Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Throws warnings on stock AL AMI #1

Open
stewartsmith opened this issue Oct 22, 2019 · 1 comment
Open

Throws warnings on stock AL AMI #1

stewartsmith opened this issue Oct 22, 2019 · 1 comment

Comments

@stewartsmith
Copy link
Member

Following the instructions in the README on a fresh AL AMI instance, the following warnings are generated:

Rule ID: xccdf_preupg_rule_python_check

preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/Babel-0.9.4.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/Jinja2-2.7.2.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/awscli is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/awscli-1.16.102.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/babel is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/backports is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/backports is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/backports.ssl_match_hostname-3.4.0.2.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/boto is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/boto-2.48.0.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/botocore is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/botocore-1.12.92.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.log.INFO: Python directory in dist-packages /usr/lib/python2.7/dist-packages/cfnbootstrap is not owned by an RPM package.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/chardet is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/cloud_init-0.7.6.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/cloudinit is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/colorama is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/concurrent is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/daemon is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/dateutil is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/docutils is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/ecdsa is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/futures-3.0.3.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/iniparse is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/jinja2 is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/jmespath is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/jmespath-0.9.2.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/jsonpatch-1.2.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/kitchen is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/kitchen-1.1.1.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.log.INFO: Python directory in dist-packages /usr/lib/python2.7/dist-packages/oscap_docker_python is not owned by an RPM package.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/paramiko is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/paramiko-1.15.1.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/pip is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/pip-9.0.3.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/pkg_resources is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/ply is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/preupg is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/preupgrade_assistant-2.6.0.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/pyasn1 is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/pyasn1-0.1.7.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/pykickstart is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/pystache is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/pystache-0.5.3.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/python_daemon-1.5.2.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/python_dateutil-2.1.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/requests is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/requests-1.2.3.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/rpmUtils is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/rsa is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/rsa-3.4.1.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/setuptools is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/setuptools-36.2.7.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/six-1.8.0.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/urlgrabber is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/urllib3 is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/urllib3-1.24.3.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/virtualenv-15.1.0.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/virtualenv_support is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/yum is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib/python2.7/dist-packages/yumutils is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib64/python2.7/dist-packages/Crypto is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib64/python2.7/dist-packages/MarkupSafe-0.11.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib64/python2.7/dist-packages/PIL is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib64/python2.7/dist-packages/backports is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib64/python2.7/dist-packages/curl is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib64/python2.7/dist-packages/gpgme is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib64/python2.7/dist-packages/markupsafe is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib64/python2.7/dist-packages/pyliblzma-0.5.3.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib64/python2.7/dist-packages/rpm is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib64/python2.7/dist-packages/simplejson is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib64/python2.7/dist-packages/simplejson-3.6.5.egg-info is owned by an RPM package that was not GPG signed by AL.
preupg.risk.SLIGHT: Python directory /usr/lib64/python2.7/dist-packages/yaml is owned by an RPM package that was not GPG signed by AL.

and:

xccdf_preupg_rule_move-to-extras_check

Amazon Linux 2 provides some software in a more limited-support, but updated
more-frequently source of software, called Extras. Some of the software you
have installed here can be found in Amazon Linux Extras when you move to 2.

In particular, packages
vim-minimal-8.0.0503-1.46.amzn1.x86_64
vim-enhanced-8.0.0503-1.46.amzn1.x86_64
nano-2.5.3-1.19.amzn1.x86_64
vim-common-8.0.0503-1.46.amzn1.x86_64
vim-filesystem-8.0.0503-1.46.amzn1.x86_64
@seguler
Copy link

seguler commented Nov 26, 2019

I think this is all valid. You have lot of 3rd party python packages that you need to port to Amazon Linux 2 is what it says. Those packages are installed when you install the pre-upgrade tool though :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stewartsmith @seguler