From 7c0b04c157374e9251360d1d5e12a9e00dd4375e Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Fri, 4 Sep 2020 09:50:54 +0200
Subject: [PATCH 1/3] Introduce platform_package_overrides
Introduce a mapping of CPE package platform name to a package name.
Each linux distro or version may have its specific name for a package,
this mapping allows a product to override the package name of a
platorm.
By default, it assumes that the package name will be the same as the
platform name.
---
rhel8/product.yml | 7 +++++++
ssg/build_remediations.py | 3 +++
2 files changed, 10 insertions(+)
diff --git a/rhel8/product.yml b/rhel8/product.yml
index 6cdc51919e..6b5b4e2748 100644
--- a/rhel8/product.yml
+++ b/rhel8/product.yml
@@ -18,3 +18,10 @@ aux_pkg_version: "d4082792"
release_key_fingerprint: "567E347AD0044ADE55BA8A5F199E2F91FD431D51"
auxiliary_key_fingerprint: "6A6AA7C97C8890AEC6AEBFE2F76F66C3D4082792"
+
+# Mapping of CPE platform to package
+platform_package_overrides:
+ grub2: "grub2-pc"
+ login_defs: "shadow-utils"
+ sssd: "sssd-common"
+ zipl: "s390x-utils"
diff --git a/ssg/build_remediations.py b/ssg/build_remediations.py
index 866450dd8c..ccbdf9fc1f 100644
--- a/ssg/build_remediations.py
+++ b/ssg/build_remediations.py
@@ -389,6 +389,9 @@ def update_when_from_rule(self, to_update):
if "package_facts" in to_update:
continue
+ if platform in self.local_env_yaml["platform_package_overrides"]:
+ platform = self.local_env_yaml["platform_package_overrides"].get(platform)
+
additional_when.append('"' + platform + '" in ansible_facts.packages')
# After adding the conditional, we need to make sure package_facts are collected.
# This is done via inject_package_facts_task()
From 10dc62084cf8e38be9189b527c3b99b545826091 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Fri, 4 Sep 2020 14:42:57 +0200
Subject: [PATCH 2/3] Move platform to cpe mappings to ssg/constants
---
rhel8/product.yml | 6 ------
ssg/constants.py | 8 ++++++++
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/rhel8/product.yml b/rhel8/product.yml
index 6b5b4e2748..d839b23231 100644
--- a/rhel8/product.yml
+++ b/rhel8/product.yml
@@ -19,9 +19,3 @@ aux_pkg_version: "d4082792"
release_key_fingerprint: "567E347AD0044ADE55BA8A5F199E2F91FD431D51"
auxiliary_key_fingerprint: "6A6AA7C97C8890AEC6AEBFE2F76F66C3D4082792"
-# Mapping of CPE platform to package
-platform_package_overrides:
- grub2: "grub2-pc"
- login_defs: "shadow-utils"
- sssd: "sssd-common"
- zipl: "s390x-utils"
diff --git a/ssg/constants.py b/ssg/constants.py
index 3f9d7d37ce..7e9678241c 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -501,6 +501,14 @@
"zipl": "cpe:/a:zipl",
}
+# Default platform to package mapping
+XCCDF_PLATFORM_TO_PACKAGE = {
+ "grub2": "grub2-pc",
+ "login_defs": "login",
+ "sssd": "sssd-common",
+ "zipl": "s390x-utils",
+}
+
# _version_name_map = {
MAKEFILE_ID_TO_PRODUCT_MAP = {
'chromium': 'Google Chromium Browser',
From feb012f06adae989138be15431020f2c174becc4 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Fri, 4 Sep 2020 14:47:29 +0200
Subject: [PATCH 3/3] Allow override of default platform package mapping
With default platform to package mappings defined, we need to allow a
product to override it if needed.
---
rhcos4/product.yml | 4 ++++
rhel6/product.yml | 4 ++++
rhel7/product.yml | 4 ++++
rhel8/product.yml | 3 +++
rhosp10/product.yml | 3 +++
rhosp13/product.yml | 4 ++++
rhv4/product.yml | 4 ++++
ssg/yaml.py | 6 +++++-
8 files changed, 31 insertions(+), 1 deletion(-)
diff --git a/rhcos4/product.yml b/rhcos4/product.yml
index 7d51222952..71f0ae2758 100644
--- a/rhcos4/product.yml
+++ b/rhcos4/product.yml
@@ -9,3 +9,7 @@ profiles_root: "./profiles"
pkg_system: "rpm"
init_system: "systemd"
+
+# Mapping of CPE platform to package
+platform_package_overrides:
+ login_defs: "shadow-utils"
diff --git a/rhel6/product.yml b/rhel6/product.yml
index cc8fa4f8ed..eab9b80c47 100644
--- a/rhel6/product.yml
+++ b/rhel6/product.yml
@@ -20,3 +20,7 @@ aux_pkg_version: "2fa658e0"
release_key_fingerprint: "567E347AD0044ADE55BA8A5F199E2F91FD431D51"
auxiliary_key_fingerprint: "43A6E49C4A38F4BE9ABF2A5345689C882FA658E0"
+
+# Mapping of CPE platform to package
+platform_package_overrides:
+ login_defs: "shadow-utils"
diff --git a/rhel7/product.yml b/rhel7/product.yml
index f03c928b8f..3ff996b8cc 100644
--- a/rhel7/product.yml
+++ b/rhel7/product.yml
@@ -18,3 +18,7 @@ aux_pkg_version: "2fa658e0"
release_key_fingerprint: "567E347AD0044ADE55BA8A5F199E2F91FD431D51"
auxiliary_key_fingerprint: "43A6E49C4A38F4BE9ABF2A5345689C882FA658E0"
+
+# Mapping of CPE platform to package
+platform_package_overrides:
+ login_defs: "shadow-utils"
diff --git a/rhel8/product.yml b/rhel8/product.yml
index d839b23231..f3aa59faec 100644
--- a/rhel8/product.yml
+++ b/rhel8/product.yml
@@ -19,3 +19,6 @@ aux_pkg_version: "d4082792"
release_key_fingerprint: "567E347AD0044ADE55BA8A5F199E2F91FD431D51"
auxiliary_key_fingerprint: "6A6AA7C97C8890AEC6AEBFE2F76F66C3D4082792"
+# Mapping of CPE platform to package
+platform_package_overrides:
+ login_defs: "shadow-utils"
diff --git a/rhosp10/product.yml b/rhosp10/product.yml
index 51d0a932a5..af42ca998d 100644
--- a/rhosp10/product.yml
+++ b/rhosp10/product.yml
@@ -10,3 +10,6 @@ pkg_manager: "yum"
init_system: "systemd"
+# Mapping of CPE platform to package
+platform_package_overrides:
+ login_defs: "shadow-utils"
diff --git a/rhosp13/product.yml b/rhosp13/product.yml
index 5e849ff609..ba42a31cd7 100644
--- a/rhosp13/product.yml
+++ b/rhosp13/product.yml
@@ -9,3 +9,7 @@ profiles_root: "./profiles"
pkg_manager: "yum"
init_system: "systemd"
+
+# Mapping of CPE platform to package
+platform_package_overrides:
+ login_defs: "shadow-utils"
diff --git a/rhv4/product.yml b/rhv4/product.yml
index 10a2eda079..a61bf1588d 100644
--- a/rhv4/product.yml
+++ b/rhv4/product.yml
@@ -18,3 +18,7 @@ aux_pkg_version: "d4082792"
release_key_fingerprint: "567E347AD0044ADE55BA8A5F199E2F91FD431D51"
auxiliary_key_fingerprint: "6A6AA7C97C8890AEC6AEBFE2F76F66C3D4082792"
+
+# Mapping of CPE platform to package
+platform_package_overrides:
+ login_defs: "shadow-utils"
diff --git a/ssg/yaml.py b/ssg/yaml.py
index cefbba374c..22cf5bad66 100644
--- a/ssg/yaml.py
+++ b/ssg/yaml.py
@@ -10,7 +10,8 @@
from .jinja import load_macros, process_file
from .constants import (PKG_MANAGER_TO_SYSTEM,
- PKG_MANAGER_TO_CONFIG_FILE)
+ PKG_MANAGER_TO_CONFIG_FILE,
+ XCCDF_PLATFORM_TO_PACKAGE)
from .constants import DEFAULT_UID_MIN
try:
@@ -138,6 +139,9 @@ def open_raw(yaml_file):
def open_environment(build_config_yaml, product_yaml):
contents = open_raw(build_config_yaml)
+ # Load common platform package mappings,
+ # any specific mapping in product_yaml will override the default
+ contents["platform_package_overrides"] = XCCDF_PLATFORM_TO_PACKAGE
contents.update(open_raw(product_yaml))
contents.update(_get_implied_properties(contents))
return contents