Bug 1437106 - STIG RHV-H profile unreadable to oscap-anaconda-addon
Summary: STIG RHV-H profile unreadable to oscap-anaconda-addon
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: oscap-anaconda-addon
Version: 7.4
Hardware: All
OS: Linux
high
high
Target Milestone: beta
: ---
Assignee: Watson Yuuma Sato
QA Contact: Release Test Team
Jiri Herrmann
URL:
Whiteboard:
: 1477557 1492989 (view as bug list)
Depends On: 1437381 1433943
Blocks: 1392968
TreeView+ depends on / blocked
 
Reported: 2017-03-29 13:41 UTC by Vendula Poncova
Modified: 2018-04-10 18:54 UTC (History)
13 users (show)

Fixed In Version: oscap-anaconda-addon-0.8-1.el7
Doc Type: Known Issue
Doc Text:
The `STIG for Red Hat Virtualization Hypervisor` profile is not displayed in Anaconda The *oscap-anaconda-addon* module is currently not able to properly parse the `STIG for Red Hat Virtualization Hypervisor` security hardening profile. As a consequence, the profile's name is shown as `DISA STIG for Red Hat Enterprise Linux 7` or `United States Government Configuration Baseline (USGCB / STIG) - DRAFT` in the Anaconda interface selection. However, this is only a display problem, and you can safely use the `DISA STIG for Red Hat Enterprise Linux 7` profile instead of the `STIG for Red Hat Virtualization Hypervisor` profile.
Clone Of: 1433943
Environment:
Last Closed: 2018-04-10 18:53:44 UTC
Target Upstream Version:


Attachments (Terms of Use)
anaconda.log with OSCAP.xccdf_profile_get_* results (20.00 KB, text/plain)
2017-05-04 09:59 UTC, Vendula Poncova
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1472419 medium CLOSED Rebase oscap-anaconda-addon to latest upstream version 2020-10-14 00:28:05 UTC
Red Hat Product Errata RHBA-2018:1021 None None None 2018-04-10 18:54:45 UTC

Internal Links: 1472419

Description Vendula Poncova 2017-03-29 13:41:43 UTC
+++ This bug was initially created as a clone of Bug #1433943 +++

Description of problem:
There are warning messages printed in terminal when anaconda is starting:


Starting installer, one moment...
/usr/lib64/python2.7/site-packages/pyanaconda/nm.py:24: PyGIWarning: NetworkManager was imported without specifying a version first. Use gi.require_version('NetworkManager', '1.0') before import to ensure that the right version gets loaded.

  from gi.repository import NetworkManager
anaconda 21.48.22.102-1 for Red Hat Enterprise Linux 7.4 (pre-release) started.
 * installation log files are stored in /tmp during the installation
 * shell is available on TTY2
 * when reporting a bug add logs from /tmp as separate text/plain attachments
11:53:00 Starting VNC...
11:53:01 The VNC server is now running.
11:53:01 

WARNING!!! VNC server running with NO PASSWORD!
You can use the vncpassword=<password> boot option
if you would like to secure the server.


11:53:01 Please manually connect your vnc client to 192.168.122.208:1 to begin the install.
11:53:01 Attempting to start vncconfig


(anaconda:1347): Gtk-WARNING **: Theme parsing error: anaconda-gtk.css:187:38: The :insensitive pseudo-class is deprecated. Use :disabled instead.

(anaconda:1347): Gtk-WARNING **: Theme parsing error: anaconda-gtk.css:188:32: The :insensitive pseudo-class is deprecated. Use :disabled instead.

(anaconda:1347): Gtk-WARNING **: Theme parsing error: anaconda-gtk.css:189:33: The :insensitive pseudo-class is deprecated. Use :disabled instead.

(anaconda:1347): Gtk-WARNING **: Allocating size to pyanaconda+ui+gui+MainWindow 0x2ce42a0 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?

(anaconda:1347): Gtk-WARNING **: Allocating size to pyanaconda+ui+gui+MainWindow 0x2ce42a0 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?
...



More warning messages are present in /tmp/anaconda.log (see attached log file)


Version-Release number of selected component (if applicable):
RHEL-7.4-20170317.n.0
anaconda-21.48.22.102-1.el7

How reproducible:
always

Steps to Reproduce:
1. start graphical (vnc) installation
2. check messages on terminal and in anaconda.log

Actual results:
Warning messages:
* /usr/lib64/python2.7/site-packages/pyanaconda/nm.py:24: PyGIWarning: NetworkManager was imported without specifying a version first. Use gi.require_version('NetworkManager', '1.0') before import to ensure that the right version gets loaded.
* (anaconda:1347): Gtk-WARNING **: Theme parsing error: anaconda-gtk.css:187:38: The :insensitive pseudo-class is deprecated. Use :disabled instead.
* (anaconda:1347): Gtk-WARNING **: Allocating size to pyanaconda+ui+gui+MainWindow 0x2ce42a0 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?
* anaconda: /usr/lib/python2.7/site-packages/meh/ui/gui.py:23: PyGIWarning: Gtk was imported without specifying a version first. Use gi.require_version('Gtk', '3.0') before import to ensure that the right version gets loaded.
  from gi.repository import Gtk
...

Expected results:
no warning messages

--- Additional comment from Vendula Poncova on 2017-03-28 18:15:06 EDT ---

Fixed in a pull request: https://github.com/rhinstaller/anaconda/pull/1006

Comment 2 Vendula Poncova 2017-03-29 13:55:29 UTC
It looks like the gtk warning "Overriding tab label for notebook" is raised when oscap.glade is loaded. Also there is a missing upper bar. That could be probably fixed by setting the proper css name to the widget.

Comment 3 Vendula Poncova 2017-03-30 16:35:51 UTC
Fixed in a pull request: https://github.com/OpenSCAP/oscap-anaconda-addon/pull/20

Comment 4 Martin Preisler 2017-03-31 09:40:57 UTC
PR merged upstream.

Comment 6 Petr Janda 2017-05-02 07:42:27 UTC
Tested with anaconda 21.48.22.110-1

When entering OSCAP spoke

(anaconda:1474): Gtk-WARNING **: Failed to set text from markup due to error par
sing markup: Unknown tag 'html:br' on line 2 char 198

is shown multiple times. Can we get rid of it too?

Comment 7 Vendula Poncova 2017-05-04 09:56:31 UTC
The new warnings are caused by descriptions of profiles "STIG for Red Hat Enterprise Linux 7 ... ". The function OSCAP.xccdf_profile_get_description returns invalid descriptions with tags:

This is a *draft* profile for STIG. This profile is being developed under the DoD consensus model to become a STIG in coordination with DISA FSO.<html:br xmlns:html="http://www.w3.org/1999/xhtml"/><html:br xmlns:html="http://www.w3.org/1999/xhtml"/>...

The question is where the tags should be removed? In the description of the profile, in the function OSCAP.xccdf_profile_get_description or in the oscap addon? Only the last option requires a change in the oscap addon.

Comment 8 Vendula Poncova 2017-05-04 09:59:13 UTC
Created attachment 1276214 [details]
anaconda.log with OSCAP.xccdf_profile_get_* results

Comment 10 Watson Yuuma Sato 2017-06-13 16:02:11 UTC
Main goal of these tags is to make content easier for user to see. So I think that oscap addon should be able to understand it or work its way around it and still be able to present the content in nice way.

I have proposed a fix that strips the HTML tags and tries to present content in nice way to user https://github.com/OpenSCAP/oscap-anaconda-addon/pull/21.

Comment 15 Marek Haicman 2017-08-03 08:49:25 UTC
*** Bug 1477557 has been marked as a duplicate of this bug. ***

Comment 22 Marek Haicman 2018-01-04 15:57:10 UTC
*** Bug 1492989 has been marked as a duplicate of this bug. ***

Comment 25 errata-xmlrpc 2018-04-10 18:53:44 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1021


Note You need to log in before you can comment on or make changes to this bug.