52cb2c7ea6
- Introduce the firstboot remediation to remediate services-related rules correctly - Add better error handling of installation using unsupported installation sources Resolves: rhbz#2042334 Resolves: rhbz#1999587
73 lines
2.8 KiB
Diff
73 lines
2.8 KiB
Diff
From 353b2782ac4ec71c1f815915e03cefec075a5a3a Mon Sep 17 00:00:00 2001
|
|
From: Matej Tyc <matyc@redhat.com>
|
|
Date: Wed, 9 Mar 2022 11:36:44 +0100
|
|
Subject: [PATCH] Fix firstboot remediation setup
|
|
|
|
Expand all string substitutions, and
|
|
add a test that performs a basic sanity check of the generated config.
|
|
---
|
|
org_fedora_oscap/common.py | 16 +++++++++++-----
|
|
tests/test_common.py | 15 +++++++++++++++
|
|
2 files changed, 26 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/org_fedora_oscap/common.py b/org_fedora_oscap/common.py
|
|
index 663c526..99a3fbd 100644
|
|
--- a/org_fedora_oscap/common.py
|
|
+++ b/org_fedora_oscap/common.py
|
|
@@ -310,8 +310,8 @@ def run_oscap_remediate(profile, fpath, ds_id="", xccdf_id="", tailoring="",
|
|
return proc.stdout
|
|
|
|
|
|
-def _schedule_firstboot_remediation(
|
|
- chroot, profile, ds_path, results_path, report_path, ds_id, xccdf_id, tailoring_path):
|
|
+def _create_firstboot_config_string(
|
|
+ profile, ds_path, results_path, report_path, ds_id, xccdf_id, tailoring_path):
|
|
config = textwrap.dedent(f"""\
|
|
OSCAP_REMEDIATE_DS='{ds_path}'
|
|
OSCAP_REMEDIATE_PROFILE_ID='{profile}'
|
|
@@ -319,12 +319,18 @@ def _schedule_firstboot_remediation(
|
|
OSCAP_REMEDIATE_HTML_REPORT='{report_path}'
|
|
""")
|
|
if ds_id:
|
|
- config += "OSCAP_REMEDIATE_DATASTREAM_ID='{ds_id}'\n"
|
|
+ config += f"OSCAP_REMEDIATE_DATASTREAM_ID='{ds_id}'\n"
|
|
if xccdf_id:
|
|
- config += "OSCAP_REMEDIATE_XCCDF_ID='{xccdf_id}'\n"
|
|
+ config += f"OSCAP_REMEDIATE_XCCDF_ID='{xccdf_id}'\n"
|
|
if tailoring_path:
|
|
- config += "OSCAP_REMEDIATE_TAILORING='{tailoring_path}'\n"
|
|
+ config += f"OSCAP_REMEDIATE_TAILORING='{tailoring_path}'\n"
|
|
+ return config
|
|
+
|
|
|
|
+def _schedule_firstboot_remediation(
|
|
+ chroot, profile, ds_path, results_path, report_path, ds_id, xccdf_id, tailoring_path):
|
|
+ config = _create_firstboot_config_string(
|
|
+ profile, ds_path, results_path, report_path, ds_id, xccdf_id, tailoring_path)
|
|
relative_filename = "var/tmp/oscap-remediate-offline.conf.sh"
|
|
local_config_filename = f"/{relative_filename}"
|
|
chroot_config_filename = os.path.join(chroot, relative_filename)
|
|
diff --git a/tests/test_common.py b/tests/test_common.py
|
|
index 4f25379..d39898a 100644
|
|
--- a/tests/test_common.py
|
|
+++ b/tests/test_common.py
|
|
@@ -274,3 +274,18 @@ def test_extract_tailoring_rpm_ensure_filename_there():
|
|
in str(excinfo.value)
|
|
|
|
shutil.rmtree(temp_path)
|
|
+
|
|
+
|
|
+def test_firstboot_config():
|
|
+ config_args = dict(
|
|
+ profile="@PROFILE@",
|
|
+ ds_path="@DS_PATH@",
|
|
+ results_path="@RES_PATH@",
|
|
+ report_path="@REP_PATH",
|
|
+ ds_id="@DS_ID@",
|
|
+ xccdf_id="@XCCDF_ID@",
|
|
+ tailoring_path="@TAIL_PATH@",
|
|
+ )
|
|
+ config_string = common._create_firstboot_config_string(** config_args)
|
|
+ for arg in config_args.values():
|
|
+ assert arg in config_string
|