Created attachment 1670742 [details] security policy page Description of problem: No SCAP security guide on Anaconda security policy page. The content under /usr/share/xml/scap/ssg/content is : [anaconda root@dell-per740-28 content]# ls -al total 27853 drwxr-xr-x. 2 root root 1024 Mar 12 10:07 . drwxr-xr-x. 3 root root 1024 Nov 29 16:30 .. -rw-r--r--. 1 root root 28519118 Nov 29 16:29 ssg-rhel7-ds.xml lrwxrwxrwx. 1 root root 49 Mar 12 10:01 ssg-rhvh4-ds.xml -> /usr/share/xml/scap/ssg/content//ssg-rhel7-ds.xml Version-Release number of selected component (if applicable): RHVH-ISO-4.3-RHEL-7-20200312.1-RHVH-x86_64-dvd1.iso How reproducible: 100% Steps to Reproduce: 1. Install RHVH-ISO-4.3-RHEL-7-20200312.1-RHVH-x86_64-dvd1.iso, open SECURITY POLICY page on Anaconda Actual results: There is no SCAP security guide. Expected results: SCAP security guide should be present when the security policy page is opened. Additional info:
No such issue on previous build RHVH-4.3-RHEL-7-20200218.2-RHVH-x86_64-dvd1.iso.
Install RHVH-ISO-4.3-RHEL-7-20200318.1-RHVH-x86_64-dvd1.iso, 1. In /usr/share/anaconda/addons/org_fedora_oscap/common.py: SSG_DIR = "/usr/share/xml/scap/ssg/content/" SSG_CONTENT = "ssg-rhel7-ds.xml" if constants.shortProductName != 'anaconda': if constants.shortProductName == 'fedora': SSG_CONTENT = "ssg-fedora-ds.xml" else: SSG_CONTENT = "ssg-%s%s-ds.xml" % (constants.shortProductName, constants.productVersion.strip(".")[0]) 2. Check constants.shortProductName and constants.productVersion: [anaconda root@dell-per740-28 org_fedora_oscap]# python Python 2.7.5 (default, Sep 26 2019, 13:23:47) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> from pyanaconda import constants >>> print constants.shortProductName rhvh-iso >>> print constants.productVersion 4.3 As you can see, SSG_CONTENT should be ssg-rhvh-iso4-ds.xml. 3. Check actual ssg content: [anaconda root@dell-per740-28 content]# ls -al total 27854 drwxr-xr-x. 2 root root 1024 Mar 22 10:26 . drwxr-xr-x. 3 root root 1024 Nov 29 16:30 .. -rw-r--r--. 1 root root 28519118 Nov 29 16:29 ssg-rhel7-ds.xml lrwxrwxrwx. 1 root root 49 Mar 18 16:59 ssg-rhvh4-ds.xml -> /usr/share/xml/scap/ssg/content//ssg-rhel7-ds.xml The actual ssg content file is ssg-rhvh4-ds.xml 4. Add required ssg-rhvh-iso4-ds.xml in /usr/share/xml/scap/ssg/content: [anaconda root@dell-per740-28 content]# ls -al total 27854 drwxr-xr-x. 2 root root 1024 Mar 22 10:30 . drwxr-xr-x. 3 root root 1024 Nov 29 16:30 .. -rw-r--r--. 1 root root 28519118 Nov 29 16:29 ssg-rhel7-ds.xml lrwxrwxrwx. 1 root root 49 Mar 22 10:30 ssg-rhvh-iso4-ds.xml -> /usr/share/xml/scap/ssg/content//ssg-rhel7-ds.xml lrwxrwxrwx. 1 root root 49 Mar 18 16:59 ssg-rhvh4-ds.xml -> /usr/share/xml/scap/ssg/content//ssg-rhel7-ds.xml scap security guide appears on Anaconda. What's more, if install an unsigned iso, like RHVH-UNSIGNED-ISO-4.3-RHEL-7-20200227.0-RHVH-x86_64-dvd1.iso, the shortProductName will be rhvh-unsigned-iso, see: [anaconda root@dell-per740-28 ~]# python Python 2.7.5 (default, Sep 26 2019, 13:23:47) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> from pyanaconda import constants >>> print constants.shortProductName rhvh-unsigned-iso Then the needed ssg content file name will be ssg-rhvh-unsigned-iso4-ds.xml. I think it's better to keep the product name to be rhvh, but not rhvh-iso or rhvh-unsigned-iso.
Tested RHVH-4.3-20200324.2-RHVH-x86_64-dvd1.iso, scap security guide can be displayed on Anaconda UI. The bug is fixed, move to VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1310