Small changes in bash and ansible fixes of the rule aide_build_database

[rumch-se]

Description:

• _Fixes in bash/ansible remediation of the rule aide_build_database _

Rationale:

• These changes are necessary, because the current code does not consider the specifies of the SLE 12/15 OS

[openshift-ci]

Hi @rumch-se. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[jan-cerny]

I don't like this solution. On systems other than SLE this will generate a task "Ensure repositories are updated" that contains an "echo" command. The people that will see this code will be confused. Instead, I would prefer to wrap this entire block into an {{% if 'sle' in product %}} Jinja block.

[rumch-se]

Hello @jan-cerny

I was also thinking to as you, but ...I had an error in our test environment and the main reason of the error was that fact that repositories i.e. the sources of installation packages was not updated. After the update/refresh everything was fine. Because I am not familiar with rhel*/ubuntu - do you think that similar action will be necessary for them. For example I think that rpm --justdb works in the similar manner ( https://jfearn.fedorapeople.org/en-US/RPM/4/html/RPM_Guide/ch-command-reference.html).

Do you believe that the rules which require installation of a package always will install the package without any problem. I am not covering the case when for some reason you don't have access to the internet, but when the execution of another rules breaks your system. For example after the execution of an ansible remediation on SUSE OS - of the following rules: rpm_verify_hashes and rpm_verify_permissions - the DNS on my test machine was broken, and after for me was not possible to install nothing when the rule requires that. These rules are created for good reason to guarantee the consistence of the OS, but at the same time, they can break some of existing configurations (because for them these configurations are not correct) and to put your OS in not working state.

Have a nice day
Rumen

[rumch-se]

Hello @jan-cerny
I have created a new commit based on your comment.
Have a nice day
Rumen

[codeclimate]

Code Climate has analyzed commit d243b00 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 56.9%.

View more on Code Climate.

[vojtapolasek]

LGTM, thanks for the changes and mainly for using the jinja variable.

[vojtapolasek]

/ok-to-test

[vojtapolasek]

The failing test is not caused by this PR. See #11179
Merging.