[Policy] Consolidate check() across policies #3764
Conversation
|
I tested this on Fedora 39, RHEL 9, and Ubuntu 24.04 and the correct policy loaded on all of them. Additional sanity checks would be appreciated. |
TurboTurtle
force-pushed
the
policy-consolidated-check
branch
from
325fbc7
to
9b6bff7
Compare
|
Congratulations! One of the builds has completed. 🍾 You can install the built RPMs by following these steps:
Please note that the RPMs should be used only in a testing environment. |
|
I've created a deb package specifically for this in Launchpad, to test this end-to-end on 24.04, and work as expected. The manifist.json shows the policy Ubuntu being used. I'll create a few more packages for prior releases next week, and do further testing. |
| @@ -17,6 +15,7 @@ class DebianPolicy(LinuxPolicy): | |||
| distro = "Debian" | |||
| vendor = "the Debian project" | |||
| vendor_urls = [('Community Website', 'https://www.debian.org/')] | |||
| os_release_file = '/etc/debian_version' | |||
There was a problem hiding this comment.
Shouldn't we also set os_release_name = 'Debian'? Otherwise the variable is nested from LinuxPolicy with '' value, and that can make troubles in def _check_release(content): method.
Anyway, see my more general question in PR.
There was a problem hiding this comment.
In this scenario, we're only checking for the existence of the file. If that exists then the debian policy is used.
So, I think it makes sense, and we don't necessarily need the name.
Nevertheless, I can also check some debian variants too and check back here too
There was a problem hiding this comment.
I think the lines below, that were added already tackle this in the same way as previously. As long as the file exists, then the Debian policy is activated.
# use the os-specific file primarily
if os.path.isfile(cls.os_release_file):
return TrueChecking 4 releases of Debian, sid, trixie, bookworm and bullseye; they all have this file.
Alternatively, if we only want to use /etc/os-release, then we could have
os_release_id="debian"
os_release_name="Debian GNU/Linux"With the new package always going into sid and/or trixie, this will only really impact those OSs. The debian package is typically not back-ported to older releases. At least from what I can see based on my interaction these past 2 months
|
Why to distinguish Isn't it easier to have Upon to that, ACK from me and good idea. |
| if value.startswith(cls.distro): | ||
| return True |
There was a problem hiding this comment.
We are changing this to direct values match, but that is imho correct. NAME should be "Red Hat Enterprise Linux Server".
| @@ -62,6 +62,7 @@ class OpenSuSEPolicy(SuSEPolicy): | |||
| distro = "OpenSuSE" | |||
| vendor = "SuSE" | |||
| vendor_urls = [('Community Website', 'https://www.opensuse.org/')] | |||
| os_release_file = '/etc/SUSE-brand' | |||
There was a problem hiding this comment.
Same here wrt missing os_release_name(s).
There was a problem hiding this comment.
This is valid, if we're only looking for the location of the file as is, and no id/name
|
OK, this doesn't work for debian. Ultimately, checking through the policies, it will try to check all. As the Ubuntu policy inherits the variables and such from Debian, this now suggests that the policy being used is Ubutu. We may need to add the following to the os_release_file = '' |
Tested on |
There are a few places where we, intentionally or not, use |
There is a common theme for new policies to subclass an existing one and
just update the `check()` method. In almost all instances, the `check()`
method remains almost entirely the same, simply changing a release file
name or string.
Reduce repeating ourselves by consolidating this into the base
`LinuxPolicy.check()`, and leverage per-policy class attributes
`os_release_file`, `os_release_name`, and `os_release_id`. The first of
which will enable a policy if the specified file is found. Failing that,
`os_release_name` is used to check the `NAME` field in
`/etc/os-release`, and `os_release_id` is used to check the `ID` field
in the same file if the name pattern does not match (or is not set).
Note that we do _not_ check the `ID_LIKE` field.
This allows a policy to be defined with as little as something like the
following:
```
class MyPolicy(LinuxPolicy):
vendor = 'Myself'
os_release_file = '/etc/mylinux-release'
os_release_name = 'MyLinux'
os_release_id ='mynix'
```
Resolves: sosreport#1934
Signed-off-by: Jake Hunsaker <[email protected]>
TurboTurtle
force-pushed
the
policy-consolidated-check
branch
from
9b6bff7
to
8328aa5
Compare
|
I've updated the branch to entirely remove We can certainly revisit this if we start getting a need for multiple policy names, but given the existing precedent it didn't seem necessary. |
Added in the latest push. |
|
Built updated packages in the PPA again, will test in both Debian and Ubuntu this week sometime |
|
Tested this on both Ubuntu and Debian, and manifest.json now looks good to me |
There is a common theme for new policies to subclass an existing one and just update the
check()method. In almost all instances, thecheck()method remains almost entirely the same, simply changing a release file name or string.Reduce repeating ourselves by consolidating this into the base
LinuxPolicy.check(), and leverage per-policy class attributesos_release_file,os_release_name, andos_release_id. The first of which will enable a policy if the specified file is found. Failing that,os_release_nameis used to check theNAMEfield in/etc/os-release, andos_release_idis used to check theIDfield in the same file if the name pattern does not match (or is not set).Note that we do not check the
ID_LIKEfield.This allows a policy to be defined with as little as something like the following:
Resolves: #1934
Please place an 'X' inside each '[]' to confirm you adhere to our Contributor Guidelines