xmlsec version is incompatible on Fedora Rawhide

[Mab879]

Description of Problem:

Creating guides (and maybe other functionally) is currently broken on Fedora Rawhide. This appears to be related to the version of xmlsec in rawhide.

OpenSCAP Version:

1.3.8

Operating System & Version:

Fedora Rawhide as of 2023-06-26

Steps to Reproduce:

1. oscap xccdf generate guide --profile stig /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml > guide.html

Actual Results:

The guide fails to be created.

func=xmlSecCheckVersionExt:file=xmlsec.c:line=202:obj=unknown:subj=unknown:error=19:invalid version:mode=abi compatible;expected minor version=2;real minor version=3;expected subminor version=37;real subminor version=0
OpenSCAP Error: Loaded xmlsec library version is not compatible. [/builddir/build/BUILD/openscap-1.3.8/src/source/signature.c:142]
Invalid signature in SCAP Source Datastream (1.3) content in /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml [/builddir/build/BUILD/openscap-1.3.8/src/XCCDF/xccdf_session.c:848]

Expected Results:

The guide is created

Additional Information / Debugging Steps:

rpm -iq xmlsec1
xmlsec1-1.2.37-4.fc39.x86_64

[evgenyz]

Meh: https://packages.fedoraproject.org/pkgs/xmlsec1/xmlsec1/fedora-rawhide.html

[evgenyz]

So, it has been built with 1.2.37 but the runtime .so version is 1.3.0 for some reason? At the same time the package is of version 1.2.37. That's very weird.

[evgenyz]

So, it has been built with 1.2.37 but the runtime .so version is 1.3.0?

Hmm, or is it the other way around?

[evgenyz]

Oh, just how lucky we are: https://bugzilla.redhat.com/show_bug.cgi?id=2187631. Perfect timing, #@$^%@&#$!

[evgenyz]

I guess I'd have to rebuild it.

[evgenyz]

https://bodhi.fedoraproject.org/updates/FEDORA-2023-b69580bc7c

[Mab879]

On the latest rawhide (as of 29 June 2023) this issue appears to be resolved.

[jan-cerny]

Yes, the problem no longer appears in our test runs, see eg. ComplianceAsCode/content#10787 where the jobs on Rawhide pass.