Rebase to the latest upstream version
- Rebase to the latest upstream version - Use NSS as cryptography library (RHEL-22013) Resolves: RHEL-22013
This commit is contained in:
parent
6ab115a60e
commit
56f8171c01
@ -1,165 +0,0 @@
|
|||||||
From f8366b395b977392d724c6cc84c7295590c39ee8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Evgeny Kolesnikov <ekolesni@redhat.com>
|
|
||||||
Date: Tue, 7 Nov 2023 20:01:44 +0100
|
|
||||||
Subject: [PATCH] Fix tests/probes/sysctl_all
|
|
||||||
|
|
||||||
The test will now automatically adapt to the list of readable
|
|
||||||
variables and won't break every time a new root-readable variable
|
|
||||||
is introduced in kernel.
|
|
||||||
---
|
|
||||||
tests/probes/sysctl/test_sysctl_probe_all.sh | 144 +++++++------------
|
|
||||||
1 file changed, 50 insertions(+), 94 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/probes/sysctl/test_sysctl_probe_all.sh b/tests/probes/sysctl/test_sysctl_probe_all.sh
|
|
||||||
index f1834059fb..efaa31b9b1 100755
|
|
||||||
--- a/tests/probes/sysctl/test_sysctl_probe_all.sh
|
|
||||||
+++ b/tests/probes/sysctl/test_sysctl_probe_all.sh
|
|
||||||
@@ -8,98 +8,57 @@ set -e -o pipefail
|
|
||||||
# non root users
|
|
||||||
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
|
|
||||||
|
|
||||||
-# non root users are not able to access some kernel params, so they get excluded
|
|
||||||
-SYSCTL_EXCLUDE='
|
|
||||||
- dev.parport.parport0.autoprobe
|
|
||||||
- dev.tty.legacy_tiocsti
|
|
||||||
- fs.protected_hardlinks
|
|
||||||
- fs.protected_fifos
|
|
||||||
- fs.protected_regular
|
|
||||||
- fs.protected_symlinks
|
|
||||||
- kernel.cad_pid
|
|
||||||
- kernel.unprivileged_userns_apparmor_policy
|
|
||||||
- kernel.apparmor_display_secid_mode
|
|
||||||
- kernel.usermodehelper.bset
|
|
||||||
- kernel.usermodehelper.inheritable
|
|
||||||
- net.core.bpf_jit_harden
|
|
||||||
- net.core.bpf_jit_kallsyms
|
|
||||||
- net.core.bpf_jit_limit
|
|
||||||
- net.ipv4.tcp_fastopen_key
|
|
||||||
- stable_secret
|
|
||||||
- vm.mmap_rnd_bits
|
|
||||||
- vm.mmap_rnd_compat_bits
|
|
||||||
- vm.stat_refresh'
|
|
||||||
-
|
|
||||||
-SYSCTL_EXCLUDE_REGEX="$(printf '\|%s' $SYSCTL_EXCLUDE)"
|
|
||||||
-# strip leading '\|'
|
|
||||||
-SYSCTL_EXCLUDE_REGEX=${SYSCTL_EXCLUDE_REGEX:2}
|
|
||||||
-
|
|
||||||
function perform_test {
|
|
||||||
-probecheck "sysctl" || return 255
|
|
||||||
-
|
|
||||||
-name=$(basename $0 .sh)
|
|
||||||
-
|
|
||||||
-result=$(mktemp ${name}.res.out.XXXXXX)
|
|
||||||
-stderr=$(mktemp ${name}.err.out.XXXXXX)
|
|
||||||
-ourNames=$(mktemp ${name}.our.out.XXXXXX)
|
|
||||||
-sysctlNames=$(mktemp ${name}.sysctl.out.XXXXXX)
|
|
||||||
-
|
|
||||||
-echo "Result file: $result"
|
|
||||||
-echo "Our names file: $ourNames"
|
|
||||||
-echo "Sysctl names file: $sysctlNames"
|
|
||||||
-echo "Errors file: $stderr"
|
|
||||||
-
|
|
||||||
-$OSCAP oval eval --results $result $srcdir/test_sysctl_probe_all.oval.xml > /dev/null 2>$stderr
|
|
||||||
-
|
|
||||||
-case $(uname) in
|
|
||||||
- FreeBSD)
|
|
||||||
- sysctl -aN 2> /dev/null > "$sysctlNames"
|
|
||||||
- ;;
|
|
||||||
- Linux)
|
|
||||||
- # sysctl has duplicities in output
|
|
||||||
- # hide permission errors like: "sysctl: permission denied on key 'fs.protected_hardlinks'"
|
|
||||||
- # kernel parameters might use "/" and "." separators interchangeably - normalizing
|
|
||||||
- sysctl -aN --deprecated 2> /dev/null | grep -v $SYSCTL_EXCLUDE_REGEX | tr "/" "." | sort -u > "$sysctlNames"
|
|
||||||
- ;;
|
|
||||||
-esac
|
|
||||||
-
|
|
||||||
-grep unix-sys:name "$result" | grep -v $SYSCTL_EXCLUDE_REGEX | xsed -E 's;.*>(.*)<.*;\1;g' | sort > "$ourNames"
|
|
||||||
-
|
|
||||||
-# If procps_ver > 3.3.12 we need to filter *stable_secret and vm.stat_refresh
|
|
||||||
-# options from the sysctl output, for more details see
|
|
||||||
-# https://github.com/OpenSCAP/openscap/issues/1152.
|
|
||||||
-procps_ver="$(package_version procps-ng procps)"
|
|
||||||
-
|
|
||||||
-lowest_ver=$(echo -e "3.3.12\n$procps_ver" | sort -V | head -n1)
|
|
||||||
-if [ "$procps_ver" != "$lowest_ver" ]; then
|
|
||||||
- sed -i '/net.ipv6.conf.*stable_secret$/d' "$sysctlNames"
|
|
||||||
- sed -i '/.*vm.stat_refresh/d' "$sysctlNames"
|
|
||||||
-fi
|
|
||||||
-
|
|
||||||
-if ! grep -q "hugepages" "$ourNames"; then
|
|
||||||
- sed -i "/^.*hugepages.*$/d" "$sysctlNames"
|
|
||||||
-fi
|
|
||||||
-
|
|
||||||
-echo "Diff (sysctlNames / ourNames): ------"
|
|
||||||
-diff "$sysctlNames" "$ourNames"
|
|
||||||
-echo "-------------------------------------"
|
|
||||||
-
|
|
||||||
-# remove oscap error message related to permissions from stderr
|
|
||||||
-sed -i -E "/^E: oscap: +Can't read sysctl value from /d" "$stderr"
|
|
||||||
-sed -i -E "/^E: oscap: +An error.*, Operation not permitted/d" "$stderr"
|
|
||||||
-
|
|
||||||
-# remove oscap error message related to gibberish binary entries
|
|
||||||
-# that can't fit into 8K buffer and result in errno 14
|
|
||||||
-# (for example /proc/sys/kernel/spl/hostid could be the case)
|
|
||||||
-sed -i -E "/^E: oscap: +An error.*14, Bad address/d" "$stderr"
|
|
||||||
-sed -i "/^.*hugepages.*$/d" "$stderr"
|
|
||||||
-
|
|
||||||
-echo "Errors (without messages related to permissions):"
|
|
||||||
-cat "$stderr"
|
|
||||||
-
|
|
||||||
-[ ! -s $stderr ]
|
|
||||||
-
|
|
||||||
-rm $stderr $result $ourNames $sysctlNames
|
|
||||||
+ probecheck "sysctl" || return 255
|
|
||||||
+
|
|
||||||
+ name=$(basename $0 .sh)
|
|
||||||
+
|
|
||||||
+ result=$(mktemp ${name}.res.out.XXXXXX)
|
|
||||||
+ stderr=$(mktemp ${name}.err.out.XXXXXX)
|
|
||||||
+ ourNames=$(mktemp ${name}.our.out.XXXXXX)
|
|
||||||
+ sysctlNames=$(mktemp ${name}.sysctl.out.XXXXXX)
|
|
||||||
+
|
|
||||||
+ echo "Result file: $result"
|
|
||||||
+ echo "Our names file: $ourNames"
|
|
||||||
+ echo "Sysctl names file: $sysctlNames"
|
|
||||||
+ echo "Errors file: $stderr"
|
|
||||||
+
|
|
||||||
+ $OSCAP oval eval --results $result $srcdir/test_sysctl_probe_all.oval.xml > /dev/null 2>$stderr
|
|
||||||
+
|
|
||||||
+ case $(uname) in
|
|
||||||
+ FreeBSD)
|
|
||||||
+ sysctl -aN 2> /dev/null > "$sysctlNames"
|
|
||||||
+ ;;
|
|
||||||
+ Linux)
|
|
||||||
+ # sysctl has duplicities in output
|
|
||||||
+ # hide permission errors like: "sysctl: permission denied on key 'fs.protected_hardlinks'"
|
|
||||||
+ # kernel parameters might use "/" and "." separators interchangeably - normalizing
|
|
||||||
+ sysctl -a --deprecated 2> /dev/null | tr "/" "." | cut -d "=" -f 1 | tr -d " " | sort -u > "$sysctlNames"
|
|
||||||
+ ;;
|
|
||||||
+ esac
|
|
||||||
+
|
|
||||||
+ grep unix-sys:name "$result" | xsed -E 's;.*>(.*)<.*;\1;g' | sort > "$ourNames"
|
|
||||||
+
|
|
||||||
+ echo "Diff (sysctlNames / ourNames): ------"
|
|
||||||
+ diff "$sysctlNames" "$ourNames"
|
|
||||||
+ echo "-------------------------------------"
|
|
||||||
+
|
|
||||||
+ # remove oscap error message related to permissions from stderr
|
|
||||||
+ sed -i -E "/^E: oscap: +Can't read sysctl value from /d" "$stderr"
|
|
||||||
+ sed -i -E "/^E: oscap: +An error.*, Operation not permitted/d" "$stderr"
|
|
||||||
+
|
|
||||||
+ # remove oscap error message related to gibberish binary entries
|
|
||||||
+ # that can't fit into 8K buffer and result in errno 14
|
|
||||||
+ # (for example /proc/sys/kernel/spl/hostid could be the case)
|
|
||||||
+ sed -i -E "/^E: oscap: +An error.*14, Bad address/d" "$stderr"
|
|
||||||
+ sed -i "/^.*hugepages.*$/d" "$stderr"
|
|
||||||
+
|
|
||||||
+ echo "Errors (without messages related to permissions):"
|
|
||||||
+ cat "$stderr"
|
|
||||||
+
|
|
||||||
+ [ ! -s $stderr ]
|
|
||||||
+
|
|
||||||
+ rm $stderr $result $ourNames $sysctlNames
|
|
||||||
}
|
|
||||||
|
|
||||||
perform_test
|
|
@ -1,41 +0,0 @@
|
|||||||
Fix type of libxml2 error callback function
|
|
||||||
|
|
||||||
Current libxml2 uses void(void *user, const xmlError *error),
|
|
||||||
previously void(void *user, xmlError *error) was used. Switch the
|
|
||||||
function definition to the current type and add a cast to avoid
|
|
||||||
incompatible-pointer-types errors with newer compilers building
|
|
||||||
against older libxml2.
