Bug 1970527

Summary: oscap complains about missing resources even though they were downloaded locally
Product: Red Hat Enterprise Linux 7 Reporter: Renaud Métrich <rmetrich>
Component: openscapAssignee: Jan Černý <jcerny>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: low    
Version: 7.9CC: ekolesni, maburgha, mhaicman
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-08-18 12:07:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Renaud Métrich 2021-06-10 16:09:54 UTC 
Description of problem:

When scanning offline systems, the resources have to be downloaded locally (explained in KCS https://access.redhat.com/solutions/5185891).
Unfortunately the scan continues to complain badly with the "WARNING: Skipping ..." messages, which is extremely confusing (hence the Severity High here).

I understand a message should pop up because there is no way to know the validity of the file, but the message should be different, something like "WARNING: Using local resource XXX.xml file, make sure the file is up-to-date".


Version-Release number of selected component (if applicable):

openscap-1.2.17-13.el7_9.x86_64 and later


How reproducible:

N/A
Comment 3 Jan Černý 2021-06-17 11:43:52 UTC 
we are working on a patch in https://github.com/OpenSCAP/openscap/pull/1769

I think it's an user experience improvement so it's unlikely to chnage it in RHEL 7 because RHEL 7 is at the last phase. But the issue is present also in newer versions of RHEL.
Comment 4 Renaud Métrich 2021-06-17 12:06:23 UTC 
I'm good with not fixing on RHEL7 then.
Comment 5 Jan Černý 2021-06-29 11:48:28 UTC 
Analysis: The feature isn't documented by upstream, for my experience it probably isn't intended to use oscap this way. But, I understand that it's a helpful feature. Instead, we should make the feature "official" which means to add tests and documentation for the feature. See the upstream PR https://github.com/OpenSCAP/openscap/pull/1769 for a possible fix of the warnings.
Comment 6 Jan Černý 2021-07-28 06:27:06 UTC 
The fix has been promoted to a documented feature and it has been merged into upstrem, see https://github.com/OpenSCAP/openscap/pull/1769
Comment 7 Jan Černý 2021-08-05 11:24:11 UTC 
I'm changing priority and severity to low because I think it's an user experience problem and it doesn't mean that the user isn't able to run the scan.
Comment 9 RHEL Program Management 2021-08-18 12:07:36 UTC 
Development Management has reviewed and declined this request. You may appeal this decision by reopening this request.