Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AlmaLinux OS 9 as a new product #12810

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

AlmaLinux OS 9 as a new product #12810

wants to merge 6 commits into from

Conversation

sej7278
Copy link

@sej7278 sej7278 commented Jan 10, 2025

Description:

Adds AlmaLinux OS 9 as a new product - flattened merge requests and "disabled" standard profile.

Would appreciate a review to see if this is sufficient to add the new product or to identify any remaining work that may be needed. It certainly builds the standard+CIS guides just fine.

Accidentally nuked #12808

Rationale:

As discussed on #12757 it would be good to add AlmaLinux OS 9 as a new product rather than a RHEL 9 derivative, as they do differ - most notably their STIG's.

As the FIPS/STIG stuff for AlmaLinux is commercial via TuxCare and only support specific minor versions, it makes sense to have a base product for community-compatible major version profiles like CIS benchmarks, that we can add control files to for use with the commercial profiles.

@openshift-ci openshift-ci bot added the needs-ok-to-test Used by openshift-ci bot. label Jan 10, 2025
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 10, 2025

Hi @sej7278. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@sej7278 sej7278 mentioned this pull request Jan 10, 2025
Closed
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 10, 2025
edited
Loading

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@Mab879 Mab879 self-assigned this Jan 10, 2025
@Mab879 Mab879 added the New Product Issues or pull requests related to new Products. label Jan 10, 2025
@Mab879 Mab879 added this to the 0.1.76 milestone Jan 10, 2025
@Mab879
Copy link
Member

Mab879 commented Jan 10, 2025

Moving my questions from the last PR.

Again, thanks for the PR and working with us!

Do you have plans for expanding the standard profile? If you are planning on expanding it, I would recommend setting the documentation_complete to false in standard. Unless you want the standard profile as is in the released data streams.

@sej7278
Copy link
Author

sej7278 commented Jan 10, 2025

Thanks @Mab879, yes I've set standard to false (it was just based on the new product template script) and will update it later. My priority for this release is a new product with CIS benchmarks.

Standard, STIG and other profiles like PCI-DSS and HIPAA to follow later for sure.

@codeclimate CodeClimate
Copy link

codeclimate bot commented Jan 11, 2025

Code Climate has analyzed commit 2a5d381 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.8% (0.0% change).

View more on Code Climate.

@sej7278 sej7278 requested review from a team as code owners January 12, 2025 19:58
Mab879
Mab879 approved these changes Jan 13, 2025
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR!

I just have one minor suggestion.

I'm going to leave this PR open a few days for the other distro maintainers to approve due CODEOWNERs requirements.

products/almalinux9/profiles/hipaa.profile Outdated Show resolved Hide resolved
@Mab879 Mab879 mentioned this pull request Jan 13, 2025
Closed
@Mab879 Mab879 added the Highlight This PR/Issue should make it to the featured changelog. label Jan 13, 2025
@sej7278
Copy link
Author

sej7278 commented Jan 13, 2025

Thanks for the PR!

I just have one minor suggestion.

I'm going to leave this PR open a few days for the other distro maintainers to approve due CODEOWNERs requirements.

Absolutely, as by the nature of adding a new product, I did have to edit other products and support scripts e.g. to exclude gpgkey or oval checks.

Mab879
Mab879 requested changes Jan 13, 2025
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the CI caught something.

Seems that "!ensure_almalinux_gpgkey_installed" is needed in products/rhel10/profiles/hipaa.profile.

@sej7278
Copy link
Author

sej7278 commented Jan 13, 2025
edited
Loading

Looks like the CI caught something.

Seems that "!ensure_almalinux_gpgkey_installed" is needed in products/rhel10/profiles/hipaa.profile.

Fixed. I did wonder why we have a bunch of negative tests for every distro instead of just a single positive e.g. ensure_oracle_gpgkey_installed which the ol9 profiles seem to use.

P.S. linkchecker seems to report a 404 for at least the rhel9 and rhel10 profiles for https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx

@sej7278 sej7278 requested a review from Mab879 January 13, 2025 23:46
@jan-cerny
Copy link
Collaborator

/packit build

@Mab879
Copy link
Member

Mab879 commented Jan 14, 2025

Looks like the CI caught something.
Seems that "!ensure_almalinux_gpgkey_installed" is needed in products/rhel10/profiles/hipaa.profile.

Fixed. I did wonder why we have a bunch of negative tests for every distro instead of just a single positive e.g. ensure_oracle_gpgkey_installed which the ol9 profiles seem to use.

P.S. linkchecker seems to report a 404 for at least the rhel9 and rhel10 profiles for https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx

I will take look at the link issue.

The failing CI should be fixed if you rebase your PR on the latest master.

@sej7278
Copy link
Author

sej7278 commented Jan 14, 2025

ok i'll give it a go, hopefully won't nuke the PR like last time!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Awaiting requested review from Mab879

Requested changes must be addressed to merge this pull request.

Assignees

@Mab879 Mab879

Labels
Highlight This PR/Issue should make it to the featured changelog. needs-ok-to-test Used by openshift-ci bot. New Product Issues or pull requests related to new Products.
Projects
None yet
Milestone
0.1.76
Development

Successfully merging this pull request may close these issues.
3 participants
@sej7278 @Mab879 @jan-cerny