Skip to content

Update CA file path #13328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update CA file path #13328

wants to merge 2 commits into from

Conversation

jan-cerny
Copy link
Collaborator

This commit will update rule rsyslog_remote_tls_cacert. In RHEL 10 and F43, the file /etc/pki/tls/cert.pem is removed. Instead, we can use /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem as a safe default.
See: https://fedoraproject.org/wiki/Changes/dropingOfCertPemFile

Fixes: https://issues.redhat.com/browse/OPENSCAP-4880

@jan-cerny
Update CA file path
bea4942 
This commit will update rule `rsyslog_remote_tls_cacert`.
In RHEL 10 and F43, the file `/etc/pki/tls/cert.pem` is removed.
Instead, we can use `/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem`
as a safe default.
See: https://fedoraproject.org/wiki/Changes/dropingOfCertPemFile

Fixes: https://issues.redhat.com/browse/OPENSCAP-4880
@jan-cerny jan-cerny added Update Rule Issues or pull requests related to Rules updates. RHEL10 Red Hat Enterprise Linux 10 product related. labels Apr 15, 2025
@jan-cerny jan-cerny added this to the 0.1.77 milestone Apr 15, 2025
@Mab879 Mab879 self-assigned this Apr 16, 2025
Mab879
Mab879 requested changes Apr 16, 2025
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes look good, just wondering if we should use product properties for this.

linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml Outdated
title: 'Configure CA certificate for rsyslog remote logging'

{{% if product in ["fedora", "rhel10" ] %}}
{{# https://fedoraproject.org/wiki/Changes/dropingOfCertPemFile #}}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we place this as product property?

@jan-cerny
Copy link
Collaborator Author

I have placed a product property

@codeclimate CodeClimate
Copy link

codeclimate bot commented Apr 16, 2025

Code Climate has analyzed commit 3207a8d and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9% (0.0% change).

View more on Code Climate.

Xeicker
Xeicker approved these changes Apr 16, 2025
View reviewed changes
Copy link
Contributor

@Xeicker Xeicker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

dodys
dodys approved these changes Apr 17, 2025
View reviewed changes
Copy link
Contributor

@dodys dodys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

@dodys dodys dodys approved these changes

@Xeicker Xeicker Xeicker approved these changes

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka matusmarhefka is a code owner

@vojtapolasek vojtapolasek Awaiting requested review from vojtapolasek vojtapolasek is a code owner

@ggbecker ggbecker Awaiting requested review from ggbecker ggbecker is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@Mab879 Mab879

Labels
RHEL10 Red Hat Enterprise Linux 10 product related. Update Rule Issues or pull requests related to Rules updates.
Projects
None yet
Milestone
0.1.77
Development

Successfully merging this pull request may close these issues.
4 participants
@jan-cerny @Mab879 @dodys @Xeicker