
def _resolve_rootpw_issues(self, messages, report_only):
"""Mitigate root password issues (which are not fatal in GUI)"""
- fatal_rootpw_msgs = [msg for msg in messages
- if msg.origin == rule_handling.PasswdRules and msg.type == common.MESSAGE_TYPE_FATAL]
+ fatal_rootpw_msgs = [
+ msg for msg in messages
+ if msg.origin == rule_handling.PasswdRules and msg.type == common.MESSAGE_TYPE_FATAL]
+
if fatal_rootpw_msgs:
for msg in fatal_rootpw_msgs:
# cannot just change the message type because it is a namedtuple
messages.remove(msg)
- messages.append(common.RuleMessage(self.__class__,
- common.MESSAGE_TYPE_WARNING,
- msg.text))
+
+ msg = common.RuleMessage(
+ self.__class__, common.MESSAGE_TYPE_WARNING, msg.text)
+ messages.append(msg)
+
if not report_only:
- self.__old_root_pw = self.data.rootpw.password
+ users_proxy = USERS.get_proxy()
+
+ self.__old_root_pw = users_proxy.RootPassword
self.data.rootpw.password = None
- self.__old_root_pw_seen = self.data.rootpw.seen
+ self.__old_root_pw_seen = users_proxy.IsRootpwKickstarted
self.data.rootpw.seen = False
def _revert_rootpw_changes(self):
if self.__old_root_pw is not None:
- self.data.rootpw.password = self.__old_root_pw
- self.data.rootpw.seen = self.__old_root_pw_seen
+ users_proxy = USERS.get_proxy()
+
+ users_proxy.SetRootPassword(self.__old_root_pw)
self.__old_root_pw = None
+
+ users_proxy.SetRootpwKickstarted(self.__old_root_pw_seen)
self.__old_root_pw_seen = None
@async_action_wait

View File

@ -0,0 +1,22 @@
From c88dba4b9deeb78158bf2e239e4b7118a9e8b39f Mon Sep 17 00:00:00 2001
From: Marek Haicman <mhaicman@redhat.com>
Date: Thu, 7 Feb 2019 19:24:08 +0100
Subject: [PATCH] Hack hub title to show translated.
---
org_fedora_oscap/gui/spokes/oscap.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
index 72c1501..594969a 100644
--- a/org_fedora_oscap/gui/spokes/oscap.py
+++ b/org_fedora_oscap/gui/spokes/oscap.py
@@ -190,6 +190,8 @@ def __init__(self, data, storage, payload, instclass):
NormalSpoke.__init__(self, data, storage, payload, instclass)
self._addon_data = self.data.addons.org_fedora_oscap
+ # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1673071
+ self.title = _(self.title)
self._storage = storage
self._ready = False

View File

@ -0,0 +1,317 @@
# Patch0 applies correctly but with mismatch and we dont't want backup file
%global _default_patch_flags --no-backup-if-mismatch
Name: oscap-anaconda-addon
Version: 1.0
Release: 9%{?dist}
Summary: Anaconda addon integrating OpenSCAP to the installation process
License: GPLv2+
URL: https://github.com/OpenSCAP/oscap-anaconda-addon
# This is a Red Hat maintained package which is specific to
# our distribution.
#
# The source is thus available only from within this SRPM
# or via direct git checkout:
# git clone https://github.com/OpenSCAP/oscap-anaconda-addon.git
Source0: %{name}-%{version}.tar.gz
Patch1: lang.patch
Patch2: oaa-api-update.patch
Patch3: help_id.patch
Patch4: rootpw.patch
Patch5: bootloader.patch
Patch6: checksum.patch
Patch7: translate_spoke_title.patch
BuildArch: noarch
BuildRequires: gettext
BuildRequires: python3-devel
BuildRequires: python3-pycurl
#BuildRequires: python-mock
#BuildRequires: python-nose
#BuildRequires: python3-cpio
BuildRequires: openscap openscap-utils openscap-python3
BuildRequires: anaconda-core >= 28.22.10
Requires: anaconda-core >= 28.22.10
Requires: python3-cpio
Requires: python3-pycurl
Requires: python3-kickstart
Requires: openscap openscap-utils openscap-python3
Requires: scap-security-guide
%description
This is an addon that integrates OpenSCAP utilities with the Anaconda installer
and allows installation of systems following restrictions given by a SCAP
content.
%prep
%setup -q -n %{name}-%{version}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%build
#%check
#make test
%install
make install DESTDIR=%{buildroot}
%find_lang %{name}
%files -f %{name}.lang
%{_datadir}/anaconda/addons/org_fedora_oscap
%doc COPYING ChangeLog README.md
%changelog
* Wed Feb 13 2019 Matěj Týč <matyc@redhat.com> - 1.0-9
- Updated translations: RHBZ#1645924
* Fri Feb 08 2019 Watson Yuuma Sato <wsato@redhat.com> - 1.0-8
- Fixed translation of spoke title: RHBZ#1673044
* Fri Jan 18 2019 Matěj Týč <matyc@redhat.com> - 1.0-7
- Fixed bootloader-related Anaconda API usage: RHBZ#1664036
- Fixed root password-related Anaconda API usage: RHBZ#1665551
- Fixed checksum-related Python2->3 issue: RHBZ#1665147
* Thu Jan 17 2019 Matěj Týč <matyc@redhat.com> - 1.0-6
- Updated translations: RHBZ#1645924
* Mon Dec 17 2018 Matěj Týč <matyc@redhat.com> - 1.0-5
- Applied the HelpFile -> help_id patch
* Fri Dec 14 2018 Matěj Týč <matyc@redhat.com> - 1.0-4
- Updated translations: RHBZ#1608331, RHBZ#1645924
* Wed Oct 10 2018 Matěj Týč <matyc@redhat.com> - 1.0-3
- Updated to the latest Anaconda API: RHBZ#1637635
- Added updated translations: RHBZ#1608331
* Mon Oct 01 2018 Matěj Týč <matyc@redhat.com> - 1.0-2
- Added the missing pycurl dependency.
* Tue Jul 03 2018 Matěj Týč <matyc@redhat.com> - 1.0-1
- Rebased to upstream version 1.0
- Python3 support, anaconda 28 support.
* Tue Dec 12 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.8-3
- Return empty string when there is no tailoring file
Resolves: rhbz#1520276
* Mon Dec 11 2017 Watson Sato <wsato@redhat.com> - 0.8-2
- Add japanese translation
- Update other translations
Resolves: rhbz#1481190
- Fix selection of RHEL datastream
Resolves: rhbz#1520358
* Mon Nov 27 2017 Watson Sato <wsato@redhat.com> - 0.8-1
- Rebase to the upstream version 0.8
Related: rhbz#1472419
* Tue May 30 2017 Watson Sato <wsato@redhat.com> - 0.7-15
- Add japanese translation
- Update other translations
Resolves: rhbz#1383181
* Thu Apr 20 2017 Raphael Sanchez Prudencio <rsprudencio@redhat.com> - 0.7-14
- Fixed gtk warning messages when anaconda is starting.
Resolves: rhbz#1437106
* Tue Mar 28 2017 Martin Preisler <mpreisle@redhat.com> - 0.7-13
- Avoid long delay before a GeoIP related timeout in case internet is not available
Resolves: rhbz#1379479
* Tue Sep 13 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-12
- Properly handle tailoring files for datastreams
Resolves: rhbz#1364929
* Thu Aug 25 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-11
- Don't require blank stderr when running the oscap tool
Resolves: rhbz#1360765
- Beware of the invalid profiles
Resolves: rhbz#1365130
- Properly set the seen property for root passwords
Resolves: rhbz#1357603
* Thu Jun 30 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-10
- Clear spoke's info before setting an error
Resolves: rhbz#1349446
* Wed Jun 1 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-9
- Use the System hub category provided by Anaconda
Resolves: rhbz#1269211
- Wait for Anaconda to settle before evaluation
Resolves: rhbz#1265552
- Make the changes overview scrollable and smaller
Related: rhbz#1263582
- Make the list of profiles scrollable
Resolves: rhbz#1263582
- Do not try to create a single file multiple times
Related: rhbz#1263315
- Avoid crashes on extraction errors
Resolves: rhbz#1263315
- Disable GPG checks when installing content to the system
Resolves: rhbz#1263216
- Allow fixing root password in graphical installations
Resolves: rhbz#1265116
- Enforce the minimal root password length
Resolves: rhbz#1238281
- Just report misconfiguration instead of crashing in text mode
Resolves: rhbz#1263207
- Do not verify SSL if inst.noverifyssl was given
Resolves: rhbz#1263257
- Also catch data_fetch.DataFetchError when trying to get content
Resolves: rhbz#1263239
- Use new method signature with payload class
Related: rhbz#1288636
* Wed Sep 16 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-8
- Do not remove the root password behind user's back
Resolves: rhbz#1263254
* Mon Sep 7 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-7
- Completely skip the execute() part if no profile is selected
Resolves: rhbz#1254973
* Mon Aug 24 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-6
- Specify the name of the help content file
Resolves: rhbz#1254884
- Skip files unrecognized by the 'oscap info' command
Resolves: rhbz#1255075
- Only allow DS and XCCDF ID selection if it makes sense
Resolves: rhbz#1254876
* Tue Aug 4 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-5
- Make sure DS and XCCDF ID lists are correctly refreshed
Resolves: rhbz#1240946
- Make sure the DS and XCCDF ID combo boxes are visible for DS content
Resolves: rhbz#1249951
- Try to load the OSCAP session early for DS content
Resolves: rhbz#1247654
- Test preinst_content_path before raw_preinst_content_path
Resolves: rhbz#1249937
- Clear any error if switching to the dry-run mode
