Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1824

'Invalid content provided. Enter a different URL...' when trying to fetch a valid OSCAP tailored profile RPM

    • Normal
    • sst_security_compliance
    • None
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • None
    • None
    • Known Issue
    • Hide
      .The OSCAP Anaconda add-on does not fetch tailored profiles in the graphical installation

      The OSCAP Anaconda add-on does not provide an option to select or deselect tailoring of security profiles in the RHEL graphical installation. Starting from RHEL 8.8, the add-on does not take tailoring into account by default when installing from archives or RPM packages. Consequently, the installation displays the following error message instead of fetching an OSCAP tailored profile:

      ----
      There was an unexpected problem with the supplied content.
      ----

      To work around this problem, you must specify paths in the `%addon org_fedora_oscap` section of your Kickstart file, for example:

      ----
      xccdf-path = /usr/share/xml/scap/sc_tailoring/ds-combined.xml
      tailoring-path = /usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml
      ----

      As a result, you can use the graphical installation for OSCAP tailored profiles only with the corresponding Kickstart specifications.
      Show
      .The OSCAP Anaconda add-on does not fetch tailored profiles in the graphical installation The OSCAP Anaconda add-on does not provide an option to select or deselect tailoring of security profiles in the RHEL graphical installation. Starting from RHEL 8.8, the add-on does not take tailoring into account by default when installing from archives or RPM packages. Consequently, the installation displays the following error message instead of fetching an OSCAP tailored profile: ---- There was an unexpected problem with the supplied content. ---- To work around this problem, you must specify paths in the `%addon org_fedora_oscap` section of your Kickstart file, for example: ---- xccdf-path = /usr/share/xml/scap/sc_tailoring/ds-combined.xml tailoring-path = /usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml ---- As a result, you can use the graphical installation for OSCAP tailored profiles only with the corresponding Kickstart specifications.
    • Done
    • None

      Description of problem:
      Anaconda GUI (Security Profile spoke) shows error 'Invalid content provided. Enter a different URL, please' when trying to fetch a valid OSCAP tailored profile as RPM.

      Output from /tmp/anaconda.log:
      ...
      13:39:40,404 INF misc: OSCAP Addon: Finished waiting for thread AnaOSCAPdataFetchThread
      13:39:40,405 INF misc: OSCAP addon: Extracting /tmp/openscap_data/sc_tailoring.rpm
      13:39:40,426 INF misc: OSCAP addon: Extracted ['/tmp/openscap_data/usr/share/xml/scap/sc_tailoring/ds_combined1.xml', '/tmp/openscap_data/usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml'] from the supplied content
      13:39:40,427 INF misc: OSCAP Addon: started to look at the content
      13:39:40,428 WRN misc: /usr/lib64/python3.9/subprocess.py:941: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
      self.stdout = io.open(c2pread, 'rb', bufsize)

      13:39:40,443 INF misc: OSCAP addon: Identified /tmp/openscap_data/usr/share/xml/scap/sc_tailoring/ds_combined1.xml as Source Data Stream
      13:39:40,444 WRN misc: /usr/lib64/python3.9/subprocess.py:941: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
      self.stdout = io.open(c2pread, 'rb', bufsize)

      13:39:40,452 INF misc: OSCAP addon: Identified /tmp/openscap_data/usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml as XCCDF Tailoring
      13:39:40,453 ERR misc: OSCAP Addon: Expected a file /tmp/openscap_data to be part of the supplied content, but it was not the case, got only ['/tmp/openscap_data/usr/share/xml/scap/sc_tailoring/ds_combined1.xml', '/tmp/openscap_data/usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml']
      13:39:40,455 INF threading: Thread Done: OSCAPguiWaitForDataFetchThread (139878137755200)
      ...

      Version-Release number of selected component (if applicable):
      RHEL-9.2.0-20230115.7
      anaconda-34.25.2.6-1.el9.x86_64.rpm
      oscap-anaconda-addon-2.0.0-14.el9.noarch.rpm

      How reproducible:
      always

      Steps to Reproduce:
      1. Make sure http://rtt1.s390.bos.redhat.com/oaa/sc_tailoring.rpm is available for download. If it is not, the RPM is available in attachment to this bug. Make it available for download.

      2. Run manual OS installation and enter the 'Security Profile' spoke.

      3. Click 'Change Content' button, fill 'http://rtt1.s390.bos.redhat.com/oaa/sc_tailoring.rpm' in the text box and click 'Fetch'.

      Actual results:
      GUI shows error 'Invalid content provided. Enter a different URL, please'. Tailored OSCAP profile is not used.

      Expected results:
      No error is shown. Anaconda uses the tailored OSCAP profile.

            ekolesni Evgeny Kolesnikov
            rhn-support-pberanek Petr Beranek (Inactive)
            Matej Tyc Matej Tyc
            Release Test Team Release Test Team
            Mirek Jahoda Mirek Jahoda
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: