-
Notifications
You must be signed in to change notification settings - Fork 685
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove Support for OVAL 5.10 #9604
Conversation
Since we no longer build OVAL 5.10 we will not pass SCAP 1.2.
...x_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/oval/shared.xml
Show resolved
Hide resolved
It looks like that the datastream diff failed in this PR - there was a change in the OVAL. Any ideas what happened? |
The systemd-related test will fail in Automatus, because the container environment doesn't work well with this systemd-related rule. |
One more thing - the |
What about these occurrences of 5.10 in the project? Do we need to remove them?
Similarly for |
It might be a good idea and I will remove those references.
The build system will automatically add it. |
CMakeLists.txt
Outdated
@@ -145,11 +145,12 @@ cmake_dependent_option(ENABLE_PYTHON_COVERAGE "Enable Python tests with coverage | |||
find_package(OpenSCAP REQUIRED) | |||
|
|||
if (SSG_TARGET_OVAL_MAJOR_VERSION EQUAL "5" AND SSG_TARGET_OVAL_VERSION_MINOR EQUAL "11" AND NOT "${OSCAP_V_OUTPUT}" MATCHES "OVAL Version: 5.11") | |||
message(FATAL_ERROR "Your version of OpenSCAP does not support OVAL 5.11, please switch the OVAL target version to 5.10 or lower. $ cmake -DSSG_TARGET_OVAL_MINOR_VERSION=10 ../") | |||
message(FATAL_ERROR "Your version of OpenSCAP does not support OVAL 5.11, please upgrade to a newer version of OpenSCAP.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we can go even further and remove this check, because the "OVAL Version: 5.11"
has been introduced in OpenSCAP 1.2.2 so the error happens on RHEL 7.1 and older and I don't think anybody uses these old systems for content development.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems reasonable to me. Some basic research shows that OpenSCAP 1.2.2+ is in Fedora, RHEL, Ubuntu, Debian, and OpenSUSE.
@@ -85,7 +85,7 @@ print_help() | |||
printf '%s\n' "Wipes out contents of the 'build' directory and builds only and only the given products." | |||
printf 'Usage: %s [-o|--oval <VERSION>] [-b|--builder <BUILDER>] [-j|--jobs <arg>] [--(no-)debug] [--(no-)derivatives] [--(no-)ansible-playbooks] [--(no-)bash-scripts] [-d|--(no-)datastream-only] [-p|--(no-)profiling] [-h|--help] [<product-1>] ... [<product-n>] ...\n' "$0" | |||
printf '\t%s\n' "<product>: Products to build, ALL means all products (defaults for <product>: 'ALL')" | |||
printf '\t%s\n' "-o, --oval: OVAL version. Can be one of: '5.10', '5.11' and 'auto' (default: 'auto')" | |||
printf '\t%s\n' "-o, --oval: OVAL version. Can be one of: '5.11' or 'auto' (default: 'auto')" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does it make sense to keep the option here when it basically has no effect?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Main reason I kept was for backword compability you still set 5.11 if you want to. If we don't see this as a valid reason and don't see OVAL 5.12 coming out, we may want to remove this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
Code Climate has analyzed commit b165f2d and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 0.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 40.8% (0.0% change). View more on Code Climate. |
@Mab879: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, and it seems to work, good riddance.
Coverage difference can be disregarded, as there are minor changes to files that don't have test coverage.
Description:
This PR removes OVAL 5.10 support from the project.
Rationale:
Implements #9451