Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make tar extraction safer on RHEL8 #249

Merged
merged 1 commit into from
Jul 18, 2023
Merged

Make tar extraction safer on RHEL8 #249

merged 1 commit into from
Jul 18, 2023

Conversation

matejak
Copy link
Contributor

@matejak matejak commented Jul 17, 2023

See also https://bugzilla.redhat.com/show_bug.cgi?id=2219408

According to the referenced BZ, RHEL 8.9+ should contain means that allow safer tarfile extraction

Review Hints:

Test an install that uses a tar file as content container

@scrutinizer-notifier
Copy link

The inspection completed: No new issues

@jan-cerny jan-cerny self-assigned this Jul 18, 2023
jan-cerny
jan-cerny approved these changes Jul 18, 2023
View reviewed changes
Copy link
Member

@jan-cerny jan-cerny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've been able to install a RHEL 9.3 successfully with a content with a tarball, using the reanaconda tool, using the following KS:

# values saving a lot of clicks in the GUI
lang en_US.UTF-9
keyboard --xlayouts=us --vckeymap=us
timezone Europe/Prague
rootpw aaaaa
bootloader --location=mbr
clearpart --initlabel --all
autopart --type=plain
text

url --url=http://XXXXX/rhel-8/nightly/RHEL-8/latest-RHEL-8.9/compose/BaseOS/x86_64/os/
repo --name appstream --baseurl=http://XXXXX/rhel-8/nightly/RHEL-8/latest-RHEL-8.9/compose/AppStream/x86_64/os/

%packages
vim
%end

%addon org_fedora_oscap
    content-url = http://10.0.2.2:8000/ssgrhel8.tar.gz
    content-type = archive
    content-path = ssg-rhel8-ds.xml
    profile = xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
%end

@jan-cerny jan-cerny merged commit 77b3803 into OpenSCAP:rhel8-branch Jul 18, 2023
2 checks passed
@jan-cerny jan-cerny added this to the 1.2.2 milestone Jul 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny jan-cerny approved these changes

Assignees

@jan-cerny jan-cerny

Labels
None yet
Projects
None yet
Milestone
1.2.2
Development

Successfully merging this pull request may close these issues.
3 participants
@matejak @scrutinizer-notifier @jan-cerny