Giters

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats

Home Page:https://complianceascode.readthedocs.io/en/latest/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Failed to build rhel8 content in lab1 environment

qnfm opened this issue · comments

commented

Description of problem:

The build process failed to build rhel8 content in lab1 environment.

SCAP Security Guide Version:

Online workshop 5738d71

Operating System Version:

Online workshop

Steps to Reproduce:

  1. Open the lab1 and login through Github
  2. Executed by scripts automatically:
[ -n "$WORKSHOP" ] && ansible-playbook -i 127.0.0.1, docs/workshop/labs_setup.yml -e EXERCISE=$WORKSHOP -e LAB_DIR=$GITPOD_REPO_ROOT --connection=local -u gitpod --ssh-extra-args '-F docs/workshop/data/ssh_config'

Actual Results:

TASK [Build the rhel8 content to be used in exercises] **********************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": ["./build_product", "rhel8"], "delta": "0:00:31.890459", "end": "2024-04-24 10:27:43.131813", "msg": "non-zero return code", "rc": 1, "start": "2024-04-24 10:27:11.241354", "stderr": "", "stderr_lines": [], "stdout": "-- SCAP Security Guide 0.1.73\n-- (see /workspace/content/docs/manual/developer_guide.adoc for build instructions)\n-- \n-- Found PythonInterp: /home/gitpod/.pyenv/shims/python3 (found version "3.11.1") \n-- Found PY_yaml: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/yaml \n-- Found PY_jinja2: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/jinja2 \n-- Could NOT find PY_lxml (missing: PY_LXML) \n-- Could NOT find PY_pytest (missing: PY_PYTEST) \n-- Could NOT find PY_pytest_cov (missing: PY_PYTEST_COV) \n-- Found PY_json2html: /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/json2html \n-- Found PY_mypy: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/mypy/init.cpython-311-x86_64-linux-gnu.so \n-- Could NOT find PY_openpyxl (missing: PY_OPENPYXL) \n-- Could NOT find PY_pandas (missing: PY_PANDAS) \n-- Could NOT find PY_pcre2 (missing: PY_PCRE2) \n-- Could NOT find PY_cmakelint (missing: PY_CMAKELINT) \n-- Could NOT find PY_github (missing: PY_GITHUB) \n-- Found PY_sphinx: /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/sphinx \n-- Found PY_sphinxcontrib.autojinja: /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/sphinxcontrib/autojinja \n-- Found PY_sphinx_rtd_theme: /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/sphinx_rtd_theme \n-- Found PY_myst_parser: /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/myst_parser \n-- Found PY_prometheus_client: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/prometheus_client \n-- Could NOT find PY_trestle (missing: PY_TRESTLE) \n-- Found PY_requests: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/requests \n-- CMake:\n-- build type: Release\n-- generator: Ninja\n-- source directory: /workspace/content\n-- build directory: /workspace/content/build\n-- Logging: OFF\n-- \n-- Tools:\n-- python: /home/gitpod/.pyenv/shims/python3 (version: 3.11.1)\n-- python yaml module: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/yaml\n-- python jinja2 module: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/jinja2\n-- oscap: /usr/bin/oscap (version: 1.3.6)\n-- xsltproc: /usr/bin/xsltproc\n-- xmllint: /usr/bin/xmllint\n-- sed: /usr/bin/sed\n-- shellcheck (optional): /usr/bin/shellcheck\n-- linkchecker (optional): LINKCHECKER_EXECUTABLE-NOTFOUND\n-- grep (optional): /usr/bin/grep\n-- python pytest module (optional): \n-- ansible-playbook module (optional): /home/gitpod/.pyenv/shims/ansible-playbook\n-- ansible-lint module (optional): /usr/bin/ansible-lint\n-- yamllint module (optional): /usr/bin/yamllint\n-- python mypy module (optional): /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/mypy/init.cpython-311-x86_64-linux-gnu.so\n-- BATS