Add CPE Information and support for RLC Linux

[TheWitness]

In this change, we will add three new distribution variables from /etc/os-release for all Linux Distributions that include this file. The three new variables are:

• distribution_os_name
• distribution_os_variant
• distribution_os_cpe_name

Additionally, we provide support for a new OS Distribution called RLC that can then be further parsed from it's /etc/os-release information for further processing.

Due to the presence of /etc/os-release on FreeBSD 13.0+, FreeBSD detection has also been updated in this pull.

The new output will look similar to:

[root@ascender ~]# ansible-playbook playbook.yaml -i inventory.ini | grep distribution
        "distribution": "RLCLinux",
        "distribution_file_parsed": true,
        "distribution_file_path": "/etc/ciq-release",
        "distribution_file_search_string": "Rocky Linux from CIQ",
        "distribution_file_variety": "RLCLinux",
        "distribution_major_version": "9",
        "distribution_os_cpe_name": "cpe:2.3:o:ciq:rocky_linux_from_ciq_pro:9.7",
        "distribution_os_name": "Rocky Linux from CIQ",
        "distribution_os_variant": "Pro",
        "distribution_release": "Blue Onyx",
        "distribution_version": "9.7",
        "distribution": "RLCLinux",
        "distribution_file_parsed": true,
        "distribution_file_path": "/etc/ciq-release",
        "distribution_file_search_string": "Rocky Linux from CIQ",
        "distribution_file_variety": "RLCLinux",
        "distribution_major_version": "9",
        "distribution_os_cpe_name": "cpe:2.3:o:ciq:rocky_linux_from_ciq_pro_ai:9.7",
        "distribution_os_name": "Rocky Linux from CIQ",
        "distribution_os_variant": "Pro AI",
        "distribution_release": "Blue Onyx",
        "distribution_version": "9.7",
        "distribution": "RLCLinux",
        "distribution_file_parsed": true,
        "distribution_file_path": "/etc/ciq-release",
        "distribution_file_search_string": "Rocky Linux from CIQ",
        "distribution_file_variety": "RLCLinux",
        "distribution_major_version": "9",
        "distribution_os_cpe_name": "cpe:2.3:o:ciq:rocky_linux_from_ciq:9.7",
        "distribution_os_name": "Rocky Linux from CIQ",
        "distribution_os_variant": "",
        "distribution_release": "Blue Onyx",
        "distribution_version": "9.7",
        "distribution": "Rocky",
        "distribution_file_parsed": true,
        "distribution_file_path": "/etc/redhat-release",
        "distribution_file_variety": "RedHat",
        "distribution_major_version": "9",
        "distribution_os_cpe_name": "cpe:/o:rocky:rocky:9::baseos",
        "distribution_os_name": "Rocky Linux",
        "distribution_os_variant": "",
        "distribution_release": "Blue Onyx",
        "distribution_version": "9.7",

[ciq-it-service-account]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Copilot]

Pull request overview

Adds extended Linux distribution fact parsing (including CPE-related fields) and introduces explicit support for the “RLCLinux” distribution, shipping the updated distribution parser into the execution environment image.

Changes:

• Add a custom distribution.py fact collector implementation with RLCLinux detection and /etc/os-release parsing for NAME, VARIANT, and CPE_NAME.
• Populate new facts: distribution_os_name, distribution_os_variant, distribution_os_cpe_name (when /etc/os-release is read).
• Update the execution environment build to include and copy the patched distribution fact module into the container.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
files/distribution.py	New/overridden distribution fact implementation: RLCLinux support + /etc/os-release derived facts.
execution-environment.yml	Ensures the new distribution implementation is included in the EE build and copied into the image.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[TheWitness]

Here is example output from AlmaLinux 9.7

[root@ascender ~]# ansible-playbook playbook.yaml -i inventory.ini --limit valma01 | grep distribution
        "distribution": "AlmaLinux",
        "distribution_file_parsed": true,
        "distribution_file_path": "/etc/redhat-release",
        "distribution_file_variety": "RedHat",
        "distribution_major_version": "9",
        "distribution_os_cpe_name": "cpe:/o:almalinux:almalinux:9::baseos",
        "distribution_os_name": "AlmaLinux",
        "distribution_os_variant": "",
        "distribution_release": "Moss Jungle Cat",
        "distribution_version": "9.7",

[TheWitness]

I guess we could go further...

[TheWitness]

Looks like Ubuntu does not have a cpe_name:

[root@ascender ~]# ansible-playbook playbook.yaml -i inventory.ini --limit uhost01 | grep distribution
        "distribution": "Ubuntu",
        "distribution_file_parsed": true,
        "distribution_file_path": "/etc/os-release",
        "distribution_file_variety": "Debian",
        "distribution_major_version": "24",
        "distribution_os_cpe_name": "",
        "distribution_os_name": "Ubuntu",
        "distribution_os_variant": "",
        "distribution_release": "noble",
        "distribution_version": "24.04",

Checking in more detail.

[TheWitness]

Here is Ubuntu:

PRETTY_NAME="Ubuntu 24.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.4 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo

[TheWitness]

Rocky here:

NAME="Rocky Linux"
VERSION="9.7 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.7"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.7 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
VENDOR_NAME="RESF"
VENDOR_URL="https://resf.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.7"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.7"

RLC Pro AI

NAME="Rocky Linux from CIQ"
VARIANT="Pro"
VARIANT_ID="pro"
VERSION="9.7 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.7"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux from CIQ Pro 9.7 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:2.3:o:ciq:rocky_linux_from_ciq_pro:9.7"
HOME_URL="https://portal.ciq.com/"
VENDOR_NAME="CIQ"
VENDOR_URL="https://ciq.com/"
BUG_REPORT_URL="https://support.ciq.com/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.7"
REDHAT_SUPPORT_PRODUCT="Rocky Linux from CIQ Pro"
REDHAT_SUPPORT_PRODUCT_VERSION="9.7"

[bradydibble]

Replacing my earlier comment — the previous version drifted into suggesting RLC-side packaging changes, which is out of scope for this PR. The finding below is entirely about ascender-ee detection logic.

One bug: LTS 9.6 falls through OSDIST_LIST

PR #9 keys RLC detection on /etc/ciq-release, which is shipped by rlc-release and rlc-pro-release but not by ciq-lts96-rocky-release. Confirmed on live images:

Variant	/etc/system-release-cpe	/etc/ciq-release	Detected by PR #9?
RLC Plus 9.7	cpe:2.3:o:ciq:rocky_linux_from_ciq:9.7	present (rlc-release-9.7-1.8.el9_7_ciq)	✅
RLC Pro 9.7	cpe:2.3:o:ciq:rocky_linux_from_ciq_pro:9.7	present (rlc-pro-release-9.7-1.9.el9_7_ciq)	✅
RLC LTS 9.6	cpe:2.3:o:ciq:rocky_linux_from_ciq_lts:9.6	absent (ciq-lts96-rocky-release-9.6-3.5.el9_6 does not install it)	❌

Suggested fix, entirely in ascender-ee

Use /etc/system-release-cpe as the primary signal. That file is an EL-family convention and is installed by every EL-family *-release RPM — redhat-release, rocky-release, rlc-release, rlc-pro-release, ciq-lts96-rocky-release, almalinux-release, oraclelinux-release. It's strictly more reliable than a vendor-specific file like /etc/ciq-release.

Concretely, something like this in distribution.py:

OSDIST_LIST = (
    {'path': '/etc/system-release-cpe', 'name': 'RLC'},   # NEW — matches any RLC variant
    {'path': '/etc/ciq-release', 'name': 'RLC'},          # kept as fallback for images that have it but no cpe file
    {'path': '/etc/altlinux-release', 'name': 'Altlinux'},
    ...
)

SEARCH_STRING = {
    'RLC': ':ciq:',   # matches cpe:2.3:o:ciq:* and cpe:/o:ciq:*
    ...
}

Then the RLC parser reads the CPE directly (it's a single line like cpe:2.3:o:ciq:rocky_linux_from_ciq_lts:9.6) and derives distribution_os_cpe_name + distribution_os_variant from the product segment — rocky_linux_from_ciq → Plus, ..._pro → Pro, ..._pro_ai → Pro AI, ..._lts → LTS. No dependency on any RLC-side packaging change, works for every RLC variant shipping today.

