From 1de759e8bcf1caddddfdda59496473ed9b525365 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>

Date: Wed, 4 Nov 2020 17:48:35 +0100

Subject: [PATCH] Expanded group data to detect more package collisions.

This should cover RHEL8 OSPP and CIS profiles.

---

 org_fedora_oscap/rule_handling.py | 16 +++++++++++++++-

 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py

index 6a3a04e..80d86c7 100644

--- a/org_fedora_oscap/rule_handling.py

+++ b/org_fedora_oscap/rule_handling.py

@@ -40,12 +40,26 @@

 __all__ = ["RuleData"]

+# Mapping of packages to package environments and/or groups that depends on them

+# See also https://access.redhat.com/solutions/1201413 how to get group IDs.

+# on RHEL8, use e.g. grep -R "<id>" /var/cache/dnf/*

 ESSENTIAL_PACKAGES = {

     "xorg-x11-server-common": {

         "env": ["graphical-server-environment", "workstation-product-environment"],

+        "groups": ["workstation-product-environment"],

     },

     "nfs-utils": {

         "env": ["graphical-server-environment", "workstation-product-environment"],

+        "groups": ["workstation-product-environment"],

+    },

+    "tftp": {

+        "groups": ["network-server"],

+    },

+    "abrt": {

+        "groups": ["debugging"],

+    },

+    "gssproxy": {

+        "groups": ["file-server"],

     },

 }

@@ -642,7 +656,7 @@ def _package_is_essential(self, package_name, ksdata_packages):

         if package_name in ksdata_packages.packageList:

             return True

         selected_install_env = ksdata_packages.environment

-        if selected_install_env in ESSENTIAL_PACKAGES[package_name].get("env"):

+        if selected_install_env in ESSENTIAL_PACKAGES[package_name].get("env", []):

             return True

         selected_install_groups_names = {g.name for g in ksdata_packages.groupList}

         for g in ESSENTIAL_PACKAGES[package_name].get("groups", []):