.gitignore

@@ -1,9 +1 @@
-/oscap-anaconda-addon-0.2.tar.gz
+SOURCES/oscap-anaconda-addon-1.2.1.tar.gz
-/oscap-anaconda-addon-0.3.tar.gz
-/oscap-anaconda-addon-0.4.tar.gz
-/oscap-anaconda-addon-0.5.tar.gz
-/oscap-anaconda-addon-0.6.tar.gz
-/oscap-anaconda-addon-0.7.tar.gz
-/oscap-anaconda-addon-1.0.tar.gz
-/oscap-anaconda-addon-2.0.0.tar.gz
-/addon-dbus-data.zip

SOURCES/oscap-anaconda-addon-1.2.2-absent_appstream-PR_184.patch

@@ -0,0 +1,206 @@
+From 8eacfad08b3c27aa9510f2c3337356581bd9bebd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
+Date: Mon, 3 Jan 2022 17:31:49 +0100
+Subject: [PATCH 1/3] Add oscap sanity check before attempting remediation
+
+If something is obviously wrong with the scanner, then don't attempt to remediate
+and try to show relevant information in a dialog window.
+---
+ org_fedora_oscap/common.py   | 39 ++++++++++++++++++++++++++++--------
+ org_fedora_oscap/ks/oscap.py | 11 ++++++++++
+ tests/test_common.py         |  8 ++++++++
+ 3 files changed, 50 insertions(+), 8 deletions(-)
+
+diff --git a/org_fedora_oscap/common.py b/org_fedora_oscap/common.py
+index 884bbc8..05829ce 100644
+--- a/org_fedora_oscap/common.py
++++ b/org_fedora_oscap/common.py
+@@ -139,7 +139,8 @@ def execute(self, ** kwargs):
+             proc = subprocess.Popen(self.args, stdout=subprocess.PIPE,
+                                     stderr=subprocess.PIPE, ** kwargs)
+         except OSError as oserr:
+-            msg = "Failed to run the oscap tool: %s" % oserr
++            msg = ("Failed to execute command '{command_string}': {oserr}"
++                   .format(command_string=command_string, oserr=oserr))
+             raise OSCAPaddonError(msg)
+ 
+         (stdout, stderr) = proc.communicate()
+@@ -215,6 +216,34 @@ def _run_oscap_gen_fix(profile, fpath, template, ds_id="", xccdf_id="",
+     return proc.stdout
+ 
+ 
++def do_chroot(chroot):
++    """Helper function doing the chroot if requested."""
++    if chroot and chroot != "/":
++        os.chroot(chroot)
++        os.chdir("/")
++
++
++def assert_scanner_works(chroot, executable="oscap"):
++    args = [executable, "--version"]
++    command = " ".join(args)
++
++    try:
++        proc = subprocess.Popen(
++            args, preexec_fn=lambda: do_chroot(chroot),
++            stdout=subprocess.PIPE, stderr=subprocess.PIPE)
++        (stdout, stderr) = proc.communicate()
++        stderr = stderr.decode(errors="replace")
++    except OSError as exc:
++        msg = _(f"Basic invocation '{command}' fails: {str(exc)}")
++        raise OSCAPaddonError(msg)
++    if proc.returncode != 0:
++        msg = _(
++            f"Basic scanner invocation '{command}' exited "
++            "with non-zero error code {proc.returncode}: {stderr}")
++        raise OSCAPaddonError(msg)
++    return True
++
++
+ def run_oscap_remediate(profile, fpath, ds_id="", xccdf_id="", tailoring="",
+                         chroot=""):
+     """
+@@ -244,12 +273,6 @@ def run_oscap_remediate(profile, fpath, ds_id="", xccdf_id="", tailoring="",
+     if not profile:
+         return ""
+ 
+-    def do_chroot():
+-        """Helper function doing the chroot if requested."""
+-        if chroot and chroot != "/":
+-            os.chroot(chroot)
+-            os.chdir("/")
+-
+     # make sure the directory for the results exists
+     results_dir = os.path.dirname(RESULTS_PATH)
+     if chroot:
+@@ -274,7 +297,7 @@ def do_chroot():
+     args.append(fpath)
+ 
+     proc = SubprocessLauncher(args)
+-    proc.execute(preexec_fn=do_chroot)
++    proc.execute(preexec_fn=lambda: do_chroot(chroot))
+     proc.log_messages()
+ 
+     if proc.returncode not in (0, 2):
+diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py
+index 65d74cf..da1600f 100644
+--- a/org_fedora_oscap/ks/oscap.py
++++ b/org_fedora_oscap/ks/oscap.py
+@@ -488,6 +488,17 @@ def execute(self, storage, ksdata, users, payload):
+             # selected
+             return
+ 
++        try:
++            common.assert_scanner_works(
++                chroot=conf.target.system_root, executable="oscap")
++        except Exception as exc:
++            msg_lines = [_(
++                "The 'oscap' scanner doesn't work in the installed system: {error}"
++                .format(error=str(exc)))]
++            msg_lines.append(_("As a result, the installed system can't be hardened."))
++            self._terminate("\n".join(msg_lines))
++            return
++
+         target_content_dir = utils.join_paths(conf.target.system_root,
+                                               common.TARGET_CONTENT_DIR)
+         utils.ensure_dir_exists(target_content_dir)
+diff --git a/tests/test_common.py b/tests/test_common.py
+index 9f7a16a..4f25379 100644
+--- a/tests/test_common.py
++++ b/tests/test_common.py
+@@ -77,6 +77,14 @@ def _run_oscap(mock_subprocess, additional_args):
+     return expected_args, kwargs
+ 
+ 
++def test_oscap_works():
++    assert common.assert_scanner_works(chroot="/")
++    with pytest.raises(common.OSCAPaddonError, match="No such file"):
++        common.assert_scanner_works(chroot="/", executable="i_dont_exist")
++    with pytest.raises(common.OSCAPaddonError, match="non-zero"):
++        common.assert_scanner_works(chroot="/", executable="false")
++
++
+ def test_run_oscap_remediate_profile_only(mock_subprocess, monkeypatch):
+     return run_oscap_remediate_profile(
+         mock_subprocess, monkeypatch,
+
+From b54cf2bddba56e5b776fb60514a5e29d47c74cac Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
+Date: Mon, 3 Jan 2022 17:42:31 +0100
+Subject: [PATCH 2/3] Don't raise exceptions in execute()
+
+Those result in tracebacks during the installation,
+while a dialog window presents a more useful form of user interaction.
+---
+ org_fedora_oscap/ks/oscap.py | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py
+index da1600f..d3f0dbe 100644
+--- a/org_fedora_oscap/ks/oscap.py
++++ b/org_fedora_oscap/ks/oscap.py
+@@ -513,8 +513,9 @@ def execute(self, storage, ksdata, users, payload):
+             ret = util.execInSysroot("yum", ["-y", "--nogpg", "install",
+                                              self.raw_postinst_content_path])
+             if ret != 0:
+-                raise common.ExtractionError("Failed to install content "
+-                                             "RPM to the target system")
++                msg = _(f"Failed to install content RPM to the target system.")
++                self._terminate(msg)
++                return
+         elif self.content_type == "scap-security-guide":
+             # nothing needed
+             pass
+@@ -525,10 +526,15 @@ def execute(self, storage, ksdata, users, payload):
+         if os.path.exists(self.preinst_tailoring_path):
+             shutil.copy2(self.preinst_tailoring_path, target_content_dir)
+ 
+-        common.run_oscap_remediate(self.profile_id, self.postinst_content_path,
+-                                   self.datastream_id, self.xccdf_id,
+-                                   self.postinst_tailoring_path,
+-                                   chroot=conf.target.system_root)
++        try:
++            common.run_oscap_remediate(self.profile_id, self.postinst_content_path,
++                                       self.datastream_id, self.xccdf_id,
++                                       self.postinst_tailoring_path,
++                                       chroot=conf.target.system_root)
++        except Exception as exc:
++            msg = _(f"Something went wrong during the final hardening: {str(exc)}.")
++            self._terminate(msg)
++            return
+ 
+     def clear_all(self):
+         """Clear all the stored values."""
+
+From 00d770d1b7f8e1f0734e93da227f1c3e445033c8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
+Date: Mon, 3 Jan 2022 17:44:12 +0100
+Subject: [PATCH 3/3] Change the error feedback based on the installation mode
+
+The original approach was confusing, because non-interactive installs run without any user input,
+and the message assumed that the user is able to answer installer's questions.
+---
+ org_fedora_oscap/ks/oscap.py | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py
+index d3f0dbe..ef34448 100644
+--- a/org_fedora_oscap/ks/oscap.py
++++ b/org_fedora_oscap/ks/oscap.py
+@@ -372,13 +372,14 @@ def postinst_tailoring_path(self):
+                                 self.tailoring_path)
+ 
+     def _terminate(self, message):
+-        message += "\n" + _("The installation should be aborted.")
+-        message += " " + _("Do you wish to continue anyway?")
+         if flags.flags.automatedInstall and not flags.flags.ksprompt:
+             # cannot have ask in a non-interactive kickstart
+             # installation
++            message += "\n" + _("Aborting the installation.")
+             raise errors.CmdlineError(message)
+ 
++        message += "\n" + _("The installation should be aborted.")
++        message += " " + _("Do you wish to continue anyway?")
+         answ = errors.errorHandler.ui.showYesNoQuestion(message)
+         if answ == errors.ERROR_CONTINUE:
+             # prevent any futher actions here by switching to the dry

SOURCES/oscap-anaconda-addon-1.2.2-content_ident-PR_167.patch

@@ -0,0 +1,39 @@
+From 1abc4e96638e819d3fbee74396b36a6ccaf0ab29 Mon Sep 17 00:00:00 2001
+From: Matej Tyc <matyc@redhat.com>
+Date: Tue, 3 Aug 2021 11:01:59 +0200
+Subject: [PATCH] Refactor content identification
+
+Don't use the multiprocessing pool - it sometimes creates probems during
+its initialization:
+https://bugzilla.redhat.com/show_bug.cgi?id=1989441
+---
+ org_fedora_oscap/content_handling.py | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/org_fedora_oscap/content_handling.py b/org_fedora_oscap/content_handling.py
+index f2af22f..65d5a28 100644
+--- a/org_fedora_oscap/content_handling.py
++++ b/org_fedora_oscap/content_handling.py
+@@ -111,9 +111,8 @@ def parse_HTML_from_content(content):
+ 
+ 
+ def identify_files(fpaths):
+-    with multiprocessing.Pool(os.cpu_count()) as p:
+-        labels = p.map(get_doc_type, fpaths)
+-    return {path: label for (path, label) in zip(fpaths, labels)}
++    result = {path: get_doc_type(path) for path in fpaths}
++    return result
+ 
+ 
+ def get_doc_type(file_path):
+@@ -131,7 +130,9 @@ def get_doc_type(file_path):
+     except UnicodeDecodeError:
+         # 'oscap info' supplied weird output, which happens when it tries
+         # to explain why it can't examine e.g. a JPG.
+-        return None
++        pass
++    except Exception as e:
++        log.warning(f"OSCAP addon: Unexpected error when looking at {file_path}: {str(e)}")
+     log.info("OSCAP addon: Identified {file_path} as {content_type}"
+              .format(file_path=file_path, content_type=content_type))
+     return content_type

SOURCES/oscap-anaconda-addon-1.2.2-deep_archives-PR_168.patch

@@ -0,0 +1,51 @@
+From 3377a914f4668af3d72216468ae192bc300890f9 Mon Sep 17 00:00:00 2001
+From: Matej Tyc <matyc@redhat.com>
+Date: Mon, 9 Aug 2021 15:45:58 +0200
+Subject: [PATCH 1/2] Fix archive handling in GUI installs
+
+GUI downloads an archive, so the ensuing installation doesn't have to.
+However, the installation has to be able to discover files recovered
+from the archive.
+The fix makes sure that files are discovered also in subdirectories.
+---
+ org_fedora_oscap/content_discovery.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
+index f6b4d27..5fc7343 100644
+--- a/org_fedora_oscap/content_discovery.py
++++ b/org_fedora_oscap/content_discovery.py
+@@ -196,7 +196,8 @@ def _gather_available_files(self, actually_fetched_content, dest_filename):
+             if not dest_filename:  # using scap-security-guide
+                 fpaths = [self.DEFAULT_SSG_DATA_STREAM_PATH]
+             else:  # Using downloaded XCCDF/OVAL/DS/tailoring
+-                fpaths = glob(str(self.CONTENT_DOWNLOAD_LOCATION / "*.xml"))
++                fpaths = pathlib.Path(self.CONTENT_DOWNLOAD_LOCATION).rglob("*")
++                fpaths = [str(p) for p in fpaths if p.is_file()]
+         else:
+             dest_filename = pathlib.Path(dest_filename)
+             # RPM is an archive at this phase
+
+From 191df327e3e51f486fb655e97acac30222c264fa Mon Sep 17 00:00:00 2001
+From: Matej Tyc <matyc@redhat.com>
+Date: Mon, 9 Aug 2021 15:48:50 +0200
+Subject: [PATCH 2/2] Improve logging
+
+Logs written to log files can contain specific details.
+---
+ org_fedora_oscap/ks/oscap.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py
+index d1b8c9e..65d74cf 100644
+--- a/org_fedora_oscap/ks/oscap.py
++++ b/org_fedora_oscap/ks/oscap.py
+@@ -393,7 +393,7 @@ def _terminate(self, message):
+                 time.sleep(100000)
+ 
+     def _handle_error(self, exception):
+-        log.error("Failed to fetch and initialize SCAP content!")
++        log.error(f"Failed to fetch and initialize SCAP content: {str(exception)}")
+ 
+         if isinstance(exception, ContentCheckError):
+             msg = _("The integrity check of the security content failed.")

SOURCES/oscap-anaconda-addon-1.2.2-tar-extraction-PR_249.patch

@@ -1,7 +1,7 @@
-From 2fbde88c29210c48083bd4840661d2af2d00ae69 Mon Sep 17 00:00:00 2001
+From 6ac75d5052fff5a7d4b7e249ef198ccecd1f86a4 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
-Date: Mon, 17 Jul 2023 17:10:41 +0200
+Date: Mon, 17 Jul 2023 17:08:54 +0200
-Subject: [PATCH] Make tar extraction safer on RHEL9
+Subject: [PATCH] Make tar extraction safer
 
 See also https://bugzilla.redhat.com/show_bug.cgi?id=2218875
 ---
@@ -9,10 +9,10 @@ See also https://bugzilla.redhat.com/show_bug.cgi?id=2218875
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/org_fedora_oscap/common.py b/org_fedora_oscap/common.py
-index eeb27fc..77d24c1 100644
+index 05829ce..b27276e 100644
 --- a/org_fedora_oscap/common.py
 +++ b/org_fedora_oscap/common.py
-@@ -392,7 +392,7 @@ def extract_data(archive, out_dir, ensure_has_files=None):
+@@ -360,7 +360,7 @@ def extract_data(archive, out_dir, ensure_has_files=None):
                  raise ExtractionError(msg)
  
          utils.ensure_dir_exists(out_dir)
@@ -21,7 +21,7 @@ index eeb27fc..77d24c1 100644
          result = [utils.join_paths(out_dir, info.filename) for info in zfile.filelist]
          zfile.close()
      elif archive.endswith(".tar"):
-@@ -450,7 +450,7 @@ def _extract_tarball(archive, out_dir, ensure_has_files, alg):
+@@ -418,7 +418,7 @@ def _extract_tarball(archive, out_dir, ensure_has_files, alg):
              raise ExtractionError(msg)
  
      utils.ensure_dir_exists(out_dir)

SOURCES/oscap-anaconda-addon-1.3.0-better_archive_handling-PR_220.patch

@@ -1,4 +1,4 @@
-From a1b983b4b5f8e49daa978aec6f9d28ba6dcea20c Mon Sep 17 00:00:00 2001
+From e8e303aa3ca9db564ea52258de15a81851c3b265 Mon Sep 17 00:00:00 2001
 From: Matej Tyc <matyc@redhat.com>
 Date: Wed, 12 Oct 2022 11:37:04 +0200
 Subject: [PATCH 1/5] Add capability to preselect content from archives
@@ -13,20 +13,20 @@ and that they have precedence over other files.
  create mode 100644 tests/test_content_discovery.py
 
 diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
-index ccfe6c8..9ef144e 100644
+index 5fc7343..f654449 100644
 --- a/org_fedora_oscap/content_discovery.py
 +++ b/org_fedora_oscap/content_discovery.py
-@@ -12,6 +12,7 @@
+@@ -11,6 +11,7 @@
  from org_fedora_oscap import data_fetch, utils
  from org_fedora_oscap import common
  from org_fedora_oscap import content_handling
 +from org_fedora_oscap.content_handling import CONTENT_TYPES
- from org_fedora_oscap import rule_handling
  
  from org_fedora_oscap.common import _
-@@ -191,6 +192,38 @@ def _verify_fingerprint(self, dest_filename, fingerprint=""):
+ 
+@@ -167,6 +168,38 @@ def _verify_fingerprint(self, dest_filename, fingerprint=""):
+             msg = _(f"Integrity check of the content failed - {hash_obj.name} hash didn't match")
              raise content_handling.ContentCheckError(msg)
-         log.info(f"Integrity check passed using {hash_obj.name} hash")
  
 +    def filter_discovered_content(self, labelled_files):
 +        expected_path = self._addon_data.content_path
@@ -61,9 +61,9 @@ index ccfe6c8..9ef144e 100644
 +        return reduced_files
 +
      def _finish_actual_fetch(self, wait_for, fingerprint, report_callback, dest_filename):
-         if wait_for:
+         threadMgr.wait(wait_for)
-             log.info(f"OSCAP Addon: Waiting for thread {wait_for}")
+         actually_fetched_content = wait_for is not None
-@@ -210,6 +243,8 @@ def _finish_actual_fetch(self, wait_for, fingerprint, report_callback, dest_file
+@@ -182,6 +215,8 @@ def _finish_actual_fetch(self, wait_for, fingerprint, report_callback, dest_file
              structured_content.add_content_archive(dest_filename)
  
          labelled_files = content_handling.identify_files(fpaths)
@@ -127,7 +127,7 @@ index 0000000..5463c9a
 +    reduced = bringer.reduce_files(labelled_files, "cpe", ["C"])
 +    assert reduced == labelled_files
 
-From 2a536a8ec4cdf20e4f19e8175898b7ace3fc7ca4 Mon Sep 17 00:00:00 2001
+From 82c1950903fcce079cd71f021c1fde25f75f9521 Mon Sep 17 00:00:00 2001
 From: Matej Tyc <matyc@redhat.com>
 Date: Wed, 12 Oct 2022 11:40:11 +0200
 Subject: [PATCH 2/5] Handle changes in content identification
@@ -140,7 +140,7 @@ content much more gracefully.
  2 files changed, 14 insertions(+), 4 deletions(-)
 
 diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
-index 9ef144e..9ed643b 100644
+index f654449..b20f3a6 100644
 --- a/org_fedora_oscap/content_discovery.py
 +++ b/org_fedora_oscap/content_discovery.py
 @@ -2,6 +2,7 @@
@@ -149,9 +149,9 @@ index 9ef144e..9ed643b 100644
  import shutil
 +import os
  from glob import glob
- from typing import List
  
-@@ -242,11 +243,15 @@ def _finish_actual_fetch(self, wait_for, fingerprint, report_callback, dest_file
+ from pyanaconda.core import constants
+@@ -214,11 +215,15 @@ def _finish_actual_fetch(self, wait_for, fingerprint, report_callback, dest_file
          if content_type in ("archive", "rpm"):
              structured_content.add_content_archive(dest_filename)
  
@@ -188,7 +188,7 @@ index 65d5a28..3e2ecae 100644
      except OSError:
          # 'oscap info' exitted with a non-zero exit code -> unknown doc
 
-From 17f80b71d17ce5a2bdbed87730133cdabec2e22b Mon Sep 17 00:00:00 2001
+From b6bf5a6c96f5dbbd78043455802ebc0033cf1a6a Mon Sep 17 00:00:00 2001
 From: Matej Tyc <matyc@redhat.com>
 Date: Wed, 12 Oct 2022 11:38:51 +0200
 Subject: [PATCH 3/5] Remove unused code
@@ -247,7 +247,7 @@ index 3e2ecae..5096bab 100644
 -    files = ContentFiles(xccdf_file, cpe_file, tailoring_file)
 -    return files
 
-From 3aff547e2689a1ede4236c9166b11c99f272e3f7 Mon Sep 17 00:00:00 2001
+From a990568ccddb2864c8daeae91fdc1f6588b3c6f3 Mon Sep 17 00:00:00 2001
 From: Matej Tyc <matyc@redhat.com>
 Date: Thu, 13 Oct 2022 14:11:25 +0200
 Subject: [PATCH 4/5] Dont use tailoring if it is not expected
@@ -259,12 +259,12 @@ Compulsive usage of tailoring may be unwanted.
  1 file changed, 13 insertions(+), 4 deletions(-)
 
 diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
-index 9ed643b..4235af7 100644
+index b20f3a6..e9cf34a 100644
 --- a/org_fedora_oscap/content_discovery.py
 +++ b/org_fedora_oscap/content_discovery.py
-@@ -193,16 +193,25 @@ def _verify_fingerprint(self, dest_filename, fingerprint=""):
+@@ -169,16 +169,25 @@ def _verify_fingerprint(self, dest_filename, fingerprint=""):
+             msg = _(f"Integrity check of the content failed - {hash_obj.name} hash didn't match")
              raise content_handling.ContentCheckError(msg)
-         log.info(f"Integrity check passed using {hash_obj.name} hash")
  
 +    def allow_one_expected_tailoring_or_no_tailoring(self, labelled_files):
 +        expected_tailoring = self._addon_data.tailoring_path
@@ -293,65 +293,39 @@ index 9ed643b..4235af7 100644
          expected_path = self._addon_data.cpe_path
          categories = (CONTENT_TYPES["CPE_DICT"], )
 
-From 56d8e497e0a4c394784b1c950bd1a148a6dc42ad Mon Sep 17 00:00:00 2001
+From c4cb296ca3838a0967c8258b9ed5221691884a36 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
+From: Matej Tyc <matyc@redhat.com>
-Date: Thu, 10 Nov 2022 12:46:46 +0100
+Date: Tue, 8 Nov 2022 10:46:59 +0100
 Subject: [PATCH 5/5] Make the content RPM installation robust
 
 If a package manager fails to install the package,
 use the rpm command directly and skip deps.
 ---
- org_fedora_oscap/service/installation.py | 48 +++++++++++++++++-------
+ org_fedora_oscap/ks/oscap.py | 41 ++++++++++++++++++++++++++++--------
- 1 file changed, 34 insertions(+), 14 deletions(-)
+ 1 file changed, 32 insertions(+), 9 deletions(-)
 
-diff --git a/org_fedora_oscap/service/installation.py b/org_fedora_oscap/service/installation.py
+diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py
-index 255b992..f667479 100644
+index e47d6ba..dac273d 100644
---- a/org_fedora_oscap/service/installation.py
+--- a/org_fedora_oscap/ks/oscap.py
-+++ b/org_fedora_oscap/service/installation.py
++++ b/org_fedora_oscap/ks/oscap.py
-@@ -18,6 +18,7 @@
+@@ -23,6 +23,7 @@
- import logging
- import os
  import shutil
+ import re
+ import os
 +import io
+ import time
+ import logging
+ import pathlib
+@@ -473,6 +474,33 @@ def setup(self, storage, ksdata, payload):
+             if pkg not in ksdata.packages.packageList:
+                 ksdata.packages.packageList.append(pkg)
  
- from pyanaconda.core import util
++    def _attempt_rpm_installation(self):
- from pyanaconda.modules.common.task import Task
-@@ -198,21 +199,11 @@ def run(self):
-         elif self._policy_data.content_type == "datastream":
-             shutil.copy2(self._content_path, target_content_dir)
-         elif self._policy_data.content_type == "rpm":
--            # copy the RPM to the target system
--            shutil.copy2(self._file_path, target_content_dir)
-+            try:
-+                self._copy_rpm_to_target_and_install(target_content_dir)
- 
--            # get the path of the RPM
--            content_name = common.get_content_name(self._policy_data)
--            package_path = utils.join_paths(self._target_directory, content_name)
--
--            # and install it with yum
--            ret = util.execInSysroot(
--                "yum", ["-y", "--nogpg", "install", package_path]
--            )
--
--            if ret != 0:
--                msg = _(f"Failed to install content RPM to the target system.")
--                terminate(msg)
-+            except Exception as exc:
-+                terminate(str(exc))
-                 return
-         else:
-             pattern = utils.join_paths(common.INSTALLATION_CONTENT_DIR, "*")
-@@ -221,6 +212,35 @@ def run(self):
-         if os.path.exists(self._tailoring_path):
-             shutil.copy2(self._tailoring_path, target_content_dir)
- 
-+    def _attempt_rpm_installation(self, chroot_package_path):
 +        log.info("OSCAP addon: Installing the security content RPM to the installed system.")
 +        stdout = io.StringIO()
 +        ret = util.execWithRedirect(
-+                "dnf", ["-y", "--nogpg", "install", chroot_package_path],
++                "yum", ["-y", "--nogpg", "install", self.raw_postinst_content_path],
-+                stdout=stdout, root=self._sysroot)
++                stdout=stdout, root=conf.target.system_root)
 +        stdout.seek(0)
 +        if ret != 0:
 +            log.error(
@@ -360,8 +334,8 @@ index 255b992..f667479 100644
 +
 +            stdout = io.StringIO()
 +            ret = util.execWithRedirect(
-+                    "rpm", ["--install", "--nodeps", chroot_package_path],
++                    "rpm", ["--install", "--nodeps", self.raw_postinst_content_path],
-+                    stdout=stdout, root=self._sysroot)
++                    stdout=stdout, root=conf.target.system_root)
 +            if ret != 0:
 +                log.error(
 +                    "OSCAP addon: Error installing security content RPM using rpm: {0}",
@@ -370,11 +344,29 @@ index 255b992..f667479 100644
 +                raise RuntimeError(msg)
 +
 +    def _copy_rpm_to_target_and_install(self, target_content_dir):
-+        shutil.copy2(self._file_path, target_content_dir)
++        shutil.copy2(self.raw_preinst_content_path, target_content_dir)
-+        content_name = common.get_content_name(self._policy_data)
++        self._attempt_rpm_installation()
-+        chroot_package_path = utils.join_paths(self._target_directory, content_name)
-+        self._attempt_rpm_installation(chroot_package_path)
 +
- 
+     def execute(self, storage, ksdata, users, payload):
- class RemediateSystemTask(Task):
+         """
-     """The installation task for running the remediation."""
+         The execute method that should make changes to the installed system. It
+@@ -507,15 +535,10 @@ def execute(self, storage, ksdata, users, payload):
+         if self.content_type == "datastream":
+             shutil.copy2(self.preinst_content_path, target_content_dir)
+         elif self.content_type == "rpm":
+-            # copy the RPM to the target system
+-            shutil.copy2(self.raw_preinst_content_path, target_content_dir)
+-
+-            # and install it with yum
+-            ret = util.execInSysroot("yum", ["-y", "--nogpg", "install",
+-                                             self.raw_postinst_content_path])
+-            if ret != 0:
+-                msg = _(f"Failed to install content RPM to the target system.")
+-                self._terminate(msg)
++            try:
++                self._copy_rpm_to_target_and_install(target_content_dir)
++            except Exception as exc:
++                self._terminate(str(exc))
+                 return
+         elif self.content_type == "scap-security-guide":
+             # nothing needed

SOURCES/oscap-anaconda-addon-1.3.0-clicking_nocrash-PR_221.patch

@@ -1,4 +1,4 @@
-From 99fc53d3691b24c6724c1cf3e7281c181b31cf45 Mon Sep 17 00:00:00 2001
+From 55cc3b685dd5a9ca6059459f41876dd9f19f900d Mon Sep 17 00:00:00 2001
 From: Matej Tyc <matyc@redhat.com>
 Date: Tue, 11 Oct 2022 17:07:28 +0200
 Subject: [PATCH 1/2] Remove redundant message
@@ -10,19 +10,19 @@ could aim to accomplish.
  1 file changed, 1 deletion(-)
 
 diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
-index 6d0aa5c..37b9681 100644
+index c57b1cd..4f8702a 100644
 --- a/org_fedora_oscap/gui/spokes/oscap.py
 +++ b/org_fedora_oscap/gui/spokes/oscap.py
-@@ -151,7 +151,6 @@ def decorated(self, *args, **kwargs):
+@@ -150,7 +150,6 @@ def decorated(self, *args, **kwargs):
          self._ready = True
          # pylint: disable-msg=E1101
-         hubQ.send_ready(self.__class__.__name__)
+         hubQ.send_ready(self.__class__.__name__, True)
 -        hubQ.send_message(self.__class__.__name__, self.status)
  
          return ret
  
 
-From 24787f02e80162129256dc57dc3d491f00080370 Mon Sep 17 00:00:00 2001
+From 3f7c560947a17d1696899857e70ebcc8cba44019 Mon Sep 17 00:00:00 2001
 From: Matej Tyc <matyc@redhat.com>
 Date: Thu, 13 Oct 2022 17:19:17 +0200
 Subject: [PATCH 2/2] Increase robustness of fetching state detection
@@ -35,10 +35,10 @@ whether well-known UI threads exist.
  1 file changed, 6 insertions(+), 3 deletions(-)
 
 diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
-index 37b9681..97c4553 100644
+index 4f8702a..d8e6ce2 100644
 --- a/org_fedora_oscap/gui/spokes/oscap.py
 +++ b/org_fedora_oscap/gui/spokes/oscap.py
-@@ -389,11 +389,14 @@ def _render_selected(self, column, renderer, model, itr, user_data=None):
+@@ -363,11 +363,14 @@ def _render_selected(self, column, renderer, model, itr, user_data=None):
          else:
              renderer.set_property("stock-id", None)
  
@@ -54,7 +54,7 @@ index 37b9681..97c4553 100644
                  # prevent multiple fetches running simultaneously
                  return
              self._fetching = True
-@@ -940,7 +943,7 @@ def _refresh_ui(self):
+@@ -894,7 +897,7 @@ def refresh(self):
  
              # hide the progress box, no progress now
              with self._fetch_flag_lock:
@@ -63,12 +63,12 @@ index 37b9681..97c4553 100644
                      really_hide(self._progress_box)
  
                      self._content_url_entry.set_sensitive(True)
-@@ -1165,7 +1168,7 @@ def on_fetch_button_clicked(self, *args):
+@@ -1117,7 +1120,7 @@ def on_fetch_button_clicked(self, *args):
          """Handler for the Fetch button"""
  
          with self._fetch_flag_lock:
 -            if self._fetching:
 +            if self._still_fetching():
                  # some other fetching/pre-processing running, give up
-                 log.warn(
+                 log.warn("Clicked the fetch button, although the GUI is in the fetching mode.")
-                     "OSCAP Addon: "
+                 return

SOURCES/oscap-anaconda-addon-1.3.0-fix_content_paths-PR_225.patch

@@ -0,0 +1,202 @@
+From 08d3da5640e5c16cda4e79cc13ac7921f1ebd964 Mon Sep 17 00:00:00 2001
+From: Matej Tyc <matyc@redhat.com>
+Date: Tue, 15 Nov 2022 15:37:28 +0100
+Subject: [PATCH 1/2] Fix handling of content paths
+
+Archives and ready-to-use content use paths differently.
+
+Archives get unpacked into a directory, where they need to be unpacked,
+analyzed, and cross-checked with e.g. the supplied content path,
+whereas ready-to-use content can be used directly.
+
+As the current codebase doesn't untangle all possible ways how to obtain
+existing content in a way of decomposing those into layers, this change
+just makes the current code working at the expense of making it worse to
+maintain.
+---
+ org_fedora_oscap/content_discovery.py | 34 ++++++++++++++++++---------
+ org_fedora_oscap/ks/oscap.py          |  6 ++++-
+ tests/test_content_discovery.py       | 21 +++++++++++++++++
+ 3 files changed, 49 insertions(+), 12 deletions(-)
+
+diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
+index e9cf34a..2b71b1f 100644
+--- a/org_fedora_oscap/content_discovery.py
++++ b/org_fedora_oscap/content_discovery.py
+@@ -25,6 +25,14 @@ def is_network(scheme):
+         for net_prefix in data_fetch.NET_URL_PREFIXES)
+ 
+ 
++def path_is_present_among_paths(path, paths):
++    absolute_path = os.path.abspath(path)
++    for second_path in paths:
++        if absolute_path == os.path.abspath(second_path):
++            return True
++    return False
++
++
+ class ContentBringer:
+     CONTENT_DOWNLOAD_LOCATION = pathlib.Path(common.INSTALLATION_CONTENT_DIR)
+     DEFAULT_SSG_DATA_STREAM_PATH = f"{common.SSG_DIR}/{common.SSG_CONTENT}"
+@@ -170,7 +178,7 @@ def _verify_fingerprint(self, dest_filename, fingerprint=""):
+             raise content_handling.ContentCheckError(msg)
+ 
+     def allow_one_expected_tailoring_or_no_tailoring(self, labelled_files):
+-        expected_tailoring = self._addon_data.tailoring_path
++        expected_tailoring = self._addon_data.preinst_tailoring_path
+         tailoring_label = CONTENT_TYPES["TAILORING"]
+         if expected_tailoring:
+             labelled_files = self.reduce_files(labelled_files, expected_tailoring, [tailoring_label])
+@@ -182,7 +190,7 @@ def allow_one_expected_tailoring_or_no_tailoring(self, labelled_files):
+         return labelled_files
+ 
+     def filter_discovered_content(self, labelled_files):
+-        expected_path = self._addon_data.content_path
++        expected_path = self._addon_data.preinst_content_path
+         categories = (CONTENT_TYPES["DATASTREAM"], CONTENT_TYPES["XCCDF_CHECKLIST"])
+         if expected_path:
+             labelled_files = self.reduce_files(labelled_files, expected_path, categories)
+@@ -198,7 +206,7 @@ def filter_discovered_content(self, labelled_files):
+ 
+     def reduce_files(self, labelled_files, expected_path, categories):
+         reduced_files = dict()
+-        if expected_path not in labelled_files:
++        if not path_is_present_among_paths(expected_path, labelled_files.keys()):
+             msg = (
+                 f"Expected a file {expected_path} to be part of the supplied content, "
+                 f"but it was not the case, got only {list(labelled_files.keys())}"
+@@ -225,13 +233,9 @@ def _finish_actual_fetch(self, wait_for, fingerprint, report_callback, dest_file
+             structured_content.add_content_archive(dest_filename)
+ 
+         labelled_filenames = content_handling.identify_files(fpaths)
+-        labelled_relative_filenames = {
+-            os.path.relpath(path, self.CONTENT_DOWNLOAD_LOCATION): label
+-            for path, label in labelled_filenames.items()}
+-        labelled_relative_filenames = self.filter_discovered_content(labelled_relative_filenames)
++        labelled_filenames = self.filter_discovered_content(labelled_filenames)
+ 
+-        for rel_fname, label in labelled_relative_filenames.items():
+-            fname = self.CONTENT_DOWNLOAD_LOCATION / rel_fname
++        for fname, label in labelled_filenames.items():
+             structured_content.add_file(str(fname), label)
+ 
+         if fingerprint and dest_filename:
+@@ -274,11 +278,18 @@ def use_downloaded_content(self, content):
+         # We know that we have ended up with a datastream-like content,
+         # but if we can't convert an archive to a datastream.
+         # self._addon_data.content_type = "datastream"
+-        self._addon_data.content_path = str(preferred_content.relative_to(content.root))
++        content_type = self._addon_data.content_type
++        if content_type in ("archive", "rpm"):
++            self._addon_data.content_path = str(preferred_content.relative_to(content.root))
++        else:
++            self._addon_data.content_path = str(preferred_content)
+ 
+         preferred_tailoring = self.get_preferred_tailoring(content)
+         if content.tailoring:
+-            self._addon_data.tailoring_path = str(preferred_tailoring.relative_to(content.root))
++            if content_type in ("archive", "rpm"):
++                self._addon_data.tailoring_path = str(preferred_tailoring.relative_to(content.root))
++            else:
++                self._addon_data.tailoring_path = str(preferred_tailoring)
+ 
+     def use_system_content(self, content=None):
+         self._addon_data.clear_all()
+@@ -372,6 +383,7 @@ def _xccdf_content(self):
+ 
+     def find_expected_usable_content(self, relative_expected_content_path):
+         content_path = self.root / relative_expected_content_path
++        content_path = content_path.resolve()
+         eligible_main_content = (self._datastream_content(), self._xccdf_content())
+ 
+         if content_path in eligible_main_content:
+diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py
+index dac273d..7d4a131 100644
+--- a/org_fedora_oscap/ks/oscap.py
++++ b/org_fedora_oscap/ks/oscap.py
+@@ -179,7 +179,11 @@ def _parse_profile_id(self, value):
+         self.profile_id = value
+ 
+     def _parse_content_path(self, value):
+-        # need to be checked?
++        if self.content_type in ("archive", "rpm") and os.path.isabs(self.content_path):
++            msg = (
++                "When using archives-like content input, the corresponding content path "
++                "has to be relative, but got '{self.content_path}'.")
++            raise KickstartValueError(msg)
+         self.content_path = value
+ 
+     def _parse_cpe_path(self, value):
+diff --git a/tests/test_content_discovery.py b/tests/test_content_discovery.py
+index 5463c9a..d6e14d9 100644
+--- a/tests/test_content_discovery.py
++++ b/tests/test_content_discovery.py
+@@ -1,3 +1,5 @@
++import os
++
+ import pytest
+ 
+ import org_fedora_oscap.content_discovery as tested_module
+@@ -46,3 +48,22 @@ def test_reduce(labelled_files):
+ 
+     reduced = bringer.reduce_files(labelled_files, "cpe", ["C"])
+     assert reduced == labelled_files
++
++
++def test_path_presence_detection():
++    list_of_paths = ["file1", os.path.abspath("file2"), os.path.abspath("dir///file3")]
++
++    list_of_paths_in_list = [
++        "file1", os.path.abspath("file1"), "./file1",
++        "file2", "dir/..//file2",
++        "dir/../dir/file3", "dir/file3",
++    ]
++    list_of_paths_not_in_list = [
++        "../file1", "file3"
++    ]
++
++    for path in list_of_paths_in_list:
++        assert tested_module.path_is_present_among_paths(path, list_of_paths)
++
++    for path in list_of_paths_not_in_list:
++        assert not tested_module.path_is_present_among_paths(path, list_of_paths)
+
+From 786ec5d90d12a1321fbff86f5d8d4a534059ad22 Mon Sep 17 00:00:00 2001
+From: Matej Tyc <matyc@redhat.com>
+Date: Wed, 16 Nov 2022 15:35:09 +0100
+Subject: [PATCH 2/2] Compare paths according to their equivalence
+
+not according their arbitrary string form
+---
+ org_fedora_oscap/content_discovery.py | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
+index 2b71b1f..42c61e0 100644
+--- a/org_fedora_oscap/content_discovery.py
++++ b/org_fedora_oscap/content_discovery.py
+@@ -25,10 +25,14 @@ def is_network(scheme):
+         for net_prefix in data_fetch.NET_URL_PREFIXES)
+ 
+ 
++def paths_are_equivalent(p1, p2):
++    return os.path.abspath(p1) == os.path.abspath(p2)
++
++
+ def path_is_present_among_paths(path, paths):
+     absolute_path = os.path.abspath(path)
+     for second_path in paths:
+-        if absolute_path == os.path.abspath(second_path):
++        if paths_are_equivalent(path, second_path):
+             return True
+     return False
+ 
+@@ -213,7 +217,7 @@ def reduce_files(self, labelled_files, expected_path, categories):
+             )
+             raise RuntimeError(msg)
+         for path, label in labelled_files.items():
+-            if label in categories and path != expected_path:
++            if label in categories and not paths_are_equivalent(path, expected_path):
+                 continue
+             reduced_files[path] = label
+         return reduced_files

SOURCES/oscap-anaconda-addon-null-http_content_url-PR_232.patch

@@ -1,4 +1,4 @@
-From 5e91b77a0e96b811d95b7fa48cfd8f645a5616eb Mon Sep 17 00:00:00 2001
+From 58d4847dc4b55b9d4982be9505127679beca87c6 Mon Sep 17 00:00:00 2001
 From: Matej Tyc <matyc@redhat.com>
 Date: Wed, 18 Jan 2023 16:36:36 +0100
 Subject: [PATCH 1/2] Handle the URL with missing ://
@@ -8,10 +8,10 @@ Subject: [PATCH 1/2] Handle the URL with missing ://
  1 file changed, 12 insertions(+), 4 deletions(-)
 
 diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
-index 61c4930..76959cd 100644
+index 42c61e0..23fdafd 100644
 --- a/org_fedora_oscap/content_discovery.py
 +++ b/org_fedora_oscap/content_discovery.py
-@@ -88,9 +88,14 @@ def content_uri(self):
+@@ -67,9 +67,14 @@ def content_uri(self):
  
      @content_uri.setter
      def content_uri(self, uri):
@@ -29,7 +29,7 @@ index 61c4930..76959cd 100644
  
      def fetch_content(self, what_if_fail, ca_certs_path=""):
          """
-@@ -101,7 +106,10 @@ def fetch_content(self, what_if_fail, ca_certs_path=""):
+@@ -80,7 +85,10 @@ def fetch_content(self, what_if_fail, ca_certs_path=""):
                  should handle them in the calling layer.
              ca_certs_path: Path to the HTTPS certificate file
          """
@@ -42,7 +42,7 @@ index 61c4930..76959cd 100644
          self.CONTENT_DOWNLOAD_LOCATION.mkdir(parents=True, exist_ok=True)
          fetching_thread_name = self._fetch_files(
 
-From 9588cb840d8c6193157e677decad843539bd2819 Mon Sep 17 00:00:00 2001
+From cbfdae4f43ade3ef982a967f3e2844e66db3f9a0 Mon Sep 17 00:00:00 2001
 From: Matej Tyc <matyc@redhat.com>
 Date: Wed, 18 Jan 2023 16:36:53 +0100
 Subject: [PATCH 2/2] Stop fetching when there is an invalid profile
@@ -52,11 +52,11 @@ Subject: [PATCH 2/2] Stop fetching when there is an invalid profile
  1 file changed, 2 insertions(+)
 
 diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
-index 97c4553..7765fbf 100644
+index d8e6ce2..54eae1e 100644
 --- a/org_fedora_oscap/gui/spokes/oscap.py
 +++ b/org_fedora_oscap/gui/spokes/oscap.py
-@@ -505,6 +505,8 @@ def update_progress_label(msg):
+@@ -469,6 +469,8 @@ def update_progress_label(msg):
-         if self._policy_data.profile_id and not selected:
+         if self._addon_data.profile_id and not selected:
              # profile ID given, but it was impossible to select it -> invalid
              # profile ID given
 +            with self._fetch_flag_lock:

SPECS/oscap-anaconda-addon.spec

@@ -0,0 +1,424 @@
+# Patch0 applies correctly but with mismatch and we dont't want backup file
+%global _default_patch_flags --no-backup-if-mismatch
+
+Name:           oscap-anaconda-addon
+Version:        1.2.1
+Release:        14%{?dist}
+Summary:        Anaconda addon integrating OpenSCAP to the installation process
+
+License:        GPLv2+
+URL:            https://github.com/OpenSCAP/oscap-anaconda-addon
+
+# This is a Red Hat maintained package which is specific to
+# our distribution.
+#
+# The source is thus available only from within this SRPM
+# or via direct git checkout:
+# git clone https://github.com/OpenSCAP/oscap-anaconda-addon.git
+Source0:        %{name}-%{version}.tar.gz
+
+# Let the Patch1 be reserved for translations patches
+Patch1: 	lang.patch
+Patch2: 	oscap-anaconda-addon-1.2.2-content_ident-PR_167.patch
+Patch3: 	oscap-anaconda-addon-1.2.2-deep_archives-PR_168.patch
+Patch4: 	oscap-anaconda-addon-1.2.2-absent_appstream-PR_184.patch
+Patch5: 	oscap-anaconda-addon-1.3.0-better_archive_handling-PR_220.patch
+Patch6: 	oscap-anaconda-addon-1.3.0-clicking_nocrash-PR_221.patch
+Patch7: 	oscap-anaconda-addon-1.3.0-fix_content_paths-PR_225.patch
+Patch8: 	oscap-anaconda-addon-null-http_content_url-PR_232.patch
+Patch9: 	oscap-anaconda-addon-1.2.2-tar-extraction-PR_249.patch
+
+BuildArch:      noarch
+BuildRequires:  make
+BuildRequires:  gettext
+BuildRequires:  python3-devel
+BuildRequires:  python3-pycurl
+BuildRequires:  openscap openscap-utils openscap-python3
+BuildRequires:  anaconda-core >= 33
+Requires:       anaconda-core >= 33
+Requires:       python3-cpio
+Requires:       python3-pycurl
+Requires:       python3-kickstart
+Requires:       openscap openscap-utils openscap-python3
+Requires:       scap-security-guide
+
+%description
+This is an addon that integrates OpenSCAP utilities with the Anaconda installer
+and allows installation of systems following restrictions given by a SCAP
+content.
+
+%prep
+%setup -q -n %{name}-%{version}
+
+# As patches may translates the strings that are updated by later patches,
+# Patch1 needs to be aplied last.
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+# NOTE CONCERNING TRANSLATION PATCHES
+# When preparing translation patches, don't consider that some languages are unsupported -
+# we aim to include all applicable translation texts to the appropriate patch.
+# This has consulted with ljanda@redhat.com, and we basically follow the existing practice of the Anaconda project we integrate into.
+
+%build
+
+#%check
+#make test
+
+
+%install
+make install DESTDIR=%{buildroot}
+%find_lang %{name}
+
+%files -f %{name}.lang
+%{_datadir}/anaconda/addons/org_fedora_oscap
+
+%doc COPYING ChangeLog README.md
+
+%changelog
+* Wed Aug 02 2023 Jan Černý <jcerny@redhat.com> - 1.2.1-14
+- Rebuild after tests update
+
+* Wed Jul 19 2023 Jan Černý <jcerny@redhat.com> - 1.2.1-13
+- Fix tar file extraction (rhbz#2219408)
+- Update translations (rhbz#2189572)
+
+* Wed Feb 08 2023 Matej Tyc <matyc@redhat.com> - 1.2.1-12
+- Update translations
+  Resolves: rhbz#2139743
+
+* Mon Jan 23 2023 Matej Tyc <matyc@redhat.com> - 1.2.1-11
+- Fix a reaction to invalid content URI
+  Resolves: rhbz#2148509
+
+* Wed Nov 23 2022 Matej Tyc <matyc@redhat.com> - 1.2.1-10
+- Fix regression introduced when fixing content archive input
+  Resolves: rhbz#2129008
+
+* Thu Nov 10 2022 Matej Tyc <matyc@redhat.com> - 1.2.1-9
+- Fix problems with handling multi-datastream archives
+  Resolves: rhbz#2129008
+- Fix a crash when compulsively clicking in the GUI
+  Resolves: rhbz#2000998
+
+* Wed Jul 20 2022 Matej Tyc <matyc@redhat.com> - 1.2.1-8
+- Update translations
+  Resolves: rhbz#2062707
+
+* Fri Jun 10 2022 Matej Tyc <matyc@redhat.com> - 1.2.1-7
+- Remove the firstboot remediation feature completely.
+  We can't have it, while maintaining the standard UX.
+  Resolves: rhbz#2063179
+
+* Mon Mar 21 2022 Matej Tyc <matyc@redhat.com> - 1.2.1-6
+- Introduce the firstboot remediation
+  Resolves: rhbz#1834716
+- Add better error handling of installation using unsupported installation sources
+  Resolves: rhbz#2007981
+
+* Fri Jan 21 2022 Matej Tyc <matyc@redhat.com> - 1.2.1-5
+- Updated translations
+  Resolves: rhbz#2017356
+
+* Fri Aug 20 2021 Matej Tyc <matyc@redhat.com> - 1.2.1-4
+- Updated translations
+  Resolves: rhbz#1962007
+
+* Mon Aug 09 2021 Matej Tyc <matyc@redhat.com> - 1.2.1-3
+- Fix handling of archives with directories in GUI installs
+- Resolves: rhbz#1691305
+
+* Tue Aug 03 2021 Matej Tyc <matyc@redhat.com> - 1.2.1-2
+- Refactor content identification
+- Resolves: rhbz#1989441
+
+* Fri Jul 30 2021 Matej Tyc <matyc@redhat.com> - 1.2.1-1
+- Rebase to the new upstream version.
+- Resolves: rhbz#1691305
+
+* Fri Jul 16 2021 Matej Tyc <matyc@redhat.com> - 1.2.0-2
+- Updated translations
+- Resolves: rhbz#1938623
+
+* Fri Jun 25 2021 Matej Tyc <matyc@redhat.com> - 1.2.0-1
+- Rebase to the new upstream version.
+- Resolves: rhbz#1691305
+
+* Mon Feb 15 2021 Matej Tyc <matyc@redhat.com> - 1.1.1-7
+- Updated translations.
+
+* Wed Nov 11 11:46:56 CET 2020 Matej Tyc <matyc@redhat.com> - 1.1.1-6
+- Improved handling of conflicts between packages removed vs software wanted to be installed - rhbz#1892310
+
+* Tue Aug 18 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-5
+- Fixed issues with encountering filenames with weird encoding during scans - rhbz#1867960
+
+* Thu Jul 09 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-4
+- Fixed spoke window text: RHBZ#1855041
+
+* Fri Jun 26 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-3
+- Updated translations: RHBZ#1820557
+
+* Mon Jun 22 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-2
+- Fixed issues addressing combination of profiles and GUI-based software selections: RHBZ#1843932, RHBZ#1787156
+- Improved handling of languages, capitalization: RHBZ#1696278
+- Updated translations: RHBZ#1820557
+
+* Tue Jun 02 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-1
+- Rebase to upstream 1.1.1
+- This OAA is compatible with the RHEL 8.3 Anaconda: RHBZ#1696278
+- The UX has been improved: RHBZ#1781790
+
+* Mon Sep 02 2019 Watson Sato <wsato@redhat.com> - 1.0-10
+- Do not use capital letters for spoke title: RHBZ#1744185
+- Updated translations
+
+* Wed Feb 13 2019 Matěj Týč <matyc@redhat.com> - 1.0-9
+- Updated translations: RHBZ#1645924
+
+* Fri Feb 08 2019 Watson Yuuma Sato <wsato@redhat.com> - 1.0-8
+- Fixed translation of spoke title: RHBZ#1673044
+
+* Fri Jan 18 2019 Matěj Týč <matyc@redhat.com> - 1.0-7
+- Fixed bootloader-related Anaconda API usage: RHBZ#1664036
+- Fixed root password-related Anaconda API usage: RHBZ#1665551
+- Fixed checksum-related Python2->3 issue: RHBZ#1665147
+
+* Thu Jan 17 2019 Matěj Týč <matyc@redhat.com> - 1.0-6
+- Updated translations: RHBZ#1645924
+
+* Mon Dec 17 2018 Matěj Týč <matyc@redhat.com> - 1.0-5
+- Applied the HelpFile -> help_id patch
+
+* Fri Dec 14 2018 Matěj Týč <matyc@redhat.com> - 1.0-4
+- Updated translations: RHBZ#1608331, RHBZ#1645924
+
+* Wed Oct 10 2018 Matěj Týč <matyc@redhat.com> - 1.0-3
+- Updated to the latest Anaconda API: RHBZ#1637635
+- Added updated translations: RHBZ#1608331
+
+* Mon Oct 01 2018 Matěj Týč <matyc@redhat.com> - 1.0-2
+- Added the missing pycurl dependency.
+
+* Tue Jul 03 2018 Matěj Týč <matyc@redhat.com> - 1.0-1
+- Rebased to upstream version 1.0
+- Python3 support, anaconda 28 support.
+
+* Tue Dec 12 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.8-3
+- Return empty string when there is no tailoring file
+  Resolves: rhbz#1520276
+
+* Mon Dec 11 2017 Watson Sato <wsato@redhat.com> - 0.8-2
+- Add japanese translation
+- Update other translations
+  Resolves: rhbz#1481190
+- Fix selection of RHEL datastream
+  Resolves: rhbz#1520358
+
+* Mon Nov 27 2017 Watson Sato <wsato@redhat.com> - 0.8-1
+- Rebase to the upstream version 0.8
+  Related: rhbz#1472419
+
+* Tue May 30 2017 Watson Sato <wsato@redhat.com> - 0.7-15
+- Add japanese translation
+- Update other translations
+  Resolves: rhbz#1383181
+
+* Thu Apr 20 2017 Raphael Sanchez Prudencio <rsprudencio@redhat.com> - 0.7-14
+- Fixed gtk warning messages when anaconda is starting.
+  Resolves: rhbz#1437106
+
+* Tue Mar 28 2017 Martin Preisler <mpreisle@redhat.com> - 0.7-13
+- Avoid long delay before a GeoIP related timeout in case internet is not available
+  Resolves: rhbz#1379479
+
+* Tue Sep 13 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-12
+- Properly handle tailoring files for datastreams
+  Resolves: rhbz#1364929
+
+* Thu Aug 25 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-11
+- Don't require blank stderr when running the oscap tool
+  Resolves: rhbz#1360765
+- Beware of the invalid profiles
+  Resolves: rhbz#1365130
+- Properly set the seen property for root passwords
+  Resolves: rhbz#1357603
+
+* Thu Jun 30 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-10
+- Clear spoke's info before setting an error
+  Resolves: rhbz#1349446
+
+* Wed Jun  1 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-9
+- Use the System hub category provided by Anaconda
+  Resolves: rhbz#1269211
+- Wait for Anaconda to settle before evaluation
+  Resolves: rhbz#1265552
+- Make the changes overview scrollable and smaller
+  Related: rhbz#1263582
+- Make the list of profiles scrollable
+  Resolves: rhbz#1263582
+- Do not try to create a single file multiple times
+  Related: rhbz#1263315
+- Avoid crashes on extraction errors
+  Resolves: rhbz#1263315
+- Disable GPG checks when installing content to the system
+  Resolves: rhbz#1263216
+- Allow fixing root password in graphical installations
+  Resolves: rhbz#1265116
+- Enforce the minimal root password length
+  Resolves: rhbz#1238281
+- Just report misconfiguration instead of crashing in text mode
+  Resolves: rhbz#1263207
+- Do not verify SSL if inst.noverifyssl was given
+  Resolves: rhbz#1263257
+- Also catch data_fetch.DataFetchError when trying to get content
+  Resolves: rhbz#1263239
+- Use new method signature with payload class
+  Related: rhbz#1288636
+
+* Wed Sep 16 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-8
+- Do not remove the root password behind user's back
+  Resolves: rhbz#1263254
+
+* Mon Sep 7 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-7
+- Completely skip the execute() part if no profile is selected
+  Resolves: rhbz#1254973
+
+* Mon Aug 24 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-6
+- Specify the name of the help content file
+  Resolves: rhbz#1254884
+- Skip files unrecognized by the 'oscap info' command
+  Resolves: rhbz#1255075
+- Only allow DS and XCCDF ID selection if it makes sense
+  Resolves: rhbz#1254876
+
+* Tue Aug 4 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-5
+- Make sure DS and XCCDF ID lists are correctly refreshed
+  Resolves: rhbz#1240946
+- Make sure the DS and XCCDF ID combo boxes are visible for DS content
+  Resolves: rhbz#1249951
+- Try to load the OSCAP session early for DS content
+  Resolves: rhbz#1247654
+- Test preinst_content_path before raw_preinst_content_path
+  Resolves: rhbz#1249937
+- Clear any error if switching to the dry-run mode
+  Related: rhbz#1247677
+- Do not continue with and invalid profile ID
+  Resolves: rhbz#1247677
+- Cover all potential places with a non-main thread changing Gtk stuff
+  Resolves: rhbz#1240967
+
+* Thu Jul 23 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-4
+- Better handle and report erroneous states
+  Resolves: rhbz#1241064
+- Make sure (some more) GUI actions run in the main thread
+  Resolves: rhbz#1240967
+- Beware of RPM->cpio entries' paths having absolute paths
+  Related: rhbz#1241064
+- Only output the kickstart section with content and profile set
+  Resolves: rhbz#1241395
+- Just report integrity check failure instead of traceback
+  Resolves: rhbz#1240710
+- Properly react on download/loading issues in text+kickstart mode
+  Related: rhbz#1240710
+- Fetch and process the content even if GUI doesn't take care of it
+  Resolves: rhbz#1240625
+
+* Tue Jul 7 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-3
+- Do not output redundant/invalid fields for the SSG content (vpodzime)
+  Resolves: rhbz#1240285
+- Better handle unsupported URL types (vpodzime)
+  Resolves: rhbz#1232631
+- React better on network issues (vpodzime)
+  Resolves: rhbz#1236657
+- Improve the description of the default profile (vpodzime)
+  Resolves: rhbz#1238080
+- Use the openscap-scanner package instead of openscap-utils (vpodzime)
+  Resolves: rhbz#1240249
+- Better handle the case with no profile selected (vpodzime)
+  Resolves: rhbz#1235750
+- Add newline and one blank line after the %%addon section (vpodzime)
+  Resolves: rhbz#1238267
+- Word-wrap profile descriptions (vpodzime)
+  Resolves: rhbz#1236644
+
+* Wed Jun 17 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-2
+- Add gettext to BuildRequires (vpodzime)
+  Related: rhbz#1204640
+
+* Tue Jun 16 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-1
+- Rebase to the upstream version 0.7
+  Related: rhbz#1204640
+
+* Tue Apr 28 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.6-1
+- Rebase to the upstream version 0.6
+  Resolves: rhbz#1204640
+
+* Mon Aug 04 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.4-3
+- Don't distribute backup files
+  Resolves: rhbz#1065906
+* Wed Jan 15 2014 Vratislav Podizmek <vpodzime@redhat.com> - 0.4-2
+- Skip running tests on RHEL builds
+  Related: rhbz#1035662
+* Tue Jan 14 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.4-1
+- Beware of running Gtk actions from a non-main thread
+- Fix path to the tailoring file when getting rules
+- A git hook for running tests when pushing
+- Inform user if no profile is selected
+- Visually mark the selected profile
+- Better UX with content URL entry and progress label
+- React on invalid content properly (#1032846)
+- Stop spinner when data fetching is finished
+- Make the data fetching thread non-fatal (#1049989)
+- Exit code 2 from the oscap tool is not an error for us (#1050913)
+- Be ready to work with archives/RPMs containing data streams
+- Add unit tests for the keep_type_map function
+- Add support for namedtuples to keep_type_map
+- Add target for running pylint check
+- Add target for running just unittests
+- On the way to tailoring
+- Tests for kickstart XCCDF tailoring handling
+- Kickstart support for XCCDF tailoring
+- Check session validity also when using XCCDF benchmark
+
+* Tue Dec 10 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.3-1
+- Implement and use our own better function for joining paths
+- The content entry should have focus if there is no content
+- RPM is just a weird archive in the pre-installation phase
+- Ignore RPM files as well
+- Adapt tests to dir constants now ending with "/"
+- CpioArchive cannot be created from a piped output
+- Fix namespace definitions in the testing XCCDF file
+- Prevent putting None into xccdf_session_is_sds
+- Fix the __all__ variable in the common module
+- Strip content dir prefix when setting xccdf/cpe paths
+- Inform user we now support archive URLs as well
+- Ignore various file types in the git repository
+- Try to find content files in the fetched archive or RPM
+- Run pylint -E as part of the test target
+- Return list of extracted files/directories when extracting archive
+- Do not try to search for empty file paths in archives
+- Properly set the content type based on the URL's suffix
+- Switch profiles on double-click
+- Hook urlEntry's activate signal to fetchButton click
+- Save the spoke's glade file with a new Glade
+- The addon now requires the python-cpio package
+- Use really_hide for the UI elements for datastream-id and xccdf-id
+- Support for RPM content in the GUI spoke
+- RPM content support for kickstart processing
+- Add property for the raw post-installation content path
+- Make content type case insensitive
+- Rest of the code needed for RPM extraction
+- Actually look for the file path in entry names
+- Basic stuff needed for the RPM content support
+- Run tests in paralel
+- Specify files in a better way in spec
+
+* Mon Oct 21 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.2-1
+- Initial RPM for the oscap-anaconda-addon

