Rebase to release 0.1.58

This commit is contained in:
Watson Sato 2021-09-30 14:07:25 +02:00
parent 1a4066dba6
commit 64a2d8e60f
2 changed files with 7 additions and 59 deletions

View File

@ -1,55 +0,0 @@
From 460922d3b258ba5b437afc99b5b02d2690788db9 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <alex.scheel@canonical.com>
Date: Tue, 27 Jul 2021 15:20:08 -0400
Subject: [PATCH] Remove FragmentPath check from service_disabled
In https://github.com/systemd/systemd/issues/582 it is documented that
systemd could eventually replace FragmentPath=/dev/null (on masked
services) with the actual service path -- not the fully (symlink)
resolved path as is currently the case.
This matches the behavior currently seen in Ubuntu (all versions) and
RHEL 9/Fedora 34.
Per discussion with Gabriel, Matej, Richard, and Matt, it is best to
remove this check, especially since ActiveState=Masked suffices.
Resolves: #7280
Resolves: #7248
Signed-off-by: Alexander Scheel <alex.scheel@canonical.com>
---
shared/templates/service_disabled/oval.template | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/shared/templates/service_disabled/oval.template b/shared/templates/service_disabled/oval.template
index 33b52518307..e4ccb0566e7 100644
--- a/shared/templates/service_disabled/oval.template
+++ b/shared/templates/service_disabled/oval.template
@@ -13,7 +13,6 @@
<criteria operator="AND" comment="service {{{ SERVICENAME }}} is not configured to start">
<criterion comment="{{{ SERVICENAME }}} is not running" test_ref="test_service_not_running_{{{ SERVICENAME }}}" />
<criterion comment="Property LoadState of service {{{ SERVICENAME }}} is masked" test_ref="test_service_loadstate_is_masked_{{{ SERVICENAME }}}" />
- <criterion comment="Property FragmentPath of service {{{ SERVICENAME }}} is set to /dev/null" test_ref="test_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}" />
</criteria>
</criteria>
</definition>
@@ -41,18 +40,6 @@
<linux:value>masked</linux:value>
</linux:systemdunitproperty_state>
- <linux:systemdunitproperty_test id="test_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}" check="all" check_existence="any_exist" comment="Test that the property FragmentPath from the service {{{ SERVICENAME }}} is set to /dev/null" version="1">
- <linux:object object_ref="obj_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}"/>
- <linux:state state_ref="state_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}"/>
- </linux:systemdunitproperty_test>
- <linux:systemdunitproperty_object id="obj_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}" comment="Retrieve the FragmentPath property of {{{ SERVICENAME }}}" version="1">
- <linux:unit operation="pattern match">^{{{ SERVICENAME }}}\.(service|socket)$</linux:unit>
- <linux:property>FragmentPath</linux:property>
- </linux:systemdunitproperty_object>
- <linux:systemdunitproperty_state id="state_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}" version="1" comment="FragmentPath is set to /dev/null">
- <linux:value>/dev/null</linux:value>
- </linux:systemdunitproperty_state>
-
{{% else %}}
{{% if init_system != "systemd" %}}

View File

@ -4,16 +4,14 @@
%global _vpath_builddir build
Name: scap-security-guide
Version: 0.1.57
Version: 0.1.58
Release: 1%{?dist}
Summary: Security guidance and baselines in SCAP formats
License: BSD-3-Clause
License: BSD
URL: https://github.com/ComplianceAsCode/content/
Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
BuildArch: noarch
Patch0: scap-security-guide-0.1.58-fix_service_disabled-PR_7296.patch
BuildRequires: libxslt
BuildRequires: expat
BuildRequires: openscap-scanner >= 1.2.5
@ -99,6 +97,11 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
%endif
%changelog
* Thu Sep 30 2021 Watson Sato <wsato@redhat.com> - 0.1.58-1
- Update to latest upstream SCAP-Security-Guide-0.1.58 release:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.58
- Fix license warning.
* Thu Jul 29 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-1
- Update to latest upstream SCAP-Security-Guide-0.1.57 release:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.57