As a bonus, keying on the CPE file means the detector would also work for any future CIQ product that sets cpe:*:o:ciq:* without you needing to add a new file path to the list.

Unit test fixtures

Happy to contribute /etc/system-release-cpe + /etc/os-release captures from the three live images as test fixtures. Expected assertions:

Variant	distribution	distribution_os_cpe_name
RLC Plus 9.7	RLC	cpe:2.3:o:ciq:rocky_linux_from_ciq:9.7
RLC Pro 9.7	RLC	cpe:2.3:o:ciq:rocky_linux_from_ciq_pro:9.7
RLC LTS 9.6	RLC	cpe:2.3:o:ciq:rocky_linux_from_ciq_lts:9.6

Let me know if fixtures from a follow-up PR would land well.

Context — this feeds into ctrliq/ascender-ledger-pro#309, which needs the CPE fact to reach Ledger's ingest so advisory routing can key on vendor/stream.

[TheWitness]

@bradydibble,

The cpe_name should match between /etc/os-release and the /etc/system-release-cpe is my thoughts. I not sure which is LSB compliant. I was going to look at a few of the other OS' as for example Ubuntu lacks the CPE_NAME in /etc/os-release entirely.

[TheWitness]

It seems Ubuntu 24.04 gives not mention of CPE anywhere in /etc/.

[bradydibble]

Surveyed 16 hosts. Table below.

Distro	Version	os-release CPE	os-release ID	/etc/system-release-cpe	/etc/redhat-release	/etc/debian_version	VERSION_CODENAME	UBUNTU_CODENAME	/etc/lsb-release DISTRIB_CODENAME
Rocky Linux from CIQ (Plus)	9.7	cpe:2.3:o:ciq:rocky_linux_from_ciq:9.7	rocky	cpe:2.3:o:ciq:rocky_linux_from_ciq:9.7	Rocky Linux from CIQ release 9.7 (Blue Onyx)	—	—	—	—
Rocky Linux from CIQ (Pro)	9.7	cpe:2.3:o:ciq:rocky_linux_from_ciq_pro:9.7	rocky	cpe:2.3:o:ciq:rocky_linux_from_ciq_pro:9.7	Red Hat Enterprise Linux release 9.7 (Plow)	—	—	—	—
Rocky Linux from CIQ - LTS (2026-02-17 image)	9.6	cpe:2.3:o:ciq:rocky_linux_from_ciq_lts:9.6	rocky	cpe:2.3:o:ciq:rocky_linux_from_ciq_lts:9.6	Rocky Linux from CIQ - LTS release 9.6 (Blue Onyx)	—	—	—	—
Rocky Linux from CIQ - LTS (2026-04-08 image)	9.6	cpe:2.3:o:ciq:rocky_linux_from_ciq_lts:9.6	rocky	cpe:2.3:o:ciq:rocky_linux_from_ciq_lts:9.6	Rocky Linux from CIQ - LTS release 9.6 (Blue Onyx)	—	—	—	—
Oracle Linux Server	9.7	cpe:/o:oracle:linux:9:7:server	ol	cpe:/o:oracle:linux:9:7:server	Red Hat Enterprise Linux release 9.7 (Plow)	—	—	—	—
AlmaLinux	9.7	cpe:/o:almalinux:almalinux:9::baseos	almalinux	cpe:/o:almalinux:almalinux:9::baseos	AlmaLinux release 9.7 (Moss Jungle Cat)	—	—	—	—
AlmaLinux	10.1	cpe:/o:almalinux:almalinux:10.1	almalinux	cpe:/o:almalinux:almalinux:10.1	AlmaLinux release 10.1 (Heliotrope Lion)	—	—	—	—
CentOS Stream	10	cpe:/o:centos:centos:10	centos	cpe:/o:centos:centos:10	CentOS Stream release 10 (Coughlan)	—	—	—	—
Red Hat Enterprise Linux	8.10	cpe:/o:redhat:enterprise_linux:8::baseos	rhel	cpe:/o:redhat:enterprise_linux:8::baseos	Red Hat Enterprise Linux release 8.10 (Ootpa)	—	—	—	—
Red Hat Enterprise Linux	9.7	cpe:/o:redhat:enterprise_linux:9::baseos	rhel	cpe:/o:redhat:enterprise_linux:9::baseos	Red Hat Enterprise Linux release 9.7 (Plow)	—	—	—	—
Red Hat Enterprise Linux	10.1	cpe:/o:redhat:enterprise_linux:10.1	rhel	cpe:/o:redhat:enterprise_linux:10.1	Red Hat Enterprise Linux release 10.1 (Coughlan)	—	—	—	—
Rocky Linux	8.10	cpe:/o:rocky:rocky:8:GA	rocky	cpe:/o:rocky:rocky:8:GA	Rocky Linux release 8.10 (Green Obsidian)	—	—	—	—
Rocky Linux	9.7	cpe:/o:rocky:rocky:9::baseos	rocky	cpe:/o:rocky:rocky:9::baseos	Rocky Linux release 9.7 (Blue Onyx)	—	—	—	—
Rocky Linux	10.1	cpe:/o:rocky:rocky:10::baseos	rocky	cpe:/o:rocky:rocky:10::baseos	Rocky Linux release 10.1 (Red Quartz)	—	—	—	—
Debian GNU/Linux	13	—	debian	—	—	13.3	trixie	—	—
Ubuntu	24.04	—	ubuntu	—	—	trixie/sid	noble	noble	noble

