import oscap-anaconda-addon-1.2.0-2.el8

This commit is contained in:
CentOS Sources 2021-07-30 04:20:28 +00:00 committed by Andrew Lukoshko
commit d3baaab07b
6 changed files with 8448 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/oscap-anaconda-addon-1.2.0.tar.gz

View File

@ -0,0 +1 @@
3c1e0b7194fae2d1ba496a005f2322dbb25ff5fc SOURCES/oscap-anaconda-addon-1.2.0.tar.gz

7960
SOURCES/lang.patch Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,32 @@
From 56ee09bf171e0311e970b6bbd8c4c6d1114aca60 Mon Sep 17 00:00:00 2001
From: Matej Tyc <matyc@redhat.com>
Date: Tue, 29 Jun 2021 23:44:28 +0200
Subject: [PATCH] Dont use the tmp_path fixture.
The rhel8 pytest doesn't know it yet,
so it shouldn't be in the RHEL8 branch.
---
tests/test_data_fetch.py | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/tests/test_data_fetch.py b/tests/test_data_fetch.py
index cfc56b9..3b18e1e 100644
--- a/tests/test_data_fetch.py
+++ b/tests/test_data_fetch.py
@@ -61,9 +61,10 @@ def test_unsupported_url():
assert not data_fetch.can_fetch_from("aaaaa")
-def test_fetch_local(tmp_path):
- source_path = pathlib.Path(__file__).absolute()
- dest_path = tmp_path / "dest"
- data_fetch.fetch_data("file://" + str(source_path), dest_path)
- with open(dest_path, "r") as copied_file:
- assert "This line is here and in the copied file as well" in copied_file.read()
+def test_fetch_local():
+ with tempfile.NamedTemporaryFile() as f:
+ dest_path = pathlib.Path(f.name)
+ source_path = pathlib.Path(__file__).absolute()
+ data_fetch.fetch_data("file://" + str(source_path), dest_path)
+ with open(dest_path, "r") as copied_file:
+ assert "This line is here and in the copied file as well" in copied_file.read()

View File

@ -0,0 +1,101 @@
From 9d268437f092167f5afeb93e970eb197c696a866 Mon Sep 17 00:00:00 2001
From: Matej Tyc <matyc@redhat.com>
Date: Wed, 30 Jun 2021 21:29:24 +0200
Subject: [PATCH 1/4] Fix shadowing of _
_, the established symbol for dummy return values,
conflicted with _, the establish symbol for gettext translations.
---
org_fedora_oscap/ks/oscap.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py
index 2172293..b96b93b 100644
--- a/org_fedora_oscap/ks/oscap.py
+++ b/org_fedora_oscap/ks/oscap.py
@@ -445,7 +445,7 @@ def setup(self, storage, ksdata, payload):
try:
# just check that preferred content exists
- _ = self.content_bringer.get_preferred_content(content)
+ self.content_bringer.get_preferred_content(content)
except Exception as exc:
self._terminate(str(exc))
return
From 2e38bc81e925818b8985dc80a0004b94c1f9278e Mon Sep 17 00:00:00 2001
From: Matej Tyc <matyc@redhat.com>
Date: Wed, 30 Jun 2021 21:29:41 +0200
Subject: [PATCH 2/4] Fix conversion of fatal messages to strings
---
org_fedora_oscap/ks/oscap.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py
index b96b93b..90e8dd4 100644
--- a/org_fedora_oscap/ks/oscap.py
+++ b/org_fedora_oscap/ks/oscap.py
@@ -460,7 +460,7 @@ def setup(self, storage, ksdata, payload):
if message.type == common.MESSAGE_TYPE_FATAL]
if any(fatal_messages):
msg_lines = [_("Wrong configuration detected!")]
- msg_lines.extend(fatal_messages)
+ msg_lines.extend([m.text for m in fatal_messages])
self._terminate("\n".join(msg_lines))
return
From fc467d9699a3ede83a2117ca48fae8edb589f35b Mon Sep 17 00:00:00 2001
From: Matej Tyc <matyc@redhat.com>
Date: Wed, 30 Jun 2021 20:45:22 +0200
Subject: [PATCH 3/4] Streamline the code
Make get_preinst_content_path and get_raw_preinst_content_path
easier to compare.
---
org_fedora_oscap/ks/oscap.py | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py
index 90e8dd4..d1b8c9e 100644
--- a/org_fedora_oscap/ks/oscap.py
+++ b/org_fedora_oscap/ks/oscap.py
@@ -325,8 +325,7 @@ def preinst_content_path(self):
"""Path to the pre-installation content file"""
if self.content_type == "datastream":
- return utils.join_paths(common.INSTALLATION_CONTENT_DIR,
- self.content_name)
+ return self.raw_preinst_content_path
elif self.content_type == "scap-security-guide":
# SSG is not copied to the standard place
return self.content_path
From ea8fc0ab6307a6b8381b18b26cb0c7ce3ff7f8b0 Mon Sep 17 00:00:00 2001
From: Matej Tyc <matyc@redhat.com>
Date: Wed, 30 Jun 2021 20:49:07 +0200
Subject: [PATCH 4/4] Fix an f-string that references incorrect variable
---
org_fedora_oscap/content_discovery.py | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
index 6393086..f6b4d27 100644
--- a/org_fedora_oscap/content_discovery.py
+++ b/org_fedora_oscap/content_discovery.py
@@ -243,9 +243,10 @@ def get_preferred_content(self, content):
return preferred_content
def get_preferred_tailoring(self, content):
- if self._addon_data.tailoring_path:
- if self._addon_data.tailoring_path != str(content.tailoring.relative_to(content.root)):
- msg = f"Expected a tailoring {self.tailoring_path}, but it couldn't be found"
+ tailoring_path = self._addon_data.tailoring_path
+ if tailoring_path:
+ if tailoring_path != str(content.tailoring.relative_to(content.root)):
+ msg = f"Expected a tailoring {tailoring_path}, but it couldn't be found"
raise content_handling.ContentHandlingError(msg)
return content.tailoring

View File

@ -0,0 +1,353 @@
# Patch0 applies correctly but with mismatch and we dont't want backup file
%global _default_patch_flags --no-backup-if-mismatch
Name: oscap-anaconda-addon
Version: 1.2.0
Release: 2%{?dist}
Summary: Anaconda addon integrating OpenSCAP to the installation process
License: GPLv2+
URL: https://github.com/OpenSCAP/oscap-anaconda-addon
# This is a Red Hat maintained package which is specific to
# our distribution.
#
# The source is thus available only from within this SRPM
# or via direct git checkout:
# git clone https://github.com/OpenSCAP/oscap-anaconda-addon.git
Source0: %{name}-%{version}.tar.gz
# Let the Patch1 be reserved for translations patches
Patch1: lang.patch
Patch2: oscap-anaconda-addon-1.2.1-no_tmp_path-PR_161.patch
Patch3: oscap-anaconda-addon-1.2.1-various_fixes-PR_162.patch
BuildArch: noarch
BuildRequires: make
BuildRequires: gettext
BuildRequires: python3-devel
BuildRequires: python3-pycurl
BuildRequires: openscap openscap-utils openscap-python3
BuildRequires: anaconda-core >= 33
Requires: anaconda-core >= 33
Requires: python3-cpio
Requires: python3-pycurl
Requires: python3-kickstart
Requires: openscap openscap-utils openscap-python3
Requires: scap-security-guide
%description
This is an addon that integrates OpenSCAP utilities with the Anaconda installer
and allows installation of systems following restrictions given by a SCAP
content.
