From 1de759e8bcf1caddddfdda59496473ed9b525365 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Wed, 4 Nov 2020 17:48:35 +0100
Subject: [PATCH] Expanded group data to detect more package collisions.
This should cover RHEL8 OSPP and CIS profiles.
---
org_fedora_oscap/rule_handling.py | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
index 6a3a04e..80d86c7 100644
--- a/org_fedora_oscap/rule_handling.py
+++ b/org_fedora_oscap/rule_handling.py
@@ -40,12 +40,26 @@
__all__ = ["RuleData"]
+# Mapping of packages to package environments and/or groups that depends on them
+# See also https://access.redhat.com/solutions/1201413 how to get group IDs.
+# on RHEL8, use e.g. grep -R "<id>" /var/cache/dnf/*
ESSENTIAL_PACKAGES = {
"xorg-x11-server-common": {
"env": ["graphical-server-environment", "workstation-product-environment"],
+ "groups": ["workstation-product-environment"],
},
"nfs-utils": {
"env": ["graphical-server-environment", "workstation-product-environment"],
+ "groups": ["workstation-product-environment"],
+ },
+ "tftp": {
+ "groups": ["network-server"],
+ },
+ "abrt": {
+ "groups": ["debugging"],
+ },
+ "gssproxy": {
+ "groups": ["file-server"],
},
}
@@ -642,7 +656,7 @@ def _package_is_essential(self, package_name, ksdata_packages):
if package_name in ksdata_packages.packageList:
return True
selected_install_env = ksdata_packages.environment
- if selected_install_env in ESSENTIAL_PACKAGES[package_name].get("env"):
+ if selected_install_env in ESSENTIAL_PACKAGES[package_name].get("env", []):
return True
selected_install_groups_names = {g.name for g in ksdata_packages.groupList}
for g in ESSENTIAL_PACKAGES[package_name].get("groups", []):