diff --git a/disable-not-in-good-shape-profiles.patch b/disable-not-in-good-shape-profiles.patch deleted file mode 100644 index f883e6a..0000000 --- a/disable-not-in-good-shape-profiles.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 746381a4070fc561651ad65ec0fe9610e8590781 Mon Sep 17 00:00:00 2001 -From: Watson Sato -Date: Mon, 6 Feb 2023 14:44:17 +0100 -Subject: [PATCH] Disable profiles not in good shape - -Patch-name: disable-not-in-good-shape-profiles.patch -Patch-id: 0 -Patch-status: | - Patch prevents cjis, rht-ccp and standard profiles in RHEL8 datastream ---- - products/rhel8/CMakeLists.txt | 1 - - products/rhel8/profiles/cjis.profile | 2 +- - products/rhel8/profiles/rht-ccp.profile | 2 +- - products/rhel8/profiles/standard.profile | 2 +- - 4 files changed, 3 insertions(+), 4 deletions(-) - -diff --git a/products/rhel8/CMakeLists.txt b/products/rhel8/CMakeLists.txt -index 9c044b68ab..8f6ca03de8 100644 ---- a/products/rhel8/CMakeLists.txt -+++ b/products/rhel8/CMakeLists.txt -@@ -10,7 +10,6 @@ ssg_build_product(${PRODUCT}) - ssg_build_html_ref_tables("${PRODUCT}" "table-${PRODUCT}-{ref_id}refs" "anssi;cis;cui;nist;pcidss") - - ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-ospp" "${PRODUCT}" "ospp" "nist") --ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-standard" "${PRODUCT}" "standard" "nist") - ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-stig" "${PRODUCT}" "stig" "nist") - - ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_minimal" "${PRODUCT}" "anssi_bp28_minimal" "anssi") -diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile -index 22ae5aac72..f60b65bc06 100644 ---- a/products/rhel8/profiles/cjis.profile -+++ b/products/rhel8/profiles/cjis.profile -@@ -1,4 +1,4 @@ --documentation_complete: true -+documentation_complete: false - - metadata: - version: 5.4 -diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile -index b192461f95..ae1e7d5a15 100644 ---- a/products/rhel8/profiles/rht-ccp.profile -+++ b/products/rhel8/profiles/rht-ccp.profile -@@ -1,4 +1,4 @@ --documentation_complete: true -+documentation_complete: false - - title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)' - -diff --git a/products/rhel8/profiles/standard.profile b/products/rhel8/profiles/standard.profile -index a63ae2cf32..da669bb843 100644 ---- a/products/rhel8/profiles/standard.profile -+++ b/products/rhel8/profiles/standard.profile -@@ -1,4 +1,4 @@ --documentation_complete: true -+documentation_complete: false - - title: 'Standard System Security Profile for Red Hat Enterprise Linux 8' - --- -2.39.1 - diff --git a/hide-profiles-not-in-good-shape-for-RHEL.patch b/hide-profiles-not-in-good-shape-for-RHEL.patch new file mode 100644 index 0000000..40a7a28 --- /dev/null +++ b/hide-profiles-not-in-good-shape-for-RHEL.patch @@ -0,0 +1,54 @@ +From e0f62e3828b9deda102f247b3789f68aeb4e518d Mon Sep 17 00:00:00 2001 +From: Marcus Burghardt +Date: Fri, 16 Feb 2024 12:07:36 +0100 +Subject: [PATCH] Hide profiles not in good shape for RHEL + +There are some profiles introduced long time ago but no longer +maintained. For compatibility purposes they are not removed from +datastream but are now hidden for RHEL8 to prevent people from +using them. +--- + products/rhel8/profiles/cjis.profile | 2 ++ + products/rhel8/profiles/rht-ccp.profile | 2 ++ + products/rhel8/profiles/standard.profile | 2 ++ + 3 files changed, 6 insertions(+) + +diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile +index 30843b692e..c44c63516f 100644 +--- a/products/rhel8/profiles/cjis.profile ++++ b/products/rhel8/profiles/cjis.profile +@@ -1,5 +1,7 @@ + documentation_complete: true + ++hidden: true ++ + metadata: + version: 5.4 + SMEs: +diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile +index 01133a9bde..3f6cb751c9 100644 +--- a/products/rhel8/profiles/rht-ccp.profile ++++ b/products/rhel8/profiles/rht-ccp.profile +@@ -1,5 +1,7 @@ + documentation_complete: true + ++hidden: true ++ + title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)' + + description: |- +diff --git a/products/rhel8/profiles/standard.profile b/products/rhel8/profiles/standard.profile +index 11d72da2d9..79b491113a 100644 +--- a/products/rhel8/profiles/standard.profile ++++ b/products/rhel8/profiles/standard.profile +@@ -1,5 +1,7 @@ + documentation_complete: true + ++hidden: true ++ + title: 'Standard System Security Profile for Red Hat Enterprise Linux 8' + + description: |- +-- +2.43.1 + diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 4cbf02e..138ce60 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -6,7 +6,7 @@ Name: scap-security-guide Version: 0.1.72 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Security guidance and baselines in SCAP formats License: BSD-3-Clause Group: Applications/System @@ -14,8 +14,8 @@ URL: https://github.com/ComplianceAsCode/content/ Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2 # Include tarball with last released rhel6 content Source1: %{_static_rhel6_content}.tar.bz2 -# Patch prevents cjis, rht-ccp and standard profiles in RHEL8 datastream -Patch0: disable-not-in-good-shape-profiles.patch +# Patch hides cjis, rht-ccp and standard profiles for RHEL8 +Patch0: hide-profiles-not-in-good-shape-for-RHEL.patch BuildArch: noarch @@ -122,6 +122,9 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %endif %changelog +* Fri Feb 16 2024 Marcus Burghardt - 0.1.72-2 +- Unlist profiles no longer maintained in RHEL8. + * Wed Feb 14 2024 Marcus Burghardt - 0.1.72-1 - Rebase to a new upstream release 0.1.72 (RHEL-25250) - Increase CIS standards coverage regarding SSH and cron (RHEL-1314)