framework (optional): /usr/bin/bats\n-- python sphinx module (optional): /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/sphinx\n-- python sphinxcontrib.autojinja module (optional): /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/sphinxcontrib/autojinja\n-- python sphinx_rtd_theme module (optional): /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/sphinx_rtd_theme\n-- python myst-parser module (optional): /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/myst_parser\n-- python openpyxl module (optional): \n-- python pandas module (optional): \n-- python pcre2 module (optional): \n-- python lxml module (optional): \n-- python prometheus-client module (optional): /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/prometheus_client\n-- python compliance-trestle module (optional): \n-- python github (PyGitHub) module (optional): \n-- \n-- Build options:\n-- SSG vendor string: ssgproject\n-- Target OVAL version: 5.11\n-- Build SCAP 1.2 source data streams: ON\n-- OVAL schematron validation: ON\n-- shellcheck bash fixes validation: ON\n-- Separate SCAP files: ON\n-- Ansible Playbooks: ON\n-- Ansible Playbooks Per Rule: OFF\n-- Bash scripts: ON\n-- Thin data streams: OFF\n-- jinja2 cache: enabled\n-- jinja2 cache dir: /workspace/content/build/jinja2_cache\n-- STIG Delta Taloring files: ON\n-- Build SCE Content: OFF\n-- SCAPVal 1.3 Enabled: OFF\n-- \n-- Products:\n-- Alibaba Cloud Linux 2: OFF\n-- Alibaba Cloud Linux 3: OFF\n-- Anolis OS 8: OFF\n-- Anolis OS 23: OFF\n-- Chromium: OFF\n-- Debian 10: OFF\n-- Debian 11: OFF\n-- Debian 12: OFF\n-- Example: OFF\n-- EKS: OFF\n-- Fedora: OFF\n-- Firefox: OFF\n-- MacOS 1015: OFF\n-- OCP4: OFF\n-- RHCOS4: OFF\n-- Oracle Linux 7: OFF\n-- Oracle Linux 8: OFF\n-- Oracle Linux 9: OFF\n-- openEuler 22.03 LTS: OFF\n-- openSUSE: OFF\n-- RHEL 7: OFF\n-- RHEL 8: ON\n-- RHEL 9: OFF\n-- RHEL 10: OFF\n-- RHV 4: OFF\n-- SUSE 12: OFF\n-- SUSE 15: OFF\n-- Ubuntu 16.04: OFF\n-- Ubuntu 18.04: OFF\n-- Ubuntu 20.04: OFF\n-- Ubuntu 22.04: OFF\n-- Uos 20: OFF\n-- OpenEmbedded: OFF\n-- \n-- Enabling docs directory as system supports Sphinx builds.\n-- Scanning for dependencies of rhel8 fixes (bash, ansible, puppet, anaconda, ignition, kubernetes and blueprint)...\n-- Configuring done (2.2s)\n-- Generating done (0.0s)\n-- Build files have been written to: /workspace/content/build\n[1/36] [rhel8-content] generating sce/metadata.json\n[2/36] [rhel8-content] compiling product yaml\n[3/36] [rhel8-content] compiling everything\nFAILED: rhel8/ssg_build_compile_all-rhel8 /workspace/content/build/rhel8/ssg_build_compile_all-rhel8 \ncd /workspace/content/build/rhel8 && /home/linuxbrew/.linuxbrew/Cellar/cmake/3.26.1/bin/cmake -E make_directory /workspace/content/build/rhel8/profiles && env PYTHONPATH=/workspace/content /home/gitpod/.pyenv/shims/python3 /workspace/content/build-scripts/compile_all.py --resolved-base /workspace/content/build/rhel8 --project-root /workspace/content --build-config-yaml /workspace/content/build/build_config.yml --product-yaml /workspace/content/build/rhel8/product.yml --sce-metadata /workspace/content/build/rhel8/checks/sce/metadata.json --stig-references /workspace/content/shared/references/disa-stig-rhel8-v1r13-xccdf-manual.xml --rule-id off && /home/linuxbrew/.linuxbrew/Cellar/cmake/3.26.1/bin/cmake -E touch /workspace/content/build/rhel8/ssg_build_compile_all-rhel8\nTraceback (most recent call last):\n File "/workspace/content/build-scripts/compile_all.py", line 235, in \n main()\n File "/workspace/content/build-scripts/compile_all.py", line 217, in main\n controls_manager.add_references(loader.all_rules)\n File "/workspace/content/ssg/controls.py", line 531, in add_references\n policy.add_references(rules)\n File "/workspace/content/ssg/controls.py", line 420, in add_references\n self._check_conflict_in_rules(rules)\n File "/workspace/content/ssg/controls.py", line 408, in _check_conflict_in_rules\n raise ValueError(msg)\nValueError: Rule accounts_tmout contains anssi reference, but this reference type is provided by anssi controls. Please remove the reference from rule.yml.