diff --git a/shared/applicability/bootc.yml b/shared/applicability/bootc.yml new file mode 100644 index 00000000000..e651ae954bf --- /dev/null +++ b/shared/applicability/bootc.yml @@ -0,0 +1,19 @@ +name: cpe:/a:bootc +title: Bootable containers +# Matches: +# - bootc (RHEL Image Mode) containers and container images +# - running bootc (RHEL Image Mode) systems +# Does not match: +# - classic containers and container images +# - normal bare-metal systems or VMs +# - other rpm-ostree based systems eg. Silverblue +# +# The matching platforms and non-matching platforms can be easily distinguished +# by checking for presence of the kernel, rpm-ostree, and bootc RPM packages. +# Bootable containers and running bootc systems both contain these packages. +# Normal bare-metal systems usually don't have the rpm-ostree, normal +# containers don't contain kernel. +# +check_id: bootc +bash_conditional: "{ rpm --quiet -q kernel } && { rpm --quiet -q rpm-ostree } && { rpm --quiet -q bootc }" +ansible_conditional: '"kernel" in ansible_facts.packages and "rpm-ostree" in ansible_facts.packages and "bootc" in ansible_facts.packages' diff --git a/shared/applicability/oval/bootc.xml b/shared/applicability/oval/bootc.xml new file mode 100644 index 00000000000..c42129ba964 --- /dev/null +++ b/shared/applicability/oval/bootc.xml @@ -0,0 +1,13 @@ + + + {{{ oval_metadata("Bootable container or bootc system", affected_platforms=["multi_platform_all"]) }}} + + + + + + +{{{ oval_test_package_installed(package="kernel", test_id="bootc_platform_test_kernel_installed") }}} +{{{ oval_test_package_installed(package="rpm-ostree", test_id="bootc_platform_test_rpm_ostree_installed") }}} +{{{ oval_test_package_installed(package="bootc", test_id="bootc_platform_test_bootc_installed") }}} +