import CS scap-security-guide-0.1.76-1.el8
This commit is contained in:
parent
bd21a215f3
commit
b19c833738
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,3 +1,3 @@
|
||||
SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2
|
||||
SOURCES/scap-security-guide-0.1.73-1.el7_9-rhel7.tar.bz2
|
||||
SOURCES/scap-security-guide-0.1.75.tar.bz2
|
||||
SOURCES/scap-security-guide-0.1.76.tar.bz2
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
b22b45d29ad5a97020516230a6ef3140a91d050a SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2
|
||||
17274daaa588330aa4df9a4d8df5ef448e40a696 SOURCES/scap-security-guide-0.1.73-1.el7_9-rhel7.tar.bz2
|
||||
96a8823bf638cd2c656deb431686f74da8084694 SOURCES/scap-security-guide-0.1.75.tar.bz2
|
||||
f4e1956b455a4c66160229334046efbe297fb001 SOURCES/scap-security-guide-0.1.76.tar.bz2
|
||||
|
||||
63
SOURCES/fix_scap_delta_tailoring.patch
Normal file
63
SOURCES/fix_scap_delta_tailoring.patch
Normal file
@ -0,0 +1,63 @@
|
||||
From 452ee249e43dc3ce5d1f052ed528a084f5a3657f Mon Sep 17 00:00:00 2001
|
||||
From: Vojtech Polasek <vpolasek@redhat.com>
|
||||
Date: Tue, 25 Feb 2025 16:55:19 +0100
|
||||
Subject: create_delta_scap_tailoring: pass path to build_config.yml explicitly
|
||||
when calling the script from cmake
|
||||
|
||||
---
|
||||
cmake/SSGCommon.cmake | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
|
||||
index 337067c215..170ae3d39f 100644
|
||||
--- a/cmake/SSGCommon.cmake
|
||||
+++ b/cmake/SSGCommon.cmake
|
||||
@@ -658,7 +658,7 @@ macro(ssg_build_disa_delta PRODUCT PROFILE)
|
||||
add_custom_command(
|
||||
OUTPUT "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml"
|
||||
COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring"
|
||||
- COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir
|
||||
+ COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir -c ${CMAKE_BINARY_DIR}/build_config.yml
|
||||
DEPENDS "${PRODUCT}-content"
|
||||
COMMENT "[${PRODUCT}-generate-ssg-delta] generating disa tailoring file"
|
||||
)
|
||||
--
|
||||
2.48.1
|
||||
|
||||
|
||||
From 6def0e0e54497f32b8be6b1511fe98e324bc057d Mon Sep 17 00:00:00 2001
|
||||
From: Vojtech Polasek <vpolasek@redhat.com>
|
||||
Date: Tue, 25 Feb 2025 17:08:54 +0100
|
||||
Subject: create_scap_delta_tailoring: remove hardcoded build directory
|
||||
|
||||
---
|
||||
utils/create_scap_delta_tailoring.py | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/utils/create_scap_delta_tailoring.py b/utils/create_scap_delta_tailoring.py
|
||||
index ee85a57bc0..04ca197c5f 100755
|
||||
--- a/utils/create_scap_delta_tailoring.py
|
||||
+++ b/utils/create_scap_delta_tailoring.py
|
||||
@@ -24,8 +24,8 @@ NS = {'scap': ssg.constants.datastream_namespace,
|
||||
PROFILE = 'stig'
|
||||
|
||||
|
||||
-def get_profile(product, profile_name):
|
||||
- ds_root = ET.parse(os.path.join(SSG_ROOT, 'build', 'ssg-{product}-ds.xml'
|
||||
+def get_profile(product, profile_name, build_root):
|
||||
+ ds_root = ET.parse(os.path.join(build_root, 'ssg-{product}-ds.xml'
|
||||
.format(product=product))).getroot()
|
||||
profiles = ds_root.findall(
|
||||
'.//{{{scap}}}component/{{{xccdf}}}Benchmark/{{{xccdf}}}Profile'.format(
|
||||
@@ -177,7 +177,7 @@ def create_tailoring(args):
|
||||
args.build_root)
|
||||
needed_rules = filter_out_implemented_rules(known_rules, NS, benchmark_root)
|
||||
needed_rule_names_set = set(rulename for ruleset in needed_rules.values() for rulename in ruleset)
|
||||
- profile_root = get_profile(args.product, args.profile)
|
||||
