Fix test fails
- Do not set RPATH on built binaries - Fix UBI9 scan (rhbz#1953610) - Fix failing rpminspect xml test Resolves: RHBZ#1952789
This commit is contained in:
Jan Černý
parent
83f314aa21
commit
96f558718c
42
openscap-1.3.6-rpath-pr-1765.patch
Normal file
42
openscap-1.3.6-rpath-pr-1765.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From 5f8879927fa34827f1b367eac311845e6ebec9a7 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||
Date: Thu, 10 Jun 2021 13:41:25 +0200
|
||||
Subject: [PATCH] Do not set Rpath
|
||||
|
||||
See: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_beware_of_rpath
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1967200
|
||||
---
|
||||
CMakeLists.txt | 18 ------------------
|
||||
1 file changed, 18 deletions(-)
|
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index c70ba29bf..cc7b5e005 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -482,25 +482,7 @@ else()
|
||||
endif()
|
||||
set(OSCAP_TEMP_DIR "/tmp" CACHE STRING "use different temporary directory to execute sce scripts (default=/tmp)")
|
||||
|
||||
-# ---------- RPATHS for linking
|
||||
|
||||
-# see https://cmake.org/Wiki/CMake_RPATH_handling
|
||||
-
|
||||
-# use, i.e. don't skip the full RPATH for the build tree
|
||||
-set(CMAKE_SKIP_BUILD_RPATH FALSE)
|
||||
-
|
||||
-# when building, don't use the install RPATH already
|
||||
-# (but later on when installing)
|
||||
-set(CMAKE_BUILD_WITH_INSTALL_RPATH FALSE)
|
||||
-
|
||||
-set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR})
|
||||
-
|
||||
-# add the automatically determined parts of the RPATH
|
||||
-# which point to directories outside the build tree to the install RPATH
|
||||
-set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
|
||||
-
|
||||
-# Turn on RPATH for OSX for policy warning
|
||||
-set(CMAKE_MACOSX_RPATH ON)
|
||||
# ---------- CONFIGURATION
|
||||
|
||||
configure_file("config.h.in" "config.h")
|
||||
81
openscap-1.3.6-rpminspect-xml-pr-1773.patch
Normal file
81
openscap-1.3.6-rpminspect-xml-pr-1773.patch
Normal file
@ -0,0 +1,81 @@
|
||||
From e515fc9694efb8703f6c55782094e0273c0dec9d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||
Date: Fri, 25 Jun 2021 13:59:59 +0200
|
||||
Subject: [PATCH] Workaround rpminspect problem
|
||||
|
||||
rpminspect produces this problem:
|
||||
|
||||
xml-files:
|
||||
----------
|
||||
1) File /usr/share/openscap/xsl/oval-results-report.xsl is a malformed XML file on x86_64
|
||||
Result: VERIFY
|
||||
Waiver Authorization: Anyone
|
||||
|
||||
Details:
|
||||
No declaration for element stylesheet
|
||||
|
||||
Suggested Remedy: Correct the reported errors in the XML document
|
||||
|
||||
I assume that it's caused by mixing the DTD and schema - it probably
|
||||
expects that the DTD will contain a declaration of the root element
|
||||
as well. The workaround simply expands both entities by substituting
|
||||
them by their contents.
|
||||
---
|
||||
xsl/oval-results-report.xsl | 18 ++++++------------
|
||||
1 file changed, 6 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/xsl/oval-results-report.xsl b/xsl/oval-results-report.xsl
|
||||
index fe50717795..744540c8f8 100644
|
||||
--- a/xsl/oval-results-report.xsl
|
||||
+++ b/xsl/oval-results-report.xsl
|
||||
@@ -1,10 +1,4 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
-<!DOCTYPE xsl:stylesheet [
|
||||
-<!-- check symbol -->
|
||||
-<!ENTITY resultgood "✓">
|
||||
-<!-- x symbol -->
|
||||
-<!ENTITY resultbad "✕">
|
||||
-]>
|
||||
<!--
|
||||
|
||||
****************************************************************************************
|
||||
@@ -129,7 +123,7 @@
|
||||
<tr class="LightRow">
|
||||
<td class="resultbadA ColorBox"/>
|
||||
<td class="resultbadB ColorBox"/>
|
||||
- <td class="Text" title="Non-Compliant/Vulnerable/Unpatched">&resultbad;</td>
|
||||
+ <td class="Text" title="Non-Compliant/Vulnerable/Unpatched">✕</td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
@@ -138,7 +132,7 @@
|
||||
<tr class="LightRow">
|
||||
<td class="resultgoodA ColorBox"/>
|
||||
<td class="resultgoodB ColorBox"/>
|
||||
- <td class="Text" title="Compliant/Non-Vulnerable/Patched">&resultgood;</td>
|
||||
+ <td class="Text" title="Compliant/Non-Vulnerable/Patched">✓</td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
@@ -227,8 +221,8 @@
|
||||
<table border="1">
|
||||
<tr class="Title">
|
||||
<td class="TitleLabel" align="center">Systems Analyzed</td>
|
||||
- <td class="TitleLabel" align="center" title="Non-Compliant/Vulnerable/Unpatched">&resultbad;</td>
|
||||
- <td class="TitleLabel" align="center" title="Compliant/Non-Vulnerable/Patched">&resultgood;</td>
|
||||
+ <td class="TitleLabel" align="center" title="Non-Compliant/Vulnerable/Unpatched">✕</td>
|
||||
+ <td class="TitleLabel" align="center" title="Compliant/Non-Vulnerable/Patched">✓</td>
|
||||
<td class="TitleLabel" align="center">Errors</td>
|
||||
<td class="TitleLabel" align="center">Unknown</td>
|
||||
<td class="TitleLabel" align="center" title="Inventory/Miscellaneous class, or Not Applicable/Not Evaluated result">Other</td>
|
||||
@@ -497,8 +491,8 @@
|
||||
<xsl:template name="GeneratorResTotals">
|
||||
<xsl:param name="resultsElm"/>
|
||||
<tr class="DarkRow Center">
|
||||
- <td class="SmallLabel" style="width: 20%;" title="Non-Compliant/Vulnerable/Unpatched">#&resultbad;</td>
|
||||
- <td class="SmallLabel" style="width: 20%;" title="Compliant/Non-Vulnerable/Patched">#&resultgood;</td>
|
||||
+ <td class="SmallLabel" style="width: 20%;" title="Non-Compliant/Vulnerable/Unpatched">#✕</td>
|
||||
+ <td class="SmallLabel" style="width: 20%;" title="Compliant/Non-Vulnerable/Patched">#✓</td>
|
||||
<td class="SmallLabel" style="width: 20%;" title="Error">#Error</td>
|
||||
<td class="SmallLabel" style="width: 20%;" title="Unknown">#Unknown</td>
|
||||
<td class="SmallLabel" style="width: 20%;" title="Inventory/Miscellaneous class, or Not Applicable/Not Evaluated result">#Other</td>
|
||||
38
openscap-1.3.6-ubi9-pr-1772.patch
Normal file
38
openscap-1.3.6-ubi9-pr-1772.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From 80543bc666d648d0251e4c7b675489b8011a548a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||
Date: Fri, 25 Jun 2021 10:19:43 +0200
|
||||
Subject: [PATCH] Fix UBI 9 scan
|
||||
|
||||
In offline mode when scanning a cointainer based on UBI 9 the
|
||||
system_info probe failed because the function `_offline_get_hname` which
|
||||
reads from `/etc/hostname` returns an empty string which causes
|
||||
`__sysinfo_saneval(hname)` check to return zero which in turn causes the
|
||||
probe returns an error. We can prevent this situation by replacing the
|
||||
empty string by `"Unknown"`, which we already do when the `hname` is
|
||||
`NULL`.
|
||||
|
||||
Addressing:
|
||||
|
||||
W: oscap: Can't receive message: 125, Operation canceled.
|
||||
E: oscap: Recv: retry limit (0) reached.
|
||||
OpenSCAP Error: Probe at sd=32 (system_info) reported an error: Invalid type, value or format [/home/jcerny/work/git/openscap/src/OVAL/oval_probe_ext.c:383]
|
||||
Unable to receive a message from probe [/home/jcerny/work/git/openscap/src/OVAL/oval_probe_ext.c:572]
|
||||
|
||||
Resolves: rhbz#1953610
|
||||
---
|
||||
src/OVAL/probes/independent/system_info_probe.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/OVAL/probes/independent/system_info_probe.c b/src/OVAL/probes/independent/system_info_probe.c
|
||||
index 9bdd73556d..8251e655ed 100644
|
||||
--- a/src/OVAL/probes/independent/system_info_probe.c
|
||||
+++ b/src/OVAL/probes/independent/system_info_probe.c
|
||||
@@ -732,7 +732,7 @@ int system_info_probe_main(probe_ctx *ctx, void *arg)
|
||||
if (!architecture)
|
||||
architecture = strdup(unknown);
|
||||
|
||||
- if (!hname)
|
||||
+ if (!hname || *hname == '\0')
|
||||
hname = strdup(unknown);
|
||||
|
||||
if (__sysinfo_saneval(os_name) < 1 ||
|
||||
@ -1,13 +1,16 @@
|
||||
Name: openscap
|
||||
Version: 1.3.5
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Epoch: 1
|
||||
Summary: Set of open source libraries enabling integration of the SCAP line of standards
|
||||
License: LGPLv2+
|
||||
URL: http://www.open-scap.org/
|
||||
Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
|
||||
Patch1: openscap-1.3.6-waive-hugetables-pr-1745.patch
|
||||
Patch2: openscap-1.3.6-replace-getlogin-pr-1753.patch
|
||||
Patch1: openscap-1.3.6-waive-hugetables-pr-1745.patch
|
||||
Patch2: openscap-1.3.6-replace-getlogin-pr-1753.patch
|
||||
Patch3: openscap-1.3.6-rpath-pr-1765.patch
|
||||
Patch4: openscap-1.3.6-ubi9-pr-1772.patch
|
||||
Patch5: openscap-1.3.6-rpminspect-xml-pr-1773.patch
|
||||
BuildRequires: cmake >= 2.6
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gcc-c++
|
||||
@ -193,6 +196,11 @@ pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm
|
||||
%{_bindir}/oscap-run-sce-script
|
||||
|
||||
%changelog
|
||||
* Mon Jun 28 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-3
|
||||
- Do not set RPATH on built binaries
|
||||
- Fix UBI9 scan (rhbz#1953610)
|
||||
- Fix failing rpminspect xml test
|
||||
|
||||
* Thu May 20 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-2
|
||||
- Remove containers subpackage
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user