AlmaLinux OS 9 as a new product #12810
Conversation
|
Hi @sej7278. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
|
Moving my questions from the last PR. Again, thanks for the PR and working with us! Do you have plans for expanding the standard profile? If you are planning on expanding it, I would recommend setting the |
|
Thanks @Mab879, yes I've set standard to false (it was just based on the new product template script) and will update it later. My priority for this release is a new product with CIS benchmarks. Standard, STIG and other profiles like PCI-DSS and HIPAA to follow later for sure. |
Mab879
added
the
Highlight
Absolutely, as by the nature of adding a new product, I did have to edit other products and support scripts e.g. to exclude gpgkey or oval checks. |
Fixed. I did wonder why we have a bunch of negative tests for every distro instead of just a single positive e.g. P.S. linkchecker seems to report a 404 for at least the rhel9 and rhel10 profiles for https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx |
|
/packit build |
I will take look at the link issue. The failing CI should be fixed if you rebase your PR on the latest master. |
|
ok i'll give it a go, hopefully won't nuke the PR like last time! |
Fixed pep8 blank line between function definitions issue from codeclimate
There was a problem hiding this comment.
Thanks for the rebase.
Looks like one commit might have gotten lost in the rebase.
@Xeicker and @teacup-on-rockingchair can you please give your approval? Should be fairly easy, since it's just excluding a rule.
|
Code Climate has analyzed commit 286afd5 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 61.8% (0.0% change). View more on Code Climate. |
|
Not sure i understand the CI failure https://github.com/ComplianceAsCode/content/actions/runs/12778095130/job/35663575122?pr=12810 there's no reference to the almalinux gpg key in the rhel9 product (other than pci-dss but that's negated and the same works for the other product profiles: on a related note, i guess i could define these in product.yml but i'd like to confirm they're the only keys (the alma 8 one did get replaced): |
That's expected, for historical reasons no tests found == fail. |
|
Thanks everyone for the reviews! Waving I'm the Automatus tests as they are only failing due to a rule existing in the data streams. |
Description:
Adds AlmaLinux OS 9 as a new product - flattened merge requests and "disabled" standard profile.
Would appreciate a review to see if this is sufficient to add the new product or to identify any remaining work that may be needed. It certainly builds the standard+CIS guides just fine.
Accidentally nuked #12808
Rationale:
As discussed on #12757 it would be good to add AlmaLinux OS 9 as a new product rather than a RHEL 9 derivative, as they do differ - most notably their STIG's.
As the FIPS/STIG stuff for AlmaLinux is commercial via TuxCare and only support specific minor versions, it makes sense to have a base product for community-compatible major version profiles like CIS benchmarks, that we can add control files to for use with the commercial profiles.