|
|
||||||
|
|
||||||
Submitted upstream: <https://github.com/OpenSCAP/openscap/pull/2069>x
|
|
||||||
|
|
||||||
diff --git a/src/source/validate.c b/src/source/validate.c
|
|
||||||
index da8c46dcb185c3fe..ffc54f55031746fc 100644
|
|
||||||
--- a/src/source/validate.c
|
|
||||||
+++ b/src/source/validate.c
|
|
||||||
@@ -46,7 +46,7 @@ struct ctxt {
|
|
||||||
char *filename;
|
|
||||||
};
|
|
||||||
|
|
||||||
-static void oscap_xml_validity_handler(void *user, xmlErrorPtr error)
|
|
||||||
+static void oscap_xml_validity_handler(void *user, const xmlError *error)
|
|
||||||
{
|
|
||||||
struct ctxt * context = (struct ctxt *) user;
|
|
||||||
|
|
||||||
@@ -111,7 +111,7 @@ static inline int oscap_validate_xml(struct oscap_source *source, const char *sc
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
- xmlSchemaSetParserStructuredErrors(parser_ctxt, oscap_xml_validity_handler, &context);
|
|
||||||
+ xmlSchemaSetParserStructuredErrors(parser_ctxt, (xmlStructuredErrorFunc) oscap_xml_validity_handler, &context);
|
|
||||||
|
|
||||||
schema = xmlSchemaParse(parser_ctxt);
|
|
||||||
if (schema == NULL) {
|
|
||||||
@@ -125,7 +125,7 @@ static inline int oscap_validate_xml(struct oscap_source *source, const char *sc
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
- xmlSchemaSetValidStructuredErrors(ctxt, oscap_xml_validity_handler, &context);
|
|
||||||
+ xmlSchemaSetValidStructuredErrors(ctxt, (xmlStructuredErrorFunc) oscap_xml_validity_handler, &context);
|
|
||||||
|
|
||||||
doc = oscap_source_get_xmlDoc(source);
|
|
||||||
if (!doc)
|
|
@ -1,25 +0,0 @@
|
|||||||
Python bindings: Do not reuse $result for pointer conversion result
|
|
||||||
|
|
||||||
The $result variable may be a pointer, but SWIG_ConvertPtr returns
|
|
||||||
an int. This change avoids a compilation failure with current
|
|
||||||
compilers due to a C type error.
|
|
||||||
|
|
||||||
Submitted upstream: <https://github.com/OpenSCAP/openscap/pull/2069>x
|
|
||||||
|
|
||||||
diff --git a/swig/openscap.i b/swig/openscap.i
|
|
||||||
index 219e1aa3c9ddf28b..6f29fc23c808bcfc 100644
|
|
||||||
--- a/swig/openscap.i
|
|
||||||
+++ b/swig/openscap.i
|
|
||||||
@@ -64,9 +64,9 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
%typemap(in) void * {
|
|
||||||
- $result = SWIG_ConvertPtr($input,%as_voidptrptr(&$1), 0, $disown);
|
|
||||||
- if (!SWIG_IsOK($result)) {
|
|
||||||
- %argument_fail($result, "$type", $symname, $argnum);
|
|
||||||
+ int ptrres = SWIG_ConvertPtr($input,%as_voidptrptr(&$1), 0, $disown);
|
|
||||||
+ if (!SWIG_IsOK(ptrres)) {
|
|
||||||
+ %argument_fail(ptrres, "$type", $symname, $argnum);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -1,33 +0,0 @@
|
|||||||
diff -ru openscap-1.3.9/src/common/xml_iterate.c openscap-1.3.9.new/src/common/xml_iterate.c
|
|
||||||
--- openscap-1.3.9/src/common/xml_iterate.c 2023-09-06 16:04:46.000000000 +0200
|
|
||||||
+++ openscap-1.3.9.new/src/common/xml_iterate.c 2023-11-27 03:13:21.931933518 +0100
|
|
||||||
@@ -22,6 +22,7 @@
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <string.h>
|
|
||||||
+#include <libxml/parser.h>
|
|
||||||
#include "debug_priv.h"
|
|
||||||
#include "xml_iterate.h"
|
|
||||||
#include "oscap_helpers.h"
|
|
||||||
diff -ru openscap-1.3.9/src/OVAL/results/oval_cmp_evr_string.c openscap-1.3.9.new/src/OVAL/results/oval_cmp_evr_string.c
|
|
||||||
--- openscap-1.3.9/src/OVAL/results/oval_cmp_evr_string.c 2023-09-06 16:04:46.000000000 +0200
|
|
||||||
+++ openscap-1.3.9.new/src/OVAL/results/oval_cmp_evr_string.c 2023-11-27 03:18:23.003882498 +0100
|
|
||||||
@@ -30,6 +30,7 @@
|
|
||||||
#include <math.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
+#include <limits.h>
|
|
||||||
#include "oval_cmp_evr_string_impl.h"
|
|
||||||
#include "oval_definitions.h"
|
|
||||||
#include "oval_types.h"
|
|
||||||
diff -ru openscap-1.3.9/src/source/bz2.c openscap-1.3.9.new/src/source/bz2.c
|
|
||||||
--- openscap-1.3.9/src/source/bz2.c 2023-09-06 16:04:46.000000000 +0200
|
|
||||||
+++ openscap-1.3.9.new/src/source/bz2.c 2023-11-27 03:32:20.069323771 +0100
|
|
||||||
@@ -26,6 +26,7 @@
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <libxml/tree.h>
|
|
||||||
+#include <libxml/parser.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#ifdef OS_WINDOWS
|
|
@ -1,121 +0,0 @@
|
|||||||
From f997cee6f74f4698aadc136b821bc0d5875c59de Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stephen L Arnold <sarnold@vctlabs.com>
|
|
||||||
Date: Tue, 11 Jul 2023 17:49:10 -0700
|
|
||||||
Subject: [PATCH 1/3] make default perl install path respect
|
|
||||||
CMAKE_INSTALL_PREFIX
|
|
||||||
|
|
||||||
Signed-off-by: Stephen L Arnold <sarnold@vctlabs.com>
|
|
||||||
---
|
|
||||||
swig/perl/CMakeLists.txt | 6 ++++--
|
|
||||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/swig/perl/CMakeLists.txt b/swig/perl/CMakeLists.txt
|
|
||||||
index 057b365bf7..5ce41e9fa8 100644
|
|
||||||
--- a/swig/perl/CMakeLists.txt
|
|
||||||
+++ b/swig/perl/CMakeLists.txt
|
|
||||||
@@ -1,6 +1,8 @@
|
|
||||||
include(UseSWIG)
|
|
||||||
include(FindPerlLibs)
|
|
||||||
|
|
||||||
+string(SUBSTRING "${PERL_VERSION_STRING}" 0 4 PERL_VERSION_MINOR)
|
|
||||||
+
|
|
||||||
set(CMAKE_SWIG_FLAGS "-module" "openscap_pm")
|
|
||||||
if (${CMAKE_VERSION} VERSION_LESS "3.8.0")
|
|
||||||
swig_add_module(openscap_pm perl5 ../openscap.i)
|
|
||||||
@@ -20,7 +22,7 @@ if (APPLE OR (${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD"))
|
|
||||||
DESTINATION ${CMAKE_INSTALL_DATADIR}/perl5/vendor_perl)
|
|
||||||
else()
|
|
||||||
install(TARGETS ${SWIG_MODULE_openscap_pm_REAL_NAME}
|
|
||||||
- DESTINATION ${PERL_VENDORLIB})
|
|
||||||
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}/perl5/${PERL_VERSION_MINOR})
|
|
||||||
install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/openscap_pm.pm
|
|
||||||
- DESTINATION ${PERL_VENDORARCH})
|
|
||||||
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}/perl5/vendor_perl/${PERL_VERSION_MINOR})
|
|
||||||
endif()
|
|
||||||
|
|
||||||
From 6549f7f3142fa071966a6b7c97cd1b85edece990 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stephen L Arnold <sarnold@vctlabs.com>
|
|
||||||
Date: Thu, 14 Dec 2023 16:06:34 -0800
|
|
||||||
Subject: [PATCH 2/3] chg: dev: use cmake vendor paths for perl install
|
|
||||||
defaults
|
|
||||||
|
|
||||||
* also display both vendor/non-vendor system paths in linux envs
|
|
||||||
|
|
||||||
Signed-off-by: Stephen L Arnold <sarnold@vctlabs.com>
|
|
||||||
---
|
|
||||||
CMakeLists.txt | 4 ++++
|
|
||||||
swig/perl/CMakeLists.txt | 10 ++++++++--
|
|
||||||
2 files changed, 12 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
|
||||||
index 6244980583..d43993bce5 100644
|
|
||||||
--- a/CMakeLists.txt
|
|
||||||
+++ b/CMakeLists.txt
|
|
||||||
@@ -463,6 +463,10 @@ message(STATUS " ")
|
|
||||||
message(STATUS "Language bindings:")
|
|
||||||
message(STATUS "python3 bindings: ${ENABLE_PYTHON3}")
|
|
||||||
message(STATUS "perl bindings: ${ENABLE_PERL}")
|
|
||||||
+message(STATUS "perl vendorlib: ${PERL_VENDORLIB}")
|
|
||||||
+message(STATUS "perl vendorarch: ${PERL_VENDORARCH}")
|
|
||||||
+message(STATUS "perl privlib: ${PERL_PRIVLIB}")
|
|
||||||
+message(STATUS "perl archlib: ${PERL_ARCHLIB}")
|
|
||||||
message(STATUS " ")
|
|
||||||
|
|
||||||
message(STATUS "Utilities:")
|
|
||||||
diff --git a/swig/perl/CMakeLists.txt b/swig/perl/CMakeLists.txt
|
|
||||||
index 5ce41e9fa8..789394636c 100644
|
|
||||||
--- a/swig/perl/CMakeLists.txt
|
|
||||||
+++ b/swig/perl/CMakeLists.txt
|
|
||||||
@@ -3,6 +3,12 @@ include(FindPerlLibs)
|
|
||||||
|
|
||||||
string(SUBSTRING "${PERL_VERSION_STRING}" 0 4 PERL_VERSION_MINOR)
|
|
||||||
|
|
||||||
+# process cmake vendor paths to respect install prefix, use as Linux defaults below
|
|
||||||
+STRING(REGEX REPLACE "^/usr/" "${CMAKE_INSTALL_PREFIX}/" PERL_VENDORARCH "${PERL_VENDORARCH}")
|
|
||||||
