Bug 2223647

Summary: Failed to locate a datastream with ID matching 'scap_org.open-scap_datastream_from_xccdf_ssg-rhel8-xccdf-1.2.xml' ID
Product: Red Hat Enterprise Linux 9 Reporter: Jan Černý <jcerny>
Component: scap-security-guideAssignee: Jan Černý <jcerny>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 9.2CC: ggasparb, jcerny, mhaicman, mlysonek, mmatsuya, openscap-maint, qe-baseos-security, rdulhani, vpolasek, wsato
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
Cause: A z-stream update of the scap-security-guide package resulted in different version of the hardening content on installation media, and Red Hat repositories. This breaks the hardening part of the GUI installation when the Red Hat CDN is used as an installation source together with an installation medium or image. Consequence: A non-fatal installation error message is shown at the end of the installation, informing the user that hardening was not successful. Workaround (if any): Either of - Use the full install medium, and don't register with the Red Hat CDN at installation-time. - Don't harden the system at the installation time, perform the hardening of the system after it is installed. - Perform a kickstart installation without the GUI.
 Story Points: ---
Clone Of: 2185176
: 2223963 2223964 (view as bug list) Environment:
Last Closed: 2023-07-19 15:06:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2185176    
Bug Blocks: 2223964, 2190172, 2223963    

Comment 6 Jan Černý 2023-07-19 15:06:20 UTC 
This bug isn't reproducible in RHEL 9.3, because the `scap-security-guide` RPM package shipped in RHEL 9.3 installation image already contains the data stream ID without the `-1.2.` suffix, so there is no difference between the IDs in the content in the installation image and the content in the repository, so the bug can't happen.

For the resolution on RHEL 9.0 z-stream, please track the 9.0.z clone: https://bugzilla.redhat.com/show_bug.cgi?id=2223964