Bug 1662182

Summary: xccdf_org.ssgproject.content_rule_ensure_gpgcheck_repo_metadata after applying remediation scripts.
Product: Red Hat Enterprise Linux 7 Reporter: Jaskaran Singh Narula <janarula>
Component: scap-security-guideAssignee: Watson Yuuma Sato <wsato>
Status: CLOSED CANTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.6CC: mhaicman, openscap-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-08 12:23:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jaskaran Singh Narula 2018-12-26 19:43:29 UTC 
Description of problem:
In RHEL7.6,

the following rules is still failing:
xccdf_org.ssgproject.content_rule_ensure_gpgcheck_repo_metadata (Fails) 

Version-Release number of selected component (if applicable):
# rpm -qa | grep -i scap-security-guide
scap-security-guide-0.1.40-12.el7.noarch

How reproducible:
reliably

Steps to Reproduce:
1. install fresh RHEL7.6 machine
2. perform profile based remediations. 



Actual results:
2. rules listed  in description are still failing after remediation

Expected results:
2. rules listed in description are passing after remediation



Additional info:
Comment 2 Watson Yuuma Sato 2019-01-08 12:23:21 UTC 
Hello Jaskaran,

The rule in question is a permanent finding and we cannot fix it now.
Currently Red Hat doesn't provide signed repository metadata.
Upstream issue: https://github.com/ComplianceAsCode/content/issues/1596

There is ongoing work on Satellite 6, if you are interested on functionality to sign the repositories it serves, follow:
    https://bugzilla.redhat.com/show_bug.cgi?id=1410638