1133963 – Rebase scap-security-guide in Red Hat Enterprise Linux 6 to current upstream version

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1133963 - Rebase scap-security-guide in Red Hat Enterprise Linux 6 to current upstream version

Summary: Rebase scap-security-guide in Red Hat Enterprise Linux 6 to current upstream ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	scap-security-guide
Sub Component:
Version:	6.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Jan Lieskovsky
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1153397 1159926 1160321
TreeView+	depends on / blocked

Reported:	2014-08-26 14:34 UTC by Jan Lieskovsky
Modified:	2015-07-22 06:45 UTC (History)
CC List:	12 users (show)
Fixed In Version:	scap-security-guide-0.1.21-3.el6
Doc Type:	Rebase: Bug Fixes and Enhancements
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-07-22 06:45:14 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:1334	0	normal	SHIPPED_LIVE	scap-security-guide bug fix and enhancement update	2015-07-20 17:53:01 UTC

Description Jan Lieskovsky 2014-08-26 14:34:53 UTC

Description of problem:

The development model of scap-security-guide project (happening at https://github.com/OpenSCAP/scap-security-guide) is pretty agile / prompt (in the sense the available SCAP content is evolving pretty quickly. For the purposes of statistics, based on previous experience, it's about 70 changes per release). The current version of scap-security-guide package in Red Hat Enterprise Linux 6 is based on upstream 0.1.18 version.

This bug is to track request of scap-security-guide RPM rebase to more recent (current upstream version) in upcoming releases of Red Hat Enterprise Linux 6.

Comment 1 Jan Lieskovsky 2014-10-10 10:04:42 UTC

scap-security-guide version 0.1.19 has been released 28-09-2014:
  https://lists.fedorahosted.org/pipermail/scap-security-guide/2014-September/006185.html

Selected short preview of key fixes:
* support for XCCDF substitution has been added:
  https://github.com/OpenSCAP/scap-security-guide/commit/593044aea20407ca2f191c00b193ca2dbc896dbf

* generated HTML guide now includes SSG logo:
  https://github.com/OpenSCAP/scap-security-guide/commit/69a68f15662343e5bd4bfe4a037d239eebe3a930

* umask supercompliance fixes:
  https://github.com/OpenSCAP/scap-security-guide/commit/f2718be96d1f53cc70f44a8d04ca8911ed10a655
  https://github.com/OpenSCAP/scap-security-guide/commit/4f7300083d2c676e18996e82f687901e2be08862
  https://github.com/OpenSCAP/scap-security-guide/commit/63d56b01ad22989d6e2eca2cb4e1336ccd521d0c
 https://github.com/OpenSCAP/scap-security-guide/commit/beea5f6c4e90b9be3fc8e6abbc02f287d645e66b
 https://github.com/OpenSCAP/scap-security-guide/commit/2cf5d8170a8b7474986db26acd4e49874ae57e71
 https://github.com/OpenSCAP/scap-security-guide/commit/7e91e2eb74ca0687ef26c4c2644618a9f55895db

* CPE fixes:
  https://github.com/OpenSCAP/scap-security-guide/commit/c79452fb56301b0f9aa8112cb0671603a29885c6

* multiple OVAL checks & remediations have been added
  (the patch list is too long to be enumerated here, search
   for 'added remediation' or 'new OVAL' in git log)

* many more stabilization fixes

Comment 2 Jan Lieskovsky 2014-10-10 10:06:15 UTC

Headlines of (upcoming) 0.1.20 features:
* RHEL-6 USGCB kickstart support,
* stabilization of RHEL-6 USGCB OVAL checks & remediations

Comment 4 Shawn Wells 2014-11-04 15:30:29 UTC

To prepare for a RHEL 6.7 rebase, when should upstream have their code freeze? 

Thanks!
Shawn

Comment 5 Jan Lieskovsky 2014-11-11 14:13:45 UTC

(In reply to Shawn Wells from comment #4)
> To prepare for a RHEL 6.7 rebase, when should upstream have their code
> freeze? 
> 
> Thanks!
> Shawn

From SSG upstream PoV there are two main features, that should go into future / next SSG releases:
* USGCB kickstart support for Red Hat Enterprise Linux 6, and
* JBossEAP 5 content support.

Given the USGCB kickstart support is ~month away from completion, let's consider it will be implemented by the end of this year (time reserve due to end year holidays). Counting ~1,5 months for the second feature, we are in the middle of February. So let's round the date(s) as follows:
* 0.1.20 upstream release by end of this year,
* 0.1.21 at 20-th February of 2015 (the date to be easily memorable).

Comment 25 Stephan Dühr 2015-07-15 08:27:09 UTC

The RHEL 6.7 beta Package scap-security-guide-0.1.21-2.el6.noarch.rpm still has a dependency on openscap-utils, but it should depend on openscap-scanner as RHEL 6.7 beta now has a separate openscap-scanner package. Dependending on openscap-utils leads to installation of eg. rpm-build, rpmdevtools, gdb.

Comment 26 Jan Lieskovsky 2015-07-15 11:31:19 UTC

(In reply to Stephan Dühr from comment #25)
> The RHEL 6.7 beta Package scap-security-guide-0.1.21-2.el6.noarch.rpm still
> has a dependency on openscap-utils, but it should depend on openscap-scanner
> as RHEL 6.7 beta now has a separate openscap-scanner package. Dependending
> on openscap-utils leads to installation of eg. rpm-build, rpmdevtools, gdb.

Thank you for your report, Stephan. I have filed:
  https://bugzilla.redhat.com/show_bug.cgi?id=1243396

bug to track the request scap-security-guide RPM instead of openscap-utils to (R / BR) depend the lightweight openscap-scanner package.

Comment 28 errata-xmlrpc 2015-07-22 06:45:14 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1334.html

Note You need to log in before you can comment on or make changes to this bug.