Blob Blame History Raw
From 1de759e8bcf1caddddfdda59496473ed9b525365 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Wed, 4 Nov 2020 17:48:35 +0100
Subject: [PATCH] Expanded group data to detect more package collisions.

This should cover RHEL8 OSPP and CIS profiles.
---
 org_fedora_oscap/rule_handling.py | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
index 6a3a04e..80d86c7 100644
--- a/org_fedora_oscap/rule_handling.py
+++ b/org_fedora_oscap/rule_handling.py
@@ -40,12 +40,26 @@
 __all__ = ["RuleData"]
 
 
+# Mapping of packages to package environments and/or groups that depends on them
+# See also https://access.redhat.com/solutions/1201413 how to get group IDs.
+# on RHEL8, use e.g. grep -R "<id>" /var/cache/dnf/*
 ESSENTIAL_PACKAGES = {
     "xorg-x11-server-common": {
         "env": ["graphical-server-environment", "workstation-product-environment"],
+        "groups": ["workstation-product-environment"],
     },
     "nfs-utils": {
         "env": ["graphical-server-environment", "workstation-product-environment"],
+        "groups": ["workstation-product-environment"],
+    },
+    "tftp": {
+        "groups": ["network-server"],
+    },
+    "abrt": {
+        "groups": ["debugging"],
+    },
+    "gssproxy": {
+        "groups": ["file-server"],
     },
 }
 
@@ -642,7 +656,7 @@ def _package_is_essential(self, package_name, ksdata_packages):
         if package_name in ksdata_packages.packageList:
             return True
         selected_install_env = ksdata_packages.environment
-        if selected_install_env in ESSENTIAL_PACKAGES[package_name].get("env"):
+        if selected_install_env in ESSENTIAL_PACKAGES[package_name].get("env", []):
             return True
         selected_install_groups_names = {g.name for g in ksdata_packages.groupList}
         for g in ESSENTIAL_PACKAGES[package_name].get("groups", []):