Rebase to release 0.1.58
This commit is contained in:
parent
1a4066dba6
commit
64a2d8e60f
|
@ -1,55 +0,0 @@
|
||||||
From 460922d3b258ba5b437afc99b5b02d2690788db9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alexander Scheel <alex.scheel@canonical.com>
|
|
||||||
Date: Tue, 27 Jul 2021 15:20:08 -0400
|
|
||||||
Subject: [PATCH] Remove FragmentPath check from service_disabled
|
|
||||||
|
|
||||||
In https://github.com/systemd/systemd/issues/582 it is documented that
|
|
||||||
systemd could eventually replace FragmentPath=/dev/null (on masked
|
|
||||||
services) with the actual service path -- not the fully (symlink)
|
|
||||||
resolved path as is currently the case.
|
|
||||||
|
|
||||||
This matches the behavior currently seen in Ubuntu (all versions) and
|
|
||||||
RHEL 9/Fedora 34.
|
|
||||||
|
|
||||||
Per discussion with Gabriel, Matej, Richard, and Matt, it is best to
|
|
||||||
remove this check, especially since ActiveState=Masked suffices.
|
|
||||||
|
|
||||||
Resolves: #7280
|
|
||||||
Resolves: #7248
|
|
||||||
|
|
||||||
Signed-off-by: Alexander Scheel <alex.scheel@canonical.com>
|
|
||||||
---
|
|
||||||
shared/templates/service_disabled/oval.template | 13 -------------
|
|
||||||
1 file changed, 13 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/shared/templates/service_disabled/oval.template b/shared/templates/service_disabled/oval.template
|
|
||||||
index 33b52518307..e4ccb0566e7 100644
|
|
||||||
--- a/shared/templates/service_disabled/oval.template
|
|
||||||
+++ b/shared/templates/service_disabled/oval.template
|
|
||||||
@@ -13,7 +13,6 @@
|
|
||||||
<criteria operator="AND" comment="service {{{ SERVICENAME }}} is not configured to start">
|
|
||||||
<criterion comment="{{{ SERVICENAME }}} is not running" test_ref="test_service_not_running_{{{ SERVICENAME }}}" />
|
|
||||||
<criterion comment="Property LoadState of service {{{ SERVICENAME }}} is masked" test_ref="test_service_loadstate_is_masked_{{{ SERVICENAME }}}" />
|
|
||||||
- <criterion comment="Property FragmentPath of service {{{ SERVICENAME }}} is set to /dev/null" test_ref="test_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}" />
|
|
||||||
</criteria>
|
|
||||||
</criteria>
|
|
||||||
</definition>
|
|
||||||
@@ -41,18 +40,6 @@
|
|
||||||
<linux:value>masked</linux:value>
|
|
||||||
</linux:systemdunitproperty_state>
|
|
||||||
|
|
||||||
- <linux:systemdunitproperty_test id="test_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}" check="all" check_existence="any_exist" comment="Test that the property FragmentPath from the service {{{ SERVICENAME }}} is set to /dev/null" version="1">
|
|
||||||
- <linux:object object_ref="obj_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}"/>
|
|
||||||
- <linux:state state_ref="state_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}"/>
|
|
||||||
- </linux:systemdunitproperty_test>
|
|
||||||
- <linux:systemdunitproperty_object id="obj_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}" comment="Retrieve the FragmentPath property of {{{ SERVICENAME }}}" version="1">
|
|
||||||
- <linux:unit operation="pattern match">^{{{ SERVICENAME }}}\.(service|socket)$</linux:unit>
|
|
||||||
- <linux:property>FragmentPath</linux:property>
|
|
||||||
- </linux:systemdunitproperty_object>
|
|
||||||
- <linux:systemdunitproperty_state id="state_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}" version="1" comment="FragmentPath is set to /dev/null">
|
|
||||||
- <linux:value>/dev/null</linux:value>
|
|
||||||
- </linux:systemdunitproperty_state>
|
|
||||||
-
|
|
||||||
{{% else %}}
|
|
||||||
|
|
||||||
{{% if init_system != "systemd" %}}
|
|
|
@ -4,16 +4,14 @@
|
||||||
%global _vpath_builddir build
|
%global _vpath_builddir build
|
||||||
|
|
||||||
Name: scap-security-guide
|
Name: scap-security-guide
|
||||||
Version: 0.1.57
|
Version: 0.1.58
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Security guidance and baselines in SCAP formats
|
Summary: Security guidance and baselines in SCAP formats
|
||||||
License: BSD-3-Clause
|
License: BSD
|
||||||
URL: https://github.com/ComplianceAsCode/content/
|
URL: https://github.com/ComplianceAsCode/content/
|
||||||
Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
|
Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
Patch0: scap-security-guide-0.1.58-fix_service_disabled-PR_7296.patch
|
|
||||||
|
|
||||||
BuildRequires: libxslt
|
BuildRequires: libxslt
|
||||||
BuildRequires: expat
|
BuildRequires: expat
|
||||||
BuildRequires: openscap-scanner >= 1.2.5
|
BuildRequires: openscap-scanner >= 1.2.5
|
||||||
|
@ -99,6 +97,11 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Sep 30 2021 Watson Sato <wsato@redhat.com> - 0.1.58-1
|
||||||
|
- Update to latest upstream SCAP-Security-Guide-0.1.58 release:
|
||||||
|
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.58
|
||||||
|
- Fix license warning.
|
||||||
|
|
||||||
* Thu Jul 29 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-1
|
* Thu Jul 29 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-1
|
||||||
- Update to latest upstream SCAP-Security-Guide-0.1.57 release:
|
- Update to latest upstream SCAP-Security-Guide-0.1.57 release:
|
||||||
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.57
|
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.57
|
||||||
|
|
Loading…
Reference in New Issue