\nninja: build stopped: subcommand failed.", "stdout_lines": ["-- SCAP Security Guide 0.1.73", "-- (see /workspace/content/docs/manual/developer_guide.adoc for build instructions)", "-- ", "-- Found PythonInterp: /home/gitpod/.pyenv/shims/python3 (found version "3.11.1") ", "-- Found PY_yaml: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/yaml ", "-- Found PY_jinja2: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/jinja2 ", "-- Could NOT find PY_lxml (missing: PY_LXML) ", "-- Could NOT find PY_pytest (missing: PY_PYTEST) ", "-- Could NOT find PY_pytest_cov (missing: PY_PYTEST_COV) ", "-- Found PY_json2html: /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/json2html ", "-- Found PY_mypy: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/mypy/init.cpython-311-x86_64-linux-gnu.so ", "-- Could NOT find PY_openpyxl (missing: PY_OPENPYXL) ", "-- Could NOT find PY_pandas (missing: PY_PANDAS) ", "-- Could NOT find PY_pcre2 (missing: PY_PCRE2) ", "-- Could NOT find PY_cmakelint (missing: PY_CMAKELINT) ", "-- Could NOT find PY_github (missing: PY_GITHUB) ", "-- Found PY_sphinx: /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/sphinx ", "-- Found PY_sphinxcontrib.autojinja: /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/sphinxcontrib/autojinja ", "-- Found PY_sphinx_rtd_theme: /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/sphinx_rtd_theme ", "-- Found PY_myst_parser: /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/myst_parser ", "-- Found PY_prometheus_client: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/prometheus_client ", "-- Could NOT find PY_trestle (missing: PY_TRESTLE) ", "-- Found PY_requests: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/requests ", "-- CMake:", "-- build type: Release", "-- generator: Ninja", "-- source directory: /workspace/content", "-- build directory: /workspace/content/build", "-- Logging: OFF", "-- ", "-- Tools:", "-- python: /home/gitpod/.pyenv/shims/python3 (version: 3.11.1)", "-- python yaml module: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/yaml", "-- python jinja2 module: /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/jinja2", "-- oscap: /usr/bin/oscap (version: 1.3.6)", "-- xsltproc: /usr/bin/xsltproc", "-- xmllint: /usr/bin/xmllint", "-- sed: /usr/bin/sed", "-- shellcheck (optional): /usr/bin/shellcheck", "-- linkchecker (optional): LINKCHECKER_EXECUTABLE-NOTFOUND", "-- grep (optional): /usr/bin/grep", "-- python pytest module (optional): ", "-- ansible-playbook module (optional): /home/gitpod/.pyenv/shims/ansible-playbook", "-- ansible-lint module (optional): /usr/bin/ansible-lint", "-- yamllint module (optional): /usr/bin/yamllint", "-- python mypy module (optional): /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/mypy/init.cpython-311-x86_64-linux-gnu.so", "-- BATS framework (optional): /usr/bin/bats", "-- python sphinx module (optional): /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/sphinx", "-- python sphinxcontrib.autojinja module (optional): /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/sphinxcontrib/autojinja", "-- python sphinx_rtd_theme module (optional): /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/sphinx_rtd_theme", "-- python myst-parser module (optional): /workspace/.pyenv_mirror/user/current/lib/python3.11/site-packages/myst_parser", "-- python openpyxl module (optional): ", "-- python pandas module (optional): ", "-- python pcre2 module (optional): ", "-- python lxml module (optional): ", "-- python prometheus-client module (optional): /home/gitpod/.pyenv/versions/3.11.1/lib/python3.11/site-packages/prometheus_client", "-- python compliance-trestle module (optional): ", "-- python github (PyGitHub) module (optional): ", "-- ", "-- Build options:", "-- SSG vendor string: ssgproject", "-- Target OVAL version: 5.11", "-- Build SCAP 1.2 source data streams: ON", "-- OVAL schematron validation: ON", "-- shellcheck bash fixes validation: ON", "-- Separate SCAP files: ON", "-- Ansible Playbooks: ON", "-- Ansible Playbooks Per Rule: OFF", "-- Bash scripts: ON", "-- Thin data streams: OFF", "-- jinja2 cache: enabled", "-- jinja2 cache dir: /workspace/content/build/jinja2_cache", "-- STIG Delta Taloring files: ON", "-- Build SCE Content: OFF", "-- SCAPVal 1.3 Enabled: OFF", "-- ", "-- Products:", "-- Alibaba Cloud Linux 2: OFF", "-- Alibaba Cloud Linux 3: OFF", "-- Anolis OS 8: OFF", "-- Anolis OS 23: OFF", "-- Chromium: OFF", "-- Debian 10: OFF", "-- Debian 11: OFF", "-- Debian 12: OFF", "-- Example: OFF", "-- EKS: OFF", "-- Fedora: OFF", "-- Firefox: OFF", "-- MacOS 1015: OFF", "-- OCP4: OFF", "-- RHCOS4: OFF", "-- Oracle Linux 7: OFF", "-- Oracle Linux 8: OFF", "-- Oracle Linux 9: OFF", "-- openEuler 22.03 LTS: OFF", "-- openSUSE: OFF", "-- RHEL 7: OFF", "-- RHEL 8: ON", "-- RHEL 9: OFF", "-- RHEL 10: OFF", "-- RHV 4: OFF", "-- SUSE 12: OFF", "-- SUSE 15: OFF", "-- Ubuntu 16.04: OFF", "-- Ubuntu 18.04: OFF", "-- Ubuntu 20.04: OFF", "-- Ubuntu 22.04: OFF", "-- Uos 20: OFF", "-- OpenEmbedded: OFF", "-- ", "-- Enabling docs directory as system supports Sphinx builds.", "-- Scanning for dependencies of rhel8 fixes (bash, ansible, puppet, anaconda, ignition, kubernetes and blueprint)...", "-- Configuring done (2.2s)", "-- Generating done (0.0s)", "-- Build files have been written to: /workspace/content/build", "[1/36] [rhel8-content] generating sce/metadata.json", "[2/36] [rhel8-content] compiling product yaml", "[3/36] [rhel8-content] compiling everything", "FAILED: rhel8/ssg_build_compile_all-rhel8 /workspace/content/build/rhel8/ssg_build_compile_all-rhel8 ", "cd /workspace/content/build/rhel8 && /home/linuxbrew/.linuxbrew/Cellar/cmake/3.26.1/bin/cmake -E make_directory /workspace/content/build/rhel8/profiles && env PYTHONPATH=/workspace/content /home/gitpod/.pyenv/shims/python3 /workspace/content/build-scripts/compile_all.py --resolved-base /workspace/content/build/rhel8 --project-root /workspace/content --build-config-yaml /workspace/content/build/build_config.yml --product-yaml /workspace/content/build/rhel8/product.yml --sce-metadata /workspace/content/build/rhel8/checks/sce/metadata.json --stig-references /workspace/content/shared/references/disa-stig-rhel8-v1r13-xccdf-manual.xml --rule-id off && /home/linuxbrew/.linuxbrew/Cellar/cmake/3.26.1/bin/cmake -E touch /workspace/content/build/rhel8/ssg_build_compile_all-rhel8", "Traceback (most recent call last):", " File "/workspace/content/build-scripts/compile_all.py", line 235, in ", " main()", " File "/workspace/content/build-scripts/compile_all.py", line 217, in main", " controls_manager.add_references(loader.all_rules)", " File "/workspace/content/ssg/controls.py", line 531, in add_references", " policy.add_references(rules)", " File "/workspace/content/ssg/controls.py", line 420, in add_references", " self._check_conflict_in_rules(rules)", " File "/workspace/content/ssg/controls.py", line 408, in _check_conflict_in_rules", " raise ValueError(msg)", "ValueError: Rule accounts_tmout contains anssi reference, but this reference type is provided by anssi controls. Please remove the reference from rule.yml.", "ninja: build stopped: subcommand failed."]}

Expected Results:

Auto compile the necessary contents.

Additional Information/Debugging Steps: