rpms/scap-workbench
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import scap-workbench-1.2.1-13.el9

Browse Source
This commit is contained in:
CentOS Sources 2022-05-17 04:51:49 -04:00 committed by Stepan Oksanichenko
commit 708c1ffe0d
13 changed files with 1946 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/scap-workbench-1.2.1.tar.bz2

1
.scap-workbench.metadata Normal file
View File

@ -0,0 +1 @@
59180c64eedef2c3047f7b420b9cfb8ed60a6dca SOURCES/scap-workbench-1.2.1.tar.bz2

73
SOURCES/scap-workbench-1.2.2-fix-appdata-pr-288.diff Normal file
View File

@ -0,0 +1,73 @@
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 77bb3ae9..5c42e733 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -263,14 +263,14 @@ install(FILES "man/scap-workbench.8"
install(DIRECTORY "share/scap-workbench"
DESTINATION "${CMAKE_INSTALL_DATADIR}")
-install(FILES "scap-workbench.desktop"
+install(FILES "scap_workbench.desktop"
DESTINATION "${CMAKE_INSTALL_DATADIR}/applications")
install(FILES "share/pixmaps/scap-workbench.png"
DESTINATION "${CMAKE_INSTALL_DATADIR}/pixmaps")
install(FILES "share/pixmaps/scap-workbench.svg"
DESTINATION "${CMAKE_INSTALL_DATADIR}/pixmaps")
-install(FILES "scap-workbench.appdata.xml"
- DESTINATION "${CMAKE_INSTALL_DATADIR}/appdata")
+install(FILES "org.open-scap.scap-workbench.appdata.xml"
+ DESTINATION "${CMAKE_INSTALL_DATADIR}/metainfo")
if (ASCIIDOC_EXECUTABLE)
file(GLOB USER_MANUAL_SCREENSHOTS "${CMAKE_CURRENT_SOURCE_DIR}/doc/user_manual/*.png")
diff --git a/scap-workbench.appdata.xml b/org.open-scap.scap-workbench.appdata.xml
similarity index 65%
rename from scap-workbench.appdata.xml
rename to org.open-scap.scap-workbench.appdata.xml
index d4288f3d..bed9b05c 100644
--- a/scap-workbench.appdata.xml
+++ b/org.open-scap.scap-workbench.appdata.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
-<application>
- <id type="desktop">scap-workbench.desktop</id>
+<component type="desktop">
+ <id>org.openscap.scap_workbench.desktop</id>
<metadata_license>CC0-1.0</metadata_license>
<project_license>GPL-3.0+</project_license>
<name>SCAP Workbench</name>
@@ -23,10 +23,16 @@
</ul>
</description>
<screenshots>
- <screenshot type="default" width="1280" height="720">https://github.com/OpenSCAP/scap-workbench/raw/v1-1/doc/user_manual/default_content_opened.png</screenshot>
- <screenshot width="1280" height="720">https://github.com/OpenSCAP/scap-workbench/raw/v1-1/doc/user_manual/intro_screenshot.png</screenshot>
- <screenshot width="1280" height="720">https://github.com/OpenSCAP/scap-workbench/raw/v1-1/doc/user_manual/tailoring_undo_history.png</screenshot>
+ <screenshot type="default">
+ <image type="source" width="1280" height="720">https://github.com/OpenSCAP/scap-workbench/raw/v1-1/doc/user_manual/default_content_opened.png</image>
+ </screenshot>
+ <screenshot>
+ <image type="source" width="1280" height="720">https://github.com/OpenSCAP/scap-workbench/raw/v1-1/doc/user_manual/intro_screenshot.png</image>
+ </screenshot>
+ <screenshot>
+ <image type="source" width="1280" height="720">https://github.com/OpenSCAP/scap-workbench/raw/v1-1/doc/user_manual/tailoring_undo_history.png</image>
+ </screenshot>
</screenshots>
<url type="homepage">https://www.open-scap.org/tools/scap-workbench</url>
- <updatecontact>open-scap-list@redhat.com</updatecontact>
-</application>
+ <update_contact>open-scap-list@redhat.com</update_contact>
+</component>
diff --git a/scap-workbench.desktop b/scap_workbench.desktop
similarity index 95%
rename from scap-workbench.desktop
