StarlingX

OpenSCAP ssg-centos7-ds-1.2.xml is missing from StarlingX

Bug #1947427 reported by Ghada Khalil
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
Joao Soubihe

Bug Description

Brief Description
-----------------
‘ssg-centos7-ds-1.2.xml’ data file is required when running openscap scans. However, it is not packaged in the starlingx loads. Users have to download it from an external source on the web. The file is included in the scap-security-guide rpm: "scap-security-guide-0.1.46-11.el7.centos.noarch.rpm". The purpose of this Jira is to package the scap-security-guide rpm in StarlingX to make it easier to run the OpenSCAP suite.

This issue is related to StoryBoard: https://storyboard.openstack.org/#!/story/2008668 delivered for stx.5.0

Severity
--------
Minor

Steps to Reproduce
------------------
Run OpenSCAP

Expected Behavior
------------------
All required files to run OpenSCAP is part of StarlingX

Actual Behavior
----------------
The ssg-centos7-ds-1.2.xml data file is missing

Reproducibility
---------------
Reproducible

System Configuration
--------------------
Any

Branch/Pull Time/Commit
-----------------------
stx.5.0 and later

Last Pass
---------
Never

Timestamp/Logs
--------------
Not required

Test Activity
-------------
Developer Testing

Workaround
----------
Copy the file manually on the system

Revision history for this message
Ghada Khalil (gkhalil) wrote :

screening: minor issue w/ a workaround; fix in the active branch only

Changed in starlingx:
assignee: nobody → Joao Soubihe (jsoubihe)
importance: Undecided → Low
status: New → Triaged
tags: added: stx.6.0 stx.security stx.tools
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to root (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/root/+/815044

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/815038
Committed: https://opendev.org/starlingx/tools/commit/c0a9fd0842ea22a970fa148ed31511fad11df1c1
Submitter: "Zuul (22348)"
Branch: master

commit c0a9fd0842ea22a970fa148ed31511fad11df1c1
Author: Joao Soubihe <email address hidden>
Date: Thu Oct 21 10:42:28 2021 -0400

    Adding scap-security-guide rpm

    This commit adds scap-security-guide-0.1.46-11.el7.centos.noarch.rpm
    to the list of centos packages to be downloaded to built a new
    starlingX image.

    Test Plan:
    PASS Package addition should have no impact on scap scan
    PASS SSG file should be found on the system after installation

    Closes-Bug: 1947427
    Signed-off-by: Joao Soubihe <email address hidden>
    Change-Id: Iab66261824136aca5ee330ba8a69e46499f669cc

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to root (master)

Reviewed: https://review.opendev.org/c/starlingx/root/+/815044
Committed: https://opendev.org/starlingx/root/commit/19a8fc970a6371e3fd19e608fe94c37f207185f3
Submitter: "Zuul (22348)"
Branch: master

commit 19a8fc970a6371e3fd19e608fe94c37f207185f3
Author: Joao Soubihe <email address hidden>
Date: Thu Oct 21 11:02:21 2021 -0400

    Add scap-security-guide rpms to image.inc

    This commit adds scap-security-guide packages to the list
    of packages to be included on newly built starlingx
    images.

    Test Plan:
      Note: this change complements the change on
      https://review.opendev.org/c/starlingx/tools/+/815038
      this way the tests described previously also comprise
      the current change.

    Closes-Bug: 1947427
    Depends-on: https://review.opendev.org/c/starlingx/tools/+/815038
    Signed-off-by: Joao Soubihe <email address hidden>
    Change-Id: I036571faa6610a634ea939829a1bd6e540787215

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.