Description of problem: Currently investigating using preupgrade-assistant to perform premigrate ssessment Version-Release number of selected component (if applicable): [root@preup_centos_test preupgrade-assistant]# rpm -qa | grep openscap openscap-0.9.12-1.el6.x86_64 [root@preup_centos_test preupgrade-assistant]# cat /etc/centos-release CentOS release 6.5 (Final) How reproducible: Noticed that our openscap files didn't include references to centos. [root@preup_centos_test CENTOS6_6]# ls /usr/share/openscap/cpe/* /usr/share/openscap/cpe/my-detailed-oval-results /usr/share/openscap/cpe/openscap-cpe-dict.xml /usr/share/openscap/cpe/openscap-cpe-oval.xml /usr/share/openscap/cpe/README tried some hacks to get things to work, not fully understanding openscap cpe dict/oval phracek pointed me to #openscap and slukasik helped me understand how to hack around centos openscap support If we do a walk through <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.rhel:tst:6" version="1" check="at least one" comment="redhat-release is version 6" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"> <object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/> <state state_ref="oval:org.open-scap.cpe.rhel:ste:6"/> </rpminfo_test> [root@preup_centos_test ~]# cat /usr/share/preupgrade/CENTOS6_6/all-xccdf.xml | grep platform <ns0:platform idref="cpe:/o:redhat:enterprise_linux:6" /> [root@preup_centos_test ~]# grep -A 10 "enterprise_linux\:6" /usr/share/openscap/cpe/openscap-cpe-dict.xml <cpe-item name="cpe:/o:redhat:enterprise_linux:6"> <title xml:lang="en-us">Red Hat Enterprise Linux 6</title> <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.rhel:def:6</check> </cpe-item> [root@preup_centos_test ~]# grep -A 10 "enterprise_linux\:6" /usr/share/openscap/cpe/openscap-cpe-oval.xml <reference ref_id="cpe:/o:redhat:enterprise_linux:6" source="CPE"/> <description>The operating system installed on the system is Red Hat Enterprise Linux 6</description> </metadata> <criteria> <criterion comment="Installed operating system is part of the unix family" test_ref="oval:org.open-scap.cpe.rhel:tst:1"/> <criterion comment="Red Hat Enterprise Linux 6 is installed" test_ref="oval:org.open-scap.cpe.rhel:tst:6"/> </criteria> </definition> Now we need to go look at oval:org.open-scap.cpe.rhel:tst:6 [root@preup_centos_test ~]# grep -A 10 "rhel\:tst\:6" /usr/share/openscap/cpe/openscap-cpe-oval.xml points to <state state_ref="oval:org.open-scap.cpe.rhel:ste:6"/> [root@preup_centos_test ~]# grep -A 10 "rhel\:ste\:6" /usr/share/openscap/cpe/openscap-cpe-oval.xml we changed this to <rpminfo_state id="oval:org.open-scap.cpe.rhel:ste:6" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"> <name operation="pattern match">^centos-release</name> <version operation="pattern match">6</version> </rpminfo_state> as it was originally <rpminfo_state id="oval:org.open-scap.cpe.rhel:ste:6" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"> <name operation="pattern match">^redhat-release</name> <version operation="pattern match">^6[^\d]</version> <version operation="pattern match">6</version> </rpminfo_state> Once that was done, test showed as instead of not applicable to not checked. oscap xccdf eval --results xccd-results.xml /usr/share/preupgrade/CENTOS6_6/all-xccdf.xml Good note on things that can help doing eval on oval oscap oval eval --results my-detailed-oval-results openscap-cpe-oval.xml Now not checked meant there was an SCE issue, which installation of preupgrade covers So need to file fedora/RHEL bugs to get centos openscap dict/oval support. The abstract part of openscap can lead to confusion. This should help. http://oval.mitre.org/language/version5.10.1/ovaldefinition/documentation/linux-definitions-schema.html For the example able checking version we changed to the right package centos-release and then we corrected version to show 6 [root@preup_centos_test ~]# rpm -qa --queryformat "%{version}" centos-release 6 In short openscap dict/oval needs to support CentOS Additional info:
Thanks for the report! However, it is not clear to me what exactly is requested. Am I right supposing that OpenSCAP internal CPE dict is requested to include CentOS CPE strings? Like: cpe:/o:centos:centos:6 cpe:/o:centos:centos:5 cpe:/o:centos:centos:4 ?
openscap.git e09f29496081a0525cda0b18299bccb9803baf76
Simon, yes to Comment #1, looks like we are in post now so all is good. Thx...Dave Btw, I think we needed something similar for Oracle I can't remember if I created a BZ for that, but I'll check on it soon.
Well, this is actually already released in Fedoras. Thanks for report.