Proposed solution for RHEL8 and RHEL9 in system detection to avoid false positives #12334
Conversation
|
Hi @mrkanon. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
|
@mrkanon Can you please rebase this PR on the top of the latest upstream master branch to try if it would help the failing CI. |
To prevent false positive RHEL9 in OL9 because OL9 has redhat-release package present Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
To prevent false positive RHEL8 in OL8 because OL8 has redhat-release package present Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
mrkanon
force-pushed
the
installed_vendor_supported_rhel
branch
from
956547e
to
593fda8
Compare
|
Unfortunately, the rebase didn't hlep. I will try to find out what is wrong The specific error from the build is so I would like to find what caused this "duplication" of the definition. |
|
Hi @mrkanon The following patch helps me: diff --git a/ssg/build_derivatives.py b/ssg/build_derivatives.py
index 79fc3eb308..e090b71063 100644
--- a/ssg/build_derivatives.py
+++ b/ssg/build_derivatives.py
@@ -76,7 +76,8 @@ def add_element_to(oval_root, tag_name, component_element):
if xml_el is None:
xml_el = ElementTree.Element("{%s}%s" % (oval_namespace, tag_name))
oval_root.append(xml_el)
- xml_el.append(component_element)
+ if xml_el.find("%s[@id='%s']" % (component_element.tag, component_element.get("id"))) is None:
+ xml_el.append(component_element)
def add_oval_components_to_oval_xml(oval_root, tag_name, component_dict):
Can you try it? |
Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
|
Code Climate has analyzed commit 2c06075 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 0.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.5% (0.1% change). View more on Code Climate. |
Description:
Updated
installed_OS_is_rhel9
installed_OS_is_rhel8
Rationale:
We have a false positive from RHEL9 to OL9, we also have a false positive from RHEL8 to OL8, this is because OL9 and OL8 have
redhat-releasepackage present.When we check the rule
installed_OS_is_vendor_supportedwe have the following oval results:OL9
OL8