2129008 – content-type = rpm causes There was an unexpected problem with the supplied content

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2129008 - content-type = rpm causes There was an unexpected problem with the supplied content

Summary: content-type = rpm causes There was an unexpected problem with the supplied c...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	oscap-anaconda-addon
Sub Component:
Version:	8.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Matěj Týč
QA Contact:	Release Test Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2129846
TreeView+	depends on / blocked

Reported:	2022-09-22 09:31 UTC by Jan Pazdziora
Modified:	2023-05-16 09:55 UTC (History)
CC List:	6 users (show)
Fixed In Version:	oscap-anaconda-addon-1.2.1-10.el8
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Clones:	2129846 (view as bug list)
Environment:
Last Closed:	2023-05-16 08:36:35 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-134670	None	None	None	2022-09-22 10:05:48 UTC
Red Hat Issue Tracker	RTT-4932	None	None	None	2022-10-19 16:44:03 UTC
Red Hat Issue Tracker	RTT-4933	None	None	None	2022-10-19 16:44:08 UTC
Red Hat Product Errata	RHBA-2023:2828	None	None	None	2023-05-16 08:36:42 UTC

Description Jan Pazdziora 2022-09-22 09:31:17 UTC

Description of problem:

Running RHEL 8.5 provisioning with

%addon org_fedora_oscap
  content-type = rpm
  content-url = "http://server/path/scap-security-guide-0.1.54-5.el8.noarch.rpm"
  content-path = usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
  profile = ospp
%end

stops with

Setting up org_fedora_oscap addon

================================================================================      
================================================================================      

Question      
      There was an unexpected problem with the supplied content.
      The installation should be aborted. Do you wish to continue anyway?
Please respond 'yes' or 'no':

That indicates that the addon did not try to correctly process the profile because if it did, it would stop with

Question      
Wrong configuration detected!      
/var/log/audit must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
/home must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
/var/log must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
/var must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
/var/tmp must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
/tmp must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
     
The installation should be aborted. Do you wish to continue anyway?
Please respond 'yes' or 'no': 

like it did on RHEL 8.4 (see bug 2129001).

Version-Release number of selected component (if applicable):

I believe the RHEL 8.5 GA installation media has oscap-anaconda-addon-1.2.1.-4.el8

How reproducible:

Deterministic.

Steps to Reproduce:
1. Have a minimal RHEL 8.5 kickstart, test that it correctly provisions the system.
2. Add

%addon org_fedora_oscap
  content-type = rpm
  content-url = "http://server/path/scap-security-guide-0.1.54-5.el8.noarch.rpm"
  content-path = usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
  profile = ospp
%end

to the kickstart, provision.

Actual results:

Setting up org_fedora_oscap addon

================================================================================      
================================================================================      

Question      
      There was an unexpected problem with the supplied content.
      The installation should be aborted. Do you wish to continue anyway?
Please respond 'yes' or 'no':

Expected results:

Setting up org_fedora_oscap addon      
      
================================================================================       
================================================================================       

Question      
Wrong configuration detected!      
/var/log/audit must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
/home must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
/var/log must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
/var must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
/var/tmp must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
/tmp must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
     
The installation should be aborted. Do you wish to continue anyway?
Please respond 'yes' or 'no': 

Additional info:

This is a regression against RHEL 8.4 with (I believe) oscap-anaconda-addon-1.1.1-7.el8.

Note that we use the RHEL 8.4 scap-security-guide 0.1.54-5.el8 here specifically to minimize the difference against the RHEL 8.4 case.

Comment 7 Matěj Týč 2022-09-26 12:42:58 UTC

This issue is a regression of the addon:

- The addon started to auto-detect filetypes of files in archives (and RPMs), and
- doesn't take the content-path into the account in connection with this autodetection,

and as a result it becomes confused by multiple datastreams being available in RHEL8 or RHEL7 RPMs.
This issue is still valid in RHEL8.7 and in RHEL9.1.

A workaround in form of extracting the datastream and using that one is valid, and another workaround could be to produce "thin RPMs" by only having content for one product present, in this case that would be RHEL8.

Comment 10 Matěj Týč 2022-11-10 15:45:36 UTC

Fixed by https://github.com/OpenSCAP/oscap-anaconda-addon/pull/220

Comment 11 Matěj Týč 2022-11-16 13:02:58 UTC

The referenced PR introduced a regression.

Comment 12 Matěj Týč 2022-11-16 13:04:28 UTC

https://github.com/rhinstaller/kickstart-tests/issues/827

Comment 18 Jan Stodola 2022-12-05 12:20:06 UTC

Checked that oscap-anaconda-addon-1.2.1-10.el8 is in nightly compose RHEL-8.8.0-20221204.2

Moving to VERIFIED

Comment 21 errata-xmlrpc 2023-05-16 08:36:35 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (oscap-anaconda-addon bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2828

Note You need to log in before you can comment on or make changes to this bug.