(In reply to Satoru SATOH from comment #0)
> Created attachment 1140806 [details]
> Patch to utilize the local cached Oval XML file if exists in /var/tmp
> 
> Description of problem:
> rhcert-backend will try to fetch OVAL XML file from RH site when to run
> SCAP Oval test during certification process. But sometimes (acutally,
Hello Satoru,

> very often) it's not possible to access the RH site directly from
> certification target hosts in cloud environment, and then test fails.
> 
> The attached patch makes rhcert-backend tyring to utilize the OVAL XML file
> fetched previously, maybe in another host can connect to the RH site.
> 

Thanks for submitting the patch. I will take a look.

This issue is already fixed in redhat-certification-commons-1.2-1.el7 which is released through errata https://errata.devel.redhat.com/advisory/22724 and the workaround for the same is updated in the CCSP user guide (How to run OVAL tests in offline environment): https://access.redhat.com/articles/2058543#InstalltheRequiredSoftwarePackages under step 4.

Here is the workaround:
$ cd /var/tmp
$ wget https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2 (For a RHEL 7 image)

We will update the version of redhat-certification-commons in the CCSP user-guide doc,
Feedbacks are welcome to improve the workaround for the same.

Thanks,

Chandan Kumar

Excuse me, I should check the latest but not. Thanks you for letting me know about it.

However, the logic of the latest code in that RPM looks very strange for me:

   def oval_guide(self):
        """
        Latest OVAL data to run test against

        If connected to the internet, download latest OVAL XML file.
        If not connected, check if user has manually made the file available
        at /var/tmp/
        If not, override core() to fail.
        """
        el = int(float(platform.dist()[1]))
        try:
            path = self.download_oval_guide(el)  # First, try to fetch anyway
        except:  # (pep8 violation, bare except)
            url = URL % el
            filename = os.path.basename(urllib2.urlparse.urlsplit(url).path)
            path = os.path.join(TMP, filename)  # If the above try failes local path will be returned.
        if os.path.exists(path):
            return path


It should check the local cache first like my patch anyway to avoid to
download the file more than twice even if it can connect to the RH site
instead of the try, I think.

Hello Satoru,

(In reply to Satoru SATOH from comment #2)
> Excuse me, I should check the latest but not. Thanks you for letting me know
> about it.
> 
> However, the logic of the latest code in that RPM looks very strange for me:
> 
>    def oval_guide(self):
>         """
>         Latest OVAL data to run test against
> 
>         If connected to the internet, download latest OVAL XML file.
>         If not connected, check if user has manually made the file available
>         at /var/tmp/
>         If not, override core() to fail.
>         """
>         el = int(float(platform.dist()[1]))
>         try:
>             path = self.download_oval_guide(el)  # First, try to fetch anyway
>         except:  # (pep8 violation, bare except)
>             url = URL % el
>             filename = os.path.basename(urllib2.urlparse.urlsplit(url).path)
>             path = os.path.join(TMP, filename)  # If the above try failes
> local path will be returned.
>         if os.path.exists(path):
>             return path
> 
> 
> It should check the local cache first like my patch anyway to avoid to
> download the file more than twice even if it can connect to the RH site
> instead of the try, I think.

I will apply the patch, and let you know and will ship in the next release of redhat-certification-commons-1.3.

Thanks,

Chandan Kumar