Support for atomic help feature #118
Conversation
|
Hello @matusmarhefka! Thanks for updating the PR.
Comment last updated on November 07, 2017 at 16:35 Hours UTC |
matusmarhefka
force-pushed
the
container-help
branch
3 times, most recently
from
927e28f to
dfef52c
Compare
container/help.sh
Outdated
| echo "OpenSCAP is an auditing tool that utilizes the Extensible Configuration | ||
| Checklist Description Format (XCCDF). XCCDF is a standard way of expressing | ||
| checklist content and defines security checklists. | ||
| " |
There was a problem hiding this comment.
I don't think this is the best description of OpenSCAP. Why it talks about XCCDF format only? Could it mention SCAP standard first? Do you think we could describe what OpenSCAP provides in terms of container scanning?
There was a problem hiding this comment.
I just put the text from RH container registry there: https://access.redhat.com/containers/?tab=overview#/registry.access.redhat.com/rhel7/openscap
There was a problem hiding this comment.
@jan-cerny What should we put there? Do you have some better short description which can be used?
There was a problem hiding this comment.
@matusmarhefka OK, then we might want to update the description in Red Hat Registry as well. I think the XCCDF support isn't the most exciting feature. It's not a big problem, I just think the description could be better.
Personally, I would mention there what is SCAP, what scan types the image provides maybe what are main use-cases.
container/help.sh
Outdated
| echo "###############################################################################" | ||
| echo "# $(basename $d)" | ||
| echo "###############################################################################" | ||
| oscap info $d |
There was a problem hiding this comment.
This will print pretty long output, especially on Fedora, where we ship CentOS and Ubuntu and Scientific and many other datastreams.
There was a problem hiding this comment.
Yes, but at least user has an easy way how to know what can be scanned. Before, you just had image with no information about datastreams or profiles and it was required to run docker image and know correct path to datastreams if you wanted to know what products and profiles can be used for scanning. So yes, it is long, but atomic help opens it for you in less and you can search for ds files/profiles easily which is much better and user friendly than running image with docker and searching for it manually.
There was a problem hiding this comment.
@matusmarhefka I understand your point but I don't think that anybody can read it.
matusmarhefka
force-pushed
the
container-help
branch
from
dfef52c to
cba69b7
Compare
|
@matusmarhefka Please fix the conflicts. |
matusmarhefka
force-pushed
the
container-help
branch
from
64d72c9 to
cba69b7
Compare
* Added container/help.sh to print basic info about openscap image
including its version and info about bundled OpenSCAP packages.
* generate-dockerfile.py extended to support atomic help feature
* Example usage:
sudo atomic help openscap
or:
sudo atomic help openscap | grep version
matusmarhefka
force-pushed
the
container-help
branch
from
cba69b7 to
f392eb8
Compare
|
Commit f392eb8 removes printing information about bundled datastreams and profiles. container/help.sh now only prints image version, description and versions of OpenSCAP RPM packages bundled inside the image. Version and description is taken from the image labels so the container/help.sh script itself does not introduce any help text about the image. |
|
@jan-cerny I think this can be merged. I reported a new issue on how to provide a user with info about datastreams and profiles provided by openscap container image here (for the following discussion and tracking of other PRs related to that): #122 |
|
@matusmarhefka Thank you very much! Great!. |
including its version and info about bundled OpenSCAP packages.
sudo atomic help openscap
or:
sudo atomic help openscap | grep version