%prep
%setup -q -n %{name}-%{version}
%patch2 -p1
%patch3 -p1
# As patches may translates the strings that are updated by later patches,
# Patch1 needs to be aplied last.
%patch1 -p1
# NOTE CONCERNING TRANSLATION PATCHES
# When preparing translation patches, don't consider that some languages are unsupported -
# we aim to include all applicable translation texts to the appropriate patch.
# This has consulted with ljanda@redhat.com, and we basically follow the existing practice of the Anaconda project we integrate into.
%build
#%check
#make test
%install
make install DESTDIR=%{buildroot}
%find_lang %{name}
%files -f %{name}.lang
%{_datadir}/anaconda/addons/org_fedora_oscap
%doc COPYING ChangeLog README.md
%changelog
* Fri Jul 16 2021 Matej Tyc <matyc@redhat.com> - 1.2.0-2
- Updated translations
- Resolves: rhbz#1938623
* Fri Jun 25 2021 Matej Tyc <matyc@redhat.com> - 1.2.0-1
- Rebase to the new upstream version.
- Resolves: rhbz#1691305
* Mon Feb 15 2021 Matej Tyc <matyc@redhat.com> - 1.1.1-7
- Updated translations.
* Wed Nov 11 11:46:56 CET 2020 Matej Tyc <matyc@redhat.com> - 1.1.1-6
- Improved handling of conflicts between packages removed vs software wanted to be installed - rhbz#1892310
* Tue Aug 18 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-5
- Fixed issues with encountering filenames with weird encoding during scans - rhbz#1867960
* Thu Jul 09 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-4
- Fixed spoke window text: RHBZ#1855041
* Fri Jun 26 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-3
- Updated translations: RHBZ#1820557
* Mon Jun 22 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-2
- Fixed issues addressing combination of profiles and GUI-based software selections: RHBZ#1843932, RHBZ#1787156
- Improved handling of languages, capitalization: RHBZ#1696278
- Updated translations: RHBZ#1820557
* Tue Jun 02 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-1
- Rebase to upstream 1.1.1
- This OAA is compatible with the RHEL 8.3 Anaconda: RHBZ#1696278
- The UX has been improved: RHBZ#1781790
* Mon Sep 02 2019 Watson Sato <wsato@redhat.com> - 1.0-10
- Do not use capital letters for spoke title: RHBZ#1744185
- Updated translations
* Wed Feb 13 2019 Matěj Týč <matyc@redhat.com> - 1.0-9
- Updated translations: RHBZ#1645924
* Fri Feb 08 2019 Watson Yuuma Sato <wsato@redhat.com> - 1.0-8
- Fixed translation of spoke title: RHBZ#1673044
* Fri Jan 18 2019 Matěj Týč <matyc@redhat.com> - 1.0-7
- Fixed bootloader-related Anaconda API usage: RHBZ#1664036
- Fixed root password-related Anaconda API usage: RHBZ#1665551
- Fixed checksum-related Python2->3 issue: RHBZ#1665147
* Thu Jan 17 2019 Matěj Týč <matyc@redhat.com> - 1.0-6
- Updated translations: RHBZ#1645924
* Mon Dec 17 2018 Matěj Týč <matyc@redhat.com> - 1.0-5
- Applied the HelpFile -> help_id patch
* Fri Dec 14 2018 Matěj Týč <matyc@redhat.com> - 1.0-4
- Updated translations: RHBZ#1608331, RHBZ#1645924
* Wed Oct 10 2018 Matěj Týč <matyc@redhat.com> - 1.0-3
- Updated to the latest Anaconda API: RHBZ#1637635
- Added updated translations: RHBZ#1608331
* Mon Oct 01 2018 Matěj Týč <matyc@redhat.com> - 1.0-2
- Added the missing pycurl dependency.
* Tue Jul 03 2018 Matěj Týč <matyc@redhat.com> - 1.0-1
- Rebased to upstream version 1.0
- Python3 support, anaconda 28 support.
* Tue Dec 12 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.8-3
- Return empty string when there is no tailoring file
Resolves: rhbz#1520276
* Mon Dec 11 2017 Watson Sato <wsato@redhat.com> - 0.8-2
- Add japanese translation
- Update other translations
Resolves: rhbz#1481190
- Fix selection of RHEL datastream
Resolves: rhbz#1520358
* Mon Nov 27 2017 Watson Sato <wsato@redhat.com> - 0.8-1
- Rebase to the upstream version 0.8
Related: rhbz#1472419
* Tue May 30 2017 Watson Sato <wsato@redhat.com> - 0.7-15
- Add japanese translation
- Update other translations
Resolves: rhbz#1383181
* Thu Apr 20 2017 Raphael Sanchez Prudencio <rsprudencio@redhat.com> - 0.7-14
- Fixed gtk warning messages when anaconda is starting.
Resolves: rhbz#1437106
* Tue Mar 28 2017 Martin Preisler <mpreisle@redhat.com> - 0.7-13
- Avoid long delay before a GeoIP related timeout in case internet is not available
Resolves: rhbz#1379479
* Tue Sep 13 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-12
- Properly handle tailoring files for datastreams
Resolves: rhbz#1364929
* Thu Aug 25 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-11
- Don't require blank stderr when running the oscap tool
Resolves: rhbz#1360765
- Beware of the invalid profiles
Resolves: rhbz#1365130
- Properly set the seen property for root passwords
Resolves: rhbz#1357603
* Thu Jun 30 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-10
- Clear spoke's info before setting an error
Resolves: rhbz#1349446
* Wed Jun 1 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-9
- Use the System hub category provided by Anaconda
Resolves: rhbz#1269211
- Wait for Anaconda to settle before evaluation
Resolves: rhbz#1265552
- Make the changes overview scrollable and smaller
Related: rhbz#1263582
- Make the list of profiles scrollable
Resolves: rhbz#1263582
- Do not try to create a single file multiple times
Related: rhbz#1263315
- Avoid crashes on extraction errors
Resolves: rhbz#1263315
- Disable GPG checks when installing content to the system
Resolves: rhbz#1263216
- Allow fixing root password in graphical installations
Resolves: rhbz#1265116
- Enforce the minimal root password length
Resolves: rhbz#1238281
- Just report misconfiguration instead of crashing in text mode
Resolves: rhbz#1263207
- Do not verify SSL if inst.noverifyssl was given
Resolves: rhbz#1263257
- Also catch data_fetch.DataFetchError when trying to get content
Resolves: rhbz#1263239
- Use new method signature with payload class
Related: rhbz#1288636
* Wed Sep 16 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-8
- Do not remove the root password behind user's back
Resolves: rhbz#1263254
* Mon Sep 7 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-7
- Completely skip the execute() part if no profile is selected
Resolves: rhbz#1254973
* Mon Aug 24 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-6
- Specify the name of the help content file
Resolves: rhbz#1254884
- Skip files unrecognized by the 'oscap info' command
Resolves: rhbz#1255075
- Only allow DS and XCCDF ID selection if it makes sense
Resolves: rhbz#1254876
* Tue Aug 4 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-5
- Make sure DS and XCCDF ID lists are correctly refreshed
Resolves: rhbz#1240946
- Make sure the DS and XCCDF ID combo boxes are visible for DS content
Resolves: rhbz#1249951
- Try to load the OSCAP session early for DS content
Resolves: rhbz#1247654
- Test preinst_content_path before raw_preinst_content_path
Resolves: rhbz#1249937
- Clear any error if switching to the dry-run mode
Related: rhbz#1247677
- Do not continue with and invalid profile ID
Resolves: rhbz#1247677
- Cover all potential places with a non-main thread changing Gtk stuff
Resolves: rhbz#1240967
* Thu Jul 23 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-4
- Better handle and report erroneous states
Resolves: rhbz#1241064
- Make sure (some more) GUI actions run in the main thread
Resolves: rhbz#1240967
- Beware of RPM->cpio entries' paths having absolute paths
Related: rhbz#1241064
- Only output the kickstart section with content and profile set
Resolves: rhbz#1241395
- Just report integrity check failure instead of traceback
Resolves: rhbz#1240710
