From f4bcdd29168ab2c72b5975f0d22c736ce83d9a32 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sep 27 2022 13:08:31 +0000 Subject: import oscap-anaconda-addon-1.2.1-8.el8 --- diff --git a/SOURCES/lang.patch b/SOURCES/lang.patch index 7749593..9dd03e4 100644 --- a/SOURCES/lang.patch +++ b/SOURCES/lang.patch @@ -1,6 +1,6 @@ diff -U3 -N -r a/po/de.po b/po/de.po --- a/po/de.po 2021-07-30 15:17:14.000000000 +0200 -+++ b/po/de.po 2022-01-21 16:53:28.986191551 +0100 ++++ b/po/de.po 2022-07-20 13:28:31.143478128 +0200 @@ -1,11 +1,12 @@ # Ludek Janda , 2019. #zanata, 2021. +# Ettore Atalan , 2021. @@ -36,7 +36,7 @@ diff -U3 -N -r a/po/de.po b/po/de.po #, python-brace-format diff -U3 -N -r a/po/fr.po b/po/fr.po --- a/po/fr.po 2021-07-30 15:17:14.000000000 +0200 -+++ b/po/fr.po 2022-01-21 16:53:28.986191551 +0100 ++++ b/po/fr.po 2022-07-20 13:28:31.143478128 +0200 @@ -8,45 +8,47 @@ # Ludek Janda , 2018. #zanata # Ludek Janda , 2019. #zanata @@ -144,7 +144,7 @@ diff -U3 -N -r a/po/fr.po b/po/fr.po #: ../org_fedora_oscap/gui/spokes/oscap.py:201 diff -U3 -N -r a/po/hr.po b/po/hr.po --- a/po/hr.po 1970-01-01 01:00:00.000000000 +0100 -+++ b/po/hr.po 2022-01-21 16:53:28.986191551 +0100 ++++ b/po/hr.po 2022-07-20 13:28:31.143478128 +0200 @@ -0,0 +1,329 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER @@ -477,7 +477,7 @@ diff -U3 -N -r a/po/hr.po b/po/hr.po +msgstr "_Preuzmi" diff -U3 -N -r a/po/ja.po b/po/ja.po --- a/po/ja.po 2021-07-30 15:17:14.000000000 +0200 -+++ b/po/ja.po 2022-01-21 16:53:28.986191551 +0100 ++++ b/po/ja.po 2022-07-20 13:28:31.143478128 +0200 @@ -1,6 +1,6 @@ -# Ludek Janda , 2017. #zanata -# Ludek Janda , 2018. #zanata @@ -584,9 +584,58 @@ diff -U3 -N -r a/po/ja.po b/po/ja.po #. the first status provided #: ../org_fedora_oscap/gui/spokes/oscap.py:229 +diff -U3 -N -r a/po/ko.po b/po/ko.po +--- a/po/ko.po 2021-07-30 15:17:14.000000000 +0200 ++++ b/po/ko.po 2022-07-20 13:28:31.143478128 +0200 +@@ -1,13 +1,14 @@ + # Ludek Janda , 2018. #zanata + # Ludek Janda , 2020. #zanata + # simmon , 2021. ++# 김인수 , 2022. + msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" + "POT-Creation-Date: 2021-06-21 11:51+0200\n" +-"PO-Revision-Date: 2021-07-06 15:04+0000\n" +-"Last-Translator: simmon \n" ++"PO-Revision-Date: 2022-05-14 13:18+0000\n" ++"Last-Translator: 김인수 \n" + "Language-Team: Korean \n" + "Language: ko\n" +@@ -15,7 +16,7 @@ + "Content-Type: text/plain; charset=UTF-8\n" + "Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=1; plural=0;\n" +-"X-Generator: Weblate 4.7.1\n" ++"X-Generator: Weblate 4.12.2\n" + + #: ../org_fedora_oscap/common.py:326 + #, python-brace-format +@@ -87,8 +88,8 @@ + "can't be removed from the current software selection without breaking the " + "installation." + msgstr "" +-"꾸러미 '{package}'가 제외된 꾸러미 목록에 추가되었지만 설치를 중단하지 않고 " +-"현재 소프트웨어 선택에서 제거할 수 없습니다." ++"꾸러미 '{package}'가 제외된 꾸러미 목록에 추가되었지만, 설치를 중단하지 않고 " ++"현재 소프트웨어 선택에서 제거 할 수 없습니다." + + #: ../org_fedora_oscap/rule_handling.py:717 + #: ../org_fedora_oscap/rule_handling.py:732 +@@ -148,7 +149,7 @@ + + #: ../org_fedora_oscap/ks/oscap.py:377 + msgid "Do you wish to continue anyway?" +-msgstr "계속 진행 할까요?" ++msgstr "계속 진행할까요?" + + #: ../org_fedora_oscap/ks/oscap.py:400 + msgid "The integrity check of the security content failed." diff -U3 -N -r a/po/si.po b/po/si.po --- a/po/si.po 2021-07-30 15:17:14.000000000 +0200 -+++ b/po/si.po 2022-01-21 16:53:28.986191551 +0100 ++++ b/po/si.po 2022-07-20 13:28:31.143478128 +0200 @@ -7,13 +7,16 @@ "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" @@ -618,7 +667,7 @@ diff -U3 -N -r a/po/si.po b/po/si.po msgid "Fetching content data" diff -U3 -N -r a/po/sv.po b/po/sv.po --- a/po/sv.po 2021-07-30 15:17:14.000000000 +0200 -+++ b/po/sv.po 2022-01-21 16:53:28.986191551 +0100 ++++ b/po/sv.po 2022-07-20 13:28:31.144478135 +0200 @@ -1,12 +1,12 @@ -# Göran Uddeborg , 2019. #zanata, 2020. +# Göran Uddeborg , 2019. #zanata, 2020, 2021. @@ -699,13 +748,14 @@ diff -U3 -N -r a/po/sv.po b/po/sv.po msgid "Fetching content data" diff -U3 -N -r a/po/zh_CN.po b/po/zh_CN.po --- a/po/zh_CN.po 2021-07-30 15:17:14.000000000 +0200 -+++ b/po/zh_CN.po 2022-01-21 16:53:28.986191551 +0100 -@@ -1,41 +1,42 @@ ++++ b/po/zh_CN.po 2022-07-20 13:28:31.144478135 +0200 +@@ -1,41 +1,43 @@ -# Ludek Janda , 2018. #zanata -# Ludek Janda , 2020. #zanata +# Ludek Janda , 2018. #zanata, 2021. +# Ludek Janda , 2020. #zanata, 2021. +# Sundeep Anand , 2021. ++# Transtats , 2022. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" @@ -714,8 +764,8 @@ diff -U3 -N -r a/po/zh_CN.po b/po/zh_CN.po -"PO-Revision-Date: 2020-06-26 04:26-0400\n" -"Last-Translator: Copied by Zanata \n" -"Language-Team: Chinese (Simplified)\n" -+"PO-Revision-Date: 2021-08-20 09:04+0000\n" -+"Last-Translator: Sundeep Anand \n" ++"PO-Revision-Date: 2022-05-07 06:18+0000\n" ++"Last-Translator: Transtats \n" +"Language-Team: Chinese (Simplified) \n" "Language: zh_CN\n" @@ -725,7 +775,7 @@ diff -U3 -N -r a/po/zh_CN.po b/po/zh_CN.po -"Plural-Forms: nplurals=1; plural=0\n" -"X-Generator: Zanata 4.6.2\n" +"Plural-Forms: nplurals=1; plural=0;\n" -+"X-Generator: Weblate 4.7.2\n" ++"X-Generator: Weblate 4.12.1\n" #: ../org_fedora_oscap/common.py:326 #, python-brace-format @@ -756,7 +806,7 @@ diff -U3 -N -r a/po/zh_CN.po b/po/zh_CN.po #: ../org_fedora_oscap/rule_handling.py:434 #, python-brace-format -@@ -142,34 +143,28 @@ +@@ -142,34 +144,28 @@ #: ../org_fedora_oscap/ks/oscap.py:376 msgid "The installation should be aborted." @@ -797,7 +847,16 @@ diff -U3 -N -r a/po/zh_CN.po b/po/zh_CN.po #. title of the spoke (will be displayed on the hub) #: ../org_fedora_oscap/gui/spokes/oscap.py:201 -@@ -236,7 +231,7 @@ +@@ -188,7 +184,7 @@ + #: ../org_fedora_oscap/gui/spokes/oscap.py:626 + #: ../org_fedora_oscap/gui/spokes/oscap.py:1039 + msgid "No profile selected" +-msgstr "没有选择 profile" ++msgstr "没有选择配置文件" + + #: ../org_fedora_oscap/gui/spokes/oscap.py:631 + msgid "No rules for the pre-installation phase" +@@ -236,7 +232,7 @@ #. available #: ../org_fedora_oscap/gui/spokes/oscap.py:887 msgid " or enter data stream content or archive URL below:" @@ -806,3 +865,21 @@ diff -U3 -N -r a/po/zh_CN.po b/po/zh_CN.po #: ../org_fedora_oscap/gui/spokes/oscap.py:891 tmp/oscap.glade.h:12 msgid "" +@@ -277,7 +273,7 @@ + + #: tmp/oscap.glade.h:2 + msgid "_Change content" +-msgstr "修改内容(_C)" ++msgstr "改变内容(_C)" + + #: tmp/oscap.glade.h:3 + msgid "Apply security