Merge branch 'maint-1.2' into maint-1.3

Author: evgenyz

src/OVAL/probes/unix/linux/rpminfo_probe.c

@@ -334,7 +334,8 @@ static int collect_rpm_files(SEXP_t *item, const struct rpminfo_rep *rep, struct
 		ret = -1;
 		goto cleanup;
 	}
-	if (rpmdbSetIteratorRE(ts, RPMTAG_EPOCH, RPMMIRE_STRCMP, rep->epoch) != 0) {
+	char *epoch_override = oscap_streq(rep->epoch, "(none)") ? "0" : rep->epoch;
+	if (rpmdbSetIteratorRE(ts, RPMTAG_EPOCH, RPMMIRE_STRCMP, epoch_override) != 0) {
 		ret = -1;
 		goto cleanup;
 	}

src/XCCDF_POLICY/xccdf_policy_remediate.c

@@ -900,6 +900,7 @@ static int _write_script_header_to_fd(struct xccdf_policy *policy, struct xccdf_
 	const char *oscap_version = oscap_get_version();
 	const char *format = ansible_script ? "ansible" : "bash";
 	const char *remediation_type = ansible_script ? "Ansible Playbook" : "Bash Remediation Script";
+	const char *shebang_with_newline = ansible_script ? "" : "#!/bin/bash\n";
 
 	char *fix_header;
 
@@ -934,6 +935,7 @@ static int _write_script_header_to_fd(struct xccdf_policy *policy, struct xccdf_
 		const char *xccdf_version_name = xccdf_version_info_get_version(xccdf_version);
 
 		fix_header = oscap_sprintf(
+			"%s"
 			"###############################################################################\n"
 			"#\n"
 			"# %s for %s\n"
@@ -956,7 +958,7 @@ static int _write_script_header_to_fd(struct xccdf_policy *policy, struct xccdf_
 			"%s\n"
 			"#\n"
 			"###############################################################################\n\n",
-			remediation_type, profile_title,
+			shebang_with_newline, remediation_type, profile_title,
 			commented_profile_description,
 			profile_id, benchmark_id, benchmark_version_info, xccdf_version_name,
 			oscap_version, profile_id, format, remediation_type,
@@ -974,6 +976,7 @@ static int _write_script_header_to_fd(struct xccdf_policy *policy, struct xccdf_
 		const char *xccdf_version_name = xccdf_version_info_get_version(xccdf_version);
 
 		fix_header = oscap_sprintf(
+			"%s"
 			"###############################################################################\n"
 			"#\n"
 			"# %s generated from evaluation of %s\n"
@@ -992,7 +995,7 @@ static int _write_script_header_to_fd(struct xccdf_policy *policy, struct xccdf_
 			"%s\n"
 			"#\n"
 			"###############################################################################\n\n",
-			remediation_type, profile_title, profile_id, xccdf_version_name,
+			shebang_with_newline, remediation_type, profile_title, profile_id, xccdf_version_name,
 			start_time != NULL ? start_time : "Unknown", end_time, oscap_version,
 			result_id, format, remediation_type, remediation_type, how_to_apply
 		);

tests/API/XCCDF/fix/all.sh

@@ -14,18 +14,20 @@ function test_generate_fix {
 
     # grep to strip out whitespace and comments
     # `tail -n +2` to skip the first line with progress reporting
-    local GENERATED_FIX=$($OSCAP xccdf generate fix --result-id "$TESTRESULT_ID" "$INPUT" | grep -v -E "^([\t ]*|[\t ]*#.*)$" | tail -n +2)
+    local GENERATED_FIX RELEVANT_FIX_CONTENTS
+    GENERATED_FIX=$($OSCAP xccdf generate fix --result-id "$TESTRESULT_ID" "$INPUT")
+    RELEVANT_FIX_CONTENTS=$(grep -v -E "^([\t ]*|[\t ]*#.*)$" <<< "$GENERATED_FIX" | tail -n +2)
     if [ "$?" != "0" ]; then
         return 1
     fi
     echo "$GENERATED_FIX"
 
-    if [ "$GENERATED_FIX" == "$EXPECTED_FIX" ]; then
+    if [ "$RELEVANT_FIX_CONTENTS" == "$EXPECTED_FIX" ]; then
         return 0
     fi
 
     echo "Generated fix doesn't match expected fix!"
-    echo "'$GENERATED_FIX' != '$EXPECTED_FIX'"
+    echo "'$RELEVANT_FIX_CONTENTS' != '$EXPECTED_FIX'"
 
     return 1
 }

utils/oscap-xccdf.c

@@ -863,7 +863,7 @@ int app_generate_fix(const struct oscap_action *action)
 		} else if (strcmp(action->fix_type, "puppet") == 0) {
 			template = "urn:xccdf:fix:script:puppet";
 		} else if (strcmp(action->fix_type, "anaconda") == 0) {
-			template = "urn:xccdf:fix:script:anaconda";
+			template = "urn:redhat:anaconda:pre";
 		} else {
 			fprintf(stderr,
 					"Unknown fix type '%s'.\n"