Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AlmaLinux 9 OVAL document has references to el8 packages #361

Closed
javihernandez opened this issue Oct 7, 2024 · 2 comments
Closed

AlmaLinux 9 OVAL document has references to el8 packages #361

javihernandez opened this issue Oct 7, 2024 · 2 comments
Assignees
@javihernandez

Comments

@javihernandez
Copy link
Member

Original report: https://forums.almalinux.org/t/oval-package-appears-to-be-for-el8/4692

I checked some dnf updateinfo data and don't seem to be affected, same for the ALBS errata feed or the errata website.

In order to fix them, we need to:

  • Identify those that have wrong references
  • Check that records in ALBS have all required data. If so, regenerate OVAL for those that have mapping packages
  • In case that ALBS is missing package mapping in some erratas, we'll need to carefully re-process the errata in ALBS using the public-errata-parser

AC: There are no references to el8 packages in AlmaLinux 9 OVAL document (and viceversa)
@forbiddenpotato forbiddenpotato moved this to Ready for dev in AlmaLinux Build System Oct 8, 2024
@forbiddenpotato forbiddenpotato moved this from Ready for dev to In progress in AlmaLinux Build System Oct 9, 2024
@javihernandez
Copy link
Member Author

Affected records in:

I've observed that the wrong packages are indeed linked in db as errata_to_albs_packages. I've tried to spot where this mapping could go wrong but I can't really tell this problem can be reproduced again. The code involved has been updated since then and recent erratas don't present this problem. I might be wrong, but I'd say that nowadays, this should not happen again. In any case, we'll keep an eye on it.
As of the updateinfo data, I've double checked everything and as far as I can tell, they aren't affected by this problem.

@javihernandez
Copy link
Member Author

javihernandez commented Nov 5, 2024
edited
Loading

After further analysis, I found out that these wrong packages also affect other erratas, as they are reusing some of these wrong package references for oval tests. As an example:

    "ALSA-2023:7205": [
        {
            "name": "nodejs-packaging",
            "evr": "0:2021.06-4.module_el9.3.0+88+29afeaa2"
        },
        {
            "name": "nodejs-packaging-bundler",
            "evr": "0:2021.06-4.module_el9.3.0+88+29afeaa2"
        },
    ]

As a consequence of processing these, we end up with the following test in criteria:

<criterion test_ref="oval:org.almalinux.alsa:tst:20237205011" comment="nodejs-packaging is earlier than 0:2021.06-4.module_el9.3.0+88+29afeaa2"/>

And the tests for these wrong packages are reused in ALSA-2024:1687 and ALSA-2024:2778.

I've carefully compiled a list with affected advisories and the right packages that must be used instead here.

@javihernandez javihernandez moved this from In progress to In review in AlmaLinux Build System Nov 7, 2024
@javihernandez javihernandez moved this from In review to Ready for release in AlmaLinux Build System Nov 13, 2024
@javihernandez javihernandez moved this from Ready for release to Done in AlmaLinux Build System Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@javihernandez javihernandez

Labels
None yet
Projects
AlmaLinux Build System
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@javihernandez