- Properly react on download/loading issues in text+kickstart mode
Related: rhbz#1240710
- Fetch and process the content even if GUI doesn't take care of it
Resolves: rhbz#1240625
* Tue Jul 7 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-3
- Do not output redundant/invalid fields for the SSG content (vpodzime)
Resolves: rhbz#1240285
- Better handle unsupported URL types (vpodzime)
Resolves: rhbz#1232631
- React better on network issues (vpodzime)
Resolves: rhbz#1236657
- Improve the description of the default profile (vpodzime)
Resolves: rhbz#1238080
- Use the openscap-scanner package instead of openscap-utils (vpodzime)
Resolves: rhbz#1240249
- Better handle the case with no profile selected (vpodzime)
Resolves: rhbz#1235750
- Add newline and one blank line after the %%addon section (vpodzime)
Resolves: rhbz#1238267
- Word-wrap profile descriptions (vpodzime)
Resolves: rhbz#1236644
* Wed Jun 17 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-2
- Add gettext to BuildRequires (vpodzime)
Related: rhbz#1204640
* Tue Jun 16 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-1
- Rebase to the upstream version 0.7
Related: rhbz#1204640
* Tue Apr 28 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.6-1
- Rebase to the upstream version 0.6
Resolves: rhbz#1204640
* Mon Aug 04 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.4-3
- Don't distribute backup files
Resolves: rhbz#1065906
* Wed Jan 15 2014 Vratislav Podizmek <vpodzime@redhat.com> - 0.4-2
- Skip running tests on RHEL builds
Related: rhbz#1035662
* Tue Jan 14 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.4-1
- Beware of running Gtk actions from a non-main thread
- Fix path to the tailoring file when getting rules
- A git hook for running tests when pushing
- Inform user if no profile is selected
- Visually mark the selected profile
- Better UX with content URL entry and progress label
- React on invalid content properly (#1032846)
- Stop spinner when data fetching is finished
- Make the data fetching thread non-fatal (#1049989)
- Exit code 2 from the oscap tool is not an error for us (#1050913)
- Be ready to work with archives/RPMs containing data streams
- Add unit tests for the keep_type_map function
- Add support for namedtuples to keep_type_map
- Add target for running pylint check
- Add target for running just unittests
- On the way to tailoring
- Tests for kickstart XCCDF tailoring handling
- Kickstart support for XCCDF tailoring
- Check session validity also when using XCCDF benchmark
* Tue Dec 10 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.3-1
- Implement and use our own better function for joining paths
- The content entry should have focus if there is no content
- RPM is just a weird archive in the pre-installation phase
- Ignore RPM files as well
- Adapt tests to dir constants now ending with "/"
- CpioArchive cannot be created from a piped output
- Fix namespace definitions in the testing XCCDF file
- Prevent putting None into xccdf_session_is_sds
- Fix the __all__ variable in the common module
- Strip content dir prefix when setting xccdf/cpe paths
- Inform user we now support archive URLs as well
- Ignore various file types in the git repository
- Try to find content files in the fetched archive or RPM
- Run pylint -E as part of the test target
- Return list of extracted files/directories when extracting archive
- Do not try to search for empty file paths in archives
- Properly set the content type based on the URL's suffix
- Switch profiles on double-click
- Hook urlEntry's activate signal to fetchButton click
- Save the spoke's glade file with a new Glade
- The addon now requires the python-cpio package
- Use really_hide for the UI elements for datastream-id and xccdf-id
- Support for RPM content in the GUI spoke
- RPM content support for kickstart processing
- Add property for the raw post-installation content path
- Make content type case insensitive
- Rest of the code needed for RPM extraction
- Actually look for the file path in entry names
- Basic stuff needed for the RPM content support
- Run tests in paralel
- Specify files in a better way in spec
* Mon Oct 21 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.2-1
- Initial RPM for the oscap-anaconda-addon