rename to scap_workbench.desktop
index 60b67e49..5b4bb899 100644
--- a/scap-workbench.desktop
+++ b/scap_workbench.desktop
@@ -7,4 +7,5 @@ TryExec=scap-workbench
Exec=scap-workbench
Icon=scap-workbench
Categories=System;
+Keywords=scap;
X-Desktop-File-Install-Version=0.3

81
SOURCES/scap-workbench-1.2.2-fix-appdata-pr-295.patch Normal file
View File

@ -0,0 +1,81 @@
From 408019f129027c120b71db3c029d5291e3275ea2 Mon Sep 17 00:00:00 2001
From: Evgeny Kolesnikov <ekolesni@redhat.com>
Date: Tue, 16 Nov 2021 00:08:32 +0100
Subject: [PATCH] Fix appdata, desktop and icons for Linux (Freedesktop)
Satisfy:
https://specifications.freedesktop.org/icon-theme-spec/icon-theme-spec-latest.html#install_icons
https://freedesktop.org/software/appstream/docs/chap-Quickstart.html
---
CMakeLists.txt | 6 +++---
...ppdata.xml => org.open_scap.scap_workbench.appdata.xml | 5 +++--
...kbench.desktop => org.open_scap.scap_workbench.desktop | 8 ++++----
3 files changed, 10 insertions(+), 9 deletions(-)
rename org.open-scap.scap-workbench.appdata.xml => org.open_scap.scap_workbench.appdata.xml (92%)
rename scap_workbench.desktop => org.open_scap.scap_workbench.desktop (67%)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5c42e733..55eed972 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -263,13 +263,13 @@ install(FILES "man/scap-workbench.8"
install(DIRECTORY "share/scap-workbench"
DESTINATION "${CMAKE_INSTALL_DATADIR}")
-install(FILES "scap_workbench.desktop"
+install(FILES "org.open_scap.scap_workbench.desktop"
DESTINATION "${CMAKE_INSTALL_DATADIR}/applications")
install(FILES "share/pixmaps/scap-workbench.png"
DESTINATION "${CMAKE_INSTALL_DATADIR}/pixmaps")
install(FILES "share/pixmaps/scap-workbench.svg"
- DESTINATION "${CMAKE_INSTALL_DATADIR}/pixmaps")
-install(FILES "org.open-scap.scap-workbench.appdata.xml"
+ DESTINATION "${CMAKE_INSTALL_DATADIR}/icons/hicolor/scalable/apps")
+install(FILES "org.open_scap.scap_workbench.appdata.xml"
DESTINATION "${CMAKE_INSTALL_DATADIR}/metainfo")
if (ASCIIDOC_EXECUTABLE)
diff --git a/org.open-scap.scap-workbench.appdata.xml b/org.open_scap.scap_workbench.appdata.xml
similarity index 92%
rename from org.open-scap.scap-workbench.appdata.xml
rename to org.open_scap.scap_workbench.appdata.xml
index bed9b05c..191796b2 100644
--- a/org.open-scap.scap-workbench.appdata.xml
+++ b/org.open_scap.scap_workbench.appdata.xml
@@ -1,10 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
-<component type="desktop">
- <id>org.openscap.scap_workbench.desktop</id>
+<component type="desktop-application">
+ <id>org.open_scap.scap_workbench</id>
<metadata_license>CC0-1.0</metadata_license>
<project_license>GPL-3.0+</project_license>
<name>SCAP Workbench</name>
<summary>A GUI tool that serves as an SCAP scanner and provides tailoring functionality for SCAP content</summary>
+ <launchable type="desktop-id">org.open_scap.scap_workbench.desktop</launchable>
<description>
<p>
The main goal of this application is to lower the initial barrier of using SCAP.
diff --git a/scap_workbench.desktop b/org.open_scap.scap_workbench.desktop
similarity index 67%
rename from scap_workbench.desktop
rename to org.open_scap.scap_workbench.desktop
index 5b4bb899..0d568b1d 100644
--- a/scap_workbench.desktop
+++ b/org.open_scap.scap_workbench.desktop
@@ -1,11 +1,11 @@
[Desktop Entry]
+Version=1.0
Type=Application
Name=SCAP Workbench
GenericName=SCAP Scanner and Profile Editor
-Comment=GUI tool that allows scanning both local and remote computers using SCAP content of your choice.
+Comment=GUI tool that allows scanning both local and remote computers using SCAP content of your choice
TryExec=scap-workbench
Exec=scap-workbench
Icon=scap-workbench
-Categories=System;
-Keywords=scap;
-X-Desktop-File-Install-Version=0.3
+Categories=System;Security;
+Keywords=SCAP;

64
SOURCES/scap-workbench-1.2.2-fix-qt-deprecated-pr-259.patch Normal file
View File

@ -0,0 +1,64 @@
From 806be588a70349b1705a687d38b90bfa6702d010 Mon Sep 17 00:00:00 2001
From: Carlos Matos <cmatos@redhat.com>
Date: Fri, 29 May 2020 13:59:32 -0400
Subject: [PATCH] Use QT provided macro function to version check - deprecation
errors
---
src/SaveAsRPMDialog.cpp | 7 ++++++-
src/TailoringWindow.cpp | 14 ++++++++++++--
2 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/src/SaveAsRPMDialog.cpp b/src/SaveAsRPMDialog.cpp
index 611d15f..854396b 100644
--- a/src/SaveAsRPMDialog.cpp
+++ b/src/SaveAsRPMDialog.cpp
@@ -86,7 +86,12 @@ void SaveAsRPMDialog::slotFinished(int result)
closure.remove(mScanningSession->getOpenedFilePath());
QList<QString> closureOrdered;
closureOrdered.append(mScanningSession->getOpenedFilePath());
- closureOrdered.append(closure.toList());
+ #if (QT_VERSION >= QT_VERSION_CHECK(5, 14, 0))
+ closureOrdered.append(closure.values());
+ #else
+ // support older versions where deprecation warning is not fatal
+ closureOrdered.append(closure.toList());
+ #endif
const QDir cwd = ScanningSession::getCommonAncestorDirectory(closure);
diff --git a/src/TailoringWindow.cpp b/src/TailoringWindow.cpp
index ceced3e..e4081cf 100644
--- a/src/TailoringWindow.cpp
+++ b/src/TailoringWindow.cpp
@@ -645,7 +645,12 @@ QString TailoringWindow::getQSettingsKey() const
void TailoringWindow::deserializeCollapsedItems()
{
const QStringList list = mQSettings->value(getQSettingsKey()).toStringList();
- mCollapsedItemIds = QSet<QString>::fromList(list);
+ #if (QT_VERSION >= QT_VERSION_CHECK(5, 14, 0))
+ mCollapsedItemIds = QSet<QString>(list.begin(), list.end());
+ #else
+ // support older versions where deprecation warning is not fatal
+ mCollapsedItemIds = QSet<QString>::fromList(list);
+ #endif
}
void TailoringWindow::serializeCollapsedItems()
@@ -657,7 +662,12 @@ void TailoringWindow::serializeCollapsedItems()
}
else
{
- mQSettings->setValue(getQSettingsKey(), QVariant(mCollapsedItemIds.toList()));
+ #if (QT_VERSION >= QT_VERSION_CHECK(5, 14, 0))
+ mQSettings->setValue(getQSettingsKey(), QVariant(mCollapsedItemIds.values()));
+ #else
+ // support older versions where deprecation warning is not fatal
+ mQSettings->setValue(getQSettingsKey(), QVariant(mCollapsedItemIds.toList()));
+ #endif
mQSettings->setValue(getQSettingsKey() + "_lastUsed", QVariant(QDateTime::currentDateTime()));
}
}
--
2.26.2

519
SOURCES/scap-workbench-1.2.2-generate-result-based-remediation-from-tailored-profile.patch Normal file
View File

@ -0,0 +1,519 @@
From 69e988df963cb184062814e75c737fe080f303df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Tue, 25 Feb 2020 10:50:46 +0100
Subject: [PATCH] Generate result-based remediation from tailored profile
Users can generate remediation script from scan results
of a tailored profile.
Unfortunately, the current design of SCAP Workbench doesn't allow
a clear way of doing this. The scan is run in a separated oscap
process. SCAP Workbench doesn't have access to oscap internal
xccdf_session which creates the ARF. It can't obtain the Tailoring
component reference ID.
Instead, we will save the tailoring document to a temporary file
and use the temporary file when generating the remediation.
Resolves: RHBZ#1640715
---
include/RemediationRoleSaver.h | 19 +++++++++-------
include/ResultViewer.h | 2 ++
src/RemediationRoleSaver.cpp | 40 ++++++++++++++++++++++------------
src/ResultViewer.cpp | 9 +++++---
4 files changed, 45 insertions(+), 25 deletions(-)
diff --git a/include/RemediationRoleSaver.h b/include/RemediationRoleSaver.h
index 1681b901..dfeea0c9 100644
--- a/include/RemediationRoleSaver.h
+++ b/include/RemediationRoleSaver.h
@@ -98,33 +98,35 @@ class PuppetProfileRemediationSaver : public ProfileBasedRemediationSaver
class ResultBasedProcessRemediationSaver : public RemediationSaverBase
{
public:
- ResultBasedProcessRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents,
+ ResultBasedProcessRemediationSaver(
+ QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType);
private:
virtual void saveToFile(const QString& filename);
SpacelessQTemporaryFile mArfFile;
+ QString tailoring;
};
class BashResultRemediationSaver : public ResultBasedProcessRemediationSaver
{
public:
- BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents);
+ BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
};
class AnsibleResultRemediationSaver : public ResultBasedProcessRemediationSaver
{
public:
- AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents);
+ AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
};
class PuppetResultRemediationSaver : public ResultBasedProcessRemediationSaver
{
public:
- PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents);
+ PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
};
#else // i.e. SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION is defined
@@ -133,33 +135,34 @@ class PuppetResultRemediationSaver : public ResultBasedProcessRemediationSaver
class ResultBasedLibraryRemediationSaver : public RemediationSaverBase
{
public:
- ResultBasedLibraryRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents,
+ ResultBasedLibraryRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType);
private:
virtual void saveToFile(const QString& filename);
SpacelessQTemporaryFile mArfFile;
+ QString tailoring;
};
class BashResultRemediationSaver : public ResultBasedLibraryRemediationSaver
{
public:
- BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents);
+ BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
};
class AnsibleResultRemediationSaver : public ResultBasedLibraryRemediationSaver
{
public:
- AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents);
+ AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
};
class PuppetResultRemediationSaver : public ResultBasedLibraryRemediationSaver
{
public:
- PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents);
+ PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
};
#endif // SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
diff --git a/include/ResultViewer.h b/include/ResultViewer.h
index a6da89da..2ec8d576 100644
--- a/include/ResultViewer.h
+++ b/include/ResultViewer.h
@@ -99,6 +99,8 @@ class ResultViewer : public QWidget
/// If user requests to open the file via desktop services
SpacelessQTemporaryFile* mReportFile;
QByteArray mARF;
+
+ QString tailoringFilePath;
};
#endif
diff --git a/src/RemediationRoleSaver.cpp b/src/RemediationRoleSaver.cpp
index 900a221d..28389dbb 100644
--- a/src/RemediationRoleSaver.cpp
+++ b/src/RemediationRoleSaver.cpp
@@ -164,7 +164,8 @@ PuppetProfileRemediationSaver::PuppetProfileRemediationSaver(QWidget* parentWind
{}
#ifndef SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
-ResultBasedProcessRemediationSaver::ResultBasedProcessRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents,
+ResultBasedProcessRemediationSaver::ResultBasedProcessRemediationSaver(
+ QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType):
RemediationSaverBase(parentWindow, saveMessage, filetypeExtension, filetypeTemplate, fixType)
{
@@ -172,6 +173,7 @@ ResultBasedProcessRemediationSaver::ResultBasedProcessRemediationSaver(QWidget*
mArfFile.open();
mArfFile.write(arfContents);
mArfFile.close();
+ tailoring = tailoringFilePath;
}
void ResultBasedProcessRemediationSaver::saveToFile(const QString& filename)
@@ -191,6 +193,11 @@ void ResultBasedProcessRemediationSaver::saveToFile(const QString& filename)
args.append("--result-id");
args.append("");
+ if (!tailoring.isNull()) {
+ args.append("--tailoring-file");
+ args.append(tailoring.toUtf8().constData());
+ }
+
args.append(mArfFile.fileName());
// Launching a process and going through its output is something we do already in OscapScannerLocal::evaluate()
@@ -222,23 +229,24 @@ void ResultBasedProcessRemediationSaver::saveToFile(const QString& filename)
}
}
-BashResultRemediationSaver::BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents):
- ResultBasedProcessRemediationSaver(parentWindow, arfContents,
+BashResultRemediationSaver::BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
+ ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
bashSaveMessage, bashFiletypeExtension, bashFiletypeTemplate, bashFixTemplate)
{}
-AnsibleResultRemediationSaver::AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents):
- ResultBasedProcessRemediationSaver(parentWindow, arfContents,
+AnsibleResultRemediationSaver::AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
+ ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
ansibleSaveMessage, ansibleFiletypeExtension, ansibleFiletypeTemplate, ansibleFixType)
{}
-PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents):
- ResultBasedProcessRemediationSaver(parentWindow, arfContents,
+PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
+ ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
puppetSaveMessage, puppetFiletypeExtension, puppetFiletypeTemplate, puppetFixType)
{}
#else // i.e. SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION is defined
-ResultBasedLibraryRemediationSaver::ResultBasedLibraryRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents,
+ResultBasedLibraryRemediationSaver::ResultBasedLibraryRemediationSaver(
+ QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType):
RemediationSaverBase(parentWindow, saveMessage, filetypeExtension, filetypeTemplate, fixType)
{
@@ -246,6 +254,7 @@ ResultBasedLibraryRemediationSaver::ResultBasedLibraryRemediationSaver(QWidget*
mArfFile.open();
mArfFile.write(arfContents);
mArfFile.close();
+ tailoring = tailoringFilePath;
}
void ResultBasedLibraryRemediationSaver::saveToFile(const QString& filename)
@@ -282,6 +291,9 @@ void ResultBasedLibraryRemediationSaver::saveToFile(const QString& filename)
if (session == NULL)
throw std::runtime_error("Couldn't get XCCDF session from the report source");
+ if (!tailoring.isNull()) {
+ xccdf_session_set_user_tailoring_file(session, tailoring.toUtf8().constData());
+ }
xccdf_session_set_loading_flags(session, XCCDF_SESSION_LOAD_XCCDF);
if (xccdf_session_load(session) != 0)
@@ -316,18 +328,18 @@ void ResultBasedLibraryRemediationSaver::saveToFile(const QString& filename)
}
}
-BashResultRemediationSaver::BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents):
- ResultBasedLibraryRemediationSaver(parentWindow, arfContents,
+BashResultRemediationSaver::BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
+ ResultBasedLibraryRemediationSaver(parentWindow, arfContents, tailoringFilePath,
bashSaveMessage, bashFiletypeExtension, bashFiletypeTemplate, bashFixTemplate)
{}
-AnsibleResultRemediationSaver::AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents):
- ResultBasedLibraryRemediationSaver(parentWindow, arfContents,
+AnsibleResultRemediationSaver::AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
+ ResultBasedLibraryRemediationSaver(parentWindow, arfContents, tailoringFilePath,
ansibleSaveMessage, ansibleFiletypeExtension, ansibleFiletypeTemplate, ansibleFixType)
{}
-PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents):
- ResultBasedLibraryRemediationSaver(parentWindow, arfContents,
+PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
+ ResultBasedLibraryRemediationSaver(parentWindow, arfContents, tailoringFilePath,
puppetSaveMessage, puppetFiletypeExtension, puppetFiletypeTemplate, puppetFixType)
{}
diff --git a/src/ResultViewer.cpp b/src/ResultViewer.cpp
index 1e730e99..c5444746 100644
--- a/src/ResultViewer.cpp
+++ b/src/ResultViewer.cpp
@@ -114,6 +114,9 @@ void ResultViewer::loadContent(Scanner* scanner)
if (mInputBaseName.endsWith("-xccdf"))
mInputBaseName.chop(QString("-xccdf").length());
}
+ if (session->isSelectedProfileTailoring()) {
+ tailoringFilePath = session->getTailoringFilePath();
+ }
mReport.clear();
scanner->getReport(mReport);
@@ -173,19 +176,19 @@ void ResultViewer::openReport()
void ResultViewer::generateBashRemediationRole()
{
- BashResultRemediationSaver remediation(this, mARF);
+ BashResultRemediationSaver remediation(this, mARF, tailoringFilePath);
remediation.selectFilenameAndSaveRole();
}
void ResultViewer::generateAnsibleRemediationRole()
{
- AnsibleResultRemediationSaver remediation(this, mARF);
+ AnsibleResultRemediationSaver remediation(this, mARF, tailoringFilePath);
remediation.selectFilenameAndSaveRole();
}
void ResultViewer::generatePuppetRemediationRole()
{
- PuppetResultRemediationSaver remediation(this, mARF);
+ PuppetResultRemediationSaver remediation(this, mARF, tailoringFilePath);
remediation.selectFilenameAndSaveRole();
}
From e97539b824202e91c9cd551316836935046e53ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Mon, 2 Mar 2020 14:14:49 +0100
Subject: [PATCH] Use only library calls to generate remediation
Removes CMake option
SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
and removes the code that is used when this option is not set.
That means the remediations will be generated using libopenscap
library calls. The removed code executed "oscap" command to
do the same thing.
---
CMakeLists.txt | 8 +---
include/Config.h.in | 1 -
include/RemediationRoleSaver.h | 41 ----------------
src/RemediationRoleSaver.cpp | 87 ----------------------------------
4 files changed, 2 insertions(+), 135 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 060df785..8d16d3c5 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -49,12 +49,8 @@ endif()
# Local scanning tools
option(SCAP_WORKBENCH_LOCAL_SCAN_ENABLED "If enabled, scanning of local machine is possible from workbench. Else the option is disabled in the GUI." TRUE)
-option(SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION "If enabled, result-based remediation roles will be generated by calls to the libopenscap library (instead of being generated by the oscap subprocess). Requires openscap>=1.2.16" FALSE)
-
-if (SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION)
- if(${OPENSCAP_VERSION_MAJOR} LESS 2 AND ${OPENSCAP_VERSION_MINOR} LESS 3 AND ${OPENSCAP_VERSION_PATCH} LESS 16) # i.e. oscap<1.2.16
- message(FATAL_ERROR "Library-powered generation of result-based remediation roles is supported only if you have oscap>=1.2.16, whereas you have oscap==${OPENSCAP_VERSION}")
- endif()
+if(${OPENSCAP_VERSION_MAJOR} LESS 2 AND ${OPENSCAP_VERSION_MINOR} LESS 3 AND ${OPENSCAP_VERSION_PATCH} LESS 16) # i.e. oscap<1.2.16
+ message(FATAL_ERROR "Library-powered generation of result-based remediation roles is supported only if you have oscap>=1.2.16, whereas you have oscap==${OPENSCAP_VERSION}")
endif()
find_program(NICE_EXECUTABLE NAMES nice) # fully optional, local scan still available when missing
diff --git a/include/Config.h.in b/include/Config.h.in
index 21b3f373..a9bc718f 100644
--- a/include/Config.h.in
+++ b/include/Config.h.in
@@ -40,7 +40,6 @@
#define SCAP_WORKBENCH_LOCAL_PKEXEC_OSCAP_PATH "@CMAKE_INSTALL_FULL_LIBEXECDIR@/scap-workbench-pkexec-oscap.sh"
#define SCAP_WORKBENCH_LOCAL_RPM_EXTRACT_PATH "@CMAKE_INSTALL_FULL_LIBEXECDIR@/scap-workbench-rpm-extract.sh"
#define SCAP_WORKBENCH_REMOTE_OSCAP_PATH "oscap"
-#cmakedefine SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
#cmakedefine SCAP_WORKBENCH_LOCAL_SSH_FOUND
#define SCAP_WORKBENCH_LOCAL_SSH_PATH "@SSH_EXECUTABLE@"
#cmakedefine SCAP_WORKBENCH_LOCAL_SETSID_FOUND
diff --git a/include/RemediationRoleSaver.h b/include/RemediationRoleSaver.h
index dfeea0c9..95938db8 100644
--- a/include/RemediationRoleSaver.h
+++ b/include/RemediationRoleSaver.h
@@ -93,45 +93,6 @@ class PuppetProfileRemediationSaver : public ProfileBasedRemediationSaver
};
-#ifndef SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
-/// Base for all result-based remediation generators that uses oscap process
-class ResultBasedProcessRemediationSaver : public RemediationSaverBase
-{
- public:
- ResultBasedProcessRemediationSaver(
- QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
- const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType);
-
- private:
- virtual void saveToFile(const QString& filename);
- SpacelessQTemporaryFile mArfFile;
- QString tailoring;
-};
-
-
-class BashResultRemediationSaver : public ResultBasedProcessRemediationSaver
-{
- public:
- BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
-};
-
-
-class AnsibleResultRemediationSaver : public ResultBasedProcessRemediationSaver
-{
- public:
- AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
-};
-
-
-class PuppetResultRemediationSaver : public ResultBasedProcessRemediationSaver
-{
- public:
- PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
-};
-
-#else // i.e. SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION is defined
-
-/// Base for all result-based remediation generators that uses the openscap library
class ResultBasedLibraryRemediationSaver : public RemediationSaverBase
{
public:
@@ -165,7 +126,5 @@ class PuppetResultRemediationSaver : public ResultBasedLibraryRemediationSaver
PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
};
-#endif // SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
-
#endif // SCAP_WORKBENCH_REMEDIATION_ROLE_SAVER_H_
diff --git a/src/RemediationRoleSaver.cpp b/src/RemediationRoleSaver.cpp
index 28389dbb..a9866738 100644
--- a/src/RemediationRoleSaver.cpp
+++ b/src/RemediationRoleSaver.cpp
@@ -35,11 +35,7 @@ extern "C"
#include <xccdf_benchmark.h>
#include <xccdf_policy.h>
#include <xccdf_session.h>
-#ifdef SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
- // vvv This include is used only for library-based generation of result-base remediation roles
- // vvv and it requires (relatively recent) openscap 1.2.16
#include <ds_rds_session.h>
-#endif
}
@@ -163,88 +159,6 @@ PuppetProfileRemediationSaver::PuppetProfileRemediationSaver(QWidget* parentWind
puppetSaveMessage, puppetFiletypeExtension, puppetFiletypeTemplate, puppetFixType)
{}
-#ifndef SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
-ResultBasedProcessRemediationSaver::ResultBasedProcessRemediationSaver(
- QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
- const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType):
- RemediationSaverBase(parentWindow, saveMessage, filetypeExtension, filetypeTemplate, fixType)
-{
- mArfFile.setAutoRemove(true);
- mArfFile.open();
- mArfFile.write(arfContents);
- mArfFile.close();
- tailoring = tailoringFilePath;
-}
-
-void ResultBasedProcessRemediationSaver::saveToFile(const QString& filename)
-{
- QStringList args;
- args.append("xccdf");
- args.append("generate");
- args.append("fix");
-
- args.append("--template");
- args.append(mTemplateString);
- args.append("--output");
- args.append(filename);
-
- // vvv This will work, if there is only one result ID in the ARF file, it will be picked no matter what the argument value is.
- // However, ommitting --result-id "" won't work.
- args.append("--result-id");
- args.append("");
-
- if (!tailoring.isNull()) {
- args.append("--tailoring-file");
- args.append(tailoring.toUtf8().constData());
- }
-
- args.append(mArfFile.fileName());
-
- // Launching a process and going through its output is something we do already in OscapScannerLocal::evaluate()
- // This is a lightweight launch though.
