From 1de759e8bcf1caddddfdda59496473ed9b525365 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= Date: Wed, 4 Nov 2020 17:48:35 +0100 Subject: [PATCH] Expanded group data to detect more package collisions. This should cover RHEL8 OSPP and CIS profiles. --- org_fedora_oscap/rule_handling.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py index 6a3a04e..80d86c7 100644 --- a/org_fedora_oscap/rule_handling.py +++ b/org_fedora_oscap/rule_handling.py @@ -40,12 +40,26 @@ __all__ = ["RuleData"] +# Mapping of packages to package environments and/or groups that depends on them +# See also https://access.redhat.com/solutions/1201413 how to get group IDs. +# on RHEL8, use e.g. grep -R "" /var/cache/dnf/* ESSENTIAL_PACKAGES = { "xorg-x11-server-common": { "env": ["graphical-server-environment", "workstation-product-environment"], + "groups": ["workstation-product-environment"], }, "nfs-utils": { "env": ["graphical-server-environment", "workstation-product-environment"], + "groups": ["workstation-product-environment"], + }, + "tftp": { + "groups": ["network-server"], + }, + "abrt": { + "groups": ["debugging"], + }, + "gssproxy": { + "groups": ["file-server"], }, } @@ -642,7 +656,7 @@ def _package_is_essential(self, package_name, ksdata_packages): if package_name in ksdata_packages.packageList: return True selected_install_env = ksdata_packages.environment - if selected_install_env in ESSENTIAL_PACKAGES[package_name].get("env"): + if selected_install_env in ESSENTIAL_PACKAGES[package_name].get("env", []): return True selected_install_groups_names = {g.name for g in ksdata_packages.groupList} for g in ESSENTIAL_PACKAGES[package_name].get("groups", []):