rpms/scap-security-guide
5
0
Fork 0
Code Issues Pull Requests Releases Activity
5d327df844
scap-security-guide/fix_scap_delta_tailoring.patch
Vojtech Polasek 9a1ba71e16 modify the %prep and %build section to be aligned with cs9 
The previous implementation created nested build directory.
This caused some problems.
I believe it is better to have minimal differences between spec files in centos versions.

add quick patch for the script which generates scap delta tailoring so that paths are not hardcoded there
2025-02-26 13:41:36 +01:00

64 lines
3.4 KiB
Diff
Raw Blame History

From 452ee249e43dc3ce5d1f052ed528a084f5a3657f Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Tue, 25 Feb 2025 16:55:19 +0100
Subject: create_delta_scap_tailoring: pass path to build_config.yml explicitly
when calling the script from cmake
---
cmake/SSGCommon.cmake | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
index 337067c215..170ae3d39f 100644
--- a/cmake/SSGCommon.cmake
+++ b/cmake/SSGCommon.cmake
@@ -658,7 +658,7 @@ macro(ssg_build_disa_delta PRODUCT PROFILE)
add_custom_command(
OUTPUT "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml"
COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring"
- COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir
+ COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir -c ${CMAKE_BINARY_DIR}/build_config.yml
DEPENDS "${PRODUCT}-content"
COMMENT "[${PRODUCT}-generate-ssg-delta] generating disa tailoring file"
)
--
2.48.1
From 6def0e0e54497f32b8be6b1511fe98e324bc057d Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Tue, 25 Feb 2025 17:08:54 +0100
Subject: create_scap_delta_tailoring: remove hardcoded build directory
---
utils/create_scap_delta_tailoring.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/utils/create_scap_delta_tailoring.py b/utils/create_scap_delta_tailoring.py
index ee85a57bc0..04ca197c5f 100755
--- a/utils/create_scap_delta_tailoring.py
+++ b/utils/create_scap_delta_tailoring.py
@@ -24,8 +24,8 @@ NS = {'scap': ssg.constants.datastream_namespace,
PROFILE = 'stig'
-def get_profile(product, profile_name):
- ds_root = ET.parse(os.path.join(SSG_ROOT, 'build', 'ssg-{product}-ds.xml'
+def get_profile(product, profile_name, build_root):
+ ds_root = ET.parse(os.path.join(build_root, 'ssg-{product}-ds.xml'
.format(product=product))).getroot()
profiles = ds_root.findall(
'.//{{{scap}}}component/{{{xccdf}}}Benchmark/{{{xccdf}}}Profile'.format(
@@ -177,7 +177,7 @@ def create_tailoring(args):
args.build_root)
needed_rules = filter_out_implemented_rules(known_rules, NS, benchmark_root)
needed_rule_names_set = set(rulename for ruleset in needed_rules.values() for rulename in ruleset)
- profile_root = get_profile(args.product, args.profile)
+ profile_root = get_profile(args.product, args.profile, args.build_root)
selections = profile_root.findall('xccdf-1.2:select', NS)
tailoring_profile = setup_tailoring_profile(args.profile_id, profile_root)
for selection in selections:
--
2.48.1
Reference in New Issue View Git Blame Copy Permalink