From 9ba0ff947de1c01922c2b61e15b1958e2fce291c Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Fri, 5 Apr 2024 08:56:40 +0200 Subject: [PATCH 1/4] Support all boolean values in dnf.conf According to dnf.conf man, "1", "True" and "yes" are accepted values for booleans. --- .../ensure_gpgcheck_globally_activated/oval/shared.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/oval/shared.xml index 87c214ae8f6..96600bd2bd8 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/oval/shared.xml +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/oval/shared.xml @@ -1,6 +1,6 @@ - + {{{ oval_metadata("The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation.") }}} @@ -22,7 +22,7 @@ {{{ pkg_manager_config_file }}} - ^\s*gpgcheck\s*=\s*1\s*$ + ^\s*gpgcheck\s*=\s*1|True|yes\s*$ 1 From cdff641b291c0784a8cc3f93fcae3247c8ea3efc Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Fri, 5 Apr 2024 09:03:26 +0200 Subject: [PATCH 2/4] Include test scenarios for boolean values --- .../tests/correct_value_true.pass.sh | 16 ++++++++++++++++ .../tests/correct_value_yes.pass.sh | 16 ++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_true.pass.sh create mode 100644 linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_yes.pass.sh diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_true.pass.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_true.pass.sh new file mode 100644 index 00000000000..dad2474b044 --- /dev/null +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_true.pass.sh @@ -0,0 +1,16 @@ +#!/bin/bash +{{% if 'sle' in product %}} +# packages = libselinux1 +{{% else %}} +# packages = python3-libselinux +{{% endif %}} + +. $SHARED/group_updating_utils.sh + +config_file="$(find_config_file)" + +if grep -q "^gpgcheck" "$config_file"; then + sed -i "s/^gpgcheck.*/gpgcheck=True/" "$config_file" +else + echo "gpgcheck=True" >> "$config_file" +fi diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_yes.pass.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_yes.pass.sh new file mode 100644 index 00000000000..fe55cd80a2c --- /dev/null +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_yes.pass.sh @@ -0,0 +1,16 @@ +#!/bin/bash +{{% if 'sle' in product %}} +# packages = libselinux1 +{{% else %}} +# packages = python3-libselinux +{{% endif %}} + +. $SHARED/group_updating_utils.sh + +config_file="$(find_config_file)" + +if grep -q "^gpgcheck" "$config_file"; then + sed -i "s/^gpgcheck.*/gpgcheck=yes/" "$config_file" +else + echo "gpgcheck=yes" >> "$config_file" +fi From ad9ab628451a1e865ac1370547cfd477d1e458fb Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Mon, 8 Apr 2024 09:41:45 +0200 Subject: [PATCH 3/4] Minor updates regarding extra spaces --- .../tests/correct_value.pass.sh | 2 +- .../tests/line_not_there.fail.sh | 2 +- .../tests/wrong_value.fail.sh | 2 +- .../tests/wrong_value_false.fail.sh | 2 +- .../tests/wrong_value_no.fail.sh | 2 +- .../tests/wrong_value_off.fail.sh | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value.pass.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value.pass.sh index b9102fd95c6..6f77c7d456c 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value.pass.sh +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value.pass.sh @@ -1,7 +1,7 @@ #!/bin/bash {{% if 'sle' in product %}} # packages = libselinux1 -{{% else %}} +{{% else %}} # packages = python3-libselinux {{% endif %}} diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/line_not_there.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/line_not_there.fail.sh index be5e1bf54b5..dd7fac0b252 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/line_not_there.fail.sh +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/line_not_there.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash {{% if 'sle' in product %}} # packages = libselinux1 -{{% else %}} +{{% else %}} # packages = python3-libselinux {{% endif %}} diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value.fail.sh index fe69c39ecff..8061c39b4ac 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value.fail.sh +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash {{% if 'sle' in product %}} # packages = libselinux1 -{{% else %}} +{{% else %}} # packages = python3-libselinux {{% endif %}} diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_false.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_false.fail.sh index e746e56f343..af1ebdc540d 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_false.fail.sh +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_false.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash {{% if 'sle' in product %}} # packages = libselinux1 -{{% else %}} +{{% else %}} # packages = python3-libselinux {{% endif %}} diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_no.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_no.fail.sh index 518def48430..dff51a2385d 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_no.fail.sh +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_no.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash {{% if 'sle' in product %}} # packages = libselinux1 -{{% else %}} +{{% else %}} # packages = python3-libselinux {{% endif %}} diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_off.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_off.fail.sh index 6083f57502f..77e22ebaa83 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_off.fail.sh +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_off.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash {{% if 'sle' in product %}} # packages = libselinux1 -{{% else %}} +{{% else %}} # packages = python3-libselinux {{% endif %}} From a9d77f39e9223ed3fd7ba01b173b8ea6cdf13575 Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Wed, 8 May 2024 11:44:32 +0200 Subject: [PATCH 4/4] Fix issue with regex Ensure the parameter is also considered and not only its value. --- .../ensure_gpgcheck_globally_activated/oval/shared.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/oval/shared.xml index 96600bd2bd8..06b6db556a0 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/oval/shared.xml +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/oval/shared.xml @@ -22,7 +22,7 @@ {{{ pkg_manager_config_file }}} - ^\s*gpgcheck\s*=\s*1|True|yes\s*$ + ^\s*gpgcheck\s*=\s*(1|True|yes)\s*$ 1 @@ -34,7 +34,7 @@ {{{ pkg_manager_config_file }}} - ^\s*gpgcheck\s*=\s*0|off|no|false\s*$ + ^\s*gpgcheck\s*=\s*(0|off|no|false)\s*$ 0