Always use /var/lib/rpm as rpm dbpath #1956
Conversation
|
This issue was initially identified and attempted to be fixed in b0d013a by @matusmarhefka |
|
Thanks for the PR! It looks great, but unfortunately, the tests are failing. I'm trying to investigate the fails and I will let you know once I will have any results. |
|
@candrews I have found it. You need to put the same |
|
Phenomenal! I've updated this MR with that change; I'm eagerly awaiting the "all tests pass" result 👍 |
|
@jan-cerny everything looks good now - shall this be merged? 🤞 |
|
@candrews Thank you! We are almost there! The last failing CI job is the Ubuntu job where unfortunately we use some RPM related content for testing the generic data stream processing and the changes in this PR uncovered this. Ideally, we should make the failing tests distribution-agnostic. For this moment we can simply skip these tests on systems where RPM isn't installed. I was able to skip them and make it green on Ubuntu by this change: diff --git a/tests/DS/test_ds_misc.sh b/tests/DS/test_ds_misc.sh
index 4d3b1ec55..8f2b6cb96 100755
--- a/tests/DS/test_ds_misc.sh
+++ b/tests/DS/test_ds_misc.sh
@@ -77,6 +77,7 @@ sds_add_multiple_twice(){
function test_eval {
probecheck "rpminfo" || return 255
+ [ -e "/var/lib/rpm" ] || return 255
local stderr=$(mktemp -t ${name}.out.XXXXXX)
$OSCAP xccdf eval "${srcdir}/$1" 2> $stderr
diff /dev/null $stderr; rm $stderr
diff --git a/tests/DS/test_sds_eval.sh b/tests/DS/test_sds_eval.sh
index fc9da3cc5..606bb9150 100755
--- a/tests/DS/test_sds_eval.sh
+++ b/tests/DS/test_sds_eval.sh
@@ -12,6 +12,7 @@ set -e -o pipefail
function test_eval {
probecheck "rpminfo" || return 255
+ [ -e "/var/lib/rpm" ] || return 255
local stderr=$(mktemp -t ${name}.out.XXXXXX)
$OSCAP xccdf eval "${srcdir}/$1" 2> $stderr
diff /dev/null $stderr; rm $stderrBut I haven't tried if it works on CI. |
Ideally, we should make the failing tests distribution-agnostic. For this moment we can simply skip these tests on systems where RPM isn't installed. Signed-off-by: Craig Andrews <candrews@integralblue.com>
Fedora >=36 changed the default dbpath in librpm from /var/lib/rpm to /usr/lib/sysimage/rpm Therefore, when running openscap on a Fedora >=36 system scanning another systems (such as RHEL, SLES, Fedora<36) openscap's librpm will try to read the rpm db from /usr/lib/sysimage/rpm which doesn't exist and therefore won't work. In implementing this change, /var/lib/rpm is still a symlink to /usr/lib/sysimage/rpm so /var/lib/rpm still works. So /var/lib/rpm is a dbpath that will work on all systems. Therefore, set the dbpath to be /var/lib/rpm, allow openscap running on any system to scan any system. See: https://fedoraproject.org/wiki/Changes/RelocateRPMToUsr Fixes: OpenSCAP#1942
I added the change this PR, we'll soon find out! |
All checks have passed 🥳 |
Fedora >=36 changed the default dbpath in librpm from /var/lib/rpm to /usr/lib/sysimage/rpm Therefore, when running openscap on a Fedora >=36 system scanning another systems (such as RHEL, SLES, Fedora<36) openscap's librpm will try to read the rpm db from /usr/lib/sysimage/rpm which doesn't exist and therefore won't work. In implementing this change, /var/lib/rpm is still a symlink to /usr/lib/sysimage/rpm so /var/lib/rpm still works. So /var/lib/rpm is a dbpath that will work on all systems. Therefore, set the dbpath to be /var/lib/rpm, allow openscap running on any system to scan any system.
See: https://fedoraproject.org/wiki/Changes/RelocateRPMToUsr
Fixes: #1942
cd build && cmake ../ && make -j4 && ctestshows all tests as passing on my Fedora 37 system.