Skip to content

Commit 04f764c

Browse files
jan-cernyjan-cerny
authored
Merge pull request #14101 from ComplianceAsCode/fix_bootc_offline_applicability
extend the bootc platform to cover both online and offline cases
2 parents c9c7a90 + 8b5f8f5 commit 04f764c

File tree

3 files changed

+37
-3
lines changed

3 files changed

+37
-3
lines changed

shared/applicability/bootc.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,5 +20,5 @@ check_id: bootc
2020
{{% else %}}
2121
{{% set kernel_package = "kernel" %}}
2222
{{% endif %}}
23-
bash_conditional: "{ rpm --quiet -q {{{ kernel_package }}} ;} && { rpm --quiet -q rpm-ostree ;} && { rpm --quiet -q bootc ;} && { ! rpm --quiet -q openshift-kubelet ;} && [ -f /run/ostree-booted ]"
23+
bash_conditional: "{ rpm --quiet -q {{{ kernel_package }}} ;} && { rpm --quiet -q rpm-ostree ;} && { rpm --quiet -q bootc ;} && { ! rpm --quiet -q openshift-kubelet ;} && ([ -f /run/ostree-booted ] || [ -L /ostree ])"
2424
ansible_conditional: '"{{{ kernel_package }}}" in ansible_facts.packages and "rpm-ostree" in ansible_facts.packages and "bootc" in ansible_facts.packages and not "openshift-kubelet" in ansible_facts.packages and "ostree" in ansible_proc_cmdline'

shared/applicability/oval/bootc.xml

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,10 @@
55
<criterion comment="kernel is installed" test_ref="bootc_platform_test_kernel_installed" />
66
<criterion comment="rpm-ostree is installed" test_ref="bootc_platform_test_rpm_ostree_installed" />
77
<criterion comment="bootc is installed" test_ref="bootc_platform_test_bootc_installed" />
8-
<criterion comment="/run/ostree-booted exists" test_ref="bootc_platform_test_run_ostree_booted_exists" />
8+
<criteria operator="OR">
9+
<criterion comment="/run/ostree-booted exists, suggesting that we are in a running bootc environment" test_ref="bootc_platform_test_run_ostree_booted_exists" />
10+
<criterion comment="/ostree symlink exists, suggesting that we are in a bootc environment being built and hardened" test_ref="bootc_platform_test_ostree_symlink_exists" />
11+
</criteria>
912
<criterion comment="openshift-kubelet is not installed" test_ref="bootc_platform_test_openshift_kubelet_removed" />
1013
</criteria>
1114
</definition>
@@ -27,4 +30,18 @@
2730
<unix:filepath operation="equals">/run/ostree-booted</unix:filepath>
2831
</unix:file_object>
2932

33+
<unix:file_test id="bootc_platform_test_ostree_symlink_exists" check="all" check_existence="all_exist" comment="The file /ostree is a symlink" version="1">
34+
<unix:object object_ref="bootc_platform_obj_ostree_symlink_exists" />
35+
<unix:state state_ref="bootc_platform_ste_ostree_symlink_exists" />
36+
</unix:file_test>
37+
38+
<unix:file_object id="bootc_platform_obj_ostree_symlink_exists" comment="The file /ostree exists" version="1">
39+
<unix:filepath operation="equals">/ostree</unix:filepath>
40+
</unix:file_object>
41+
42+
<unix:file_state id="bootc_platform_ste_ostree_symlink_exists" comment="The file /ostree is a symlink" version="1">
43+
<unix:filepath operation="equals">/ostree</unix:filepath>
44+
<unix:type operation="equals">symbolic link</unix:type>
45+
</unix:file_state>
46+
3047
</def-group>

shared/checks/oval/bootc.xml

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,10 @@
55
<criterion comment="kernel is installed" test_ref="bootc_platform_test_kernel_installed" />
66
<criterion comment="rpm-ostree is installed" test_ref="bootc_platform_test_rpm_ostree_installed" />
77
<criterion comment="bootc is installed" test_ref="bootc_platform_test_bootc_installed" />
8-
<criterion comment="/run/ostree-booted exists" test_ref="bootc_platform_test_run_ostree_booted_exists" />
8+
<criteria operator="OR">
9+
<criterion comment="/run/ostree-booted exists, suggesting that we are in a running bootc environment" test_ref="bootc_platform_test_run_ostree_booted_exists" />
10+
<criterion comment="/ostree symlink exists, suggesting that we are in a bootc environment being built and hardened" test_ref="bootc_platform_test_ostree_symlink_exists" />
11+
</criteria>
912
<criterion comment="openshift-kubelet is not installed" test_ref="bootc_platform_test_openshift_kubelet_removed" />
1013
</criteria>
1114
</definition>
@@ -27,4 +30,18 @@
2730
<unix:filepath operation="equals">/run/ostree-booted</unix:filepath>
2831
</unix:file_object>
2932

33+
<unix:file_test id="bootc_platform_test_ostree_symlink_exists" check="all" check_existence="all_exist" comment="The file /ostree is a symlink" version="1">
34+
<unix:object object_ref="bootc_platform_obj_ostree_symlink_exists" />
35+
<unix:state state_ref="bootc_platform_ste_ostree_symlink_exists" />
36+
</unix:file_test>
37+
38+
<unix:file_object id="bootc_platform_obj_ostree_symlink_exists" comment="The file /ostree exists" version="1">
39+
<unix:filepath operation="equals">/ostree</unix:filepath>
40+
</unix:file_object>
41+
42+
<unix:file_state id="bootc_platform_ste_ostree_symlink_exists" comment="The file /ostree is a symlink" version="1">
43+
<unix:filepath operation="equals">/ostree</unix:filepath>
44+
<unix:type operation="equals">symbolic link</unix:type>
45+
</unix:file_state>
46+
3047
</def-group>

0 commit comments

Comments
 (0)