+STRING(REGEX REPLACE "^/usr/" "${CMAKE_INSTALL_PREFIX}/" PERL_VENDORLIB "${PERL_VENDORLIB}")
|
|
||||||
+message(STATUS "perl install libdir: ${PERL_VENDORARCH}")
|
|
||||||
+message(STATUS "perl install archdir: ${PERL_VENDORLIB}")
|
|
||||||
+
|
|
||||||
set(CMAKE_SWIG_FLAGS "-module" "openscap_pm")
|
|
||||||
if (${CMAKE_VERSION} VERSION_LESS "3.8.0")
|
|
||||||
swig_add_module(openscap_pm perl5 ../openscap.i)
|
|
||||||
@@ -22,7 +28,7 @@ if (APPLE OR (${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD"))
|
|
||||||
DESTINATION ${CMAKE_INSTALL_DATADIR}/perl5/vendor_perl)
|
|
||||||
else()
|
|
||||||
install(TARGETS ${SWIG_MODULE_openscap_pm_REAL_NAME}
|
|
||||||
- DESTINATION ${CMAKE_INSTALL_LIBDIR}/perl5/${PERL_VERSION_MINOR})
|
|
||||||
+ DESTINATION ${PERL_VENDORARCH}/auto/openscap_pm/)
|
|
||||||
install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/openscap_pm.pm
|
|
||||||
- DESTINATION ${CMAKE_INSTALL_LIBDIR}/perl5/vendor_perl/${PERL_VERSION_MINOR})
|
|
||||||
+ DESTINATION ${PERL_VENDORARCH})
|
|
||||||
endif()
|
|
||||||
|
|
||||||
From f70f38ecaf659474e69c902454f3bfcfedc89cc0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stephen L Arnold <sarnold@vctlabs.com>
|
|
||||||
Date: Fri, 15 Dec 2023 16:44:53 -0800
|
|
||||||
Subject: [PATCH 3/3] check for default prefix before (possibly) munging with
|
|
||||||
prefix string
|
|
||||||
|
|
||||||
Signed-off-by: Stephen L Arnold <sarnold@vctlabs.com>
|
|
||||||
---
|
|
||||||
swig/perl/CMakeLists.txt | 7 +++++--
|
|
||||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/swig/perl/CMakeLists.txt b/swig/perl/CMakeLists.txt
|
|
||||||
index 789394636c..ca4d2705e2 100644
|
|
||||||
--- a/swig/perl/CMakeLists.txt
|
|
||||||
+++ b/swig/perl/CMakeLists.txt
|
|
||||||
@@ -4,8 +4,11 @@ include(FindPerlLibs)
|
|
||||||
string(SUBSTRING "${PERL_VERSION_STRING}" 0 4 PERL_VERSION_MINOR)
|
|
||||||
|
|
||||||
# process cmake vendor paths to respect install prefix, use as Linux defaults below
|
|
||||||
-STRING(REGEX REPLACE "^/usr/" "${CMAKE_INSTALL_PREFIX}/" PERL_VENDORARCH "${PERL_VENDORARCH}")
|
|
||||||
-STRING(REGEX REPLACE "^/usr/" "${CMAKE_INSTALL_PREFIX}/" PERL_VENDORLIB "${PERL_VENDORLIB}")
|
|
||||||
+if (NOT CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
|
|
||||||
+ STRING(REGEX REPLACE "^/usr/" "${CMAKE_INSTALL_PREFIX}/" PERL_VENDORARCH "${PERL_VENDORARCH}")
|
|
||||||
+ STRING(REGEX REPLACE "^/usr/" "${CMAKE_INSTALL_PREFIX}/" PERL_VENDORLIB "${PERL_VENDORLIB}")
|
|
||||||
+endif()
|
|
||||||
+
|
|
||||||
message(STATUS "perl install libdir: ${PERL_VENDORARCH}")
|
|
||||||
message(STATUS "perl install archdir: ${PERL_VENDORLIB}")
|
|
||||||
|
|
164
openscap.spec
164
openscap.spec
@ -1,6 +1,6 @@
|
|||||||
Name: openscap
|
Name: openscap
|
||||||
Version: 1.3.9
|
Version: 1.3.10
|
||||||
Release: 6%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Summary: Set of open source libraries enabling integration of the SCAP line of standards
|
Summary: Set of open source libraries enabling integration of the SCAP line of standards
|
||||||
License: LGPL-2.1-or-later
|
License: LGPL-2.1-or-later
|
||||||
@ -14,70 +14,17 @@ for integration of the SCAP line of standards. SCAP is a line of standards
|
|||||||
managed by NIST with the goal of providing a standard language
|
managed by NIST with the goal of providing a standard language
|
||||||
for the expression of Computer Network Defense related information.}
|
for the expression of Computer Network Defense related information.}
|
||||||
|
|
||||||
|
|
||||||
# By default build with checks (time consuming)
|
|
||||||
%bcond_without check
|
|
||||||
|
|
||||||
# By default fedora package is built with apt
|
|
||||||
%if 0%{?fedora}
|
|
||||||
%bcond_without apt
|
|
||||||
%else
|
|
||||||
# apt is missing in CentOS (ELN builds) and in EPEL available currently only in 9
|
|
||||||
%bcond_with apt
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# By default fedora package is built with opendbx support
|
|