policy:" +@@ -305,7 +301,7 @@ + + #: tmp/oscap.glade.h:9 + msgid "_Select profile" +-msgstr "选择档案(_S)" ++msgstr "选择配置文件(_S)" + + #: tmp/oscap.glade.h:10 + msgid "Changes that were done or need to be done:" diff --git a/SOURCES/oscap-anaconda-addon-1.2.2-absent_appstream-PR_184.patch b/SOURCES/oscap-anaconda-addon-1.2.2-absent_appstream-PR_184.patch new file mode 100644 index 0000000..7bd79c3 --- /dev/null +++ b/SOURCES/oscap-anaconda-addon-1.2.2-absent_appstream-PR_184.patch @@ -0,0 +1,206 @@ +From 8eacfad08b3c27aa9510f2c3337356581bd9bebd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= +Date: Mon, 3 Jan 2022 17:31:49 +0100 +Subject: [PATCH 1/3] Add oscap sanity check before attempting remediation + +If something is obviously wrong with the scanner, then don't attempt to remediate +and try to show relevant information in a dialog window. +--- + org_fedora_oscap/common.py | 39 ++++++++++++++++++++++++++++-------- + org_fedora_oscap/ks/oscap.py | 11 ++++++++++ + tests/test_common.py | 8 ++++++++ + 3 files changed, 50 insertions(+), 8 deletions(-) + +diff --git a/org_fedora_oscap/common.py b/org_fedora_oscap/common.py +index 884bbc8..05829ce 100644 +--- a/org_fedora_oscap/common.py ++++ b/org_fedora_oscap/common.py +@@ -139,7 +139,8 @@ def execute(self, ** kwargs): + proc = subprocess.Popen(self.args, stdout=subprocess.PIPE, + stderr=subprocess.PIPE, ** kwargs) + except OSError as oserr: +- msg = "Failed to run the oscap tool: %s" % oserr ++ msg = ("Failed to execute command '{command_string}': {oserr}" ++ .format(command_string=command_string, oserr=oserr)) + raise OSCAPaddonError(msg) + + (stdout, stderr) = proc.communicate() +@@ -215,6 +216,34 @@ def _run_oscap_gen_fix(profile, fpath, template, ds_id="", xccdf_id="", + return proc.stdout + + ++def do_chroot(chroot): ++ """Helper function doing the chroot if requested.""" ++ if chroot and chroot != "/": ++ os.chroot(chroot) ++ os.chdir("/") ++ ++ ++def assert_scanner_works(chroot, executable="oscap"): ++ args = [executable, "--version"] ++ command = " ".join(args) ++ ++ try: ++ proc = subprocess.Popen( ++ args, preexec_fn=lambda: do_chroot(chroot), ++ stdout=subprocess.PIPE, stderr=subprocess.PIPE) ++ (stdout, stderr) = proc.communicate() ++ stderr = stderr.decode(errors="replace") ++ except OSError as exc: ++ msg = _(f"Basic invocation '{command}' fails: {str(exc)}") ++ raise OSCAPaddonError(msg) ++ if proc.returncode != 0: ++ msg = _( ++ f"Basic scanner invocation '{command}' exited " ++ "with non-zero error code {proc.returncode}: {stderr}") ++ raise OSCAPaddonError(msg) ++ return True ++ ++ + def run_oscap_remediate(profile, fpath, ds_id="", xccdf_id="", tailoring="", + chroot=""): + """ +@@ -244,12 +273,6 @@ def run_oscap_remediate(profile, fpath, ds_id="", xccdf_id="", tailoring="", + if not profile: + return "" + +- def do_chroot(): +- """Helper function doing the chroot if requested.""" +- if chroot and chroot != "/": +- os.chroot(chroot) +- os.chdir("/") +- + # make sure the directory for the results exists + results_dir = os.path.dirname(RESULTS_PATH) + if chroot: +@@ -274,7 +297,7 @@ def do_chroot(): + args.append(fpath) + + proc = SubprocessLauncher(args) +- proc.execute(preexec_fn=do_chroot) ++ proc.execute(preexec_fn=lambda: do_chroot(chroot)) + proc.log_messages() + + if proc.returncode not in (0, 2): +diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py +index 65d74cf..da1600f 100644 +--- a/org_fedora_oscap/ks/oscap.py ++++ b/org_fedora_oscap/ks/oscap.py +@@ -488,6 +488,17 @@ def execute(self, storage, ksdata, users, payload): + # selected + return + ++ try: ++ common.assert_scanner_works( ++ chroot=conf.target.system_root, executable="oscap") ++ except Exception as exc: ++ msg_lines = [_( ++ "The 'oscap' scanner doesn't work in the installed system: {error}" ++ .format(error=str(exc)))] ++ msg_lines.append(_("As a result, the installed system can't be hardened.")) ++ self._terminate("\n".join(msg_lines)) ++ return ++ + target_content_dir = utils.join_paths(conf.target.system_root, + common.TARGET_CONTENT_DIR) + utils.ensure_dir_exists(target_content_dir) +diff --git a/tests/test_common.py b/tests/test_common.py +index 9f7a16a..4f25379 100644 +--- a/tests/test_common.py ++++ b/tests/test_common.py +@@ -77,6 +77,14 @@ def _run_oscap(mock_subprocess, additional_args): + return expected_args, kwargs + + ++def test_oscap_works(): ++ assert common.assert_scanner_works(chroot="/") ++ with pytest.raises(common.OSCAPaddonError, match="No such file"): ++ common.assert_scanner_works(chroot="/", executable="i_dont_exist") ++ with pytest.raises(common.OSCAPaddonError, match="non-zero"): ++ common.assert_scanner_works(chroot="/", executable="false") ++ ++ + def test_run_oscap_remediate_profile_only(mock_subprocess, monkeypatch): + return run_oscap_remediate_profile( + mock_subprocess, monkeypatch, + +From b54cf2bddba56e5b776fb60514a5e29d47c74cac Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= +Date: Mon, 3 Jan 2022 17:42:31 +0100 +Subject: [PATCH 2/3] Don't raise exceptions in execute() + +Those result in tracebacks during the installation, +while a dialog window presents a more useful form of user interaction. +--- + org_fedora_oscap/ks/oscap.py | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py +index da1600f..d3f0dbe 100644 +--- a/org_fedora_oscap/ks/oscap.py ++++ b/org_fedora_oscap/ks/oscap.py +@@ -513,8 +513,9 @@ def execute(self, storage, ksdata, users, payload): + ret = util.execInSysroot("yum", ["-y", "--nogpg", "install", + self.raw_postinst_content_path]) + if ret != 0: +- raise common.ExtractionError("Failed to install content " +- "RPM to the target system") ++ msg = _(f"Failed to install content RPM to the target system.") ++ self._terminate(msg) ++ return + elif self.content_type == "scap-security-guide": + # nothing needed + pass +@@ -525,10 +526,15 @@ def execute(self, storage, ksdata, users, payload): + if os.path.exists(self.preinst_tailoring_path): + shutil.copy2(self.preinst_tailoring_path, target_content_dir) + +- common.run_oscap_remediate(self.profile_id, self.postinst_content_path, +- self.datastream_id, self.xccdf_id, +- self.postinst_tailoring_path, +- chroot=conf.target.system_root) ++ try: ++ common.run_oscap_remediate(self.profile_id, self.postinst_content_path, ++ self.datastream_id, self.xccdf_id, ++ self.postinst_tailoring_path, ++ chroot=conf.target.system_root) ++ except