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[TheWitness]

Thanks to @bradydibble for saving me the time and effort for the most notable distributions. This patch will check the /etc/os-release for all systems identified as having the "Linux" flavor. So, Ascender Pro should be able to track all of these OS variants correctly.

[TheWitness]

It also looks like Solaris 11.4+ and FreeBSD 13.0+ also support the files that we have laid out. For now, we know this is the case, but I will keep them out of scope for the current exercise in that they follow a separate code path than standard Linux OS' follow. HP-UX is dead as of the end of last year, and AIX does not currently support these files as a general practice.

[TheWitness]

@bradydibble, per our conversation, it would be nice if the LTS family included an /etc/ciq-release file to help with upstream detection. However, since in Ascender, we are using the CPE_NAME, this won't present a problem except with upstream tools that will look at it as a RHEL variant as opposed to an RLC variant. We have some time before we ustream anything. So, take your time and update this ticket as applicable.

[TheWitness]

@cigamit, according to @bradydibble he has opened a ticket for our LTS distributions to add an /etc/ciq-release file for future releases. So, I think for upstream we don't need any more changes.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[cigamit]

@cigamit, according to @bradydibble he has opened a ticket for our LTS distributions to add an /etc/ciq-release file for future releases. So, I think for upstream we don't need any more changes.

I am talking about this only being a bandaid, as this is being done just so you can test the Ledger stuff. This is not a fix at all, and won't even work for most clients (as they will use their own EE). We can discuss in a bit.

[TheWitness]

Here is draft FreeBSD.

root@vbsdhost01:~ # cat /etc/os-release
NAME=FreeBSD
VERSION="13.5-RELEASE"
VERSION_ID="13.5"
ID=freebsd
ANSI_COLOR="0;31"
PRETTY_NAME="FreeBSD 13.5-RELEASE"
CPE_NAME="cpe:/o:freebsd:freebsd:13.5"
HOME_URL="https://FreeBSD.org/"
BUG_REPORT_URL="https://bugs.FreeBSD.org/"
root@vbsdhost01:~ #

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.