Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce bootc remediation type #12497

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Introduce bootc remediation type #12497

wants to merge 4 commits into from

Conversation

jan-cerny
Copy link
Collaborator

@jan-cerny jan-cerny commented Oct 15, 2024
edited
Loading

This PR introduces support for new remediation type "bootc".

Remediations of this type will be generated only internally by the future oscap-bootc script. They aren't supposed to be generated by any user.

The format of this remediation will be similar to "kickstart" remediation. However, only package installation and removal will be supported and different keywords will be used. Currently supported commands:

  • dnf install package_name
  • dnf remove package_name

Having a new remediation type instead of reusing "kickstart" will help us create SCAP content specific for the needs of bootable containers.

This PR is strongly connected to this PR: OpenSCAP/openscap#2166

@jan-cerny
Introduce new remediation type bootc
7b381cd 
This new remediation type will be used internally by the
oscap-bootc tool which will be used by users in their Container
files to build RHEL Image Mode (bootc) container images by for
example the `podman build` command.

The extra remediation type allow us to perform some remediations
before the actual `oscap` scan. It's mainly intended to collectively
install RPM packages required by the compliance profile to the container
images before XCCDF rules are evaluated.
@jan-cerny
Add bootc templates for package templates
5b7dc04 
Adds remediation of the "bootc" type for "package_installed"
and "package_removed" template.
@jan-cerny jan-cerny added the Image Mode Bootable containers and Image Mode RHEL label Oct 15, 2024
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Oct 15, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Oct 15, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@jan-cerny jan-cerny mentioned this pull request Oct 15, 2024
Open
@github-actions GitHub Actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@jan-cerny jan-cerny added this to the 0.1.75 milestone Oct 17, 2024
@codeclimate CodeClimate
Copy link

codeclimate bot commented Oct 17, 2024

Code Climate has analyzed commit 58ef8f0 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 50.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 60.9% (1.3% change).

View more on Code Climate.

@jan-cerny jan-cerny marked this pull request as ready for review October 18, 2024 08:24
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Oct 18, 2024
@jan-cerny jan-cerny added the Infrastructure Our content build system label Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Image Mode Bootable containers and Image Mode RHEL Infrastructure Our content build system
Projects
None yet
Milestone
0.1.75
Development

Successfully merging this pull request may close these issues.
1 participant
@jan-cerny