Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 1437106 - STIG RHV-H profile unreadable to oscap-anaconda-addon
STIG RHV-H profile unreadable to oscap-anaconda-addon
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: oscap-anaconda-addon (Show other bugs)
7.4
All Linux
high Severity high
: beta
: ---
Assigned To: Watson Yuuma Sato
Release Test Team
Jiri Herrmann
:
: 1477557 1492989 (view as bug list)
Depends On: 1437381 1433943
Blocks: 1392968
  Show dependency treegraph
 
Reported: 2017-03-29 09:41 EDT by Vendula Poncova
Modified: 2018-04-10 14:54 EDT (History)
13 users (show)

See Also:
Fixed In Version: oscap-anaconda-addon-0.8-1.el7
Doc Type: Known Issue
Doc Text:
The `STIG for Red Hat Virtualization Hypervisor` profile is not displayed in Anaconda The *oscap-anaconda-addon* module is currently not able to properly parse the `STIG for Red Hat Virtualization Hypervisor` security hardening profile. As a consequence, the profile's name is shown as `DISA STIG for Red Hat Enterprise Linux 7` or `United States Government Configuration Baseline (USGCB / STIG) - DRAFT` in the Anaconda interface selection. However, this is only a display problem, and you can safely use the `DISA STIG for Red Hat Enterprise Linux 7` profile instead of the `STIG for Red Hat Virtualization Hypervisor` profile.
Story Points: ---
Clone Of: 1433943
Environment:
Last Closed: 2018-04-10 14:53:44 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
anaconda.log with OSCAP.xccdf_profile_get_* results (20.00 KB, text/plain)
2017-05-04 05:59 EDT, Vendula Poncova
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:1021 None None None 2018-04-10 14:54 EDT

  None (edit)
Description Vendula Poncova 2017-03-29 09:41:43 EDT
+++ This bug was initially created as a clone of Bug #1433943 +++

Description of problem:
There are warning messages printed in terminal when anaconda is starting:


Starting installer, one moment...
/usr/lib64/python2.7/site-packages/pyanaconda/nm.py:24: PyGIWarning: NetworkManager was imported without specifying a version first. Use gi.require_version('NetworkManager', '1.0') before import to ensure that the right version gets loaded.

  from gi.repository import NetworkManager
anaconda 21.48.22.102-1 for Red Hat Enterprise Linux 7.4 (pre-release) started.
 * installation log files are stored in /tmp during the installation
 * shell is available on TTY2
 * when reporting a bug add logs from /tmp as separate text/plain attachments
11:53:00 Starting VNC...
11:53:01 The VNC server is now running.
11:53:01 

WARNING!!! VNC server running with NO PASSWORD!
You can use the vncpassword=<password> boot option
if you would like to secure the server.


11:53:01 Please manually connect your vnc client to 192.168.122.208:1 to begin the install.
11:53:01 Attempting to start vncconfig


(anaconda:1347): Gtk-WARNING **: Theme parsing error: anaconda-gtk.css:187:38: The :insensitive pseudo-class is deprecated. Use :disabled instead.

(anaconda:1347): Gtk-WARNING **: Theme parsing error: anaconda-gtk.css:188:32: The :insensitive pseudo-class is deprecated. Use :disabled instead.

(anaconda:1347): Gtk-WARNING **: Theme parsing error: anaconda-gtk.css:189:33: The :insensitive pseudo-class is deprecated. Use :disabled instead.

(anaconda:1347): Gtk-WARNING **: Allocating size to pyanaconda+ui+gui+MainWindow 0x2ce42a0 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?

(anaconda:1347): Gtk-WARNING **: Allocating size to pyanaconda+ui+gui+MainWindow 0x2ce42a0 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?
...



More warning messages are present in /tmp/anaconda.log (see attached log file)


Version-Release number of selected component (if applicable):
RHEL-7.4-20170317.n.0
anaconda-21.48.22.102-1.el7

How reproducible:
always

Steps to Reproduce:
1. start graphical (vnc) installation
2. check messages on terminal and in anaconda.log

Actual results:
Warning messages:
* /usr/lib64/python2.7/site-packages/pyanaconda/nm.py:24: PyGIWarning: NetworkManager was imported without specifying a version first. Use gi.require_version('NetworkManager', '1.0') before import to ensure that the right version gets loaded.
* (anaconda:1347): Gtk-WARNING **: Theme parsing error: anaconda-gtk.css:187:38: The :insensitive pseudo-class is deprecated. Use :disabled instead.
* (anaconda:1347): Gtk-WARNING **: Allocating size to pyanaconda+ui+gui+MainWindow 0x2ce42a0 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?
* anaconda: /usr/lib/python2.7/site-packages/meh/ui/gui.py:23: PyGIWarning: Gtk was imported without specifying a version first. Use gi.require_version('Gtk', '3.0') before import to ensure that the right version gets loaded.
  from gi.repository import Gtk
...

Expected results:
no warning messages

--- Additional comment from Vendula Poncova on 2017-03-28 18:15:06 EDT ---

Fixed in a pull request: https://github.com/rhinstaller/anaconda/pull/1006
Comment 2 Vendula Poncova 2017-03-29 09:55:29 EDT
It looks like the gtk warning "Overriding tab label for notebook" is raised when oscap.glade is loaded. Also there is a missing upper bar. That could be probably fixed by setting the proper css name to the widget.
Comment 3 Vendula Poncova 2017-03-30 12:35:51 EDT
Fixed in a pull request: https://github.com/OpenSCAP/oscap-anaconda-addon/pull/20
Comment 4 Martin Preisler 2017-03-31 05:40:57 EDT
PR merged upstream.
Comment 6 Petr Janda 2017-05-02 03:42:27 EDT
Tested with anaconda 21.48.22.110-1

When entering OSCAP spoke

(anaconda:1474): Gtk-WARNING **: Failed to set text from markup due to error par
sing markup: Unknown tag 'html:br' on line 2 char 198

is shown multiple times. Can we get rid of it too?
Comment 7 Vendula Poncova 2017-05-04 05:56:31 EDT
The new warnings are caused by descriptions of profiles "STIG for Red Hat Enterprise Linux 7 ... ". The function OSCAP.xccdf_profile_get_description returns invalid descriptions with tags:

This is a *draft* profile for STIG. This profile is being developed under the DoD consensus model to become a STIG in coordination with DISA FSO.<html:br xmlns:html="http://www.w3.org/1999/xhtml"/><html:br xmlns:html="http://www.w3.org/1999/xhtml"/>...

The question is where the tags should be removed? In the description of the profile, in the function OSCAP.xccdf_profile_get_description or in the oscap addon? Only the last option requires a change in the oscap addon.
Comment 8 Vendula Poncova 2017-05-04 05:59 EDT
Created attachment 1276214 [details]
anaconda.log with OSCAP.xccdf_profile_get_* results
Comment 10 Watson Yuuma Sato 2017-06-13 12:02:11 EDT
Main goal of these tags is to make content easier for user to see. So I think that oscap addon should be able to understand it or work its way around it and still be able to present the content in nice way.

I have proposed a fix that strips the HTML tags and tries to present content in nice way to user https://github.com/OpenSCAP/oscap-anaconda-addon/pull/21.
Comment 15 Marek Haicman 2017-08-03 04:49:25 EDT
*** Bug 1477557 has been marked as a duplicate of this bug. ***
Comment 22 Marek Haicman 2018-01-04 10:57:10 EST
*** Bug 1492989 has been marked as a duplicate of this bug. ***
Comment 25 errata-xmlrpc 2018-04-10 14:53:44 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1021

Note You need to log in before you can comment on or make changes to this bug.