import oscap-anaconda-addon-1.2.0-2.el8

.gitignore

@@ -0,0 +1 @@
+SOURCES/oscap-anaconda-addon-1.2.0.tar.gz

.oscap-anaconda-addon.metadata

@@ -0,0 +1 @@
+3c1e0b7194fae2d1ba496a005f2322dbb25ff5fc SOURCES/oscap-anaconda-addon-1.2.0.tar.gz

SOURCES/oscap-anaconda-addon-1.2.1-no_tmp_path-PR_161.patch

@@ -0,0 +1,32 @@
+From 56ee09bf171e0311e970b6bbd8c4c6d1114aca60 Mon Sep 17 00:00:00 2001
+From: Matej Tyc <matyc@redhat.com>
+Date: Tue, 29 Jun 2021 23:44:28 +0200
+Subject: [PATCH] Dont use the tmp_path fixture.
+
+The rhel8 pytest doesn't know it yet,
+so it shouldn't be in the RHEL8 branch.
+---
+ tests/test_data_fetch.py | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/tests/test_data_fetch.py b/tests/test_data_fetch.py
+index cfc56b9..3b18e1e 100644
+--- a/tests/test_data_fetch.py
++++ b/tests/test_data_fetch.py
+@@ -61,9 +61,10 @@ def test_unsupported_url():
+     assert not data_fetch.can_fetch_from("aaaaa")
+ 
+ 
+-def test_fetch_local(tmp_path):
+-    source_path = pathlib.Path(__file__).absolute()
+-    dest_path = tmp_path / "dest"
+-    data_fetch.fetch_data("file://" + str(source_path), dest_path)
+-    with open(dest_path, "r") as copied_file:
+-        assert "This line is here and in the copied file as well" in copied_file.read()
++def test_fetch_local():
++    with tempfile.NamedTemporaryFile() as f:
++        dest_path = pathlib.Path(f.name)
++        source_path = pathlib.Path(__file__).absolute()
++        data_fetch.fetch_data("file://" + str(source_path), dest_path)
++        with open(dest_path, "r") as copied_file:
++            assert "This line is here and in the copied file as well" in copied_file.read()

SOURCES/oscap-anaconda-addon-1.2.1-various_fixes-PR_162.patch

@@ -0,0 +1,101 @@
+From 9d268437f092167f5afeb93e970eb197c696a866 Mon Sep 17 00:00:00 2001
+From: Matej Tyc <matyc@redhat.com>
+Date: Wed, 30 Jun 2021 21:29:24 +0200
+Subject: [PATCH 1/4] Fix shadowing of _
+
+_, the established symbol for dummy return values,
+conflicted with _, the establish symbol for gettext translations.
+---
+ org_fedora_oscap/ks/oscap.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py
+index 2172293..b96b93b 100644
+--- a/org_fedora_oscap/ks/oscap.py
++++ b/org_fedora_oscap/ks/oscap.py
+@@ -445,7 +445,7 @@ def setup(self, storage, ksdata, payload):
+ 
+         try:
+             # just check that preferred content exists
+-            _ = self.content_bringer.get_preferred_content(content)
++            self.content_bringer.get_preferred_content(content)
+         except Exception as exc:
+             self._terminate(str(exc))
+             return
+
+From 2e38bc81e925818b8985dc80a0004b94c1f9278e Mon Sep 17 00:00:00 2001
+From: Matej Tyc <matyc@redhat.com>
+Date: Wed, 30 Jun 2021 21:29:41 +0200
+Subject: [PATCH 2/4] Fix conversion of fatal messages to strings
+
+---
+ org_fedora_oscap/ks/oscap.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py
+index b96b93b..90e8dd4 100644
+--- a/org_fedora_oscap/ks/oscap.py
++++ b/org_fedora_oscap/ks/oscap.py
+@@ -460,7 +460,7 @@ def setup(self, storage, ksdata, payload):
+                           if message.type == common.MESSAGE_TYPE_FATAL]
+         if any(fatal_messages):
+             msg_lines = [_("Wrong configuration detected!")]
+-            msg_lines.extend(fatal_messages)
++            msg_lines.extend([m.text for m in fatal_messages])
+             self._terminate("\n".join(msg_lines))
+             return
+ 
+
+From fc467d9699a3ede83a2117ca48fae8edb589f35b Mon Sep 17 00:00:00 2001
+From: Matej Tyc <matyc@redhat.com>
+Date: Wed, 30 Jun 2021 20:45:22 +0200
+Subject: [PATCH 3/4] Streamline the code
+
+Make get_preinst_content_path and get_raw_preinst_content_path
+easier to compare.
+---
+ org_fedora_oscap/ks/oscap.py | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py
+index 90e8dd4..d1b8c9e 100644
+--- a/org_fedora_oscap/ks/oscap.py
++++ b/org_fedora_oscap/ks/oscap.py
+@@ -325,8 +325,7 @@ def preinst_content_path(self):
+         """Path to the pre-installation content file"""
+ 
+         if self.content_type == "datastream":
+-            return utils.join_paths(common.INSTALLATION_CONTENT_DIR,
+-                                    self.content_name)
++            return self.raw_preinst_content_path
+         elif self.content_type == "scap-security-guide":
+             # SSG is not copied to the standard place
+             return self.content_path
+
+From ea8fc0ab6307a6b8381b18b26cb0c7ce3ff7f8b0 Mon Sep 17 00:00:00 2001
+From: Matej Tyc <matyc@redhat.com>
+Date: Wed, 30 Jun 2021 20:49:07 +0200
+Subject: [PATCH 4/4] Fix an f-string that references incorrect variable
+
+---
+ org_fedora_oscap/content_discovery.py | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
+index 6393086..f6b4d27 100644
+--- a/org_fedora_oscap/content_discovery.py
++++ b/org_fedora_oscap/content_discovery.py
+@@ -243,9 +243,10 @@ def get_preferred_content(self, content):
+         return preferred_content
+ 
+     def get_preferred_tailoring(self, content):
+-        if self._addon_data.tailoring_path:
+-            if self._addon_data.tailoring_path != str(content.tailoring.relative_to(content.root)):
+-                msg = f"Expected a tailoring {self.tailoring_path}, but it couldn't be found"
++        tailoring_path = self._addon_data.tailoring_path
++        if tailoring_path:
++            if tailoring_path != str(content.tailoring.relative_to(content.root)):
++                msg = f"Expected a tailoring {tailoring_path}, but it couldn't be found"
+                 raise content_handling.ContentHandlingError(msg)
+         return content.tailoring
+ 

SPECS/oscap-anaconda-addon.spec

@@ -0,0 +1,353 @@
+# Patch0 applies correctly but with mismatch and we dont't want backup file
+%global _default_patch_flags --no-backup-if-mismatch
+
+Name:           oscap-anaconda-addon
+Version:        1.2.0
+Release:        2%{?dist}
+Summary:        Anaconda addon integrating OpenSCAP to the installation process
+
+License:        GPLv2+
+URL:            https://github.com/OpenSCAP/oscap-anaconda-addon
+
+# This is a Red Hat maintained package which is specific to
+# our distribution.
+#
+# The source is thus available only from within this SRPM
+# or via direct git checkout:
+# git clone https://github.com/OpenSCAP/oscap-anaconda-addon.git
+Source0:        %{name}-%{version}.tar.gz
+
+# Let the Patch1 be reserved for translations patches
+Patch1: 	lang.patch
+Patch2:         oscap-anaconda-addon-1.2.1-no_tmp_path-PR_161.patch
+Patch3:         oscap-anaconda-addon-1.2.1-various_fixes-PR_162.patch
+
+BuildArch:      noarch
+BuildRequires:  make
+BuildRequires:  gettext
+BuildRequires:  python3-devel
+BuildRequires:  python3-pycurl
+BuildRequires:  openscap openscap-utils openscap-python3
+BuildRequires:  anaconda-core >= 33
+Requires:       anaconda-core >= 33
+Requires:       python3-cpio
+Requires:       python3-pycurl
+Requires:       python3-kickstart
+Requires:       openscap openscap-utils openscap-python3
+Requires:       scap-security-guide
+
+%description
+This is an addon that integrates OpenSCAP utilities with the Anaconda installer
+and allows installation of systems following restrictions given by a SCAP
+content.
+
+%prep
+%setup -q -n %{name}-%{version}
+
+%patch2 -p1
+%patch3 -p1
+
+# As patches may translates the strings that are updated by later patches,
+# Patch1 needs to be aplied last.
+%patch1 -p1
+# NOTE CONCERNING TRANSLATION PATCHES
+# When preparing translation patches, don't consider that some languages are unsupported -
+# we aim to include all applicable translation texts to the appropriate patch.
+# This has consulted with ljanda@redhat.com, and we basically follow the existing practice of the Anaconda project we integrate into.
+
+%build
+
+#%check
+#make test
+
+
+%install
+make install DESTDIR=%{buildroot}
+%find_lang %{name}
+
+%files -f %{name}.lang
+%{_datadir}/anaconda/addons/org_fedora_oscap
+
+%doc COPYING ChangeLog README.md
+
+%changelog
+* Fri Jul 16 2021 Matej Tyc <matyc@redhat.com> - 1.2.0-2
+- Updated translations
+- Resolves: rhbz#1938623
+
+* Fri Jun 25 2021 Matej Tyc <matyc@redhat.com> - 1.2.0-1
+- Rebase to the new upstream version.
+- Resolves: rhbz#1691305
+
+* Mon Feb 15 2021 Matej Tyc <matyc@redhat.com> - 1.1.1-7
+- Updated translations.
+
+* Wed Nov 11 11:46:56 CET 2020 Matej Tyc <matyc@redhat.com> - 1.1.1-6
+- Improved handling of conflicts between packages removed vs software wanted to be installed - rhbz#1892310
+
+* Tue Aug 18 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-5
+- Fixed issues with encountering filenames with weird encoding during scans - rhbz#1867960
+
+* Thu Jul 09 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-4
+- Fixed spoke window text: RHBZ#1855041
+
+* Fri Jun 26 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-3
+- Updated translations: RHBZ#1820557
+
+* Mon Jun 22 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-2
+- Fixed issues addressing combination of profiles and GUI-based software selections: RHBZ#1843932, RHBZ#1787156
+- Improved handling of languages, capitalization: RHBZ#1696278
+- Updated translations: RHBZ#1820557
+
+* Tue Jun 02 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-1
+- Rebase to upstream 1.1.1
+- This OAA is compatible with the RHEL 8.3 Anaconda: RHBZ#1696278
+- The UX has been improved: RHBZ#1781790
+
+* Mon Sep 02 2019 Watson Sato <wsato@redhat.com> - 1.0-10
+- Do not use capital letters for spoke title: RHBZ#1744185
+- Updated translations
+
+* Wed Feb 13 2019 Matěj Týč <matyc@redhat.com> - 1.0-9
+- Updated translations: RHBZ#1645924
+
+* Fri Feb 08 2019 Watson Yuuma Sato <wsato@redhat.com> - 1.0-8
+- Fixed translation of spoke title: RHBZ#1673044
+
+* Fri Jan 18 2019 Matěj Týč <matyc@redhat.com> - 1.0-7
+- Fixed bootloader-related Anaconda API usage: RHBZ#1664036
+- Fixed root password-related Anaconda API usage: RHBZ#1665551
+- Fixed checksum-related Python2->3 issue: RHBZ#1665147
+
+* Thu Jan 17 2019 Matěj Týč <matyc@redhat.com> - 1.0-6
+- Updated translations: RHBZ#1645924
+
+* Mon Dec 17 2018 Matěj Týč <matyc@redhat.com> - 1.0-5
+- Applied the HelpFile -> help_id patch
+
+* Fri Dec 14 2018 Matěj Týč <matyc@redhat.com> - 1.0-4
+- Updated translations: RHBZ#1608331, RHBZ#1645924
+
+* Wed Oct 10 2018 Matěj Týč <matyc@redhat.com> - 1.0-3
+- Updated to the latest Anaconda API: RHBZ#1637635
+- Added updated translations: RHBZ#1608331
+
+* Mon Oct 01 2018 Matěj Týč <matyc@redhat.com> - 1.0-2
+- Added the missing pycurl dependency.
+
+* Tue Jul 03 2018 Matěj Týč <matyc@redhat.com> - 1.0-1
+- Rebased to upstream version 1.0
+- Python3 support, anaconda 28 support.
+
+* Tue Dec 12 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.8-3
+- Return empty string when there is no tailoring file
+  Resolves: rhbz#1520276
+
+* Mon Dec 11 2017 Watson Sato <wsato@redhat.com> - 0.8-2
+- Add japanese translation
+- Update other translations
+  Resolves: rhbz#1481190
+- Fix selection of RHEL datastream
+  Resolves: rhbz#1520358
+
+* Mon Nov 27 2017 Watson Sato <wsato@redhat.com> - 0.8-1
+- Rebase to the upstream version 0.8
+  Related: rhbz#1472419
+
+* Tue May 30 2017 Watson Sato <wsato@redhat.com> - 0.7-15
+- Add japanese translation
+- Update other translations
+  Resolves: rhbz#1383181
+
+* Thu Apr 20 2017 Raphael Sanchez Prudencio <rsprudencio@redhat.com> - 0.7-14
+- Fixed gtk warning messages when anaconda is starting.
+  Resolves: rhbz#1437106
+
+* Tue Mar 28 2017 Martin Preisler <mpreisle@redhat.com> - 0.7-13
+- Avoid long delay before a GeoIP related timeout in case internet is not available
+  Resolves: rhbz#1379479
+
+* Tue Sep 13 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-12
+- Properly handle tailoring files for datastreams
+  Resolves: rhbz#1364929
+
+* Thu Aug 25 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-11
+- Don't require blank stderr when running the oscap tool
+  Resolves: rhbz#1360765
+- Beware of the invalid profiles
+  Resolves: rhbz#1365130
+- Properly set the seen property for root passwords
+  Resolves: rhbz#1357603
+
+* Thu Jun 30 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-10
+- Clear spoke's info before setting an error
+  Resolves: rhbz#1349446
+
+* Wed Jun  1 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-9
+- Use the System hub category provided by Anaconda
+  Resolves: rhbz#1269211
+- Wait for Anaconda to settle before evaluation
+  Resolves: rhbz#1265552
+- Make the changes overview scrollable and smaller
+  Related: rhbz#1263582
+- Make the list of profiles scrollable
+  Resolves: rhbz#1263582
+- Do not try to create a single file multiple times
+  Related: rhbz#1263315
+- Avoid crashes on extraction errors
+  Resolves: rhbz#1263315
+- Disable GPG checks when installing content to the system
+  Resolves: rhbz#1263216
+- Allow fixing root password in graphical installations
+  Resolves: rhbz#1265116
+- Enforce the minimal root password length
+  Resolves: rhbz#1238281
+- Just report misconfiguration instead of crashing in text mode
+  Resolves: rhbz#1263207
+- Do not verify SSL if inst.noverifyssl was given
+  Resolves: rhbz#1263257
+- Also catch data_fetch.DataFetchError when trying to get content
+  Resolves: rhbz#1263239
+- Use new method signature with payload class
+  Related: rhbz#1288636
+
+* Wed Sep 16 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-8
+- Do not remove the root password behind user's back
+  Resolves: rhbz#1263254
+
+* Mon Sep 7 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-7
+- Completely skip the execute() part if no profile is selected
+  Resolves: rhbz#1254973
+
+* Mon Aug 24 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-6
+- Specify the name of the help content file
+  Resolves: rhbz#1254884
+- Skip files unrecognized by the 'oscap info' command
+  Resolves: rhbz#1255075
+- Only allow DS and XCCDF ID selection if it makes sense
+  Resolves: rhbz#1254876
+
+* Tue Aug 4 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-5
+- Make sure DS and XCCDF ID lists are correctly refreshed
+  Resolves: rhbz#1240946
+- Make sure the DS and XCCDF ID combo boxes are visible for DS content
+  Resolves: rhbz#1249951
+- Try to load the OSCAP session early for DS content
+  Resolves: rhbz#1247654
+- Test preinst_content_path before raw_preinst_content_path
+  Resolves: rhbz#1249937
+- Clear any error if switching to the dry-run mode
+  Related: rhbz#1247677
+- Do not continue with and invalid profile ID
+  Resolves: rhbz#1247677
+- Cover all potential places with a non-main thread changing Gtk stuff
+  Resolves: rhbz#1240967
+
+* Thu Jul 23 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-4
+- Better handle and report erroneous states
+  Resolves: rhbz#1241064
+- Make sure (some more) GUI actions run in the main thread
+  Resolves: rhbz#1240967
+- Beware of RPM->cpio entries' paths having absolute paths
+  Related: rhbz#1241064
+- Only output the kickstart section with content and profile set
+  Resolves: rhbz#1241395
+- Just report integrity check failure instead of traceback
+  Resolves: rhbz#1240710
+- Properly react on download/loading issues in text+kickstart mode
+  Related: rhbz#1240710
+- Fetch and process the content even if GUI doesn't take care of it
+  Resolves: rhbz#1240625
+
+* Tue Jul 7 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-3
+- Do not output redundant/invalid fields for the SSG content (vpodzime)
+  Resolves: rhbz#1240285
+- Better handle unsupported URL types (vpodzime)
+  Resolves: rhbz#1232631
+- React better on network issues (vpodzime)
+  Resolves: rhbz#1236657
+- Improve the description of the default profile (vpodzime)
+  Resolves: rhbz#1238080
+- Use the openscap-scanner package instead of openscap-utils (vpodzime)
+  Resolves: rhbz#1240249
+- Better handle the case with no profile selected (vpodzime)
+  Resolves: rhbz#1235750
+- Add newline and one blank line after the %%addon section (vpodzime)
+  Resolves: rhbz#1238267
+- Word-wrap profile descriptions (vpodzime)
+  Resolves: rhbz#1236644
+
+* Wed Jun 17 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-2
+- Add gettext to BuildRequires (vpodzime)
+  Related: rhbz#1204640
+
+* Tue Jun 16 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-1
+- Rebase to the upstream version 0.7
+  Related: rhbz#1204640
+
+* Tue Apr 28 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.6-1
+- Rebase to the upstream version 0.6
+  Resolves: rhbz#1204640
+
+* Mon Aug 04 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.4-3
+- Don't distribute backup files
+  Resolves: rhbz#1065906
+* Wed Jan 15 2014 Vratislav Podizmek <vpodzime@redhat.com> - 0.4-2
+- Skip running tests on RHEL builds
+  Related: rhbz#1035662
+* Tue Jan 14 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.4-1
+- Beware of running Gtk actions from a non-main thread
+- Fix path to the tailoring file when getting rules
+- A git hook for running tests when pushing
+- Inform user if no profile is selected
+- Visually mark the selected profile
+- Better UX with content URL entry and progress label
+- React on invalid content properly (#1032846)
+- Stop spinner when data fetching is finished
+- Make the data fetching thread non-fatal (#1049989)
+- Exit code 2 from the oscap tool is not an error for us (#1050913)
+- Be ready to work with archives/RPMs containing data streams
+- Add unit tests for the keep_type_map function
+- Add support for namedtuples to keep_type_map
+- Add target for running pylint check
+- Add target for running just unittests
+- On the way to tailoring
+- Tests for kickstart XCCDF tailoring handling
+- Kickstart support for XCCDF tailoring
+- Check session validity also when using XCCDF benchmark
+
+* Tue Dec 10 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.3-1
+- Implement and use our own better function for joining paths
+- The content entry should have focus if there is no content
+- RPM is just a weird archive in the pre-installation phase
+- Ignore RPM files as well
+- Adapt tests to dir constants now ending with "/"
+- CpioArchive cannot be created from a piped output
+- Fix namespace definitions in the testing XCCDF file
+- Prevent putting None into xccdf_session_is_sds
+- Fix the __all__ variable in the common module
+- Strip content dir prefix when setting xccdf/cpe paths
+- Inform user we now support archive URLs as well
+- Ignore various file types in the git repository
+- Try to find content files in the fetched archive or RPM
+- Run pylint -E as part of the test target
+- Return list of extracted files/directories when extracting archive
+- Do not try to search for empty file paths in archives
+- Properly set the content type based on the URL's suffix
+- Switch profiles on double-click
+- Hook urlEntry's activate signal to fetchButton click
+- Save the spoke's glade file with a new Glade
+- The addon now requires the python-cpio package
+- Use really_hide for the UI elements for datastream-id and xccdf-id
+- Support for RPM content in the GUI spoke
+- RPM content support for kickstart processing
+- Add property for the raw post-installation content path
+- Make content type case insensitive
+- Rest of the code needed for RPM extraction
+- Actually look for the file path in entry names
+- Basic stuff needed for the RPM content support
+- Run tests in paralel
+- Specify files in a better way in spec
+
+* Mon Oct 21 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.2-1
+- Initial RPM for the oscap-anaconda-addon