RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1437106 - STIG RHV-H profile unreadable to oscap-anaconda-addon
Summary: STIG RHV-H profile unreadable to oscap-anaconda-addon
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: oscap-anaconda-addon
Version: 7.4
Hardware: All
OS: Linux
high
high
Target Milestone: beta
: ---
Assignee: Watson Yuuma Sato
QA Contact: Release Test Team
Jiri Herrmann
URL:
Whiteboard:
: 1477557 1492989 (view as bug list)
Depends On: 1433943 1437381
Blocks: 1392968
TreeView+ depends on / blocked
 
Reported: 2017-03-29 13:41 UTC by Vendula Poncova
Modified: 2020-12-14 08:26 UTC (History)
13 users (show)

Fixed In Version: oscap-anaconda-addon-0.8-1.el7
Doc Type: Known Issue
Doc Text:
The `STIG for Red Hat Virtualization Hypervisor` profile is not displayed in Anaconda The *oscap-anaconda-addon* module is currently not able to properly parse the `STIG for Red Hat Virtualization Hypervisor` security hardening profile. As a consequence, the profile's name is shown as `DISA STIG for Red Hat Enterprise Linux 7` or `United States Government Configuration Baseline (USGCB / STIG) - DRAFT` in the Anaconda interface selection. However, this is only a display problem, and you can safely use the `DISA STIG for Red Hat Enterprise Linux 7` profile instead of the `STIG for Red Hat Virtualization Hypervisor` profile.
Clone Of: 1433943
Environment:
Last Closed: 2018-04-10 18:53:44 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
anaconda.log with OSCAP.xccdf_profile_get_* results (20.00 KB, text/plain)
2017-05-04 09:59 UTC, Vendula Poncova
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1472419 0 medium CLOSED Rebase oscap-anaconda-addon to latest upstream version 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHBA-2018:1021 0 None None None 2018-04-10 18:54:45 UTC

Internal Links: 1472419

Description Vendula Poncova 2017-03-29 13:41:43 UTC
+++ This bug was initially created as a clone of Bug #1433943 +++

Description of problem:
There are warning messages printed in terminal when anaconda is starting:


Starting installer, one moment...
/usr/lib64/python2.7/site-packages/pyanaconda/nm.py:24: PyGIWarning: NetworkManager was imported without specifying a version first. Use gi.require_version('NetworkManager', '1.0') before import to ensure that the right version gets loaded.

  from gi.repository import NetworkManager
anaconda 21.48.22.102-1 for Red Hat Enterprise Linux 7.4 (pre-release) started.
 * installation log files are stored in /tmp during the installation
 * shell is available on TTY2
 * when reporting a bug add logs from /tmp as separate text/plain attachments
11:53:00 Starting VNC...
11:53:01 The VNC server is now running.
11:53:01 

WARNING!!! VNC server running with NO PASSWORD!
You can use the vncpassword=<password> boot option
if you would like to secure the server.


11:53:01 Please manually connect your vnc client to 192.168.122.208:1 to begin the install.
11:53:01 Attempting to start vncconfig


(anaconda:1347): Gtk-WARNING **: Theme parsing error: anaconda-gtk.css:187:38: The :insensitive pseudo-class is deprecated. Use :disabled instead.

(anaconda:1347): Gtk-WARNING **: Theme parsing error: anaconda-gtk.css:188:32: The :insensitive pseudo-class is deprecated. Use :disabled instead.

(anaconda:1347): Gtk-WARNING **: Theme parsing error: anaconda-gtk.css:189:33: The :insensitive pseudo-class is deprecated. Use :disabled instead.

(anaconda:1347): Gtk-WARNING **: Allocating size to pyanaconda+ui+gui+MainWindow 0x2ce42a0 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?

(anaconda:1347): Gtk-WARNING **: Allocating size to pyanaconda+ui+gui+MainWindow 0x2ce42a0 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?
...



