Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Ubuntu 22.04 to Gating #9986

Merged
merged 1 commit into from
Jan 10, 2023
Merged

Add Ubuntu 22.04 to Gating #9986

merged 1 commit into from
Jan 10, 2023

Conversation

Mab879
Copy link
Member

@Mab879 Mab879 commented Dec 16, 2022
edited
Loading

Description:

Adds Ubuntu 22.04 to the gating checks.

Rationale:

We have CIS now for Ubuntu 22.04. So the (Ubuntu part) of the project should build on Ubuntu 22.04. It seems that OpenSCAP 1.2.17 (what ships with Ubuntu 22.04) can't build the whole project so I limited this new gating test to just Ubuntu products.

@Mab879 Mab879 added the Infrastructure Our content build system label Dec 16, 2022
@Mab879 Mab879 added this to the 0.1.66 milestone Dec 16, 2022
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Dec 16, 2022
@openshift-ci
Copy link

openshift-ci bot commented Dec 16, 2022

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@Mab879
Add Ubuntu 22.04 to gating
7985b32 
Only build Ubuntu products as Ubuntu ships ancient an OpenSCAP version
that is unable to build all the products.
@Mab879 Mab879 marked this pull request as ready for review January 4, 2023 20:12
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Jan 4, 2023
@Mab879
Copy link
Member Author

Mab879 commented Jan 4, 2023

@dodys Heads up that I'm adding this.

@codeclimate
Copy link

codeclimate bot commented Jan 4, 2023

Code Climate has analyzed commit 7985b32 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 49.8% (0.0% change).

View more on Code Climate.

@dodys
Copy link
Contributor

dodys commented Jan 5, 2023

@dodys Heads up that I'm adding this.

thanks!

@marcusburghardt marcusburghardt self-assigned this Jan 6, 2023
@marcusburghardt
Copy link
Member

@Mab879 , just curious, which part of the project can't be built? Should we open an issue for Ubuntu 22.04?

@Mab879
Copy link
Member Author

Mab879 commented Jan 6, 2023

@Mab879 , just curious, which part of the project can't be built? Should we open an issue for Ubuntu 22.04?

SUSE and RHEL content both fail to build on Ubuntu 22.04. I'm a bit torn on opening an issue as the OpenSCAP version used in Ubuntu 22.04 is from 2018.

@dodys
Copy link
Contributor

dodys commented Jan 6, 2023

@Mab879 , just curious, which part of the project can't be built? Should we open an issue for Ubuntu 22.04?

SUSE and RHEL content both fail to build on Ubuntu 22.04. I'm a bit torn on opening an issue as the OpenSCAP version used in Ubuntu 22.04 is from 2018.

is it failing on something specific?
I could take a look here and try to reproduce

@Mab879
Copy link
Member Author

Mab879 commented Jan 6, 2023

@Mab879 , just curious, which part of the project can't be built? Should we open an issue for Ubuntu 22.04?

SUSE and RHEL content both fail to build on Ubuntu 22.04. I'm a bit torn on opening an issue as the OpenSCAP version used in Ubuntu 22.04 is from 2018.

is it failing on something specific? I could take a look here and try to reproduce

On a new Ubuntu 22.04 system (after following the project build guide) ./build_product rhel7 rhel8 rhel9 should get you the traceback. Creating the fixes seems to be an issue.

@Mab879
Copy link
Member Author

Mab879 commented Jan 6, 2023

/packit test

@marcusburghardt
Copy link
Member

@Mab879 , just curious, which part of the project can't be built? Should we open an issue for Ubuntu 22.04?

SUSE and RHEL content both fail to build on Ubuntu 22.04. I'm a bit torn on opening an issue as the OpenSCAP version used in Ubuntu 22.04 is from 2018.

is it failing on something specific? I could take a look here and try to reproduce

Thanks @Mab879 and @dodys . The update of the openscap version on Ubuntu 22.04 sounds like a good plan.
Based on the @dodys analysis we can open separate PRs to refine the Ubuntu CI tests, if necessary.
Since this analysis is not in the scope of this PR, I believe it is ready to be merged if the last CI tests which are running finishes successfully.

@dodys
Copy link
Contributor

dodys commented Jan 6, 2023

@Mab879 , just curious, which part of the project can't be built? Should we open an issue for Ubuntu 22.04?

SUSE and RHEL content both fail to build on Ubuntu 22.04. I'm a bit torn on opening an issue as the OpenSCAP version used in Ubuntu 22.04 is from 2018.

is it failing on something specific? I could take a look here and try to reproduce

On a new Ubuntu 22.04 system (after following the project build guide) ./build_product rhel7 rhel8 rhel9 should get you the traceback. Creating the fixes seems to be an issue.

I tried here and it indeed fails, this is the short version of the traceback I got:

Fatal error encountered when generating '/home/ubuntu/git-pulls/CaC-upstream/build/ansible/rhel7-playbook-cis.yml'. Error details:
Command '['oscap', 'xccdf', 'generate', 'fix', '--skip-valid', '--benchmark-id', 'xccdf_org.ssgproject.content_benchmark_RHEL-7', '--profile', 'xccdf_org.ssgproject.content_profile_cis', '--template', 'urn:xccdf:fix:script:ansible', '/home/ubuntu/git-pulls/CaC-upstream/build/ssg-rhel7-ds.xml']' returned non-zero exit status 1.

Then I tried to run the same command manually to see the error message and got the following:

$ oscap xccdf generate fix --skip-valid --benchmark-id xccdf_org.ssgproject.content_benchmark_RHEL-7 --profile xccdf_org.ssgproject.content_profile_stig --template urn:xccdf:fix:script:ansible build/ssg-rhel7-ds.xml
WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL7.xml.bz2' points out to the remote 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2'. Use '--fetch-remote-resources' option to download it.
WARNING: Skipping 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2' file which is referenced from datastream
OpenSCAP Error: Could not extract scap_org.open-scap_cref_ssg-rhel7-xccdf.xml with all dependencies from datastream. [../../../src/DS/ds_sds_session.c:211]

Then I ran the following and it works:

oscap xccdf generate fix --skip-valid --benchmark-id xccdf_org.ssgproject.content_benchmark_RHEL-7 --profile xccdf_org.ssgproject.content_profile_stig --template urn:xccdf:fix:script:ansible --fetch-remote-resources build/ssg-rhel7-ds.xml

Would it be possible to append --fetch-remote-resources to it?

@marcusburghardt marcusburghardt merged commit 28b0e8a into ComplianceAsCode:master Jan 10, 2023
@Mab879 Mab879 deleted the add_ubuntu_22_04_build branch January 10, 2023 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcusburghardt marcusburghardt marcusburghardt approved these changes

Assignees

@marcusburghardt marcusburghardt

Labels
Infrastructure Our content build system
Projects
None yet
Milestone
0.1.66
Development

Successfully merging this pull request may close these issues.
3 participants
@Mab879 @dodys @marcusburghardt