OpenSCAP Error: Unable to open file: '/usr/share/openscap/cpe/openscap-cpe-dict.xml' [../../../src/source/oscap_source.c:284]

Bug #1845216 reported by Nobuto Murata on 2019-09-24
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openscap (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Disco
Undecided
Unassigned
Eoan
Undecided
Unassigned

Bug Description

[Impact]
The impact is fairly low because the problem can be mitigated by copying or linking a default cpe dictionary into place after installing. This prevents the error:

$ sudo ln -s /usr/share/scap-security-guide/ssg-ubuntu1604-cpe-dictionary.xml /usr/share/openscap/cpe/openscap-cpe-dict.xml

However, it would be better if it just worked correctly without requiring any manual steps after installation.

[Test Case]
The original description provides good instructions for reproducing under bionic:
$ sudo apt install libopenscap8 ssg-debderived
$ oscap info /usr/share/scap-security-guide/ssg-ubuntu1604-ds.xml
<snip>
OpenSCAP Error: Unable to open file: '/usr/share/openscap/cpe/openscap-cpe-dict.xml' [../../../src/source/oscap_source.c:284]
Failed to add default CPE to newly created CPE Session. [../../../src/CPE/cpe_session.c:58]
<snip>

[Regression Potential]
The likelyhood of a regression seems very low since this change provides a default cpe dictionary with the installation instead of requiring that one be manually copied into place after installation. In the event that this default cpe dictionary does somehow causes a regression, it could be mitigated by explicitly specifying a cpe dictionary rather than relying on the default or copying a new file over the default (which is basically what has to be done now to make the current oscap work correctly).

----- Original description ----
/usr/share/openscap/cpe/openscap-cpe-dict.xml is included in later versions such as 1.2.16-2:
https://packages.debian.org/buster/amd64/libopenscap8/filelist

How to reproduce with Ubuntu 18.04 LTS:

$ sudo apt install libopenscap8 ssg-debderived

$ oscap info /usr/share/scap-security-guide/ssg-ubuntu1604-ds.xml
Document type: Source Data Stream
Imported: 2017-08-11T09:18:08

...
Dictionaries:
        Ref-Id: scap_org.open-scap_cref_output--ssg-ubuntu1604-cpe-dictionary.xml
OpenSCAP Error: Unable to open file: '/usr/share/openscap/cpe/openscap-cpe-dict.xml' [../../../src/source/oscap_source.c:284]
Failed to add default CPE to newly created CPE Session. [../../../src/CPE/cpe_session.c:58]

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libopenscap8 1.2.15-1build1
ProcVersionSignature: User Name 4.15.0-58.64-generic 4.15.18
Uname: Linux 4.15.0-58-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
Date: Tue Sep 24 14:13:09 2019
ProcEnviron:
 TERM=screen-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=C.UTF-8
 SHELL=/bin/bash
SourcePackage: openscap
UpgradeStatus: No upgrade log present (probably fresh install)

Nobuto Murata (nobuto) wrote :
Nobuto Murata (nobuto) wrote :
Changed in openscap (Ubuntu Xenial):
status: New → Confirmed
Changed in openscap (Ubuntu Bionic):
status: New → Confirmed
Changed in openscap (Ubuntu Disco):
status: New → Fix Released
Changed in openscap (Ubuntu Eoan):
status: New → Fix Released
Marc Deslauriers (mdeslaur) wrote :
Marc Deslauriers (mdeslaur) wrote :
description: updated
Changed in openscap (Ubuntu Xenial):
status: Confirmed → In Progress
Changed in openscap (Ubuntu Bionic):
status: Confirmed → In Progress

Hello Nobuto, or anyone else affected,

Accepted openscap into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openscap/1.2.15-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in openscap (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Changed in openscap (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed-xenial
Robie Basak (racb) wrote :

Hello Nobuto, or anyone else affected,

Accepted openscap into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openscap/1.2.8-1ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Mark Morlino (markmorlino) wrote :

Hi @racb

Mark Morlino (markmorlino) wrote :

Hi Robie,

I tested the -proposed packages on on xenial and bionic and it appears to have resolved the original bug.
I did some other testing by using oscap to run the oval files from https://people.canonical.com/~ubuntu-security/oval/ and I did not encounter any issues.

tags: added: verification-done-bionic verification-done-xenial
removed: verification-needed-bionic verification-needed-xenial
tags: added: verification-done
removed: verification-needed

The verification of the Stable Release Update for openscap has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openscap - 1.2.8-1ubuntu0.2

---------------
openscap (1.2.8-1ubuntu0.2) xenial; urgency=medium

  * debian/patches/010-install-cpe-oval.patch: properly install CPE OVAL
    files. (LP: #1845216)

 -- Marc Deslauriers <email address hidden> Fri, 04 Oct 2019 10:26:11 -0400

Changed in openscap (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openscap - 1.2.15-1ubuntu0.1

---------------
openscap (1.2.15-1ubuntu0.1) bionic; urgency=medium

  * debian/patches/010-install-cpe-oval.patch: properly install CPE OVAL
    files. (LP: #1845216)

 -- Marc Deslauriers <email address hidden> Fri, 04 Oct 2019 10:23:11 -0400

Changed in openscap (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers