Trevor, Last I checked, the "subscription" is really just an x.509 client certificate that allows the target to "log in" to the web server. Once the HTTPS session is open, the honor system is about the only thing to keep you from pulling everything down with reposync. You might be able to hijack that mechanism and insert a legitimate certificate onto the runner without exposing the credentials to get the certificate.
Charlie Todd Ball Aerosoace On Dec 28, 2018, at 5:35 PM, Trevor Vaughan <[email protected]<mailto:[email protected]>> wrote: Sorry to be bombing the list, but I keep thinking of additional things. So, CentOS has https://app.vagrantup.com/centos/boxes/7<https://urldefense.proofpoint.com/v2/url?u=https-3A__app.vagrantup.com_centos_boxes_7&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=ozoMpdaapmJ96Jkgw9k-xxUyNsu2I7NiKXQMpv-aIqg&s=xmhqUV_A80BzdSRcRpEaWLZgEIQCUHiMYSpV2cdkKwE&e=> which they keep up to date and which makes it easy for me to 'vagrant up' my way into testing. RHEL has a hodgepodge of options: https://app.vagrantup.com/boxes/search?utf8=%E2%9C%93&sort=downloads&provider=&q=rhel<https://urldefense.proofpoint.com/v2/url?u=https-3A__app.vagrantup.com_boxes_search-3Futf8-3D-25E2-259C-2593-26sort-3Ddownloads-26provider-3D-26q-3Drhel&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=ozoMpdaapmJ96Jkgw9k-xxUyNsu2I7NiKXQMpv-aIqg&s=mAkhmFovZEbDJliamVk__NZ1t2NaozKg5fvFABzsnmQ&e=> but nothing actually viable and which would require a subscription registration to be able to download packages and actually enable testing. (Honestly, a three hour subscription would be just fine for every case that I can think of). OEL also has a hodgepodge of options but, once you download it, you can just connect to their repos and get on with life for CI testing (this isn't ideal since you don't really know what has changed but again, it's probably "close enough" to make sure something works). Trevor On Fri, Dec 28, 2018 at 5:14 PM Trevor Vaughan <[email protected]<mailto:[email protected]>> wrote: Basically, looking at https://gitlab.com/simp/pupmod-simp-auditd/pipelines/39410693<https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.com_simp_pupmod-2Dsimp-2Dauditd_pipelines_39410693&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=ozoMpdaapmJ96Jkgw9k-xxUyNsu2I7NiKXQMpv-aIqg&s=VUlmYqXuFL3d5dqjgbcojDdtvwlBKoDPeKnwysFhf2k&e=>, that last bubble on the right is a publicly donated runner for my lovely FOSS project. I haven't a clue how to make that work with a RHEL subscription without embedding my credentials into someone else's computer ( I love the cloud and all but no thanks ). Trevor On Fri, Dec 28, 2018 at 5:12 PM Trevor Vaughan <[email protected]<mailto:[email protected]>> wrote: Because it's a flaming pain in the rear to get working in a publicly accessible CI system without exposing secrets or cloning the entire RHEL infrastructure. On Fri, Dec 28, 2018 at 3:16 PM Shawn Wells <[email protected]<mailto:[email protected]>> wrote: On 12/28/18 3:07 PM, Trevor Vaughan wrote: > Ugh..yeah, all of my compliance CI tests just broke! > > Well, I'll give this a bit and if it doesn't pan out resurrect my RHEL > => CentOS conversion script. > > Alternatively, RHEL could post a Vagrant image with an active trial > license already hooked up to valid repos....alas, the holidays have > already passed. It is currently, non trivial to get working in a CI > environment. Why use CentOS when RHEL developer subs are free? https://developers.redhat.com/products/rhel/download/<https://urldefense.proofpoint.com/v2/url?u=https-3A__developers.redhat.com_products_rhel_download_&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=ozoMpdaapmJ96Jkgw9k-xxUyNsu2I7NiKXQMpv-aIqg&s=0HJu2gOh-dQYJE6okgEb3huObbSKXfJ0tMeAvceyVAE&e=> https://developers.redhat.com/blog/2016/03/31/no-cost-rhel-developer-subscription-now-available/<https://urldefense.proofpoint.com/v2/url?u=https-3A__developers.redhat.com_blog_2016_03_31_no-2Dcost-2Drhel-2Ddeveloper-2Dsubscription-2Dnow-2Davailable_&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=ozoMpdaapmJ96Jkgw9k-xxUyNsu2I7NiKXQMpv-aIqg&s=EeRtAOAHJU_8phUSMpPB2vgo-GkX9qqoYgqz0iD-Ogw&e=> _______________________________________________ scap-security-guide mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__getfedora.org_code-2Dof-2Dconduct.html&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=ozoMpdaapmJ96Jkgw9k-xxUyNsu2I7NiKXQMpv-aIqg&s=6NTNGQJ8u6D3b_XL9ZCa7X-YxO3_SY078OTPLo4fRNg&e=> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines<https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=ozoMpdaapmJ96Jkgw9k-xxUyNsu2I7NiKXQMpv-aIqg&s=BECq1Kcki84nhd0CNMjrPGmoQyKSHD6rcjqucECnlK0&e=> List Archives: https://lists.fedorahosted.org/archives/list/[email protected]<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_scap-2Dsecurity-2Dguide-40lists.fedorahosted.org&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=ozoMpdaapmJ96Jkgw9k-xxUyNsu2I7NiKXQMpv-aIqg&s=8Vk8llN2hy7VOAHVhqMVvATB7O90HEE9nqoDUYScxNI&e=> -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information -- -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information -- -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information -- _______________________________________________ scap-security-guide mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://urldefense.proofpoint.com/v2/url?u=https-3A__getfedora.org_code-2Dof-2Dconduct.html&d=DwIGaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=ozoMpdaapmJ96Jkgw9k-xxUyNsu2I7NiKXQMpv-aIqg&s=6NTNGQJ8u6D3b_XL9ZCa7X-YxO3_SY078OTPLo4fRNg&e= List Guidelines: https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwIGaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=ozoMpdaapmJ96Jkgw9k-xxUyNsu2I7NiKXQMpv-aIqg&s=BECq1Kcki84nhd0CNMjrPGmoQyKSHD6rcjqucECnlK0&e= List Archives: https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_scap-2Dsecurity-2Dguide-40lists.fedorahosted.org&d=DwIGaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=ozoMpdaapmJ96Jkgw9k-xxUyNsu2I7NiKXQMpv-aIqg&s=8Vk8llN2hy7VOAHVhqMVvATB7O90HEE9nqoDUYScxNI&e= This message and any enclosures are intended only for the addressee. Please notify the sender by email if you are not the intended recipient. If you are not the intended recipient, you may not use, copy, disclose, or distribute this message or its contents or enclosures to any other person and any such actions may be unlawful. Ball reserves the right to monitor and review all messages and enclosures sent to or from this email address.
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