||||||
%if 0%{?fedora}
|
|
||||||
%bcond_without opendbx
|
|
||||||
%else
|
|
||||||
# opendbx is missing in RHEL (ELN builds) without rest of the EPEL packages
|
|
||||||
# conditional allows for example rebuild in COPR + EPEL
|
|
||||||
%bcond_with opendbx
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# Fedora arched lib directories
|
|
||||||
# originally https://github.com/OpenSCAP/openscap/pull/2056
|
|
||||||
# accepted was https://github.com/OpenSCAP/openscap/pull/2054
|
|
||||||
Patch1: https://github.com/OpenSCAP/openscap/pull/2054.patch#/openscap-1.3.9-perlpath.patch
|
|
||||||
|
|
||||||
|
|
||||||
# Implicit declarations due to missing includes
|
|
||||||
# reported in #PR2060, #PR2061, #PR2062
|
|
||||||
# https://github.com/OpenSCAP/openscap/pull/2060
|
|
||||||
# https://github.com/OpenSCAP/openscap/pull/2061
|
|
||||||
# https://github.com/OpenSCAP/openscap/pull/2062
|
|
||||||
Patch2: openscap-1.3.9-includes.patch
|
|
||||||
|
|
||||||
# Fix test test_sysctl_probe_all.sh
|
|
||||||
# https://github.com/OpenSCAP/openscap/commit/f8366b395b977392d724c6cc84c7295590c39ee8
|
|
||||||
Patch3: openscap-1.3.10-fix_sysctl_probe_tests-PR-2050.patch
|
|
||||||
|
|
||||||
# Fix type of libxml2 error callback function
|
|
||||||
# https://github.com/OpenSCAP/openscap/pull/2069
|
|
||||||
Patch4: openscap-1.3.9-c99-libxml2.patch
|
|
||||||
|
|
||||||
# Python bindings: Do not reuse $result for pointer conversion result
|
|
||||||
# https://github.com/OpenSCAP/openscap/pull/2069
|
|
||||||
Patch5: openscap-1.3.9-c99-python.patch
|
|
||||||
|
|
||||||
BuildRequires: systemd-rpm-macros
|
BuildRequires: systemd-rpm-macros
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
|
|
||||||
%if 0%{?fedora} || 0%{?rhel} >= 8
|
|
||||||
BuildRequires: cmake >= 2.6
|
BuildRequires: cmake >= 2.6
|
||||||
BuildRequires: cmake-rpm-macros
|
BuildRequires: cmake-rpm-macros
|
||||||
%else
|
|
||||||
BuildRequires: cmake3
|
|
||||||
%endif
|
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: swig
|
BuildRequires: swig
|
||||||
BuildRequires: libxml2-devel
|
BuildRequires: libxml2-devel
|
||||||
BuildRequires: libxslt-devel
|
BuildRequires: libxslt-devel
|
||||||
BuildRequires: rpm-devel
|
BuildRequires: rpm-devel
|
||||||
BuildRequires: libgcrypt-devel
|
BuildRequires: nss-devel
|
||||||
BuildRequires: pcre2-devel
|
BuildRequires: pcre2-devel
|
||||||
BuildRequires: libacl-devel
|
BuildRequires: libacl-devel
|
||||||
BuildRequires: libselinux-devel
|
BuildRequires: libselinux-devel
|
||||||
@ -91,30 +38,8 @@ BuildRequires: dbus-devel
|
|||||||
BuildRequires: libyaml-devel
|
BuildRequires: libyaml-devel
|
||||||
BuildRequires: xmlsec1-devel
|
BuildRequires: xmlsec1-devel
|
||||||
BuildRequires: xmlsec1-openssl-devel
|
BuildRequires: xmlsec1-openssl-devel
|
||||||
|
|
||||||
# Fedora has procps-ng-devel, which provides procps-devel
|
|
||||||
BuildRequires: procps-devel
|
BuildRequires: procps-devel
|
||||||
|
|
||||||
%if %{with apt}
|
|
||||||
# apt-libs missing on Centos
|
|
||||||
BuildRequires: apt-devel
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with opendbx}
|
|
||||||
# opendbx is not available in RHEL
|
|
||||||
BuildRequires: opendbx-devel
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# GConf2 not used on purpose as obsolete and blocking anaconda addon
|
|
||||||
# BuildRequires: GConf2-devel
|
|
||||||
|
|
||||||
%if %{with check}
|
|
||||||
BuildRequires: perl-interpreter
|
|
||||||
BuildRequires: perl-XML-XPath
|
|
||||||
BuildRequires: bzip2
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
Requires: bash
|
Requires: bash
|
||||||
Requires: bzip2-libs
|
Requires: bzip2-libs
|
||||||
Requires: dbus
|
Requires: dbus
|
||||||
@ -125,18 +50,12 @@ Requires: libcap
|
|||||||
Requires: libselinux
|
Requires: libselinux
|
||||||
Requires: openldap
|
Requires: openldap
|
||||||
Requires: popt
|
Requires: popt
|
||||||
# Fedora has procps-ng, which provides procps
|
|
||||||
Requires: procps
