Skip to content

Guard SQ inspect command for RHEL>=10.1 only#14596

Merged
Mab879 merged 1 commit intoComplianceAsCode:masterfrom
ggbecker:fix-sq-command-not-found
Mar 26, 2026
Merged

Guard SQ inspect command for RHEL>=10.1 only#14596
Mab879 merged 1 commit intoComplianceAsCode:masterfrom
ggbecker:fix-sq-command-not-found

Conversation

@ggbecker
Copy link
Member

@ggbecker ggbecker commented Mar 24, 2026

Description:

  • Guard SQ inspect command for RHEL>=10.1 only.
    • RHEL10.0 does not contain the sequoia package thus does not have the sq command. For RHEL10.0 we run the usual gpg command.

Rationale:

@ggbecker ggbecker added this to the 0.1.81 milestone Mar 24, 2026
@ggbecker ggbecker added Ansible Ansible remediation update. RHEL10 Red Hat Enterprise Linux 10 product related. labels Mar 24, 2026
@Mab879 Mab879 self-assigned this Mar 24, 2026
@matusmarhefka
Copy link
Member

matusmarhefka commented Mar 24, 2026
edited
Loading

Bash remediation also needs to be updated here:

content/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh

Lines 19 to 20 in 7655a1b

{{% if "rhel" in families and major_version_ordinal >= 10 %}}
readarray -t GPG_OUT < <(sq inspect "$REDHAT_RELEASE_KEY" | grep Fingerprint: | cut -d ":" -f 2)

@ggbecker
Guard SQ inspect command for RHEL>=10.1 only.
2419d29 
RHEL10.0 does not contain the sequoia package thus does not have the sq
command. For RHEL10.0 we run the usual gpg command.
@ggbecker ggbecker force-pushed the fix-sq-command-not-found branch from 7607476 to 2419d29 Compare March 24, 2026 16:00
@Mab879
Copy link
Member

Mab879 commented Mar 25, 2026

While the tests only fail for RHEL 10, seems a bit odd, shouldn't this also be an issue on RHEL 9.8 as well?

@ggbecker
Copy link
Member Author

ggbecker commented Mar 26, 2026

While the tests only fail for RHEL 10, seems a bit odd, shouldn't this also be an issue on RHEL 9.8 as well?

From what I heard, the RHEL9.8 PQC is optional so it's not used by default. This means RHEL9 in general can still use the old ways of inspecting/importing the keys

@Mab879
Copy link
Member

Mab879 commented Mar 26, 2026

/retest

@Mab879 Mab879 merged commit b9c91e1 into ComplianceAsCode:master Mar 26, 2026
61 of 65 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels

Ansible Ansible remediation update. RHEL10 Red Hat Enterprise Linux 10 product related.

Projects

None yet

Milestone

0.1.81

Development

Successfully merging this pull request may close these issues.

Remediations of ensure_redhat_gpgkey_installed incorrectly call sq on RHEL 10.0

3 participants

@ggbecker @matusmarhefka @Mab879