rpms/scap-security-guide
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Add AlmaLinux support

Browse Source
This commit is contained in:
Andrew Lukoshko 2025-07-15 13:26:47 +00:00 committed by root
commit dd6cccd154
5 changed files with 4422 additions and 6005 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,3 +1,3 @@
SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2
SOURCES/scap-security-guide-0.1.73-1.el7_9-rhel7.tar.bz2
SOURCES/scap-security-guide-0.1.76.tar.bz2
SOURCES/scap-security-guide-0.1.77.tar.bz2

2
.scap-security-guide.metadata
View File

@ -1,3 +1,3 @@
b22b45d29ad5a97020516230a6ef3140a91d050a SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2
17274daaa588330aa4df9a4d8df5ef448e40a696 SOURCES/scap-security-guide-0.1.73-1.el7_9-rhel7.tar.bz2
f4e1956b455a4c66160229334046efbe297fb001 SOURCES/scap-security-guide-0.1.76.tar.bz2
3422596a0d3e3c2b68aa33683819b20b9a0c3ab0 SOURCES/scap-security-guide-0.1.77.tar.bz2

8
SOURCES/fix_scap_delta_tailoring.patch
View File

@ -9,19 +9,19 @@ Subject: create_delta_scap_tailoring: pass path to build_config.yml explicitly
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
index 337067c215..170ae3d39f 100644
index c5c2f0d55d..81ff323b82 100644
--- a/cmake/SSGCommon.cmake
+++ b/cmake/SSGCommon.cmake
@@ -658,7 +658,7 @@ macro(ssg_build_disa_delta PRODUCT PROFILE)
add_custom_command(
OUTPUT "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml"
COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring"
- COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir
+ COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir -c ${CMAKE_BINARY_DIR}/build_config.yml
- COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${Python_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir
+ COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${Python_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir -c ${CMAKE_BINARY_DIR}/build_config.yml
DEPENDS "${PRODUCT}-content"
COMMENT "[${PRODUCT}-generate-ssg-delta] generating disa tailoring file"
)
--
--
2.48.1

10382
SOURCES/0001-Add-AlmaLinux-8-support.patch → SOURCES/scap-security-guide-add-almalinux8-product.patch
View File

File diff suppressed because it is too large Load Diff

33
SPECS/scap-security-guide.spec
View File

@ -5,7 +5,7 @@
# global _default_patch_fuzz 2 # Normally shouldn't be needed as patches should apply cleanly
Name: scap-security-guide
Version: 0.1.76
Version: 0.1.77
Release: 1%{?dist}.alma.1
Summary: Security guidance and baselines in SCAP formats
License: BSD-3-Clause
@ -18,9 +18,8 @@ Source1: %{_static_rhel6_content}.tar.bz2
Source2: %{_static_rhel7_content}.tar.bz2
Patch0: fix_scap_delta_tailoring.patch
# AlmaLinux patches
Patch1001: 0001-Add-AlmaLinux-8-support.patch
# AlmaLinux Patch
Patch1001: scap-security-guide-add-almalinux8-product.patch
BuildArch: noarch
@ -57,18 +56,21 @@ The %{name}-doc package contains HTML formatted documents containing
hardening guidances that have been generated from XCCDF benchmarks
present in %{name} package.
%package rule-playbooks
Summary: Ansible playbooks per each rule.
Group: System Environment/Base
Requires: %{name} = %{version}-%{release}
%package rule-playbooks
Summary: Ansible playbooks per each rule.
Group: System Environment/Base
Requires: %{name} = %{version}-%{release}
%description rule-playbooks
%description rule-playbooks
The %{name}-rule-playbooks package contains individual ansible playbooks per rule.
%prep
%setup -q -b1 -b2
%patch -P 0 -p1
# Applying AlmaLinux Patch
%patch -P 1001 -p1 -b .scap-security-guide-add-almalinux8-product
%define cmake_defines_common -DSSG_SEPARATE_SCAP_FILES_ENABLED=OFF -DSSG_BASH_SCRIPTS_ENABLED=OFF -DSSG_PRODUCT_FIREFOX:BOOLEAN=true -DSSG_PRODUCT_JRE:BOOLEAN=TRUE
%define cmake_defines_specific %{nil}
%if 0%{?rhel}
@ -78,11 +80,9 @@ The %{name}-rule-playbooks package contains individual ansible playbooks per rul
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON
%endif
%if 0%{?almalinux}
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_ALMALINUX%{rhel}:BOOLEAN=TRUE -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_ALMALINUX%{almalinux}:BOOLEAN=TRUE -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON
%endif
%patch1001 -p1
%build
mkdir -p %{_vpath_builddir}
cd %{_vpath_builddir}
@ -114,6 +114,7 @@ ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefo
%{_datadir}/xml/scap/ssg/content
%{_datadir}/%{name}/kickstart
%{_datadir}/%{name}/ansible
%{_datadir}/%{name}/bash
%{_datadir}/%{name}/tailoring
%lang(en) %{_mandir}/man8/scap-security-guide.8.*
%doc %{_docdir}/%{name}/LICENSE
@ -130,9 +131,13 @@ ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefo
%{_datadir}/%{name}/ansible/rule_playbooks
%changelog
* Thu Apr 24 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 0.1.76-1.alma.1
* Tue Jul 15 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 0.1.77-1.alma.1
- Add AlmaLinux support
* Tue Jun 03 2025 Matthew Burket <mburket@redhat.com> - 0.1.77-1
- Rebase scap-security-guide to the latest upstream version 0.1.76 (RHEL-94802)
- STIG: do not remediate rule disabling user namespaces (RHEL-76750)
* Tue Feb 25 2025 Vojtech Polasek <vpolasek@redhat.com> - 0.1.76-1
- rebase scap-security-guide to the latest upstream version 0.1.76 (RHEL-74241)
@ -164,6 +169,7 @@ ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefo
* Fri Feb 16 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-2
- Unlist profiles no longer maintained in RHEL8.
* Wed Feb 14 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-1
- Rebase to a new upstream release 0.1.72 (RHEL-25250)
- Increase CIS standards coverage regarding SSH and cron (RHEL-1314)
@ -227,6 +233,7 @@ ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefo
* Wed Aug 17 2022 Watson Sato <wsato@redhat.com> - 0.1.63-4
- Fix check of enable_fips_mode on s390x (RHBZ#2070564)
* Mon Aug 15 2022 Watson Sato <wsato@redhat.com> - 0.1.63-3
- Fix Ansible partition conditional (RHBZ#2032403)