From 622558873703704bd97fde1874a9a782d4cb8b0e Mon Sep 17 00:00:00 2001

From: Gabriel Becker <ggasparb@redhat.com>

Date: Mon, 14 Feb 2022 17:51:50 +0100

Subject: [PATCH] Introduce CPE for aarch64 and make package_rear_installed n/a

 aarch64.

This rule is not applicable for RHEL9 only.

---

 .../package_rear_installed/rule.yml           |  4 +++

 shared/applicability/arch.yml                 | 12 +++++++

 ...proc_sys_kernel_osrelease_arch_aarch64.xml | 33 +++++++++++++++++++

 ..._sys_kernel_osrelease_arch_not_aarch64.xml | 16 +++++++++

 ssg/constants.py                              |  2 ++

 5 files changed, 67 insertions(+)

 create mode 100644 shared/checks/oval/proc_sys_kernel_osrelease_arch_aarch64.xml

 create mode 100644 shared/checks/oval/proc_sys_kernel_osrelease_arch_not_aarch64.xml

diff --git a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml

index 6e3c11e5749..efb591654a9 100644

--- a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml

+++ b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml

@@ -25,6 +25,10 @@ ocil: '{{{ ocil_package(package="rear") }}}'

 # The package is not available for s309x on RHEL<8.5

 # platform: not_s390x_arch

+{{%- if product == "rhel9" %}}

+platform: not_aarch64_arch

+{{%- endif %}}

+

 template:

     name: package_installed

     vars:

diff --git a/shared/applicability/arch.yml b/shared/applicability/arch.yml

index d2cbd102310..9ac05317a95 100644

--- a/shared/applicability/arch.yml

+++ b/shared/applicability/arch.yml

@@ -12,3 +12,15 @@ cpes:

       check_id: proc_sys_kernel_osrelease_arch_s390x

       bash_conditional: 'grep -q s390x /proc/sys/kernel/osrelease'

+  - not_aarch64_arch:

+      name: "cpe:/a:not_aarch64_arch"

+      title: "System architecture is not AARCH64"

+      check_id: proc_sys_kernel_osrelease_arch_not_aarch64

+      bash_conditional: "! grep -q aarch64 /proc/sys/kernel/osrelease"

+

+  - aarch64_arch:

+      name: "cpe:/a:aarch64_arch"

+      title: "System architecture is AARCH64"

+      check_id: proc_sys_kernel_osrelease_arch_aarch64

+      bash_conditional: 'grep -q aarch64 /proc/sys/kernel/osrelease'

+

diff --git a/shared/checks/oval/proc_sys_kernel_osrelease_arch_aarch64.xml b/shared/checks/oval/proc_sys_kernel_osrelease_arch_aarch64.xml

new file mode 100644

index 00000000000..3d54f81e6d4

--- /dev/null

+++ b/shared/checks/oval/proc_sys_kernel_osrelease_arch_aarch64.xml

@@ -0,0 +1,33 @@

+<def-group>

+  

+  version="1">

+    <metadata>

+      <title>Test that the architecture is aarch64</title>

+      <affected family="unix">

+        <platform>multi_platform_all</platform>

+      </affected>

+      <description>Check that architecture of kernel in /proc/sys/kernel/osrelease is aarch64</description>

+    </metadata>

+    <criteria>

+      

+      test_ref="test_proc_sys_kernel_osrelease_arch_aarch64" />

+    </criteria>

+  </definition>

+  

+      comment="proc_sys_kernel is for aarch64 architecture"

+      id="test_proc_sys_kernel_osrelease_arch_aarch64"

+  version="1">

+    <ind:object object_ref="object_proc_sys_kernel_osrelease_arch_aarch64" />

+    <ind:state state_ref="state_proc_sys_kernel_osrelease_arch_aarch64" />

+  </ind:textfilecontent54_test>

+

+  <ind:textfilecontent54_object id="object_proc_sys_kernel_osrelease_arch_aarch64" version="1">

+    <ind:filepath>/proc/sys/kernel/osrelease</ind:filepath>

+    <ind:pattern operation="pattern match">^.*\.(.*)$</ind:pattern>

+    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>

+  </ind:textfilecontent54_object>

+

+  <ind:textfilecontent54_state id="state_proc_sys_kernel_osrelease_arch_aarch64" version="1">

+    <ind:subexpression datatype="string" operation="pattern match">^aarch64$</ind:subexpression>

+  </ind:textfilecontent54_state>

+</def-group>

diff --git a/shared/checks/oval/proc_sys_kernel_osrelease_arch_not_aarch64.xml b/shared/checks/oval/proc_sys_kernel_osrelease_arch_not_aarch64.xml

new file mode 100644

index 00000000000..3fce66ee00a

--- /dev/null

+++ b/shared/checks/oval/proc_sys_kernel_osrelease_arch_not_aarch64.xml

@@ -0,0 +1,16 @@

+<def-group>

+  

+  version="1">

+    <metadata>

+      <title>Test for different architecture than aarch64</title>

+      <affected family="unix">

+        <platform>multi_platform_all</platform>

+      </affected>

+      <description>Check that architecture of kernel in /proc/sys/kernel/osrelease is not aarch64</description>

+    </metadata>

+    <criteria>

+      

+      definition_ref="proc_sys_kernel_osrelease_arch_aarch64" negate="true"/>

+    </criteria>

+  </definition>

+</def-group>

diff --git a/ssg/constants.py b/ssg/constants.py

index 64d7d36c989..92cc2f8de34 100644

--- a/ssg/constants.py

+++ b/ssg/constants.py

@@ -424,6 +424,8 @@

   "non-uefi": None,

   "not_s390x_arch": None,

   "s390x_arch": None,

+  "not_aarch64_arch": None,

+  "aarch64_arch": None,

   "ovirt": None,

   "no_ovirt": None,

 }