Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1810

'There was an unexpected problem with the supplied content.' when trying to fetch a valid OSCAP tailored profile RPM

XMLWordPrintable

    • Normal
    • sst_security_compliance
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • None
    • None
    • Known Issue
    • Hide
      .The OSCAP Anaconda add-on does not fetch tailored profiles in the graphical installation

      The OSCAP Anaconda add-on does not provide an option to select or deselect tailoring of security profiles in the RHEL graphical installation. Starting from RHEL 8.8, the add-on does not take tailoring into account by default when installing from archives or RPM packages. Consequently, the installation displays the following error message instead of fetching an OSCAP tailored profile:

      ----
      There was an unexpected problem with the supplied content.
      ----

      To work around this problem, you must specify paths in the `%addon org_fedora_oscap` section of your Kickstart file, for example:

      ----
      xccdf-path = /usr/share/xml/scap/sc_tailoring/ds-combined.xml
      tailoring-path = /usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml
      ----

      As a result, you can use the graphical installation for OSCAP tailored profiles only with the corresponding Kickstart specifications.
      Show
      .The OSCAP Anaconda add-on does not fetch tailored profiles in the graphical installation The OSCAP Anaconda add-on does not provide an option to select or deselect tailoring of security profiles in the RHEL graphical installation. Starting from RHEL 8.8, the add-on does not take tailoring into account by default when installing from archives or RPM packages. Consequently, the installation displays the following error message instead of fetching an OSCAP tailored profile: ---- There was an unexpected problem with the supplied content. ---- To work around this problem, you must specify paths in the `%addon org_fedora_oscap` section of your Kickstart file, for example: ---- xccdf-path = /usr/share/xml/scap/sc_tailoring/ds-combined.xml tailoring-path = /usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml ---- As a result, you can use the graphical installation for OSCAP tailored profiles only with the corresponding Kickstart specifications.
    • Done
    • None

      This bug was initially created as a copy of Bug #2165920

      I am copying this bug because:
      It seems to be the same problem; differs only in a couple of details.

      Description of problem:
      Anaconda GUI (Security Profile spoke) shows error 'There was an unexpected problem with the supplied content.' when trying to fetch a valid OSCAP tailored profile as RPM.

      Output from /tmp/anaconda.log:
      ...
      06:57:15,834 DBG ui.common: Entered spoke: OSCAPSpoke
      06:57:30,424 INF misc: Fetching data from http://rtt1.s390.bos.redhat.com/oaa/sc_tailoring.rpm
      06:57:30,425 INF threading: Running Thread: AnaOSCAPdataFetchThread (140044331710208)
      06:57:30,427 INF threading: Running Thread: OSCAPguiWaitForDataFetchThread (140044658378496)
      06:57:30,452 INF misc: Data fetch from http://rtt1.s390.bos.redhat.com/oaa/sc_tailoring.rpm completed
      06:57:30,452 INF threading: Thread Done: AnaOSCAPdataFetchThread (140044331710208)
      06:57:30,453 INF misc: OSCAP addon: Extracting /tmp/openscap_data/sc_tailoring.rpm
      06:57:30,464 DBG ui.gui.hubs: setting OSCAPSpoke status to: Fetching content data
      06:57:30,468 DBG ui.gui.hubs: spoke is not ready: OSCAPSpoke
      06:57:30,479 INF misc: OSCAP addon: Extracted ['/tmp/openscap_data/usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml', '/tmp/openscap_data/usr/share/xml/scap/sc_tailoring/ds_combined1.xml'] from the supplied content
      06:57:30,517 INF misc: OSCAP addon: Identified /tmp/openscap_data/usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml as XCCDF Tailoring
      06:57:30,553 INF misc: OSCAP addon: Identified /tmp/openscap_data/usr/share/xml/scap/sc_tailoring/ds_combined1.xml as Source Data Stream
      06:57:30,553 ERR misc: Expected a file /tmp/openscap_data to be part of the supplied content, but it was not the case, got only ['/tmp/openscap_data/usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml', '/tmp/openscap_data/usr/share/xml/scap/sc_tailoring/ds_combined1.xml']
      06:57:30,562 INF threading: Thread Done: OSCAPguiWaitForDataFetchThread (140044658378496)
      ...

      Version-Release number of selected component (if applicable):
      RHEL-8.8.0-20230114.0
      anaconda-33.16.8.6-1.el8.x86_64.rpm
      oscap-anaconda-addon-1.2.1-10.el8.noarch.rpm

      How reproducible:
      always

      Steps to Reproduce:
      1. Make sure http://rtt1.s390.bos.redhat.com/oaa/sc_tailoring.rpm is available for download. If it is not, the RPM is available in attachment to this bug. Make it available for download.

      2. Run manual OS installation and enter the 'Security Profile' spoke.

      3. Click 'Change Content' button, fill 'http://rtt1.s390.bos.redhat.com/oaa/sc_tailoring.rpm' in the text box and click 'Fetch'.

      Actual results:
      GUI shows error 'There was an unexpected problem with the supplied content.'. Tailored OSCAP profile is not used.

      Expected results:
      No error is shown. Anaconda uses the tailored OSCAP profile.

            ekolesni Evgeny Kolesnikov
            rhn-support-pberanek Petr Beranek (Inactive)
            Matej Tyc Matej Tyc
            Release Test Team Release Test Team
            Mirek Jahoda Mirek Jahoda
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated: