Skip to content

shared: macros: oval: Fix evr datatype for dpkg-based distros #13900

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

shared: macros: oval: Fix evr datatype for dpkg-based distros #13900

wants to merge 1 commit into from

Conversation

dodys
Copy link
Contributor

@dodys dodys commented Sep 16, 2025

Fixes #13879

@dodys dodys added this to the 0.1.79 milestone Sep 16, 2025
@dodys dodys requested review from Mab879 and jan-cerny September 16, 2025 12:13
@dodys dodys added bugfix Fixes to reported bugs. OVAL OVAL update. Related to the systems assessments. Debian Debian product related. Ubuntu Ubuntu product related. labels Sep 16, 2025
@Mab879 Mab879 self-assigned this Sep 16, 2025
@dodys
Copy link
Contributor Author

dodys commented Sep 16, 2025
edited
Loading

@Mab879 @jan-cerny @marcusburghardt the ctests failures in Debian and Ubuntu seems to be related to the fact of build supporting 5.11 and not 5.11.1. Should we consider re-opening this: #11903 but instead of 5.11.2, we target at least 5.11.1?

@jan-cerny
Copy link
Collaborator

Hi @dodys I haven't verified this but I assume that it should be safe to use the 5.11.2 version now because RHEL 7 is after end-of-life. You would have to try to change the OVAL version and see if the CI test fail or pass.

@dodys
Copy link
Contributor Author

dodys commented Sep 16, 2025
edited
Loading

Hi @dodys I haven't verified this but I assume that it should be safe to use the 5.11.2 version now because RHEL 7 is after end-of-life. You would have to try to change the OVAL version and see if the CI test fail or pass.

I believe that 5.11.2 will be a problem on Ubuntu's/Debian's side as 5.11.1 is the supported version in 22.04 and 24.04 according to oscap --version. Ubuntu 22.04 has openscap 1.2.17 and Ubuntu 24.04 has openscap 1.3.9.
Do you happen to remember when 5.11.2 was added to openscap? Because I've tested also openscap 1.4.1 and it also returns 5.11.1

Ok, I took a look at openscap code, and perhaps relying on oscap --version might be not accurate, as still today in the main branch it is set to 5.11.1:
https://github.com/OpenSCAP/openscap/blob/main/src/OVAL/oval_agent_api_impl.h#L38

Edit: it seems I can validate an OVAL 5.11.2 in 22.04 and 24.04 without issues, it might be that we can bump to 5.11.2.

@jan-cerny
Copy link
Collaborator

OK, then let's try 5.11.2 !

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Sep 22, 2025

@dodys: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-openshift-node-compliance 300fc9c link true /test e2e-aws-openshift-node-compliance
ci/prow/e2e-aws-openshift-platform-compliance 300fc9c link true /test e2e-aws-openshift-platform-compliance

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@dodys dodys mentioned this pull request Sep 23, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Awaiting requested review from Mab879

@jan-cerny jan-cerny Awaiting requested review from jan-cerny

At least 1 approving review is required to merge this pull request.

Assignees

@Mab879 Mab879

Labels
bugfix Fixes to reported bugs. Debian Debian product related. OVAL OVAL update. Related to the systems assessments. Ubuntu Ubuntu product related.
Projects
None yet
Milestone
0.1.79
Development

Successfully merging this pull request may close these issues.

Debian 12 CIS: Wrong PAM Version Expected
3 participants
@dodys @jan-cerny @Mab879