Another option, and one we're using right now for generating a production installation ISO, is to do apply the profile near the end of the %post section in our kickstart.
-Rob -- ROBERT SANDERS Sr. Secure Systems Engineer FORCEPOINT T +1.703.896.4762 F +1.703.318.5041 www.forcepoint.com FORWARD WITHOUT FEAR On 10/4/18, 10:44 AM, "open-scap-list-boun...@redhat.com on behalf of Shawn Wells" <open-scap-list-boun...@redhat.com on behalf of sh...@redhat.com> wrote: On 10/4/18 3:05 AM, Jan Cerny wrote: > Hi, > > Unfortunately, the "tailoring" feature is broken in Anaconda Addon. > > However, there is a workaround, suggested by Watson Yuuma Sato (adding him to this conversation). > Let me copy-paste his idea: > > There is a tool that can combine the tailoring to the datastream or XCCDF file. So it is possible > to embed the tailoring into content file and get it through "content-url" field. > > Quick howto commands and instructions below: > Grab the combine-tailoring tool > $ git clonehttps://github.com/mpreisler/combine-tailoring.git > cd combine-tailoring > > Combine tailoring and content > ./combine-tailoring.py --output ssg-rhel7-ds-combined.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml ssg-rhel7-ds-standard-tailoring.xml > > Serve the file ssg-rhel7-ds-combined.xml in your network, and > in the kickstart: > - change content-type to datastream or xccdf > - add field content-url and point to your new combined content > - change profile to the id of your customized profile, please note that it must be the full id. > > For example: > %addon org_fedora_oscap > content-type = datastream > content-url =http://192.168.0.2/content/ssg-rhel7-ds-combined.xml > profile = xccdf_org.ssgproject.content_profile_standard_customized > %end > > > Hopefully it helps. Where can we find the BZ tracking fixing tailoring in Anaconda? Will this be included in the RHEL 7.6 release? Also - where can we find the KBase article documenting the work around on the customer portal? _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list