rpms/scap-security-guide
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS scap-security-guide-0.1.78-1.el8

Browse Source
This commit is contained in:
Andrew Lukoshko 2025-10-08 13:42:15 +00:00
parent 69ce25048b
commit 556bb2395b
4 changed files with 11 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,3 +1,3 @@
SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2 SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2
SOURCES/scap-security-guide-0.1.73-1.el7_9-rhel7.tar.bz2 SOURCES/scap-security-guide-0.1.73-1.el7_9-rhel7.tar.bz2
SOURCES/scap-security-guide-0.1.77.tar.bz2 SOURCES/scap-security-guide-0.1.78.tar.bz2

2
.scap-security-guide.metadata
View File

@ -1,3 +1,3 @@
b22b45d29ad5a97020516230a6ef3140a91d050a SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2 b22b45d29ad5a97020516230a6ef3140a91d050a SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2
17274daaa588330aa4df9a4d8df5ef448e40a696 SOURCES/scap-security-guide-0.1.73-1.el7_9-rhel7.tar.bz2 17274daaa588330aa4df9a4d8df5ef448e40a696 SOURCES/scap-security-guide-0.1.73-1.el7_9-rhel7.tar.bz2
3422596a0d3e3c2b68aa33683819b20b9a0c3ab0 SOURCES/scap-security-guide-0.1.77.tar.bz2 c5818deab3cfdbfb59c3dc745de3898380429a94 SOURCES/scap-security-guide-0.1.78.tar.bz2

63
SOURCES/fix_scap_delta_tailoring.patch
View File

@ -1,63 +0,0 @@
From 452ee249e43dc3ce5d1f052ed528a084f5a3657f Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Tue, 25 Feb 2025 16:55:19 +0100
Subject: create_delta_scap_tailoring: pass path to build_config.yml explicitly
when calling the script from cmake
---
cmake/SSGCommon.cmake | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
index c5c2f0d55d..81ff323b82 100644
--- a/cmake/SSGCommon.cmake
+++ b/cmake/SSGCommon.cmake
@@ -658,7 +658,7 @@ macro(ssg_build_disa_delta PRODUCT PROFILE)
add_custom_command(
OUTPUT "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml"
COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring"
- COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${Python_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir
+ COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${Python_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir -c ${CMAKE_BINARY_DIR}/build_config.yml
DEPENDS "${PRODUCT}-content"
COMMENT "[${PRODUCT}-generate-ssg-delta] generating disa tailoring file"
)
--
2.48.1
From 6def0e0e54497f32b8be6b1511fe98e324bc057d Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Tue, 25 Feb 2025 17:08:54 +0100
Subject: create_scap_delta_tailoring: remove hardcoded build directory
---
utils/create_scap_delta_tailoring.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/utils/create_scap_delta_tailoring.py b/utils/create_scap_delta_tailoring.py
index ee85a57bc0..04ca197c5f 100755
--- a/utils/create_scap_delta_tailoring.py
+++ b/utils/create_scap_delta_tailoring.py
@@ -24,8 +24,8 @@ NS = {'scap': ssg.constants.datastream_namespace,
PROFILE = 'stig'
-def get_profile(product, profile_name):
- ds_root = ET.parse(os.path.join(SSG_ROOT, 'build', 'ssg-{product}-ds.xml'
+def get_profile(product, profile_name, build_root):
+ ds_root = ET.parse(os.path.join(build_root, 'ssg-{product}-ds.xml'
.format(product=product))).getroot()
profiles = ds_root.findall(
'.//{{{scap}}}component/{{{xccdf}}}Benchmark/{{{xccdf}}}Profile'.format(
@@ -177,7 +177,7 @@ def create_tailoring(args):
args.build_root)
needed_rules = filter_out_implemented_rules(known_rules, NS, benchmark_root)
needed_rule_names_set = set(rulename for ruleset in needed_rules.values() for rulename in ruleset)
- profile_root = get_profile(args.product, args.profile)
+ profile_root = get_profile(args.product, args.profile, args.build_root)
selections = profile_root.findall('xccdf-1.2:select', NS)
tailoring_profile = setup_tailoring_profile(args.profile_id, profile_root)
for selection in selections:
--
2.48.1

14
SPECS/scap-security-guide.spec
View File

@ -5,7 +5,7 @@
# global _default_patch_fuzz 2 # Normally shouldn't be needed as patches should apply cleanly # global _default_patch_fuzz 2 # Normally shouldn't be needed as patches should apply cleanly
Name: scap-security-guide Name: scap-security-guide
Version: 0.1.77 Version: 0.1.78
Release: 1%{?dist} Release: 1%{?dist}
Summary: Security guidance and baselines in SCAP formats Summary: Security guidance and baselines in SCAP formats
License: BSD-3-Clause License: BSD-3-Clause
@ -16,7 +16,6 @@ Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{versio
Source1: %{_static_rhel6_content}.tar.bz2 Source1: %{_static_rhel6_content}.tar.bz2
# Include tarball with last released rhel7 content # Include tarball with last released rhel7 content
Source2: %{_static_rhel7_content}.tar.bz2 Source2: %{_static_rhel7_content}.tar.bz2
Patch0: fix_scap_delta_tailoring.patch
BuildArch: noarch BuildArch: noarch
@ -65,9 +64,8 @@ The %{name}-rule-playbooks package contains individual ansible playbooks per rul
%prep %prep
%setup -q -b1 -b2 %setup -q -b1 -b2
%patch -P 0 -p1
%define cmake_defines_common -DSSG_SEPARATE_SCAP_FILES_ENABLED=OFF -DSSG_BASH_SCRIPTS_ENABLED=OFF -DSSG_PRODUCT_FIREFOX:BOOLEAN=true -DSSG_PRODUCT_JRE:BOOLEAN=TRUE %define cmake_defines_common -DSSG_SEPARATE_SCAP_FILES_ENABLED=OFF -DSSG_BASH_SCRIPTS_ENABLED=ON -DSSG_PRODUCT_FIREFOX:BOOLEAN=true -DSSG_PRODUCT_JRE:BOOLEAN=TRUE
%define cmake_defines_specific %{nil} %define cmake_defines_specific %{nil}
%if 0%{?rhel} %if 0%{?rhel}
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{rhel}:BOOLEAN=TRUE -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{rhel}:BOOLEAN=TRUE -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON
@ -126,8 +124,14 @@ ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefo
%endif %endif
%changelog %changelog
* Tue Sep 16 2025 Matthew Burket <mburket@redhat.com> - 0.1.78-1
- Rebase scap-security-guide to the latest upstream version 0.1.78 (RHEL-111011)
- Rule service_rngd_enabled is now evaluated on RHEL >= 8.4 in case kernel is not in FIPS mode (RHEL-95188)
- Use default order in rule configure_gnutls_tls_crypto_policy (RHEL-1821)
- Renable building of bash scripts (RHEL-105501)
* Tue Jun 03 2025 Matthew Burket <mburket@redhat.com> - 0.1.77-1 * Tue Jun 03 2025 Matthew Burket <mburket@redhat.com> - 0.1.77-1
- Rebase scap-security-guide to the latest upstream version 0.1.76 (RHEL-94802) - Rebase scap-security-guide to the latest upstream version 0.1.77 (RHEL-94802)
- STIG: do not remediate rule disabling user namespaces (RHEL-76750) - STIG: do not remediate rule disabling user namespaces (RHEL-76750)
* Tue Feb 25 2025 Vojtech Polasek <vpolasek@redhat.com> - 0.1.76-1 * Tue Feb 25 2025 Vojtech Polasek <vpolasek@redhat.com> - 0.1.76-1