More warning messages are present in /tmp/anaconda.log (see attached log file)


Version-Release number of selected component (if applicable):
RHEL-7.4-20170317.n.0
anaconda-21.48.22.102-1.el7

How reproducible:
always

Steps to Reproduce:
1. start graphical (vnc) installation
2. check messages on terminal and in anaconda.log

Actual results:
Warning messages:
* /usr/lib64/python2.7/site-packages/pyanaconda/nm.py:24: PyGIWarning: NetworkManager was imported without specifying a version first. Use gi.require_version('NetworkManager', '1.0') before import to ensure that the right version gets loaded.
* (anaconda:1347): Gtk-WARNING **: Theme parsing error: anaconda-gtk.css:187:38: The :insensitive pseudo-class is deprecated. Use :disabled instead.
* (anaconda:1347): Gtk-WARNING **: Allocating size to pyanaconda+ui+gui+MainWindow 0x2ce42a0 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?
* anaconda: /usr/lib/python2.7/site-packages/meh/ui/gui.py:23: PyGIWarning: Gtk was imported without specifying a version first. Use gi.require_version('Gtk', '3.0') before import to ensure that the right version gets loaded.
  from gi.repository import Gtk
...

Expected results:
no warning messages

--- Additional comment from Vendula Poncova on 2017-03-28 18:15:06 EDT ---

Fixed in a pull request: https://github.com/rhinstaller/anaconda/pull/1006

Comment 2 Vendula Poncova 2017-03-29 13:55:29 UTC
It looks like the gtk warning "Overriding tab label for notebook" is raised when oscap.glade is loaded. Also there is a missing upper bar. That could be probably fixed by setting the proper css name to the widget.

Comment 3 Vendula Poncova 2017-03-30 16:35:51 UTC
Fixed in a pull request: https://github.com/OpenSCAP/oscap-anaconda-addon/pull/20

Comment 4 Martin Preisler 2017-03-31 09:40:57 UTC
PR merged upstream.

Comment 6 Petr Janda 2017-05-02 07:42:27 UTC
Tested with anaconda 21.48.22.110-1

When entering OSCAP spoke

(anaconda:1474): Gtk-WARNING **: Failed to set text from markup due to error par
sing markup: Unknown tag 'html:br' on line 2 char 198

is shown multiple times. Can we get rid of it too?

Comment 7 Vendula Poncova 2017-05-04 09:56:31 UTC
The new warnings are caused by descriptions of profiles "STIG for Red Hat Enterprise Linux 7 ... ". The function OSCAP.xccdf_profile_get_description returns invalid descriptions with tags:

This is a *draft* profile for STIG. This profile is being developed under the DoD consensus model to become a STIG in coordination with DISA FSO.<html:br xmlns:html="http://www.w3.org/1999/xhtml"/><html:br xmlns:html="http://www.w3.org/1999/xhtml"/>...

The question is where the tags should be removed? In the description of the profile, in the function OSCAP.xccdf_profile_get_description or in the oscap addon? Only the last option requires a change in the oscap addon.

Comment 8 Vendula Poncova 2017-05-04 09:59:13 UTC
Created attachment 1276214 [details]
anaconda.log with OSCAP.xccdf_profile_get_* results

Comment 10 Watson Yuuma Sato 2017-06-13 16:02:11 UTC
Main goal of these tags is to make content easier for user to see. So I think that oscap addon should be able to understand it or work its way around it and still be able to present the content in nice way.

I have proposed a fix that strips the HTML tags and tries to present content in nice way to user https://github.com/OpenSCAP/oscap-anaconda-addon/pull/21.

Comment 15 Marek Haicman 2017-08-03 08:49:25 UTC
*** Bug 1477557 has been marked as a duplicate of this bug. ***

Comment 22 Marek Haicman 2018-01-04 15:57:10 UTC
*** Bug 1492989 has been marked as a duplicate of this bug. ***

Comment 25 errata-xmlrpc 2018-04-10 18:53:44 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1021


Note You need to log in before you can comment on or make changes to this bug.