|
Requires: procps
|
||||||
Requires: xmlsec1 xmlsec1-openssl
|
Requires: xmlsec1
|
||||||
|
Requires: xmlsec1-openssl
|
||||||
%if %{with apt}
|
|
||||||
# apt-libs missing on Centos
|
|
||||||
Requires: apt-libs
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%description %{common_description}
|
%description %{common_description}
|
||||||
|
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development files for %{name}
|
Summary: Development files for %{name}
|
||||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
@ -155,31 +74,13 @@ Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
|||||||
%{?python_provide:%python_provide python%{python3_pkgversion}-openscap }
|
%{?python_provide:%python_provide python%{python3_pkgversion}-openscap }
|
||||||
BuildRequires: python%{python3_pkgversion}-devel
|
BuildRequires: python%{python3_pkgversion}-devel
|
||||||
BuildRequires: python%{python3_pkgversion}-setuptools
|
BuildRequires: python%{python3_pkgversion}-setuptools
|
||||||
%if 0%{?fedora} || 0%{?rhel} >= 10
|
|
||||||
BuildRequires: python-rpm-macros
|
BuildRequires: python-rpm-macros
|
||||||
%endif
|
|
||||||
|
|
||||||
%description python3
|
%description python3
|
||||||
The %{name}-python3 package contains the bindings so that %{name}
|
The %{name}-python3 package contains the bindings so that %{name}
|
||||||
libraries can be used by python3.
|
libraries can be used by python3.
|
||||||
%{common_description}
|
%{common_description}
|
||||||
|
|
||||||
%package perl
|
|
||||||
Summary: Perl bindings for %{name}
|
|
||||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
|
||||||
BuildRequires: coreutils
|
|
||||||
BuildRequires: findutils
|
|
||||||
BuildRequires: make
|
|
||||||
BuildRequires: perl-generators
|
|
||||||
BuildRequires: perl-interpreter
|
|
||||||
BuildRequires: perl-devel
|
|
||||||
BuildRequires: perl-XML-Parser
|
|
||||||
|
|
||||||
%description perl
|
|
||||||
The perl package contains the bindings so that %{name}
|
|
||||||
libraries can be used by perl.
|
|
||||||
%{common_description}
|
|
||||||
|
|
||||||
%package scanner
|
%package scanner
|
||||||
Summary: OpenSCAP Scanner Tool (oscap)
|
Summary: OpenSCAP Scanner Tool (oscap)
|
||||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
@ -225,55 +126,32 @@ The %{name}-engine-sce-devel package contains libraries and header files
|
|||||||
for developing applications that use %{name}-engine-sce.
|
for developing applications that use %{name}-engine-sce.
|
||||||
%{common_description}
|
%{common_description}
|
||||||
|
|
||||||
%package containers
|
|
||||||
Summary: Utils for scanning containers
|
|
||||||
Requires: %{name} = %{epoch}:%{version}-%{release}
|
|
||||||
Requires: %{name}-scanner
|
|
||||||
BuildArch: noarch
|
|
||||||
|
|
||||||
%description containers
|
|
||||||
Tool for scanning Atomic containers.
|
|
||||||
%{common_description}
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -p1
|
%autosetup -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
# definition controlling to use out-of-source build by default
|
|
||||||
# still needed for EPEL8 build
|
|
||||||
# more info - https://bugzilla.redhat.com/show_bug.cgi?id=1861329
|
|
||||||
%undefine __cmake_in_source_build
|
|
||||||
|
|
||||||
# gconf is a legacy system not used any more, and it blocks testing of oscap-anaconda-addon
|
|
||||||
# as gconf is no longer part of the installation medium
|
|
||||||
%cmake \
|
%cmake \
|
||||||
|
-DWITH_CRYPTO=nss \
|
||||||
-DWITH_PCRE2=ON \
|
-DWITH_PCRE2=ON \
|
||||||
-DENABLE_PERL=ON \
|
|
||||||
-DENABLE_DOCS=ON \
|
-DENABLE_DOCS=ON \
|
||||||
|
-DENABLE_PERL=OFF \
|
||||||
|
-DENABLE_OSCAP_UTIL_DOCKER=OFF \
|
||||||
|
-DENABLE_OSCAP_REMEDIATE_SERVICE=OFF \
|
||||||
|
-DOPENSCAP_PROBE_LINUX_DPKGINFO=OFF \
|
||||||
-DOPENSCAP_PROBE_UNIX_GCONF=OFF \
|
-DOPENSCAP_PROBE_UNIX_GCONF=OFF \
|
||||||
|
-DOPENSCAP_ENABLE_SHA1=OFF \
|
||||||
|
-DOPENSCAP_ENABLE_MD5=OFF \
|
||||||
-DGCONF_LIBRARY=
