Remove Support for OVAL 5.10 #9604
Conversation
Since we no longer build OVAL 5.10 we will not pass SCAP 1.2.
Mab879
added
Infrastructure
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
...x_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/oval/shared.xml
Show resolved
Hide resolved
|
It looks like that the datastream diff failed in this PR - there was a change in the OVAL. Any ideas what happened? |
|
The systemd-related test will fail in Automatus, because the container environment doesn't work well with this systemd-related rule. |
|
One more thing - the |
|
What about these occurrences of 5.10 in the project? Do we need to remove them? Similarly for |
It might be a good idea and I will remove those references.
The build system will automatically add it. |
CMakeLists.txt
Outdated
| @@ -145,11 +145,12 @@ cmake_dependent_option(ENABLE_PYTHON_COVERAGE "Enable Python tests with coverage | |||
| find_package(OpenSCAP REQUIRED) | |||
|
|
|||
| if (SSG_TARGET_OVAL_MAJOR_VERSION EQUAL "5" AND SSG_TARGET_OVAL_VERSION_MINOR EQUAL "11" AND NOT "${OSCAP_V_OUTPUT}" MATCHES "OVAL Version: 5.11") | |||
| message(FATAL_ERROR "Your version of OpenSCAP does not support OVAL 5.11, please switch the OVAL target version to 5.10 or lower. $ cmake -DSSG_TARGET_OVAL_MINOR_VERSION=10 ../") | |||
| message(FATAL_ERROR "Your version of OpenSCAP does not support OVAL 5.11, please upgrade to a newer version of OpenSCAP.") | |||
There was a problem hiding this comment.
Maybe we can go even further and remove this check, because the "OVAL Version: 5.11" has been introduced in OpenSCAP 1.2.2 so the error happens on RHEL 7.1 and older and I don't think anybody uses these old systems for content development.
There was a problem hiding this comment.
It seems reasonable to me. Some basic research shows that OpenSCAP 1.2.2+ is in Fedora, RHEL, Ubuntu, Debian, and OpenSUSE.
| @@ -85,7 +85,7 @@ print_help() | |||
| printf '%s\n' "Wipes out contents of the 'build' directory and builds only and only the given products." | |||
| printf 'Usage: %s [-o|--oval <VERSION>] [-b|--builder <BUILDER>] [-j|--jobs <arg>] [--(no-)debug] [--(no-)derivatives] [--(no-)ansible-playbooks] [--(no-)bash-scripts] [-d|--(no-)datastream-only] [-p|--(no-)profiling] [-h|--help] [<product-1>] ... [<product-n>] ...\n' "$0" | |||
| printf '\t%s\n' "<product>: Products to build, ALL means all products (defaults for <product>: 'ALL')" | |||
| printf '\t%s\n' "-o, --oval: OVAL version. Can be one of: '5.10', '5.11' and 'auto' (default: 'auto')" | |||
| printf '\t%s\n' "-o, --oval: OVAL version. Can be one of: '5.11' or 'auto' (default: 'auto')" | |||
There was a problem hiding this comment.
Does it make sense to keep the option here when it basically has no effect?
There was a problem hiding this comment.
Main reason I kept was for backword compability you still set 5.11 if you want to. If we don't see this as a valid reason and don't see OVAL 5.12 coming out, we may want to remove this.
|
Code Climate has analyzed commit b165f2d and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 0.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 40.8% (0.0% change). View more on Code Climate. |
|
@Mab879: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Description:
This PR removes OVAL 5.10 support from the project.
Rationale:
Implements #9451