Description of problem:
On 2026-03-11 the daily productization run failed on rule ensure_redhat_gpgkey_installed in some image-builder and kickstart tests on RHEL 10.2 with CIS profile. Specifically:
- /hardening/image-builder/cis
- /hardening/image-builder/cis_workstation_l2
- /hardening/image-builder/uefi/cis
- /hardening/image-builder/uefi/cis_workstation_l2
- /hardening/kickstart/cis
- /hardening/kickstart/cis_workstation_l2
SCAP Security Guide Version:
current upstream master branch as of 2026-03-11 as of HEAD 66e0c73
Operating System Version:
RHEL-10.2-20260309.2
Steps to Reproduce:
- run the Contest tests listed above
Actual Results:
ensure_redhat_gpgkey_installed fail
Expected Results:
ensure_redhat_gpgkey_installed pass
Additional Information/Debugging Steps:
In these tests we can see that there is a kickstart that manipulates with GPG keys in the %post phase.
Many /hardening/image-builder and /hardening/kickstart tests with other profiles also contain this rule but they passed. That suggests the issue might be specific to CIS profile only.
Description of problem:
On 2026-03-11 the daily productization run failed on rule
ensure_redhat_gpgkey_installedin some image-builder and kickstart tests on RHEL 10.2 with CIS profile. Specifically:SCAP Security Guide Version:
current upstream master branch as of 2026-03-11 as of HEAD 66e0c73
Operating System Version:
RHEL-10.2-20260309.2
Steps to Reproduce:
Actual Results:
ensure_redhat_gpgkey_installed fail
Expected Results:
ensure_redhat_gpgkey_installed pass
Additional Information/Debugging Steps:
In these tests we can see that there is a kickstart that manipulates with GPG keys in the
%postphase.Many
/hardening/image-builderand/hardening/kickstarttests with other profiles also contain this rule but they passed. That suggests the issue might be specific to CIS profile only.