|
-DGCONF_LIBRARY=
|
||||||
%cmake_build
|
%cmake_build
|
||||||
make docs
|
make docs
|
||||||
|
|
||||||
%check
|
|
||||||
%if %{with check}
|
|
||||||
# Skip failing test in sce/test_sce_in_ds.sh
|
|
||||||
# %{?_smp_mflags} not used as it is failing many other tests
|
|
||||||
ctest -V -E sce/test_sce_in_ds.sh
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%cmake_install
|
%cmake_install
|
||||||
|
|
||||||
find %{buildroot} -name '*.la' -exec rm -f {} ';'
|
find %{buildroot} -name '*.la' -exec rm -f {} ';'
|
||||||
|
|
||||||
# fix python shebangs
|
# fix python shebangs
|
||||||
%if 0%{?fedora} || 0%{?rhel} >= 10
|
|
||||||
%{__python3} %{_rpmconfigdir}/redhat/pathfix.py -i %{__python3} -p -n %{buildroot}%{_bindir}/scap-as-rpm
|
%{__python3} %{_rpmconfigdir}/redhat/pathfix.py -i %{__python3} -p -n %{buildroot}%{_bindir}/scap-as-rpm
|
||||||
%else
|
|
||||||
pathfix.py -i %{__python3} -p -n %{buildroot}%{_bindir}/scap-as-rpm
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%ldconfig_scriptlets
|
%ldconfig_scriptlets
|
||||||
@ -297,11 +175,6 @@ pathfix.py -i %{__python3} -p -n %{buildroot}%{_bindir}/scap-as-rpm
|
|||||||
%{python3_sitearch}/*
|
%{python3_sitearch}/*
|
||||||
|
|
||||||
|
|
||||||
%files perl
|
|
||||||
%{perl_vendorarch}/openscap_pm.pm
|
|
||||||
%{perl_vendorarch}/auto/openscap_pm/openscap_pm.so
|
|
||||||
|
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%doc %{_pkgdocdir}/html/
|
%doc %{_pkgdocdir}/html/
|
||||||
%{_libdir}/libopenscap.so
|
%{_libdir}/libopenscap.so
|
||||||
@ -321,6 +194,7 @@ pathfix.py -i %{__python3} -p -n %{buildroot}%{_bindir}/scap-as-rpm
|
|||||||
%files scanner
|
%files scanner
|
||||||
%{_mandir}/man8/oscap.8*
|
%{_mandir}/man8/oscap.8*
|
||||||
%{_bindir}/oscap
|
%{_bindir}/oscap
|
||||||
|
%{_mandir}/man8/oscap-chroot.8*
|
||||||
%{_bindir}/oscap-chroot
|
%{_bindir}/oscap-chroot
|
||||||
%{_sysconfdir}/bash_completion.d
|
%{_sysconfdir}/bash_completion.d
|
||||||
|
|
||||||
@ -330,20 +204,18 @@ pathfix.py -i %{__python3} -p -n %{buildroot}%{_bindir}/scap-as-rpm
|
|||||||
%{_mandir}/man8/*
|
%{_mandir}/man8/*
|
||||||
%exclude %{_mandir}/man8/oscap.8*
|
%exclude %{_mandir}/man8/oscap.8*
|
||||||
%exclude %{_mandir}/man8/oscap-docker.8*
|
%exclude %{_mandir}/man8/oscap-docker.8*
|
||||||
|
%exclude %{_mandir}/man8/oscap-chroot.8*
|
||||||
%{_bindir}/*
|
%{_bindir}/*
|
||||||
%exclude %{_bindir}/oscap
|
%exclude %{_bindir}/oscap
|
||||||
%exclude %{_bindir}/oscap-docker
|
%exclude %{_bindir}/oscap-docker
|
||||||
%exclude %{_bindir}/oscap-chroot
|
%exclude %{_bindir}/oscap-chroot
|
||||||
|
|
||||||
|
|
||||||
%files containers
|
|
||||||
%{_bindir}/oscap-docker
|
|
||||||
%{_mandir}/man8/oscap-docker.8*
|
|
||||||
%{python3_sitelib}/oscap_docker_python/*
|
|
||||||
%{_bindir}/oscap-podman
|
|
||||||
%{_mandir}/man8/oscap-podman.8*
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 02 2024 Jan Černý <jcerny@redhat.com> - 1:1.3.10-1
|
||||||
|
- Rebase to the latest upstream version
|
||||||
|
- Use NSS as cryptography library (RHEL-22013)
|
||||||
|
|
||||||
* Sun Jan 21 2024 Michal Ambroz <rebus _AT seznam.cz> - 1:1.3.9-7
|
* Sun Jan 21 2024 Michal Ambroz <rebus _AT seznam.cz> - 1:1.3.9-7
|
||||||
- add conditionals to be able to rebuild with opendbx/apt even on EPEL+RHEL
|
- add conditionals to be able to rebuild with opendbx/apt even on EPEL+RHEL
|
||||||
- cosmetics: rename patches, add comments, use buildroot macro instead of env
|
- cosmetics: rename patches, add comments, use buildroot macro instead of env
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (openscap-1.3.9.tar.gz) = 4c7fd10618c36188ed63d722d6cc7b04b45f4e72ff25b8c8ac066baa650b2f1bbd34c561f487a7f58ae8a506228b7d1d2208d54b976df84e2d2ea532629dc6eb
|
SHA512 (openscap-1.3.10.tar.gz) = 007556b8f020636f6613c2b1192a8b96dfb21b62994a3e257619d48021ad962f95b724c3ac9709a60dbbf7dba8f2499ff8b9b56a7f2d293ca3a8d6ec8107f595
|
||||||
|
Loading…
Reference in New Issue
Block a user