Drop deprecated or removed packages in RHEL8#3632
Drop deprecated or removed packages in RHEL8#3632yuumasato wants to merge 6 commits intoComplianceAsCode:masterfrom
Conversation
| kernel-tools | ||
| kexec-tools | ||
| libcgroup | ||
| libcgroup-tools |
There was a problem hiding this comment.
@yuumasato why were these dropped? Packages still exist.
There was a problem hiding this comment.
They're mentioned that they are removed in the docs https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8-beta/html/8.0_beta_release_notes/changes_to_packages but they exist on my RHEL8 beta, so that means the docs are wrong.
There was a problem hiding this comment.
Since these packages are still shipped, I'll put them back into the list.
|
@yuumasato let's just remove these from the profiles for now until we are sure that the rpms don't end up in epel repo or some other repo. |
I was wondering about EPEL repos, if they are available there we should still track these rpms. |
These packages are not available for RHEL8
- pam_pkcs11 was removed from RHEL8 - piggy-backing fix: also enable pcsc-lite for Fedora
RHEL8 doesn't have pam_pkcs11 package
RHEL8 doesn't have pam_pkcs11 package
yuumasato
force-pushed
the
rhel8_remove_deprecated_packages
branch
from
c6fa060 to
737a42b
Compare
@redhatrises Maybe I don't understand what you mean, you suggest to just remove rules from the profile but leave them on CSV files? |
|
The inspection completed: 1 new issues |
| @@ -9,6 +9,7 @@ libreswan | |||
| ntp | |||
There was a problem hiding this comment.
I have kept ntp here because rule service_chronyd_or_ntpd_enabled relies on check for package_ntp_installed.
chronyd_or_ntpd rules need a chronyd only rule version before ntp can be removed from this CSV.
There was a problem hiding this comment.
That could be achieved by JInja macros in the rule, OVALs and remediations.
There was a problem hiding this comment.
I could filter out checks for ntp and make it work, but the rule would still be called chronyd_or_ntpd, which would be confusing...
There was a problem hiding this comment.
We can rename the rule to clock_synchronization_enabled. But I agree with keeping ntp here, it's easier.
There was a problem hiding this comment.
There is already a ticket to break out these rules which should be separate rules and not rules joined by jinja.
Yes to remove them from the profile, but keep them enabled. Of course, we can hold off on this PR for now. |
|
Hi @yuumasato @redhatrises, what is the status of this? |
|
Closing in favor of #3742 |
4 participants
Description:
Rationale: