117 lines
5.0 KiB
Diff
117 lines
5.0 KiB
Diff
From cf1d85924b5945506e57f8701be066c83a894378 Mon Sep 17 00:00:00 2001
|
|
From: Watson Sato <wsato@redhat.com>
|
|
Date: Mon, 5 Oct 2020 16:40:39 +0200
|
|
Subject: [PATCH 1/2] Check for grub2-common instead of grub2-pc
|
|
|
|
Check for grub2 intallation based on grub2-common.
|
|
grub2-pc is a x86_64 package, but other arches use grub2 as well.
|
|
---
|
|
.../checks/oval/installed_env_has_grub2_package.xml | 12 ++++++------
|
|
ssg/constants.py | 2 +-
|
|
2 files changed, 7 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/shared/checks/oval/installed_env_has_grub2_package.xml b/shared/checks/oval/installed_env_has_grub2_package.xml
|
|
index e83f45bc3b..2a170d668e 100644
|
|
--- a/shared/checks/oval/installed_env_has_grub2_package.xml
|
|
+++ b/shared/checks/oval/installed_env_has_grub2_package.xml
|
|
@@ -6,31 +6,31 @@
|
|
<affected family="unix">
|
|
<platform>multi_platform_all</platform>
|
|
</affected>
|
|
- <description>Checks if package grub2-pc is installed.</description>
|
|
+ <description>Checks if package grub2-common is installed.</description>
|
|
<reference ref_id="cpe:/a:grub2" source="CPE" />
|
|
</metadata>
|
|
<criteria>
|
|
- <criterion comment="Package grub2-pc is installed" test_ref="test_env_has_grub2_installed" />
|
|
+ <criterion comment="Package grub2-common is installed" test_ref="test_env_has_grub2_installed" />
|
|
</criteria>
|
|
</definition>
|
|
|
|
{{% if pkg_system == "rpm" %}}
|
|
<linux:rpminfo_test check="all" check_existence="at_least_one_exists"
|
|
id="test_env_has_grub2_installed" version="1"
|
|
- comment="system has package grub2-pc installed">
|
|
+ comment="system has package grub2-common installed">
|
|
<linux:object object_ref="obj_env_has_grub2_installed" />
|
|
</linux:rpminfo_test>
|
|
<linux:rpminfo_object id="obj_env_has_grub2_installed" version="1">
|
|
- <linux:name>grub2-pc</linux:name>
|
|
+ <linux:name>grub2-common</linux:name>
|
|
</linux:rpminfo_object>
|
|
{{% elif pkg_system == "dpkg" %}}
|
|
<linux:dpkginfo_test check="all" check_existence="all_exist"
|
|
id="test_env_has_grub2_installed" version="1"
|
|
- comment="system has package grub2-pc installed">
|
|
+ comment="system has package grub2-common installed">
|
|
<linux:object object_ref="obj_env_has_grub2_installed" />
|
|
</linux:dpkginfo_test>
|
|
<linux:dpkginfo_object id="obj_env_has_grub2_installed" version="1">
|
|
- <linux:name>grub2-pc</linux:name>
|
|
+ <linux:name>grub2-common</linux:name>
|
|
</linux:dpkginfo_object>
|
|
{{% endif %}}
|
|
|
|
diff --git a/ssg/constants.py b/ssg/constants.py
|
|
index b07fe5f0fe..88316374b5 100644
|
|
--- a/ssg/constants.py
|
|
+++ b/ssg/constants.py
|
|
@@ -468,7 +468,7 @@
|
|
|
|
# Default platform to package mapping
|
|
XCCDF_PLATFORM_TO_PACKAGE = {
|
|
- "grub2": "grub2-pc",
|
|
+ "grub2": "grub2-common",
|
|
"login_defs": "login",
|
|
"sssd": "sssd-common",
|
|
"zipl": "s390utils-base",
|
|
|
|
From fba876cfc7f85f5b9a696d0f5fa1177299b7c6bb Mon Sep 17 00:00:00 2001
|
|
From: Watson Sato <wsato@redhat.com>
|
|
Date: Mon, 5 Oct 2020 16:49:15 +0200
|
|
Subject: [PATCH 2/2] Handle exception of grub2-coomon in ppc64le
|
|
|
|
ppc64le systems can use Grub2 or OPAL and the package set will be the
|
|
same in both cases.
|
|
Add a few more checks to make sure ppc64le arch is handled correctly.
|
|
---
|
|
.../oval/installed_env_has_grub2_package.xml | 19 ++++++++++++++++++-
|
|
1 file changed, 18 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/shared/checks/oval/installed_env_has_grub2_package.xml b/shared/checks/oval/installed_env_has_grub2_package.xml
|
|
index 2a170d668e..fb2c9cc784 100644
|
|
--- a/shared/checks/oval/installed_env_has_grub2_package.xml
|
|
+++ b/shared/checks/oval/installed_env_has_grub2_package.xml
|
|
@@ -9,8 +9,18 @@
|
|
<description>Checks if package grub2-common is installed.</description>
|
|
<reference ref_id="cpe:/a:grub2" source="CPE" />
|
|
</metadata>
|
|
- <criteria>
|
|
+ <criteria operator="AND">
|
|
<criterion comment="Package grub2-common is installed" test_ref="test_env_has_grub2_installed" />
|
|
+ <criteria operator="OR">
|
|
+ <!-- On ppc64le systems, OF (Grub2) or OPAL (petitboot) can be used,
|
|
+ and unfortunately the package set installed is the same in both cases.
|
|
+ But when OPAL is used, /sys/firmware/opal exists.
|
|
+ So the system uses grub when: -->
|
|
+ <!-- grub2-common is installed and arch is not a ppc64le -->
|
|
+ <criterion comment="Test for ppcle64 architecture" test_ref="test_system_info_architecture_ppcle_64" negate="true" />
|
|
+ <!-- or when grub2-common is installed, arch is a ppc64le but OPAL is not used -->
|
|
+ <criterion comment="Test if OPAL is not used" test_ref="test_system_using_opal" negate="true" />
|
|
+ </criteria>
|
|
</criteria>
|
|
</definition>
|
|
|
|
@@ -34,4 +44,11 @@
|
|
</linux:dpkginfo_object>
|
|
{{% endif %}}
|
|
|
|
+ <unix:file_test check="all" check_existence="all_exist" comment="Check if /sys/firware/opal exists" id="test_system_using_opal" version="1">
|
|
+ <unix:object object_ref="object_system_using_opal" />
|
|
+ </unix:file_test>
|
|
+ <unix:file_object id="object_system_using_opal" version="1">
|
|
+ <unix:filepath>/sys/firmware/opal</unix:filepath>
|
|
+ </unix:file_object>
|
|
+
|
|
</def-group>
|