gating.yaml

@@ -1,6 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-9
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

oscap-anaconda-addon-1.2.2-dbus_show_integration-PR_182.patch

@@ -1,39 +0,0 @@
-From 20843d815a82d10cba773f4e10e9a45c57d5e12e Mon Sep 17 00:00:00 2001
-From: Vendula Poncova <vponcova@redhat.com>
-Date: Wed, 18 Aug 2021 10:54:20 +0200
-Subject: [PATCH] Don't show the OSCAP spoke if the OSCAP DBus module is
- disabled
-
-Add-ons can be disabled in the Anaconda configuration files. Without the fix,
-the OSCAP DBus module is started on demand by the OSCAP spoke even though it
-shouldn't be activated. In the future, it will result in a failure of the
-installer.
-
-Related: rhbz#1994003
----
- org_fedora_oscap/gui/spokes/oscap.py | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
-index 36c8d7a..fe26076 100644
---- a/org_fedora_oscap/gui/spokes/oscap.py
-+++ b/org_fedora_oscap/gui/spokes/oscap.py
-@@ -36,6 +36,7 @@
- from org_fedora_oscap.structures import PolicyData
- 
- from pyanaconda.modules.common.constants.services import USERS
-+from pyanaconda.modules.common.util import is_module_available
- from pyanaconda.threading import threadMgr, AnacondaThread
- from pyanaconda.ui.gui.spokes import NormalSpoke
- from pyanaconda.ui.communication import hubQ
-@@ -203,6 +204,10 @@ class OSCAPSpoke(NormalSpoke):
-     # as it is displayed inside the spoke as the spoke label,
-     # and spoke labels are all uppercase by a convention.
- 
-+    @classmethod
-+    def should_run(cls, environment, data):
-+        return is_module_available(OSCAP)
-+
-     # methods defined by API and helper methods #
-     def __init__(self, data, storage, payload):
-         """

oscap-anaconda-addon-2.0.1-absent_appstream-PR_185.patch

@@ -1,191 +0,0 @@
-From c92205d5a5c788eeac84a6e67956a3e0540ab565 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
-Date: Mon, 3 Jan 2022 17:31:49 +0100
-Subject: [PATCH 1/2] Add oscap sanity check before attempting remediation
-
-If something is obviously wrong with the scanner, then don't attempt to remediate
-and try to show relevant information in a dialog window.
----
- org_fedora_oscap/common.py               | 39 +++++++++++++++++++-----
- org_fedora_oscap/service/installation.py | 11 +++++++
- tests/test_common.py                     |  8 +++++
- tests/test_installation.py               |  3 +-
- 4 files changed, 52 insertions(+), 9 deletions(-)
-
-diff --git a/org_fedora_oscap/common.py b/org_fedora_oscap/common.py
-index c432168..eeb27fc 100644
---- a/org_fedora_oscap/common.py
-+++ b/org_fedora_oscap/common.py
-@@ -171,7 +171,8 @@ def execute(self, ** kwargs):
-             proc = subprocess.Popen(self.args, stdout=subprocess.PIPE,
-                                     stderr=subprocess.PIPE, ** kwargs)
-         except OSError as oserr:
--            msg = "Failed to run the oscap tool: %s" % oserr
-+            msg = ("Failed to execute command '{command_string}': {oserr}"
-+                   .format(command_string=command_string, oserr=oserr))
-             raise OSCAPaddonError(msg)
- 
-         (stdout, stderr) = proc.communicate()
-@@ -247,6 +248,34 @@ def _run_oscap_gen_fix(profile, fpath, template, ds_id="", xccdf_id="",
-     return proc.stdout
- 
- 
-+def do_chroot(chroot):
-+    """Helper function doing the chroot if requested."""
-+    if chroot and chroot != "/":
-+        os.chroot(chroot)
-+        os.chdir("/")
-+
-+
-+def assert_scanner_works(chroot, executable="oscap"):
-+    args = [executable, "--version"]
-+    command = " ".join(args)
-+
-+    try:
-+        proc = subprocess.Popen(
-+            args, preexec_fn=lambda: do_chroot(chroot),
-+            stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-+        (stdout, stderr) = proc.communicate()
-+        stderr = stderr.decode(errors="replace")
-+    except OSError as exc:
-+        msg = _(f"Basic invocation '{command}' fails: {str(exc)}")
-+        raise OSCAPaddonError(msg)
-+    if proc.returncode != 0:
-+        msg = _(
-+            f"Basic scanner invocation '{command}' exited "
-+            "with non-zero error code {proc.returncode}: {stderr}")
-+        raise OSCAPaddonError(msg)
-+    return True
-+
-+
- def run_oscap_remediate(profile, fpath, ds_id="", xccdf_id="", tailoring="",
-                         chroot=""):
-     """
-@@ -276,12 +305,6 @@ def run_oscap_remediate(profile, fpath, ds_id="", xccdf_id="", tailoring="",
-     if not profile:
-         return ""
- 
--    def do_chroot():
--        """Helper function doing the chroot if requested."""
--        if chroot and chroot != "/":
--            os.chroot(chroot)
--            os.chdir("/")
--
-     # make sure the directory for the results exists
-     results_dir = os.path.dirname(RESULTS_PATH)
-     if chroot:
-@@ -306,7 +329,7 @@ def do_chroot():
-     args.append(fpath)
- 
-     proc = SubprocessLauncher(args)
--    proc.execute(preexec_fn=do_chroot)
-+    proc.execute(preexec_fn=lambda: do_chroot(chroot))
-     proc.log_messages()
- 
-     if proc.returncode not in (0, 2):
-diff --git a/org_fedora_oscap/service/installation.py b/org_fedora_oscap/service/installation.py
-index 2da8559..d909c44 100644
---- a/org_fedora_oscap/service/installation.py
-+++ b/org_fedora_oscap/service/installation.py
-@@ -239,6 +239,17 @@ def name(self):
- 
-     def run(self):
-         """Run the task."""
-+        try:
-+            common.assert_scanner_works(
-+                chroot=self._sysroot, executable="oscap")
-+        except Exception as exc:
-+            msg_lines = [_(
-+                "The 'oscap' scanner doesn't work in the installed system: {error}"
-+                .format(error=str(exc)))]
-+            msg_lines.append(_("As a result, the installed system can't be hardened."))
-+            terminate("\n".join(msg_lines))
-+            return
-+
-         common.run_oscap_remediate(
-             self._policy_data.profile_id,
-             self._target_content_path,
-diff --git a/tests/test_common.py b/tests/test_common.py
-index 9f7a16a..4f25379 100644
---- a/tests/test_common.py
-+++ b/tests/test_common.py
-@@ -77,6 +77,14 @@ def _run_oscap(mock_subprocess, additional_args):
-     return expected_args, kwargs
- 
- 
-+def test_oscap_works():
-+    assert common.assert_scanner_works(chroot="/")
-+    with pytest.raises(common.OSCAPaddonError, match="No such file"):
-+        common.assert_scanner_works(chroot="/", executable="i_dont_exist")
-+    with pytest.raises(common.OSCAPaddonError, match="non-zero"):
-+        common.assert_scanner_works(chroot="/", executable="false")
-+
-+
- def test_run_oscap_remediate_profile_only(mock_subprocess, monkeypatch):
-     return run_oscap_remediate_profile(
-         mock_subprocess, monkeypatch,
-diff --git a/tests/test_installation.py b/tests/test_installation.py
-index 5749a94..f819c3b 100644
---- a/tests/test_installation.py
-+++ b/tests/test_installation.py
-@@ -115,4 +115,5 @@ def test_remediate_system_task(sysroot_path, content_path, tailoring_path):
-     )
- 
-     assert task.name == "Remediate the system"
--    task.run()
-+    with pytest.raises(installation.NonCriticalInstallationError, match="No such file"):
-+        task.run()
-
-From ea2dbf5017445875b1c0e4ee27899c8dde292c98 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
-Date: Mon, 3 Jan 2022 17:42:31 +0100
-Subject: [PATCH 2/2] Don't raise exceptions in execute()
-
-Those result in tracebacks during the installation,
-while a dialog window presents a more useful form of user interaction.
----
- org_fedora_oscap/service/installation.py | 27 ++++++++++++++----------
- 1 file changed, 16 insertions(+), 11 deletions(-)
-
-diff --git a/org_fedora_oscap/service/installation.py b/org_fedora_oscap/service/installation.py
-index d909c44..290da40 100644
---- a/org_fedora_oscap/service/installation.py
-+++ b/org_fedora_oscap/service/installation.py
-@@ -210,9 +210,9 @@ def run(self):
-             )
- 
-             if ret != 0:
--                raise common.ExtractionError(
--                    "Failed to install content RPM to the target system"
--                )
-+                msg = _(f"Failed to install content RPM to the target system.")
-+                terminate(msg)
-+                return
-         else:
-             pattern = utils.join_paths(common.INSTALLATION_CONTENT_DIR, "*")
-             utils.universal_copy(pattern, target_content_dir)
-@@ -250,11 +250,16 @@ def run(self):
-             terminate("\n".join(msg_lines))
-             return
- 
--        common.run_oscap_remediate(
--            self._policy_data.profile_id,
--            self._target_content_path,
--            self._policy_data.datastream_id,
--            self._policy_data.xccdf_id,
--            self._target_tailoring_path,
--            chroot=self._sysroot
--        )
-+        try:
-+            common.run_oscap_remediate(
-+                self._policy_data.profile_id,
-+                self._target_content_path,
-+                self._policy_data.datastream_id,
-+                self._policy_data.xccdf_id,
-+                self._target_tailoring_path,
-+                chroot=self._sysroot
-+            )
-+        except Exception as exc:
-+            msg = _(f"Something went wrong during the final hardening: {str(exc)}.")
-+            terminate(msg)
-+            return

oscap-anaconda-addon-2.0.1-fix_archive_handling-PR_170.patch

@@ -1,14 +0,0 @@
-diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
-index bc14ef1..ccfe6c8 100644
---- a/org_fedora_oscap/content_discovery.py
-+++ b/org_fedora_oscap/content_discovery.py
-@@ -225,7 +225,8 @@ def _gather_available_files(self, actually_fetched_content, dest_filename):
-             if not dest_filename:  # using scap-security-guide
-                 fpaths = [self.DEFAULT_SSG_DATA_STREAM_PATH]
-             else:  # Using downloaded XCCDF/OVAL/DS/tailoring
--                fpaths = glob(str(self.CONTENT_DOWNLOAD_LOCATION / "*.xml"))
-+                fpaths = pathlib.Path(self.CONTENT_DOWNLOAD_LOCATION).rglob("*")
-+                fpaths = [str(p) for p in fpaths if p.is_file()]
-         else:
-             dest_filename = pathlib.Path(dest_filename)
-             # RPM is an archive at this phase

oscap-anaconda-addon-2.0.1-fix_fingerprint-PR_177.patch

@@ -1,22 +0,0 @@
-From c72b95146650b0debc36b8da546b60a9d5482ab3 Mon Sep 17 00:00:00 2001
-From: Matej Tyc <matyc@redhat.com>
-Date: Fri, 15 Oct 2021 15:28:24 +0200
-Subject: [PATCH] Fix bad destination for the parsed content fingerprint
-
----
- org_fedora_oscap/service/kickstart.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/org_fedora_oscap/service/kickstart.py b/org_fedora_oscap/service/kickstart.py
-index d6f22ac..dc1a100 100644
---- a/org_fedora_oscap/service/kickstart.py
-+++ b/org_fedora_oscap/service/kickstart.py
-@@ -140,7 +140,7 @@ def _parse_fingerprint(self, value):
-             msg = "Unsupported fingerprint"
-             raise KickstartValueError(msg)
- 
--        self.fingerprint = value
-+        self.policy_data.fingerprint = value
- 
-     def _parse_certificates(self, value):
-         self.policy_data.certificates = value

oscap-anaconda-addon-2.0.1-fix_fips_hashes_PR_255.patch

@@ -1,83 +0,0 @@
-From fa02df9da7ce26dcd8051df541bf6d1da52dd849 Mon Sep 17 00:00:00 2001
-From: Evgeny Kolesnikov <ekolesni@redhat.com>
-Date: Fri, 4 Oct 2024 14:15:13 +0200
-Subject: [PATCH] Do not assume availability of hashing algorithms in hashlib
-
-Particular offender at this moment is 'md5', which is not available
-in FIPS build of Python.
----
- org_fedora_oscap/utils.py |  5 +++--
- tests/test_utils.py       | 38 ++++++++++++++++++++++++++++++++------
- 2 files changed, 35 insertions(+), 8 deletions(-)
-
-diff --git a/org_fedora_oscap/utils.py b/org_fedora_oscap/utils.py
-index 3be83254..26fe40df 100644
---- a/org_fedora_oscap/utils.py
-+++ b/org_fedora_oscap/utils.py
-@@ -146,8 +146,9 @@ def get_hashing_algorithm(fingerprint):
- 
-     """
- 
--    hashes = (hashlib.md5(), hashlib.sha1(), hashlib.sha224(),
--              hashlib.sha256(), hashlib.sha384(), hashlib.sha512())
-+    expected_hash_ids = {'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'}
-+    available_hash_ids = expected_hash_ids.intersection(hashlib.algorithms_available)
-+    hashes = (hashlib.new(hash_id) for hash_id in available_hash_ids)
- 
-     if len(fingerprint) % 2 == 1:
-         return None
-diff --git a/tests/test_utils.py b/tests/test_utils.py
-index c2d663f6..7fe3332e 100644
---- a/tests/test_utils.py
-+++ b/tests/test_utils.py
-@@ -27,6 +27,9 @@
- 
- from org_fedora_oscap import utils
- 
-+import hashlib
-+import warnings
-+
- 
- @pytest.fixture()
- def mock_os():
-@@ -146,11 +149,34 @@ def test_gen():
- 
- 
- def test_hash():
--    file_hash = '87fcda7d9e7a22412e95779e2f8e70f929106c7b27a94f5f8510553ebf4624a6'
--    hash_obj = utils.get_hashing_algorithm(file_hash)
--    assert hash_obj.name == "sha256"
-+    file_hashes = {
-+       'md5':    'ea38136ca349e139c59f09e09d2aa956',
-+       'sha1':   'f905458483be8ac21002ab2c6409d3a10b3813f1',
-+       'sha224': '2b1e795db6b7397f47a270fbb5059e76b94a8c972240b17c45db1f13',
-+       'sha256': '87fcda7d9e7a22412e95779e2f8e70f929106c7b27a94f5f8510553ebf4624a6',
-+       'sha384': 'b3ffdfad2bf33caf6e44a8b34386ad741bb80fb02306d3889b8a5645cde31e9d'
-+                 '31ec44e0b0e6ce84d83a57339b75b9bf',
-+       'sha512': '7b05940e8d69e804a90f5110d22ad3a1cd03adc5bf4d0a4779790c78118b3c61'
-+                 'b7f3a3cd39fcf2902ec92ac80df71b952a7aeb2d53c16f0e77436eeb91e33e1d'
-+    }
-+
-+    for hash_id, file_hash in file_hashes.items():
-+        if hash_id not in hashlib.algorithms_available:
-+            warnings.warn(RuntimeWarning('Expected hash algorithm \'%s\' is not '
-+                                         'available in this build of Python' % hash_id))
-+            continue
-+
-+        hash_obj = utils.get_hashing_algorithm(file_hash)
-+        assert hash_obj.name == hash_id
- 
--    filepath = os.path.join(os.path.dirname(__file__), 'data', 'file')
--    computed_hash = utils.get_file_fingerprint(filepath, hash_obj)
-+        filepath = os.path.join(os.path.dirname(__file__), 'data', 'file')
-+        computed_hash = utils.get_file_fingerprint(filepath, hash_obj)
- 
--    assert file_hash == computed_hash
-+        assert file_hash == computed_hash
-+
-+
-+def test_hash_unknown():
-+    file_hash = 'XXXX'
-+
-+    hash_obj = utils.get_hashing_algorithm(file_hash)
-+    assert hash_obj is None

oscap-anaconda-addon-2.0.1-fix_no_hardening-PR_176.patch

@@ -1,32 +0,0 @@
-From 56806b88b139d62276e8522bb3daf7d4fb02df84 Mon Sep 17 00:00:00 2001
-From: Matej Tyc <matyc@redhat.com>
-Date: Fri, 15 Oct 2021 15:05:55 +0200
-Subject: [PATCH] Represent unselected profile by an empty string
-
-None can't be passed via the DBUS interface.
----
- org_fedora_oscap/gui/spokes/oscap.py | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
-index 4425757..36c8d7a 100644
---- a/org_fedora_oscap/gui/spokes/oscap.py
-+++ b/org_fedora_oscap/gui/spokes/oscap.py
-@@ -244,7 +244,7 @@ def __init__(self, data, storage, payload):
-         self.__old_root_pw = None
- 
-         # used to check if the profile was changed or not
--        self._active_profile = None
-+        self._active_profile = ""
- 
-         # prevent multiple simultaneous data fetches
-         self._fetching = False
-@@ -719,7 +719,7 @@ def _unselect_profile(self, profile_id):
-             self._revert_rootpw_changes()
-             self._rule_data = None
- 
--        self._active_profile = None
-+        self._active_profile = ""
- 
-     @async_action_wait
-     def _select_profile(self, profile_id):

oscap-anaconda-addon-2.0.1-fix_strings-PR_207.patch

@@ -1,72 +0,0 @@
-From 1b96504a8bbc198cce11647a0c3a65e1a3ffaba1 Mon Sep 17 00:00:00 2001
-From: Matej Tyc <matyc@redhat.com>
-Date: Fri, 13 May 2022 14:44:45 +0200
-Subject: [PATCH] Fix strings for translations
-
-The input of the _() function has to be a static string,
-and it was in those cases a formatted one,
-which didn't match the translation data.
----
- org_fedora_oscap/rule_handling.py | 20 ++++++++++----------
- 1 file changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
-index 244aac8..635446e 100644
---- a/org_fedora_oscap/rule_handling.py
-+++ b/org_fedora_oscap/rule_handling.py
-@@ -707,10 +707,11 @@ def eval_rules(self, ksdata, storage, report_only=False):
-         messages = []
-         packages_data = get_packages_data()
- 
-+        msg_installed_template = _(
-+            "package '%s' has been added to the list of to be installed packages")
-         # add messages for the already added packages
-         for pkg in self._added_pkgs:
--            msg = _("package '%s' has been added to the list of to be installed "
--                    "packages" % pkg)
-+            msg = msg_installed_template % pkg
-             messages.append(RuleMessage(self.__class__,
-                                         common.MESSAGE_TYPE_INFO, msg))
- 
-@@ -724,11 +725,12 @@ def eval_rules(self, ksdata, storage, report_only=False):
-                 self._added_pkgs.add(pkg)
-                 packages_data.packages.append(pkg)
- 
--            msg = _("package '%s' has been added to the list of to be installed "
--                    "packages" % pkg)
-+            msg = msg_installed_template % pkg
-             messages.append(RuleMessage(self.__class__,
-                                         common.MESSAGE_TYPE_INFO, msg))
- 
-+        msg_excluded_template = _(
-+            "package '%s' has been added to the list of excluded packages")
-         # now do the same for the packages that should be excluded
-         # add messages for the already excluded packages
-         for pkg in self._removed_pkgs:
-@@ -736,13 +738,12 @@ def eval_rules(self, ksdata, storage, report_only=False):
-                 msg = _(
-                     "package '{package}' has been added to the list "
-                     "of excluded packages, but it can't be removed "
--                    "from the current software selection without breaking the installation."
--                    .format(package=pkg))
-+                    "from the current software selection without breaking the installation.")
-+                msg = msg.format(package=pkg)
-                 messages.append(RuleMessage(self.__class__,
-                                             common.MESSAGE_TYPE_FATAL, msg))
-             else:
--                msg = _("package '%s' has been added to the list of excluded "
--                        "packages" % pkg)
-+                msg = msg_excluded_template % pkg
-                 messages.append(RuleMessage(self.__class__,
-                                             common.MESSAGE_TYPE_INFO, msg))
- 
-@@ -756,8 +757,7 @@ def eval_rules(self, ksdata, storage, report_only=False):
-                 self._removed_pkgs.add(pkg)
-                 packages_data.excluded_packages.append(pkg)
- 
--            msg = _("package '%s' has been added to the list of excluded "
--                    "packages" % pkg)
-+            msg = msg_excluded_template % pkg
-             messages.append(RuleMessage(self.__class__,
-                                         common.MESSAGE_TYPE_INFO, msg))
- 

oscap-anaconda-addon-2.0.1-package-groups-PR_248.patch

@@ -1,26 +0,0 @@
-From cdb131f0b1282f833b697ef4cb4eb934ca2e9966 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
-Date: Mon, 17 Jul 2023 15:27:24 +0200
-Subject: [PATCH] Remove obsolete mapping of packages-groups
-
----
- org_fedora_oscap/rule_handling.py | 6 ------
- 1 file changed, 6 deletions(-)
-
-diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
-index 635446e..7e2077c 100644
---- a/org_fedora_oscap/rule_handling.py
-+++ b/org_fedora_oscap/rule_handling.py
-@@ -59,12 +59,6 @@
-         "env": ["graphical-server-environment", "workstation-product-environment"],
-         "groups": ["workstation-product-environment"],
-     },
--    "tftp": {
--        "groups": ["network-server"],
--    },
--    "abrt": {
--        "groups": ["debugging"],
--    },
-     "gssproxy": {
-         "groups": ["file-server"],
-     },

oscap-anaconda-addon-2.0.1-rhel9_tailoring_fix-PR_180.patch

@@ -1,29 +0,0 @@
-From a306b736f144260721dfae25f0b268353d6760c5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
-Date: Thu, 25 Nov 2021 15:15:14 +0100
-Subject: [PATCH] Fix tailoring
-
-Fixes an error during installation caused during tailoring
-
-Addressing:
-dasbus.error.DBusError: Content evaluation and remediation with the oscap tool failed: OpenSCAP Error: Unable to open file: '/tmp/openscap_data/usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml' [/builddir/build/BUILD/openscap-1.3.5/src/source/oscap_source.c:288]
-
-This is proabably a typo coming from 87509fb6ee22b6eeaa66ea4ae85ebf5abd353e14
-which is only in rhel9-branch.
----
- org_fedora_oscap/service/oscap.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/org_fedora_oscap/service/oscap.py b/org_fedora_oscap/service/oscap.py
-index 4237a47..65da08b 100755
---- a/org_fedora_oscap/service/oscap.py
-+++ b/org_fedora_oscap/service/oscap.py
-@@ -221,7 +221,7 @@ def install_with_tasks(self):
-                 sysroot=conf.target.system_root,
-                 policy_data=self.policy_data,
-                 target_content_path=common.get_postinst_content_path(self.policy_data),
--                target_tailoring_path=common.get_preinst_tailoring_path(self.policy_data)
-+                target_tailoring_path=common.get_postinst_tailoring_path(self.policy_data)
-             )
-         ]
- 

oscap-anaconda-addon-2.0.1-various_bugfixes-PR_166.patch

@@ -1,460 +0,0 @@
-From aeb0e2ed5a524c5d4e5b72b2b11ea74a5119d45a Mon Sep 17 00:00:00 2001
-From: Matej Tyc <matyc@redhat.com>
-Date: Mon, 2 Aug 2021 17:23:17 +0200
-Subject: [PATCH 1/3] Improve logging
-
-Make all log entries identifiable easily.
----
- org_fedora_oscap/common.py               |  4 ++--
- org_fedora_oscap/content_discovery.py    | 16 +++++++++++-----
- org_fedora_oscap/gui/spokes/oscap.py     | 19 ++++++++++++-------
- org_fedora_oscap/rule_handling.py        |  8 ++++----
- org_fedora_oscap/service/installation.py |  6 +++---
- org_fedora_oscap/service/kickstart.py    |  2 +-
- org_fedora_oscap/service/oscap.py        | 12 ++++++------
- 7 files changed, 39 insertions(+), 28 deletions(-)
-
-diff --git a/org_fedora_oscap/common.py b/org_fedora_oscap/common.py
-index a307baa..c432168 100644
---- a/org_fedora_oscap/common.py
-+++ b/org_fedora_oscap/common.py
-@@ -564,7 +564,7 @@ def get_content_name(data):
- def get_raw_preinst_content_path(data):
-     """Path to the raw (unextracted, ...) pre-installation content file"""
-     if data.content_type == "scap-security-guide":
--        log.debug("Using scap-security-guide, no single content file")
-+        log.debug("OSCAP addon: Using scap-security-guide, no single content file")
-         return None
- 
-     content_name = get_content_name(data)
-@@ -667,7 +667,7 @@ def set_packages_data(data: PackagesConfigurationData):
-     payload_proxy = get_payload_proxy()
- 
-     if payload_proxy.Type != PAYLOAD_TYPE_DNF:
--        log.debug("The payload doesn't support packages.")
-+        log.debug("OSCAP addon: The payload doesn't support packages.")
-         return
- 
-     return payload_proxy.SetPackages(
-diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
-index 894f3e1..bc14ef1 100644
---- a/org_fedora_oscap/content_discovery.py
-+++ b/org_fedora_oscap/content_discovery.py
-@@ -98,7 +98,7 @@ def fetch_content(self, what_if_fail, ca_certs_path=""):
-     def _fetch_files(self, scheme, path, destdir, ca_certs_path, what_if_fail):
-         with self.activity_lock:
-             if self.now_fetching_or_processing:
--                msg = "Strange, it seems that we are already fetching something."
-+                msg = "OSCAP Addon: Strange, it seems that we are already fetching something."
-                 log.warn(msg)
-                 return
-             self.now_fetching_or_processing = True
-@@ -175,7 +175,7 @@ def finish_content_fetch(self, fetching_thread_name, fingerprint, report_callbac
- 
-     def _verify_fingerprint(self, dest_filename, fingerprint=""):
-         if not fingerprint:
--            log.info("No fingerprint provided, skipping integrity check")
-+            log.info("OSCAP Addon: No fingerprint provided, skipping integrity check")
-             return
- 
-         hash_obj = utils.get_hashing_algorithm(fingerprint)
-@@ -183,15 +183,19 @@ def _verify_fingerprint(self, dest_filename, fingerprint=""):
-                                             hash_obj)
-         if digest != fingerprint:
-             log.error(
-+                "OSCAP Addon: "
-                 f"File {dest_filename} failed integrity check - assumed a "
-                 f"{hash_obj.name} hash and '{fingerprint}', got '{digest}'"
-             )
--            msg = _(f"Integrity check of the content failed - {hash_obj.name} hash didn't match")
-+            msg = _(f"OSCAP Addon: Integrity check of the content failed - {hash_obj.name} hash didn't match")
-             raise content_handling.ContentCheckError(msg)
-         log.info(f"Integrity check passed using {hash_obj.name} hash")
- 
-     def _finish_actual_fetch(self, wait_for, fingerprint, report_callback, dest_filename):
--        threadMgr.wait(wait_for)
-+        if wait_for:
-+            log.info(f"OSCAP Addon: Waiting for thread {wait_for}")
-+            threadMgr.wait(wait_for)
-+            log.info(f"OSCAP Addon: Finished waiting for thread {wait_for}")
-         actually_fetched_content = wait_for is not None
- 
-         if fingerprint and dest_filename:
-@@ -201,6 +205,7 @@ def _finish_actual_fetch(self, wait_for, fingerprint, report_callback, dest_file
- 
-         structured_content = ObtainedContent(self.CONTENT_DOWNLOAD_LOCATION)
-         content_type = self.get_content_type(str(dest_filename))
-+        log.info(f"OSCAP Addon: started to look at the content")
-         if content_type in ("archive", "rpm"):
-             structured_content.add_content_archive(dest_filename)
- 
-@@ -211,6 +216,7 @@ def _finish_actual_fetch(self, wait_for, fingerprint, report_callback, dest_file
-         if fingerprint and dest_filename:
-             structured_content.record_verification(dest_filename)
- 
-+        log.info(f"OSCAP Addon: finished looking at the content")
-         return structured_content
- 
-     def _gather_available_files(self, actually_fetched_content, dest_filename):
-@@ -232,7 +238,7 @@ def _gather_available_files(self, actually_fetched_content, dest_filename):
-                     )
-                 except common.ExtractionError as err:
-                     msg = f"Failed to extract the '{dest_filename}' archive: {str(err)}"
--                    log.error(msg)
-+                    log.error("OSCAP Addon: " + msg)
-                     raise err
- 
-             elif content_type == "file":
-diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
-index 76e508f..332e956 100644
---- a/org_fedora_oscap/gui/spokes/oscap.py
-+++ b/org_fedora_oscap/gui/spokes/oscap.py
-@@ -331,6 +331,7 @@ def initialize(self):
- 
-         # if no content was specified and SSG is available, use it
-         if not self._policy_data.content_type and common.ssg_available():
-+            log.info("OSCAP Addon: Defaulting to local content")
-             self._policy_data.content_type = "scap-security-guide"
-             self._policy_data.content_path = common.SSG_DIR + common.SSG_CONTENT
- 
-@@ -351,7 +352,7 @@ def initialize(self):
-             self._fetch_data_and_initialize()
- 
-     def _handle_error(self, exception):
--        log.error(str(exception))
-+        log.error("OSCAP Addon: " + str(exception))
-         if isinstance(exception, KickstartValueError):
-             self._invalid_url()
-         elif isinstance(exception, common.OSCAPaddonNetworkError):
-@@ -365,7 +366,7 @@ def _handle_error(self, exception):
-         elif isinstance(exception, content_handling.ContentCheckError):
-             self._integrity_check_failed()
-         else:
--            log.exception("Unknown exception occurred", exc_info=exception)
-+            log.exception("OSCAP Addon: Unknown exception occurred", exc_info=exception)
-             self._general_content_problem()
- 
-     def _render_selected(self, column, renderer, model, itr, user_data=None):
-@@ -385,6 +386,7 @@ def _fetch_data_and_initialize(self):
- 
-         thread_name = None
-         if self._policy_data.content_url and self._policy_data.content_type != "scap-security-guide":
-+            log.info(f"OSCAP Addon: Actually fetching content from somewhere")
-             thread_name = self.content_bringer.fetch_content(
-                 self._handle_error, self._policy_data.certificates)
- 
-@@ -442,7 +444,7 @@ def update_progress_label(msg):
-                 msg += f" with tailoring {preinst_tailoring_path}"
-             else:
-                 msg += " without considering tailoring"
--            log.info(msg)
-+            log.info("OSCAP Addon: " + msg)
- 
-             self._content_handler = scap_content_handler.SCAPContentHandler(
-                 preinst_content_path,
-@@ -456,7 +458,7 @@ def update_progress_label(msg):
- 
-             return
- 
--        log.info("OAA: Done with analysis")
-+        log.info("OSCAP Addon: Done with analysis")
- 
-         self._ds_checklists = self._content_handler.get_data_streams_checklists()
-         if self._using_ds:
-@@ -592,7 +594,7 @@ def _update_profiles_store(self):
-         try:
-             profiles = self._content_handler.get_profiles()
-         except scap_content_handler.SCAPContentHandlerError as e:
--            log.warning(str(e))
-+            log.warning("OSCAP Addon: " + str(e))
-             self._invalid_content()
- 
-         for profile in profiles:
-@@ -736,7 +738,7 @@ def _select_profile(self, profile_id):
-                 ds, xccdf, common.get_preinst_tailoring_path(self._policy_data))
-         except common.OSCAPaddonError as exc:
-             log.error(
--                "Failed to get rules for the profile '{}': {}"
-+                "OSCAP Addon: Failed to get rules for the profile '{}': {}"
-                 .format(profile_id, str(exc)))
-             self._set_error(
-                 "Failed to get rules for the profile '{}'"
-@@ -908,6 +910,7 @@ def refresh(self):
-     def _refresh_ui(self):
-         """Refresh the UI elements."""
-         if not self._content_defined:
-+            log.info("OSCAP Addon: Content not defined")
-             # hide the control buttons
-             really_hide(self._control_buttons)
- 
-@@ -1156,7 +1159,9 @@ def on_fetch_button_clicked(self, *args):
-         with self._fetch_flag_lock:
-             if self._fetching:
-                 # some other fetching/pre-processing running, give up
--                log.warn("Clicked the fetch button, although the GUI is in the fetching mode.")
-+                log.warn(
-+                    "OSCAP Addon: "
-+                    "Clicked the fetch button, although the GUI is in the fetching mode.")
-                 return
- 
-         # prevent user from changing the URL in the meantime
-diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
-index c478aa0..244aac8 100644
---- a/org_fedora_oscap/rule_handling.py
-+++ b/org_fedora_oscap/rule_handling.py
-@@ -261,7 +261,7 @@ def new_rule(self, rule):
-         try:
-             actions[first_word](rule)
-         except (ModifiedOptionParserException, KeyError) as e:
--            log.warning("Unknown OSCAP Addon rule '{}': {}".format(rule, e))
-+            log.warning("OSCAP Addon: Unknown OSCAP Addon rule '{}': {}".format(rule, e))
- 
-     def eval_rules(self, ksdata, storage, report_only=False):
-         """:see: RuleHandler.eval_rules"""
-@@ -565,7 +565,7 @@ def eval_rules(self, ksdata, storage, report_only=False):
-             # root password set
-             if users_proxy.IsRootPasswordCrypted:
-                 msg = _("cannot check root password length (password is crypted)")
--                log.warning("cannot check root password length (password is crypted)")
-+                log.warning("OSCAP Addon: cannot check root password length (password is crypted)")
-                 return [RuleMessage(self.__class__,
-                                     common.MESSAGE_TYPE_WARNING, msg)]
-             elif len(users_proxy.RootPassword) < self._minlen:
-@@ -880,7 +880,7 @@ def eval_rules(self, ksdata, storage, report_only=False):
- 
-                 kdump_proxy.KdumpEnabled = self._kdump_enabled
-             else:
--                log.warning("com_redhat_kdump is not installed. "
-+                log.warning("OSCAP Addon: com_redhat_kdump is not installed. "
-                             "Skipping kdump configuration")
- 
-         return messages
-@@ -894,7 +894,7 @@ def revert_changes(self, ksdata, storage):
-             if self._kdump_enabled is not None:
-                 kdump_proxy.KdumpEnabled = self._kdump_default_enabled
-         else:
--            log.warning("com_redhat_kdump is not installed. "
-+            log.warning("OSCAP Addon: com_redhat_kdump is not installed. "
-                         "Skipping reverting kdump configuration")
- 
-         self._kdump_enabled = None
-diff --git a/org_fedora_oscap/service/installation.py b/org_fedora_oscap/service/installation.py
-index e3a1d0f..2da8559 100644
---- a/org_fedora_oscap/service/installation.py
-+++ b/org_fedora_oscap/service/installation.py
-@@ -28,14 +28,14 @@
- from org_fedora_oscap.content_handling import ContentCheckError
- from org_fedora_oscap import content_discovery
- 
--log = logging.getLogger(__name__)
-+log = logging.getLogger("anaconda")
- 
- 
- REQUIRED_PACKAGES = ("openscap", "openscap-scanner",)
- 
- 
- def _handle_error(exception):
--    log.error("Failed to fetch and initialize SCAP content!")
-+    log.error("OSCAP Addon: Failed to fetch and initialize SCAP content!")
- 
-     if isinstance(exception, ContentCheckError):
-         msg = _("The integrity check of the security content failed.")
-@@ -87,7 +87,7 @@ def run(self):
- 
-         content = self.content_bringer.finish_content_fetch(
-             fetching_thread_name, self._policy_data.fingerprint,
--            lambda msg: log.info(msg), content_dest, _handle_error)
-+            lambda msg: log.info("OSCAP Addon: " + msg), content_dest, _handle_error)
- 
-         if not content:
-             # this shouldn't happen because error handling is supposed to
-diff --git a/org_fedora_oscap/service/kickstart.py b/org_fedora_oscap/service/kickstart.py
-index 341c6c5..d6f22ac 100644
---- a/org_fedora_oscap/service/kickstart.py
-+++ b/org_fedora_oscap/service/kickstart.py
-@@ -25,7 +25,7 @@
- from org_fedora_oscap import common, utils
- from org_fedora_oscap.structures import PolicyData
- 
--log = logging.getLogger(__name__)
-+log = logging.getLogger("anaconda")
- 
- __all__ = ["OSCAPKickstartSpecification"]
- 
-diff --git a/org_fedora_oscap/service/oscap.py b/org_fedora_oscap/service/oscap.py
-index d491060..4237a47 100755
---- a/org_fedora_oscap/service/oscap.py
-+++ b/org_fedora_oscap/service/oscap.py
-@@ -34,7 +34,7 @@
- from org_fedora_oscap.service.oscap_interface import OSCAPInterface
- from org_fedora_oscap.structures import PolicyData
- 
--log = logging.getLogger(__name__)
-+log = logging.getLogger("anaconda")
- 
- __all__ = ["OSCAPService"]
- 
-@@ -71,7 +71,7 @@ def policy_enabled(self, value):
-         """
-         self._policy_enabled = value
-         self.policy_enabled_changed.emit()
--        log.debug("Policy enabled is set to '%s'.", value)
-+        log.debug("OSCAP Addon: Policy enabled is set to '%s'.", value)
- 
-     @property
-     def policy_data(self):
-@@ -89,7 +89,7 @@ def policy_data(self, value):
-         """
-         self._policy_data = value
-         self.policy_data_changed.emit()
--        log.debug("Policy data is set to '%s'.", value)
-+        log.debug("OSCAP Addon: Policy data is set to '%s'.", value)
- 
-     @property
-     def installation_enabled(self):
-@@ -150,7 +150,7 @@ def collect_requirements(self):
-         :return: a list of requirements
-         """
-         if not self.installation_enabled:
--            log.debug("The installation is disabled. Skip the requirements.")
-+            log.debug("OSCAP Addon: The installation is disabled. Skip the requirements.")
-             return []
- 
-         requirements = [
-@@ -180,7 +180,7 @@ def configure_with_tasks(self):
-         :return: a list of tasks
-         """
-         if not self.installation_enabled:
--            log.debug("The installation is disabled. Skip the configuration.")
-+            log.debug("OSCAP Addon: The installation is disabled. Skip the configuration.")
-             return []
- 
-         tasks = [
-@@ -205,7 +205,7 @@ def install_with_tasks(self):
-         :return: a list of tasks
-         """
-         if not self.installation_enabled:
--            log.debug("The installation is disabled. Skip the installation.")
-+            log.debug("OSCAP Addon: The installation is disabled. Skip the installation.")
-             return []
- 
-         tasks = [
-
-From b081e32012b93177167d3f7d0cc2024deb50e965 Mon Sep 17 00:00:00 2001
-From: Matej Tyc <matyc@redhat.com>
-Date: Mon, 2 Aug 2021 17:24:15 +0200
-Subject: [PATCH 2/3] Save addon data when using local content
-
-Addon loads its data from the shared storage upon refresh,
-which caused it to overwrite clicking on the "use SSG content" button.
-
-Now the data is saved after clicking that button, and convenience
-load/save methods were introduced.
----
- org_fedora_oscap/gui/spokes/oscap.py | 27 +++++++++++++++------------
- 1 file changed, 15 insertions(+), 12 deletions(-)
-
-diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
-index 332e956..4425757 100644
---- a/org_fedora_oscap/gui/spokes/oscap.py
-+++ b/org_fedora_oscap/gui/spokes/oscap.py
-@@ -232,11 +232,8 @@ def __init__(self, data, storage, payload):
-         # the proxy to OSCAP DBus module
-         self._oscap_module = OSCAP.get_proxy()
- 
--        # the security policy data
--        self._policy_enabled = self._oscap_module.PolicyEnabled
--        self._policy_data = PolicyData.from_structure(
--            self._oscap_module.PolicyData
--        )
-+        self._policy_data = PolicyData()
-+        self._load_policy_data()
- 
-         # used for changing profiles
-         self._rule_data = None
-@@ -334,6 +331,7 @@ def initialize(self):
-             log.info("OSCAP Addon: Defaulting to local content")
-             self._policy_data.content_type = "scap-security-guide"
-             self._policy_data.content_path = common.SSG_DIR + common.SSG_CONTENT
-+            self._save_policy_data()
- 
-         if not self._content_defined:
-             # nothing more to be done now, the spoke is ready
-@@ -351,6 +349,16 @@ def initialize(self):
-             # else fetch data
-             self._fetch_data_and_initialize()
- 
-+    def _save_policy_data(self):
-+        self._oscap_module.PolicyData = PolicyData.to_structure(self._policy_data)
-+        self._oscap_module.PolicyEnabled = self._policy_enabled
-+
-+    def _load_policy_data(self):
-+        self._policy_data.update_from(PolicyData.from_structure(
-+            self._oscap_module.PolicyData
-+        ))
-+        self._policy_enabled = self._oscap_module.PolicyEnabled
-+
-     def _handle_error(self, exception):
-         log.error("OSCAP Addon: " + str(exception))
-         if isinstance(exception, KickstartValueError):
-@@ -897,13 +905,7 @@ def refresh(self):
-         :see: pyanaconda.ui.common.UIObject.refresh
- 
-         """
--        # update the security policy data
--        self._policy_enabled = self._oscap_module.PolicyEnabled
--        fresh_data = PolicyData.from_structure(
--            self._oscap_module.PolicyData
--        )
--
--        self._policy_data.update_from(fresh_data)
-+        self._load_policy_data()
-         # update the UI elements
-         self._refresh_ui()
- 
-@@ -1202,4 +1204,5 @@ def on_change_content_clicked(self, *args):
- 
-     def on_use_ssg_clicked(self, *args):
-         self.content_bringer.use_system_content()
-+        self._save_policy_data()
-         self._fetch_data_and_initialize()
-
-From fee170f54aeb9f649ab891781532012a7b069f8f Mon Sep 17 00:00:00 2001
-From: Matej Tyc <matyc@redhat.com>
-Date: Tue, 3 Aug 2021 11:01:59 +0200
-Subject: [PATCH 3/3] Refactor content identification
-
-Don't use the multiprocessing pool - it sometimes creates probems during
-its initialization:
-https://bugzilla.redhat.com/show_bug.cgi?id=1989434
----
- org_fedora_oscap/content_handling.py | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/org_fedora_oscap/content_handling.py b/org_fedora_oscap/content_handling.py
-index f2af22f..65d5a28 100644
---- a/org_fedora_oscap/content_handling.py
-+++ b/org_fedora_oscap/content_handling.py
-@@ -111,9 +111,8 @@ def parse_HTML_from_content(content):
- 
- 
- def identify_files(fpaths):
--    with multiprocessing.Pool(os.cpu_count()) as p:
--        labels = p.map(get_doc_type, fpaths)
--    return {path: label for (path, label) in zip(fpaths, labels)}
-+    result = {path: get_doc_type(path) for path in fpaths}
-+    return result
- 
- 
- def get_doc_type(file_path):
-@@ -131,7 +130,9 @@ def get_doc_type(file_path):
-     except UnicodeDecodeError:
-         # 'oscap info' supplied weird output, which happens when it tries
-         # to explain why it can't examine e.g. a JPG.
--        return None
-+        pass
-+    except Exception as e:
-+        log.warning(f"OSCAP addon: Unexpected error when looking at {file_path}: {str(e)}")
-     log.info("OSCAP addon: Identified {file_path} as {content_type}"
-              .format(file_path=file_path, content_type=content_type))
-     return content_type

oscap-anaconda-addon-2.1.0-content_paths-PR_227.patch

@@ -1,334 +0,0 @@
-From e2c47422b0ecfd561a8fe203b53e4a3831ae0ff7 Mon Sep 17 00:00:00 2001
-From: Matej Tyc <matyc@redhat.com>
-Date: Tue, 22 Nov 2022 11:45:11 +0100
-Subject: [PATCH 1/3] Fix handling of content paths
-
-Archives and ready-to-use content use paths differently.
-
-Archives get unpacked into a directory, where they need to be unpacked,
-analyzed, and cross-checked with e.g. the supplied content path,
-whereas ready-to-use content can be used directly.
-
-As the current codebase doesn't untangle all possible ways how to obtain
-existing content in a way of decomposing those into layers, this change
-just makes the current code working at the expense of making it worse to
-maintain.
----
- org_fedora_oscap/content_discovery.py | 34 ++++++++++++++++++---------
- org_fedora_oscap/service/kickstart.py | 10 +++++++-
- tests/test_content_discovery.py       | 21 +++++++++++++++++
- 3 files changed, 53 insertions(+), 12 deletions(-)
-
-diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
-index 4235af7c..ebef618e 100644
---- a/org_fedora_oscap/content_discovery.py
-+++ b/org_fedora_oscap/content_discovery.py
-@@ -46,6 +46,14 @@ def clear_all(data):
-     data.dry_run = False
- 
- 
-+def path_is_present_among_paths(path, paths):
-+    absolute_path = os.path.abspath(path)
-+    for second_path in paths:
-+        if absolute_path == os.path.abspath(second_path):
-+            return True
-+    return False
-+
-+
- class ContentBringer:
-     CONTENT_DOWNLOAD_LOCATION = pathlib.Path(common.INSTALLATION_CONTENT_DIR)
-     DEFAULT_SSG_DATA_STREAM_PATH = f"{common.SSG_DIR}/{common.SSG_CONTENT}"
-@@ -194,7 +202,7 @@ def _verify_fingerprint(self, dest_filename, fingerprint=""):
-         log.info(f"Integrity check passed using {hash_obj.name} hash")
- 
-     def allow_one_expected_tailoring_or_no_tailoring(self, labelled_files):
--        expected_tailoring = self._addon_data.tailoring_path
-+        expected_tailoring = common.get_preinst_tailoring_path(self._addon_data)
-         tailoring_label = CONTENT_TYPES["TAILORING"]
-         if expected_tailoring:
-             labelled_files = self.reduce_files(labelled_files, expected_tailoring, [tailoring_label])
-@@ -206,7 +214,7 @@ def allow_one_expected_tailoring_or_no_tailoring(self, labelled_files):
-         return labelled_files
- 
-     def filter_discovered_content(self, labelled_files):
--        expected_path = self._addon_data.content_path
-+        expected_path = common.get_preinst_content_path(self._addon_data)
-         categories = (CONTENT_TYPES["DATASTREAM"], CONTENT_TYPES["XCCDF_CHECKLIST"])
-         if expected_path:
-             labelled_files = self.reduce_files(labelled_files, expected_path, categories)
-@@ -222,7 +230,7 @@ def filter_discovered_content(self, labelled_files):
- 
-     def reduce_files(self, labelled_files, expected_path, categories):
-         reduced_files = dict()
--        if expected_path not in labelled_files:
-+        if not path_is_present_among_paths(expected_path, labelled_files.keys()):
-             msg = (
-                 f"Expected a file {expected_path} to be part of the supplied content, "
-                 f"but it was not the case, got only {list(labelled_files.keys())}"
-@@ -253,13 +261,9 @@ def _finish_actual_fetch(self, wait_for, fingerprint, report_callback, dest_file
-             structured_content.add_content_archive(dest_filename)
- 
-         labelled_filenames = content_handling.identify_files(fpaths)
--        labelled_relative_filenames = {
--            os.path.relpath(path, self.CONTENT_DOWNLOAD_LOCATION): label
--            for path, label in labelled_filenames.items()}
--        labelled_relative_filenames = self.filter_discovered_content(labelled_relative_filenames)
-+        labelled_filenames = self.filter_discovered_content(labelled_filenames)
- 
--        for rel_fname, label in labelled_relative_filenames.items():
--            fname = self.CONTENT_DOWNLOAD_LOCATION / rel_fname
-+        for fname, label in labelled_filenames.items():
-             structured_content.add_file(str(fname), label)
- 
-         if fingerprint and dest_filename:
-@@ -303,11 +307,18 @@ def use_downloaded_content(self, content):
-         # We know that we have ended up with a datastream-like content,
-         # but if we can't convert an archive to a datastream.
-         # self._addon_data.content_type = "datastream"
--        self._addon_data.content_path = str(preferred_content.relative_to(content.root))
-+        content_type = self._addon_data.content_type
-+        if content_type in ("archive", "rpm"):
-+            self._addon_data.content_path = str(preferred_content.relative_to(content.root))
-+        else:
-+            self._addon_data.content_path = str(preferred_content)
- 
-         preferred_tailoring = self.get_preferred_tailoring(content)
-         if content.tailoring:
--            self._addon_data.tailoring_path = str(preferred_tailoring.relative_to(content.root))
-+            if content_type in ("archive", "rpm"):
-+                self._addon_data.tailoring_path = str(preferred_tailoring.relative_to(content.root))
-+            else:
-+                self._addon_data.tailoring_path = str(preferred_tailoring)
- 
-     def use_system_content(self, content=None):
-         clear_all(self._addon_data)
-@@ -403,6 +414,7 @@ def _xccdf_content(self):
- 
-     def find_expected_usable_content(self, relative_expected_content_path):
-         content_path = self.root / relative_expected_content_path
-+        content_path = content_path.resolve()
-         eligible_main_content = (self._datastream_content(), self._xccdf_content())
- 
-         if content_path in eligible_main_content:
-diff --git a/org_fedora_oscap/service/kickstart.py b/org_fedora_oscap/service/kickstart.py
-index ce049d1b..6698978a 100644
---- a/org_fedora_oscap/service/kickstart.py
-+++ b/org_fedora_oscap/service/kickstart.py
-@@ -17,6 +17,7 @@
- #
- import logging
- import re
-+import os
- 
- from pyanaconda.core.kickstart import KickstartSpecification
- from pyanaconda.core.kickstart.addon import AddonData
-@@ -146,7 +147,14 @@ def _parse_profile_id(self, value):
-         self.policy_data.profile_id = value
- 
-     def _parse_content_path(self, value):
--        # need to be checked?
-+        absolute_content_path_in_archive_like_file = (
-+            self.policy_data.content_type in ("archive", "rpm")
-+            and os.path.isabs(value))
-+        if absolute_content_path_in_archive_like_file:
-+            msg = (
-+                "When using archives-like content input, the corresponding content path "
-+                "has to be relative, but got '{value}'.")
-+            raise KickstartValueError(msg)
-         self.policy_data.content_path = value
- 
-     def _parse_cpe_path(self, value):
-diff --git a/tests/test_content_discovery.py b/tests/test_content_discovery.py
-index 5463c9a5..d6e14d9f 100644
---- a/tests/test_content_discovery.py
-+++ b/tests/test_content_discovery.py
-@@ -1,3 +1,5 @@
-+import os
-+
- import pytest
- 
- import org_fedora_oscap.content_discovery as tested_module
-@@ -46,3 +48,22 @@ def test_reduce(labelled_files):
- 
-     reduced = bringer.reduce_files(labelled_files, "cpe", ["C"])
-     assert reduced == labelled_files
-+
-+
-+def test_path_presence_detection():
-+    list_of_paths = ["file1", os.path.abspath("file2"), os.path.abspath("dir///file3")]
-+
-+    list_of_paths_in_list = [
-+        "file1", os.path.abspath("file1"), "./file1",
-+        "file2", "dir/..//file2",
-+        "dir/../dir/file3", "dir/file3",
-+    ]
-+    list_of_paths_not_in_list = [
-+        "../file1", "file3"
-+    ]
-+
-+    for path in list_of_paths_in_list:
-+        assert tested_module.path_is_present_among_paths(path, list_of_paths)
-+
-+    for path in list_of_paths_not_in_list:
-+        assert not tested_module.path_is_present_among_paths(path, list_of_paths)
-
-From 9808e21ff4e6a4ce878d556f26cfddede04c870f Mon Sep 17 00:00:00 2001
-From: Matej Tyc <matyc@redhat.com>
-Date: Wed, 16 Nov 2022 15:35:09 +0100
-Subject: [PATCH 2/3] Compare paths according to their equivalence
-
-not according their arbitrary string form
----
- org_fedora_oscap/content_discovery.py | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
-index ebef618e..9da44e73 100644
---- a/org_fedora_oscap/content_discovery.py
-+++ b/org_fedora_oscap/content_discovery.py
-@@ -46,10 +46,14 @@ def clear_all(data):
-     data.dry_run = False
- 
- 
-+def paths_are_equivalent(p1, p2):
-+    return os.path.abspath(p1) == os.path.abspath(p2)
-+
-+
- def path_is_present_among_paths(path, paths):
-     absolute_path = os.path.abspath(path)
-     for second_path in paths:
--        if absolute_path == os.path.abspath(second_path):
-+        if paths_are_equivalent(path, second_path):
-             return True
-     return False
- 
-@@ -237,7 +241,7 @@ def reduce_files(self, labelled_files, expected_path, categories):
-             )
-             raise RuntimeError(msg)
-         for path, label in labelled_files.items():
--            if label in categories and path != expected_path:
-+            if label in categories and not paths_are_equivalent(path, expected_path):
-                 continue
-             reduced_files[path] = label
-         return reduced_files
-
-From b422abba29a9304225c97e79945cf0f1a21de810 Mon Sep 17 00:00:00 2001
-From: Matej Tyc <matyc@redhat.com>
-Date: Tue, 22 Nov 2022 15:44:13 +0100
-Subject: [PATCH 3/3] Fix tests when relative content paths are enforced
-
----
- org_fedora_oscap/content_discovery.py    |  2 +-
- org_fedora_oscap/service/installation.py |  7 ++++++-
- tests/test_content_discovery.py          |  3 ++-
- tests/test_installation.py               |  2 +-
- tests/test_kickstart.py                  |  6 +++---
- tests/test_service_kickstart.py          | 19 +++++++++++++++----
- 6 files changed, 28 insertions(+), 11 deletions(-)
-
-diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
-index 9da44e73..61c49307 100644
---- a/org_fedora_oscap/content_discovery.py
-+++ b/org_fedora_oscap/content_discovery.py
-@@ -239,7 +239,7 @@ def reduce_files(self, labelled_files, expected_path, categories):
-                 f"Expected a file {expected_path} to be part of the supplied content, "
-                 f"but it was not the case, got only {list(labelled_files.keys())}"
-             )
--            raise RuntimeError(msg)
-+            raise content_handling.ContentHandlingError(msg)
-         for path, label in labelled_files.items():
-             if label in categories and not paths_are_equivalent(path, expected_path):
-                 continue
-diff --git a/org_fedora_oscap/service/installation.py b/org_fedora_oscap/service/installation.py
-index f6674794..5ca102c0 100644
---- a/org_fedora_oscap/service/installation.py
-+++ b/org_fedora_oscap/service/installation.py
-@@ -23,10 +23,11 @@
- from pyanaconda.core import util
- from pyanaconda.modules.common.task import Task
- from pyanaconda.modules.common.errors.installation import NonCriticalInstallationError
-+from pykickstart.errors import KickstartValueError
- 
- from org_fedora_oscap import common, data_fetch, rule_handling, utils
- from org_fedora_oscap.common import _, get_packages_data, set_packages_data
--from org_fedora_oscap.content_handling import ContentCheckError
-+from org_fedora_oscap.content_handling import ContentCheckError, ContentHandlingError
- from org_fedora_oscap import content_discovery
- 
- log = logging.getLogger("anaconda")
-@@ -48,6 +49,10 @@ def _handle_error(exception):
-         msg = _("There was an error fetching and loading the security content:\n" +
-                 f"{str(exception)}")
-         terminate(msg)
-+    elif isinstance(exception, ContentHandlingError):
-+        msg = _("There was a problem with the supplied security content:\n" +
-+                f"{str(exception)}")
-+        terminate(msg)
- 
-     else:
-         msg = _("There was an unexpected problem with the supplied content.")
-diff --git a/tests/test_content_discovery.py b/tests/test_content_discovery.py
-index d6e14d9f..d664edee 100644
---- a/tests/test_content_discovery.py
-+++ b/tests/test_content_discovery.py
-@@ -3,6 +3,7 @@
- import pytest
- 
- import org_fedora_oscap.content_discovery as tested_module
-+from org_fedora_oscap import content_handling
- 
- 
- @pytest.fixture
-@@ -43,7 +44,7 @@ def test_reduce(labelled_files):
-     assert len(reduced) == len(labelled_files) - d_count - x_count + 1
-     assert "dir/XCCDF" in reduced
- 
--    with pytest.raises(RuntimeError, match="dir/datastream4"):
-+    with pytest.raises(content_handling.ContentHandlingError, match="dir/datastream4"):
-         bringer.reduce_files(labelled_files, "dir/datastream4", ["D"])
- 
-     reduced = bringer.reduce_files(labelled_files, "cpe", ["C"])
-diff --git a/tests/test_installation.py b/tests/test_installation.py
-index 302f5ed3..2cf78db1 100644
---- a/tests/test_installation.py
-+++ b/tests/test_installation.py
-@@ -76,7 +76,7 @@ def test_fetch_content_task(caplog, file_path, content_path):
- 
-     assert task.name == "Fetch the content, and optionally perform check or archive extraction"
- 
--    with pytest.raises(NonCriticalInstallationError, match="Couldn't find a valid datastream"):
-+    with pytest.raises(NonCriticalInstallationError, match="Expected a file"):
-         task.run()
- 
- 
-diff --git a/tests/test_kickstart.py b/tests/test_kickstart.py
-index d4cfda23..60fe63d8 100644
---- a/tests/test_kickstart.py
-+++ b/tests/test_kickstart.py
-@@ -160,7 +160,7 @@ def test_rpm(service):
-         content-url = http://example.com/oscap_content.rpm
-         content-type = RPM
-         profile = Web Server
--        xccdf-path = /usr/share/oscap/xccdf.xml
-+        xccdf-path = usr/share/oscap/xccdf.xml
-     %end
-     """
-     check_ks_input(service, ks_in)
-@@ -169,7 +169,7 @@ def test_rpm(service):
-     %addon com_redhat_oscap
-         content-type = rpm
-         content-url = http://example.com/oscap_content.rpm
--        content-path = /usr/share/oscap/xccdf.xml
-+        content-path = usr/share/oscap/xccdf.xml
-         profile = Web Server
-     %end
-     """
-@@ -195,7 +195,7 @@ def test_rpm_with_wrong_suffix(service):
-         content-url = http://example.com/oscap_content.xml
-         content-type = RPM
-         profile = Web Server
--        xccdf-path = /usr/share/oscap/xccdf.xml
-+        xccdf-path = usr/share/oscap/xccdf.xml
-     %end
-     """
-     check_ks_input(service, ks_in, errors=[

oscap-anaconda-addon-2.1.0-unified_help-PR_192.patch

@@ -1,52 +0,0 @@
-From 3d7a943969d542392134f55078eadb0793b094dc Mon Sep 17 00:00:00 2001
-From: Vendula Poncova <vponcova@redhat.com>
-Date: Wed, 22 Sep 2021 17:52:03 +0200
-Subject: [PATCH 1/2] Specify a unique screen id
-
-All spokes and hubs should provide a unique id.
----
- org_fedora_oscap/gui/spokes/oscap.py | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
-index fe26076..44c7ced 100644
---- a/org_fedora_oscap/gui/spokes/oscap.py
-+++ b/org_fedora_oscap/gui/spokes/oscap.py
-@@ -204,6 +204,11 @@ class OSCAPSpoke(NormalSpoke):
-     # as it is displayed inside the spoke as the spoke label,
-     # and spoke labels are all uppercase by a convention.
- 
-+    @staticmethod
-+    def get_screen_id():
-+        """Return a unique id of this UI screen."""
-+        return "security-policy-selection"
-+
-     @classmethod
-     def should_run(cls, environment, data):
-         return is_module_available(OSCAP)
-
-From ae9fdc9e6e189db215aeb39f2881311e5281587b Mon Sep 17 00:00:00 2001
-From: Vendula Poncova <vponcova@redhat.com>
-Date: Wed, 22 Sep 2021 17:52:51 +0200
-Subject: [PATCH 2/2] Remove the help_id attribute
-
-The help_id attribute is no longer used. Specify a screen id
-or redefine the help handler to provide the built-in help.
----
- org_fedora_oscap/gui/spokes/oscap.py | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
-index 44c7ced..6d0aa5c 100644
---- a/org_fedora_oscap/gui/spokes/oscap.py
-+++ b/org_fedora_oscap/gui/spokes/oscap.py
-@@ -185,9 +185,6 @@ class OSCAPSpoke(NormalSpoke):
-     # name of the .glade file in the same directory as this source
-     uiFile = "oscap.glade"
- 
--    # id of the help content for this spoke
--    help_id = "SecurityPolicySpoke"
--
-     # domain of oscap-anaconda-addon translations
-     translationDomain = "oscap-anaconda-addon"
- 

oscap-anaconda-addon.spec

@@ -1,331 +0,0 @@
-%if 0%{?rhel} == 8
-%define anaconda_core_version 33
-%endif
-%if 0%{?rhel} == 9
-%define anaconda_core_version 34
-%endif
-%if 0%{?fedora}
-%define anaconda_core_version %{fedora}
-%endif
-
-Name:           oscap-anaconda-addon
-Version:        2.0.0
-Release:        19%{?dist}
-Summary:        Anaconda addon integrating OpenSCAP to the installation process
-
-License:        GPLv2+
-URL:            https://github.com/OpenSCAP/oscap-anaconda-addon
-
-Source0:        https://github.com/OpenSCAP/oscap-anaconda-addon/releases/download/r%{version}/%{name}-%{version}.tar.gz
-# TODO: Remove when the fixed upstream release contains dbus service data
-Source1:        addon-dbus-data.zip
-
-Patch1: 	lang.patch
-Patch2: 	oscap-anaconda-addon-2.0.1-various_bugfixes-PR_166.patch
-Patch3: 	oscap-anaconda-addon-2.0.1-fix_archive_handling-PR_170.patch
-Patch4: 	oscap-anaconda-addon-2.0.1-fix_no_hardening-PR_176.patch
-Patch5: 	oscap-anaconda-addon-2.0.1-fix_fingerprint-PR_177.patch
-Patch6: 	oscap-anaconda-addon-2.0.1-rhel9_tailoring_fix-PR_180.patch
-Patch7: 	oscap-anaconda-addon-1.2.2-dbus_show_integration-PR_182.patch
-Patch8: 	oscap-anaconda-addon-2.1.0-unified_help-PR_192.patch
-Patch9: 	oscap-anaconda-addon-2.0.1-absent_appstream-PR_185.patch
-Patch10: 	oscap-anaconda-addon-2.0.1-fix_strings-PR_207.patch
-Patch11: 	oscap-anaconda-addon-2.1.0-clicking_fix-PR_223.patch
-Patch12: 	oscap-anaconda-addon-2.1.0-archive_handling-PR_224.patch
-Patch13: 	oscap-anaconda-addon-2.1.0-content_paths-PR_227.patch
-Patch14: 	oscap-anaconda-addon-null-http_only_uri-PR_233.patch
-Patch15: 	oscap-anaconda-addon-2.0.1-tar-extraction-PR_250.patch
-Patch16: 	oscap-anaconda-addon-2.0.1-package-groups-PR_248.patch
-Patch17: 	oscap-anaconda-addon-2.0.1-fix_fips_hashes_PR_255.patch
-
-BuildArch:      noarch
-BuildRequires:  make
-BuildRequires:  gettext
-BuildRequires:  python3-devel
-BuildRequires:  python3-pycurl
-BuildRequires:  openscap openscap-utils openscap-python3
-BuildRequires:  anaconda-core >= %{anaconda_core_version}
-Requires:       anaconda-core >= %{anaconda_core_version}
-Requires:       python3-pycurl
-Requires:       python3-kickstart
-Requires:       openscap openscap-utils openscap-python3
-Requires:       scap-security-guide
-
-%description
-This is an addon that integrates OpenSCAP utilities with the Anaconda installer
-and allows installation of systems following restrictions given by a SCAP
-content.
-
-%prep
-%autosetup -p1
-unzip %{_sourcedir}/addon-dbus-data.zip
-
-%build
-
-%check
-
-%install
-make install DESTDIR=%{buildroot}
-%find_lang %{name}
-
-%files -f %{name}.lang
-%{_datadir}/anaconda/addons/org_fedora_oscap
-%{_datadir}/anaconda/dbus/confs/org.fedoraproject.Anaconda.Addons.OSCAP.conf
-%{_datadir}/anaconda/dbus/services/org.fedoraproject.Anaconda.Addons.OSCAP.service
-
-%doc COPYING ChangeLog README.md
-
-%changelog
-* Mon Oct 21 2024 Evgenii Kolesnikov <ekolesni@redhat.com> - 2.0.0-19
-- Add missing chunk for PR_227 patch file (RHEL-40367)
-
-* Mon Oct 14 2024 Evgenii Kolesnikov <ekolesni@redhat.com> - 2.0.0-18
-- Fix checksums in FIPS mode (RHEL-40367)
-
-* Wed Jul 19 2023 Jan Černý <jcerny@redhat.com> - 2.0.0-17
-- Update translations (rhbz#2189526)
-- Fix tar file extraction (rhbz#2218875)
-- Fix conflict of tftp package with "network servers" group (rhbz#2172264)
-
-* Wed Feb 08 2023 Matej Tyc <matyc@redhat.com> - 2.0.0-16
-- Update translations
-  Resolves: rhbz#2139667
-  Resolves: rhbz#2150877
-
-* Mon Jan 23 2023 Matej Tyc <matyc@redhat.com> - 2.0.0-15
-- Fix a reaction to invalid content URI
-  Resolves: rhbz#2148508
-
-* Fri Nov 25 2022 Matej Tyc <matyc@redhat.com> - 2.0.0-14
-- Fix regression introduced when fixing content archive input
-  Resolves: rhbz#2129008
-
-* Fri Nov 11 2022 Matej Tyc <matyc@redhat.com> - 2.0.0-13
-- Fix problems with handling multi-datastream archives
-  Resolves: rhbz#2129846
-- Fix a crash when compulsively clicking in the GUI
-  Resolves: rhbz#2127502
-
-* Fri Jun 10 2022 Matej Tyc <matyc@redhat.com> - 2.0.0-12
-- Remove the firstboot remediation feature completely.
-  We can't have it, while maintaining the standard UX.
-  Resolves: rhbz#2065751
-
-* Wed Jun 01 2022 Matej Tyc <matyc@redhat.com> - 2.0.0-11
-- Remove the redundant dependency on oscap-utils
-  Resolves: rhbz#2086822
-
-* Wed May 18 2022 Matej Tyc <matyc@redhat.com> - 2.0.0-10
-- Fix strings, so they are translatable, and update translations
-  Resolves: rhbz#2081268
-
-* Mon Mar 21 2022 Matej Tyc <matyc@redhat.com> - 2.0.0-9
-- Introduce the firstboot remediation
-  Resolves: rhbz#1999587
-- Add better error handling of installation using unsupported installation sources
-  Resolves: rhbz#2042334
-
-* Mon Jan 24 2022 Matej Tyc <matyc@redhat.com> - 2.0.0-8
-- Introduce unified help support
-  Resolves: rhbz#2043512
-- Update translations
-  Resolves: rhbz#2017374
-
-* Mon Dec 13 2021 Matej Tyc <matyc@redhat.com> - 2.0.0-7
-- Don't show the OSCAP spoke if the OSCAP DBus module is disabled
-  Resolves: rhbz#2018954
-
-* Thu Nov 25 2021 Matej Tyc <matyc@redhat.com> - 2.0.0-6
-- Fix handling of tailoring in RHEL9
-  Resolves: rhbz#1996129
-
-* Wed Nov 10 2021 Matej Tyc <matyc@redhat.com> - 2.0.0-5
-- Fix handling of content archives
-  Resolves: rhbz#1996129
-- Fix handling of content fingerprint
-  Resolves: rhbz#1993065
-- Fix crash when a previously selected hardening has been cancelled
-  Resolves: rhbz#2014108
-- Pull latest translations
-
-* Fri Aug 20 2021 Matej Tyc <matyc@redhat.com> - 2.0.0-4
-- Update translations
-  Resolves: rhbz#1962112
-
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.0-3
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
-
-* Tue Aug 03 2021 Matej Tyc <matyc@redhat.com> - 2.0.0-2
-- Fix issues with locally installed content and labelling of discovered content.
-- Resolves: rhbz#1989434
-
-* Fri Jul 02 2021 Matej Tyc <matyc@redhat.com> - 2.0.0-1
-- Rebase to the 2.0.0 upstream release.
-- Remove the cpio dependency which is not needed any more.
-
-* Wed Jun 23 2021 Jan Černý <jcerny@redhat.com> - 1.0-11
-- Rebuild after test config change in test.yml
-
-* Mon Jun 14 2021 Matej Tyc <matyc@redhat.com> - 1.0-10
-- Unified the spec file with the Fedora one.
-- Removed unwanted dependencies.
-- nose is not needed for a long time.
-- mock has been moved into the Python standard library, so it is also not needed.
-
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.0-9
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Mon Aug 12 2019 Matěj Týč <matyc@redhat.com> - 1.0-5
-- Disabled execution of tests, as they are not meant to be executed in the build environment.
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Tue Jul 03 2018 Matěj Týč <matyc@redhat.com> - 1.0-1
-- Rebased to upstream version 1.0
-- Python3 support, anaconda 28 support.
-
-* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.7-7
-- Escape macros in %%changelog
-
-* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.7-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Wed Jan 07 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-1
-- Adapt to changes in Anaconda
-- Define name of the spoke window
-- Set fetching flag to False when extraction error happens
-- Remove code that was pushed to the anaconda's sources
-
-* Fri Feb 28 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.6-2
-- Rebuild with building issues fixed
-
-* Fri Feb 28 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.6-1
-- Getting status needs to run in the main thread
-- Grab focus for the URL entry after switching notebook page
-- Clear rule data when unselecting profile
-- Update message as part of the initialization
-- Add BuildRequires: gettext
-- Include translations in the tarball and RPM
-
-* Fri Feb 28 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.5-1
-- Allow users to change content
-- Show and hide control buttons properly
-- Fix sensitivity of the URL entry and fetch button
-- Add the button allowing users to use SSG content if available
-- Fix listing python sources when creating potfile and regenerate it
-- Omit the %%addon section from kickstart in dry-run mode
-- Implement the dry-run mode in the GUI (trac#2)
-- Add UI elements for content changing and dry-run mode
-- Check content_defined instead of content_url in the GUI code
-- First select the profile, then update the message store
-- Remove unused import
-- Ignore some more temporary/backup files
-- If no content is specified and SSG is available, use it
-- New special content type -- SCAP Security Guide
-- Fix name of the property used when doing fingerprint check
-- Get rid of an unused variable
-- Fix data fetch locking to work properly with kickstart installations
-- Use 'anonymous:' if no username and password is given for FTP
-- Initial version of the translations template file
-- First steps to dry-run mode
-- Fix main notebook tabs
-- Make translations work
-- Manipulation with the i18n related files
-- If no profile is given, default to default
-- Ignore updates.img and its auxiliary directory
-- Catch only fetching errors from the fetching thread
-- Do not allow multiple simultaneous fetches/initializations
-- Prevent user from changing the URL while we try to fetch from it
-- Add support for the Default profile
-- Support FTP as a content source (#1050980)
-- React properly on archive extraction failure
-- Refactor the code pre-processing the fetched content
-- Unify exceptions from archive extraction
-- Make pylint check mandatory to pass
-- Support for hash based content integrity checking
-
-* Tue Jan 14 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.4-1
-- Beware of running Gtk actions from a non-main thread
-- Fix path to the tailoring file when getting rules
-- A git hook for running tests when pushing
-- Inform user if no profile is selected
-- Visually mark the selected profile
-- Better UX with content URL entry and progress label
-- React on invalid content properly (#1032846)
-- Stop spinner when data fetching is finished
-- Make the data fetching thread non-fatal (#1049989)
-- Exit code 2 from the oscap tool is not an error for us (#1050913)
-- Be ready to work with archives/RPMs containing data streams
-- Add unit tests for the keep_type_map function
-- Add support for namedtuples to keep_type_map
-- Add target for running pylint check
-- Add target for running just unittests
-- On the way to tailoring
-- Tests for kickstart XCCDF tailoring handling
-- Kickstart support for XCCDF tailoring
-- Check session validity also when using XCCDF benchmark
-
-* Tue Dec 10 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.3-1
-- Implement and use our own better function for joining paths
-- The content entry should have focus if there is no content
-- RPM is just a weird archive in the pre-installation phase
-- Ignore RPM files as well
-- Adapt tests to dir constants now ending with "/"
-- CpioArchive cannot be created from a piped output
-- Fix namespace definitions in the testing XCCDF file
-- Prevent putting None into xccdf_session_is_sds
-- Fix the __all__ variable in the common module
-- Strip content dir prefix when setting xccdf/cpe paths
-- Inform user we now support archive URLs as well
-- Ignore various file types in the git repository
-- Try to find content files in the fetched archive or RPM
-- Run pylint -E as part of the test target
-- Return list of extracted files/directories when extracting archive
-- Do not try to search for empty file paths in archives
-- Properly set the content type based on the URL's suffix
-- Switch profiles on double-click
-- Hook urlEntry's activate signal to fetchButton click
-- Save the spoke's glade file with a new Glade
-- The addon now requires the python-cpio package
-- Use really_hide for the UI elements for datastream-id and xccdf-id
-- Support for RPM content in the GUI spoke
-- RPM content support for kickstart processing
-- Add property for the raw post-installation content path
-- Make content type case insensitive
-- Rest of the code needed for RPM extraction
-- Actually look for the file path in entry names
-- Basic stuff needed for the RPM content support
-- Run tests in paralel
-- Specify files in a better way in spec
-
-* Mon Oct 21 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.2-1
-- Initial RPM for the oscap-anaconda-addon

sources

@@ -1,2 +0,0 @@
-SHA512 (oscap-anaconda-addon-2.0.0.tar.gz) = 39d8692e8904cfd6e0b2b00e5081805977f4510154315be22732b8b31a42e65ed8a11dc2711f5ad5d4964bb1728521ce472ac208852f6a2373be45903a8d5611
-SHA512 (addon-dbus-data.zip) = 2a618f6084f4dd5571d5c2aa22f7c7316e0e2de8a61c8eb13a9127f8726655e3d173d71c74ee7aa305d046a70f030ed07be8405debeb5fd0e8b6a40f081acf71

tests/Sanity/dir-install/Makefile

@@ -1,64 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /Sanity/dir-install
-#   Description: Install using OAA into a directory, check that the results file from the final scan contains FIXED results, which proves that remediations were executed.
-#   Author: Matej Tyc <matyc@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2019 Red Hat, Inc.
-#
-#   This program is free software: you can redistribute it and/or
-#   modify it under the terms of the GNU General Public License as
-#   published by the Free Software Foundation, either version 2 of
-#   the License, or (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE.  See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program. If not, see http://www.gnu.org/licenses/.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/Sanity/dir-install
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE kickstart.cfg test-ds.xml
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Matej Tyc <matyc@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     Install using OAA into a directory, check that the results file from the final scan contains FIXED results, which proves that remediations were executed." >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        1h" >> $(METADATA)
-	@echo "RunFor:          oscap-anaconda-addon" >> $(METADATA)
-	@echo "Requires:        oscap-anaconda-addon" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2+" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Bug:             1653915" >> $(METADATA)
-	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
-
-	rhts-lint $(METADATA)

tests/Sanity/dir-install/PURPOSE

@@ -1,3 +0,0 @@
-PURPOSE of /Sanity/dir-install
-Description: Install using OAA into a directory, check that the results file from the final scan contains FIXED results, which proves that remediations were executed.
-Author: Matej Tyc <matyc@redhat.com>

tests/Sanity/dir-install/kickstart.cfg

@@ -1,37 +0,0 @@
-lang en_US
-keyboard us
-timezone --utc America/New_York
-reboot
-url --url=@BASEOS_HTTP@
-bootloader --location=mbr --append="rhgb quiet crashkernel=auto"
-zerombr
-clearpart --all --initlabel
-autopart
-authselect --passalgo=sha512 --useshadow
-selinux --enforcing
-firewall --enabled --ssh
-skipx
-firstboot --disable
-repo --name=appstream --baseurl=@APPSTREAM_HTTP@
-
-# Set the system's root password (required)
-# Plaintext password is: server
-# Refer to e.g. http://fedoraproject.org/wiki/Anaconda/Kickstart#rootpw to see how to create
-# encrypted password form for different plaintext password
-rootpw --iscrypted $6$rhel6usgcb$aS6oPGXcPKp3OtFArSrhRwu6sN8q2.yEGY7AIwDOQd23YCtiz9c5mXbid1BzX9bmXTEZi.hCzTEXFosVBI5ng0
-
-# The selected profile will restrict root login
-# Add a user that can login and escalate privileges
-# Plaintext password is: admin123
-user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
-
-# Packages selection (%packages section is required)
-%packages
-openscap-scanner
-%end
-
-%addon org_fedora_oscap
-    content-type = datastream
-    content-url = http://localhost:8000/test-ds.xml
-    profile = xccdf_org.ssgproject.content_profile_standard
-%end

tests/Sanity/dir-install/runtest.sh

@@ -1,80 +0,0 @@
-#!/bin/bash
-# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /Sanity/dir-install
-#   Description: Install using OAA into a directory, check that the results file from the final scan contains FIXED results, which proves that remediations were executed.
-#   Author: Matej Tyc <matyc@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2019 Red Hat, Inc.
-#
-#   This program is free software: you can redistribute it and/or
-#   modify it under the terms of the GNU General Public License as
-#   published by the Free Software Foundation, either version 2 of
-#   the License, or (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE.  See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program. If not, see http://www.gnu.org/licenses/.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="oscap-anaconda-addon"
-KS=`pwd`/kickstart.cfg
-INSTALLDIR=`pwd`/install
-
-
-function get_fedora_repo_url {
-    local rawhide_repo="/etc/yum.repos.d/fedora-rawhide.repo"
-
-    if [ -f "$rawhide_repo" ]; then
-        dnf repoinfo rawhide 2>/dev/null | grep -i "baseurl" | awk '{print $3}'
-    else
-        dnf repoinfo fedora 2>/dev/null | grep -i "baseurl" | awk '{print $3}'
-    fi
-}
-
-
-# $1: Channel (baseos|appstream)
-function get_rhel_repo_url {
-	grep -Ri "baseurl=.*$1.*/os" /etc/yum.repos.d/ | sed -e 's/.*baseurl=//' | head -n 1
-}
-
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm "$PACKAGE"
-        if rlIsRHEL; then
-            baseos_url=$(get_rhel_repo_url baseos)
-            appstream_url=$(get_rhel_repo_url appstream)
-            rlRun "sed -i 's|@BASEOS_HTTP@|$baseos_url|' $KS"
-            rlRun "sed -i 's|@APPSTREAM_HTTP@|$appstream_url|' $KS"
-        else
-            baseos_url=$(get_fedora_repo_url)
-            rlRun "sed -i 's|@BASEOS_HTTP@|$baseos_url|' $KS"
-            rlRun "sed -i '/^.*@APPSTREAM_HTTP@.*$/d' $KS"
-        fi
-        python3 -m http.server &
-        server_pid=$!
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        rlRun "mkdir install" 0 "Making install directory"
-        rlRun "anaconda --dirinstall $INSTALLDIR --kickstart $KS" 0 "Installing into a directory"
-        rlRun "test -f $INSTALLDIR/rh_baseos_test" 0 "Make sure that rh_baseos_test exists in the root of the installed system"
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-       rlRun "kill $server_pid" 0 "Terminating the Python server that serves the datastream"
-       rlRun "rm -rf $INSTALLDIR" 0 "Remove the directory with the system installation"
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd

tests/Sanity/dir-install/test-ds.xml

@@ -1,55 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<ds:data-stream-collection xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog" id="scap_org.open-scap_collection_from_xccdf_xccdf.xml" schematron-version="1.2"><ds:data-stream id="scap_org.open-scap_datastream_from_xccdf_xccdf.xml" scap-version="1.2" use-case="OTHER"><ds:checklists><ds:component-ref id="scap_org.open-scap_cref_xccdf.xml" xlink:href="#scap_org.open-scap_comp_xccdf.xml"><cat:catalog><cat:uri name="oval.xml" uri="#scap_org.open-scap_cref_oval.xml"/></cat:catalog></ds:component-ref></ds:checklists><ds:checks><ds:component-ref id="scap_org.open-scap_cref_oval.xml" xlink:href="#scap_org.open-scap_comp_oval.xml"/></ds:checks></ds:data-stream><ds:component id="scap_org.open-scap_comp_oval.xml" timestamp="2016-09-07T20:50:46"><oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:unix="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:linux="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd">
-  <generator>
-    <oval:schema_version>5.10</oval:schema_version>
-    <oval:timestamp>0001-01-01T00:00:00+00:00</oval:timestamp>
-  </generator>
-
-  <definitions>
-    <definition class="compliance" version="1" id="oval:x:def:1">
-      <metadata>
-        <title>x</title>
-        <description>x</description>
-        <affected family="unix">
-          <platform>Minimal test environment</platform>
-        </affected>
-      </metadata>
-      <criteria>
-        <criterion test_ref="oval:x:tst:1" comment="always pass"/>
-      </criteria>
-    </definition>
-  </definitions>
-
-
-  <tests>
-    <unix:file_test id="oval:x:tst:1" version="1" check="all" check_existence="all_exist" comment="check presence of file">
-      <unix:object object_ref="oval:x:obj:1"/>
-    </unix:file_test>
-  </tests>
-
-  <objects>
-    <unix:file_object id="oval:x:obj:1" version="1">
-      <unix:filepath>/rh_baseos_test</unix:filepath>
-    </unix:file_object>
-  </objects>
-
-</oval_definitions></ds:component><ds:component id="scap_org.open-scap_comp_xccdf.xml" timestamp="2016-09-07T21:00:59"><Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" id="xccdf_test_benchmark_container">
-  <status>incomplete</status>
-  <platform idref="cpe:/o:fedoraproject:fedora"/>
-  <platform idref="cpe:/o:redhat:enterprise_linux"/>
-  <version>1.0</version>
-  <model system="urn:xccdf:scoring:default"/>
-  <Profile id="xccdf_org.ssgproject.content_profile_standard">
-    <title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Dummy standard profile</title>
-    <select idref="xccdf_test_rule_check_test_file" selected="true"/>
-  </Profile>
-
-  <Rule selected="true" id="xccdf_test_rule_check_test_file">
-    <fix id="check_test_file" system="urn:xccdf:fix:script:sh" complexity="low" disruption="low" strategy="configure">
-touch /rh_baseos_test
-    </fix>
-    <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-      <check-content-ref href="oval.xml" name="oval:x:def:1"/>
-    </check>
-  </Rule>
-</Benchmark></ds:component></ds:data-stream-collection>

tests/tests.yml

@@ -1,27 +0,0 @@
----
-- hosts: localhost
-  roles:
-  - role: standard-test-source
-    tags:
-    - always
-
-  - role: standard-test-basic
-    tags:
-    - classic
-    required_packages:
-    - "python3-pytest"
-    - "anaconda"
-    tests:
-    - smoke:
-        run: "PYTHONPATH=/usr/share/anaconda/addons py.test-3 ."
-        dir: "./source/tests"
-
-  - role: standard-test-beakerlib
-    tags:
-    - classic
-    required_packages:
-    - "python3-pytest"  # Not needed for this test, it is just a temp workaround for an Ansible bug https://github.com/ansible/ansible/issues/57365
-    - "anaconda"
-    tests:
-    - Sanity/dir-install:
-        timeout: 1h