Related: rhbz#1247677
- Do not continue with and invalid profile ID
Resolves: rhbz#1247677
- Cover all potential places with a non-main thread changing Gtk stuff
Resolves: rhbz#1240967
* Thu Jul 23 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-4
- Better handle and report erroneous states
Resolves: rhbz#1241064
- Make sure (some more) GUI actions run in the main thread
Resolves: rhbz#1240967
- Beware of RPM->cpio entries' paths having absolute paths
Related: rhbz#1241064
- Only output the kickstart section with content and profile set
Resolves: rhbz#1241395
- Just report integrity check failure instead of traceback
Resolves: rhbz#1240710
- Properly react on download/loading issues in text+kickstart mode
Related: rhbz#1240710
- Fetch and process the content even if GUI doesn't take care of it
Resolves: rhbz#1240625
* Tue Jul 7 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-3
- Do not output redundant/invalid fields for the SSG content (vpodzime)
Resolves: rhbz#1240285
- Better handle unsupported URL types (vpodzime)
Resolves: rhbz#1232631
- React better on network issues (vpodzime)
Resolves: rhbz#1236657
- Improve the description of the default profile (vpodzime)
Resolves: rhbz#1238080
- Use the openscap-scanner package instead of openscap-utils (vpodzime)
Resolves: rhbz#1240249
- Better handle the case with no profile selected (vpodzime)
Resolves: rhbz#1235750
- Add newline and one blank line after the %%addon section (vpodzime)
Resolves: rhbz#1238267
- Word-wrap profile descriptions (vpodzime)
Resolves: rhbz#1236644
* Wed Jun 17 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-2
- Add gettext to BuildRequires (vpodzime)
Related: rhbz#1204640
* Tue Jun 16 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-1
- Rebase to the upstream version 0.7
Related: rhbz#1204640
* Tue Apr 28 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.6-1
- Rebase to the upstream version 0.6
Resolves: rhbz#1204640
* Mon Aug 04 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.4-3
- Don't distribute backup files
Resolves: rhbz#1065906
* Wed Jan 15 2014 Vratislav Podizmek <vpodzime@redhat.com> - 0.4-2
- Skip running tests on RHEL builds
Related: rhbz#1035662
* Tue Jan 14 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.4-1
- Beware of running Gtk actions from a non-main thread
- Fix path to the tailoring file when getting rules
- A git hook for running tests when pushing
- Inform user if no profile is selected
- Visually mark the selected profile
- Better UX with content URL entry and progress label
- React on invalid content properly (#1032846)
- Stop spinner when data fetching is finished
- Make the data fetching thread non-fatal (#1049989)
- Exit code 2 from the oscap tool is not an error for us (#1050913)
- Be ready to work with archives/RPMs containing data streams
- Add unit tests for the keep_type_map function
- Add support for namedtuples to keep_type_map
- Add target for running pylint check
- Add target for running just unittests
- On the way to tailoring
- Tests for kickstart XCCDF tailoring handling
- Kickstart support for XCCDF tailoring
- Check session validity also when using XCCDF benchmark
* Tue Dec 10 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.3-1
- Implement and use our own better function for joining paths
- The content entry should have focus if there is no content
- RPM is just a weird archive in the pre-installation phase
- Ignore RPM files as well
- Adapt tests to dir constants now ending with "/"
- CpioArchive cannot be created from a piped output
- Fix namespace definitions in the testing XCCDF file
- Prevent putting None into xccdf_session_is_sds
- Fix the __all__ variable in the common module
- Strip content dir prefix when setting xccdf/cpe paths
- Inform user we now support archive URLs as well
- Ignore various file types in the git repository
- Try to find content files in the fetched archive or RPM
- Run pylint -E as part of the test target
- Return list of extracted files/directories when extracting archive
- Do not try to search for empty file paths in archives
- Properly set the content type based on the URL's suffix
- Switch profiles on double-click
- Hook urlEntry's activate signal to fetchButton click
- Save the spoke's glade file with a new Glade
- The addon now requires the python-cpio package
- Use really_hide for the UI elements for datastream-id and xccdf-id
- Support for RPM content in the GUI spoke
- RPM content support for kickstart processing
- Add property for the raw post-installation content path
- Make content type case insensitive
- Rest of the code needed for RPM extraction
- Actually look for the file path in entry names
- Basic stuff needed for the RPM content support
- Run tests in paralel
- Specify files in a better way in spec
* Mon Oct 21 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.2-1
- Initial RPM for the oscap-anaconda-addon