Exception as exc: ++ msg = _(f"Something went wrong during the final hardening: {str(exc)}.") ++ self._terminate(msg) ++ return + + def clear_all(self): + """Clear all the stored values.""" + +From 00d770d1b7f8e1f0734e93da227f1c3e445033c8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= +Date: Mon, 3 Jan 2022 17:44:12 +0100 +Subject: [PATCH 3/3] Change the error feedback based on the installation mode + +The original approach was confusing, because non-interactive installs run without any user input, +and the message assumed that the user is able to answer installer's questions. +--- + org_fedora_oscap/ks/oscap.py | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/org_fedora_oscap/ks/oscap.py b/org_fedora_oscap/ks/oscap.py +index d3f0dbe..ef34448 100644 +--- a/org_fedora_oscap/ks/oscap.py ++++ b/org_fedora_oscap/ks/oscap.py +@@ -372,13 +372,14 @@ def postinst_tailoring_path(self): + self.tailoring_path) + + def _terminate(self, message): +- message += "\n" + _("The installation should be aborted.") +- message += " " + _("Do you wish to continue anyway?") + if flags.flags.automatedInstall and not flags.flags.ksprompt: + # cannot have ask in a non-interactive kickstart + # installation ++ message += "\n" + _("Aborting the installation.") + raise errors.CmdlineError(message) + ++ message += "\n" + _("The installation should be aborted.") ++ message += " " + _("Do you wish to continue anyway?") + answ = errors.errorHandler.ui.showYesNoQuestion(message) + if answ == errors.ERROR_CONTINUE: + # prevent any futher actions here by switching to the dry diff --git a/SPECS/oscap-anaconda-addon.spec b/SPECS/oscap-anaconda-addon.spec index d187c88..3dd88eb 100644 --- a/SPECS/oscap-anaconda-addon.spec +++ b/SPECS/oscap-anaconda-addon.spec @@ -3,7 +3,7 @@ Name: oscap-anaconda-addon Version: 1.2.1 -Release: 5%{?dist} +Release: 8%{?dist} Summary: Anaconda addon integrating OpenSCAP to the installation process License: GPLv2+ @@ -21,6 +21,7 @@ Source0: %{name}-%{version}.tar.gz Patch1: lang.patch Patch2: oscap-anaconda-addon-1.2.2-content_ident-PR_167.patch Patch3: oscap-anaconda-addon-1.2.2-deep_archives-PR_168.patch +Patch4: oscap-anaconda-addon-1.2.2-absent_appstream-PR_184.patch BuildArch: noarch BuildRequires: make @@ -49,6 +50,7 @@ content. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 # NOTE CONCERNING TRANSLATION PATCHES # When preparing translation patches, don't consider that some languages are unsupported - # we aim to include all applicable translation texts to the appropriate patch. @@ -70,6 +72,21 @@ make install DESTDIR=%{buildroot} %doc COPYING ChangeLog README.md %changelog +* Wed Jul 20 2022 Matej Tyc - 1.2.1-8 +- Update translations + Resolves: rhbz#2062707 + +* Fri Jun 10 2022 Matej Tyc - 1.2.1-7 +- Remove the firstboot remediation feature completely. + We can't have it, while maintaining the standard UX. + Resolves: rhbz#2063179 + +* Mon Mar 21 2022 Matej Tyc - 1.2.1-6 +- Introduce the firstboot remediation + Resolves: rhbz#1834716 +- Add better error handling of installation using unsupported installation sources + Resolves: rhbz#2007981 + * Fri Jan 21 2022 Matej Tyc - 1.2.1-5 - Updated translations Resolves: rhbz#2017356