+ profile_root = get_profile(args.product, args.profile, args.build_root)
|
||||
selections = profile_root.findall('xccdf-1.2:select', NS)
|
||||
tailoring_profile = setup_tailoring_profile(args.profile_id, profile_root)
|
||||
for selection in selections:
|
||||
--
|
||||
2.48.1
|
||||
|
||||
@ -2,12 +2,10 @@
|
||||
%global _static_rhel6_content %{name}-0.1.52-2.el7_9-rhel6
|
||||
# Base name of static rhel7 content tarball
|
||||
%global _static_rhel7_content %{name}-0.1.73-1.el7_9-rhel7
|
||||
# https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
|
||||
%global _vpath_builddir build
|
||||
# global _default_patch_fuzz 2 # Normally shouldn't be needed as patches should apply cleanly
|
||||
|
||||
Name: scap-security-guide
|
||||
Version: 0.1.75
|
||||
Version: 0.1.76
|
||||
Release: 1%{?dist}
|
||||
Summary: Security guidance and baselines in SCAP formats
|
||||
License: BSD-3-Clause
|
||||
@ -18,6 +16,7 @@ Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{versio
|
||||
Source1: %{_static_rhel6_content}.tar.bz2
|
||||
# Include tarball with last released rhel7 content
|
||||
Source2: %{_static_rhel7_content}.tar.bz2
|
||||
Patch0: fix_scap_delta_tailoring.patch
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
@ -66,30 +65,25 @@ The %{name}-rule-playbooks package contains individual ansible playbooks per rul
|
||||
|
||||
%prep
|
||||
%setup -q -b1 -b2
|
||||
%patch -P 0 -p1
|
||||
|
||||
%define cmake_defines_common -DSSG_SEPARATE_SCAP_FILES_ENABLED=OFF -DSSG_BASH_SCRIPTS_ENABLED=OFF -DSSG_PRODUCT_FIREFOX:BOOLEAN=true -DSSG_PRODUCT_JRE:BOOLEAN=TRUE
|
||||
%define cmake_defines_specific %{nil}
|
||||
%if 0%{?rhel}
|
||||
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{rhel}:BOOLEAN=TRUE -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON
|
||||
%endif
|
||||
%if 0%{?centos}
|
||||
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON
|
||||
%endif
|
||||
|
||||
%build
|
||||
mkdir -p build
|
||||
cd build
|
||||
%cmake \
|
||||
-DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE \
|
||||
-DSSG_PRODUCT_RHEL7:BOOLEAN=TRUE \
|
||||
-DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE \
|
||||
-DSSG_PRODUCT_FIREFOX:BOOLEAN=TRUE \
|
||||
-DSSG_PRODUCT_JRE:BOOLEAN=TRUE \
|
||||
%if %{defined centos}
|
||||
-DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \
|
||||
%else
|
||||
-DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF \
|
||||
%endif
|
||||
-DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF \
|
||||
%if ( %{defined rhel} && (! %{defined centos}) )
|
||||
-DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON \
|
||||
%endif
|
||||
../
|
||||
mkdir -p %{_vpath_builddir}
|
||||
cd %{_vpath_builddir}
|
||||
%cmake -S .. %{cmake_defines_common} %{cmake_defines_specific}
|
||||
%cmake_build
|
||||
|
||||
%install
|
||||
cd build
|
||||
cd %{_vpath_builddir}
|
||||
%cmake_install
|
||||
|
||||
# Manually install pre-built rhel6 content
|
||||
@ -132,6 +126,9 @@ ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefo
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Feb 25 2025 Vojtech Polasek <vpolasek@redhat.com> - 0.1.76-1
|
||||
- rebase scap-security-guide to the latest upstream version 0.1.76 (RHEL-74241)
|
||||
|
||||
* Fri Nov 15 2024 Matthew Burket <mburket@redhat.com> - 0.1.75-1
|
||||
- Rebase scap-security-guide to the latest upstream version (RHEL-66153)
|
||||
- detection of Grub2 kernel command line arguments has been enhanced to cover more use cases (RHEL-53365)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user