- QProcess process(mParentWindow);
-
- SpacelessQTemporaryDir workingDir;
- process.setWorkingDirectory(workingDir.path());
- QString program(SCAP_WORKBENCH_LOCAL_OSCAP_PATH);
-
- process.start(program, args);
- process.waitForStarted();
-
- const unsigned int remediationGenerationTimeout = 10000;
-
- const int process_finished_on_time = process.waitForFinished(remediationGenerationTimeout);
-
- if (!process_finished_on_time)
- {
- QString message = QObject::tr("The process that was supposed to generate remediations didn't finish on time (i.e. within %1 secs), so it was terminated.").arg(remediationGenerationTimeout / 1000);
- process.kill();
- throw std::runtime_error(message.toUtf8().constData());
- }
-
- if (process.exitCode() != 0)
- {
- QString completeErrorMessage(QObject::tr("Exit code of 'oscap' was %1: %2"));
- throw std::runtime_error(completeErrorMessage.arg(process.exitCode()).arg(QString(process.readAllStandardError())).toUtf8().constData());
- }
-}
-
-BashResultRemediationSaver::BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
- ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
- bashSaveMessage, bashFiletypeExtension, bashFiletypeTemplate, bashFixTemplate)
-{}
-
-AnsibleResultRemediationSaver::AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
- ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
- ansibleSaveMessage, ansibleFiletypeExtension, ansibleFiletypeTemplate, ansibleFixType)
-{}
-
-PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
- ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
- puppetSaveMessage, puppetFiletypeExtension, puppetFiletypeTemplate, puppetFixType)
-{}
-
-#else // i.e. SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION is defined
ResultBasedLibraryRemediationSaver::ResultBasedLibraryRemediationSaver(
QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType):
@@ -343,4 +257,3 @@ PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow
puppetSaveMessage, puppetFiletypeExtension, puppetFiletypeTemplate, puppetFixType)
{}
-#endif // SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
From 550fc786d2cdec391544cd7bc3a33325ba545803 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Tue, 3 Mar 2020 09:36:20 +0100
Subject: [PATCH] Remove known issue
This issue has been fixed by 69e988df963cb184062814e75c737fe080f303df.
---
doc/user_manual.adoc | 14 --------------
1 file changed, 14 deletions(-)
diff --git a/doc/user_manual.adoc b/doc/user_manual.adoc
index fa47d4fc..48933dd9 100644
--- a/doc/user_manual.adoc
+++ b/doc/user_manual.adoc
@@ -524,20 +524,6 @@ Both while opening the files and when scanning. This option is discouraged and
should only be used by content creators and/or people who really know what they
are doing.
-== Known issues
-
-=== Result-based remediations of tailored profiles
-
-Saving remediation roles to the disk may not work for a customized profile. Specifically, it won't work if you add additional rules to it.
-If this limitation affects you, follow these steps:
-
-Remark: You will need to use the oscap command-line utility, which is bundled together with scap-workbench.
-
-1. Save the scan results
-2. Save your profile customization to a file using the "File->Save customization only" option.
-3. Run this command: oscap xccdf generate fix --output <role filename> --result-id '' --tailoring-file <saved-customization> <saved-result>.
-Refer to oscap xccdf generate fix -h if you want other than Bash output.
-
== Where to Get Help?
You ask for help with the application using

42
SOURCES/scap-workbench-1.2.2-no-rpath-pr-285.patch Normal file
View File

@ -0,0 +1,42 @@
From 99a496dd49d0e0035b12db43e09aa3ab144bbfbc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Tue, 27 Jul 2021 11:14:23 +0200
Subject: [PATCH] Do not set rpath
See: https://fedoraproject.org/wiki/Changes/Broken_RPATH_will_fail_rpmbuild
Similar to: https://github.com/OpenSCAP/openscap/pull/1765
---
CMakeLists.txt | 17 -----------------
1 file changed, 17 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index fe33466..77bb3ae 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -128,23 +128,6 @@ set(SCAP_WORKBENCH_LINK_LIBRARIES
Qt5::Widgets Qt5::XmlPatterns
${OPENSCAP_LIBRARIES})
-# ---------- RPATHS for linking
-
-# see https://gitlab.kitware.com/cmake/community/wikis/doc/cmake/RPATH-handling
-
-# when building, use the install RPATH
-# (but later on when installing)
-set(CMAKE_BUILD_WITH_INSTALL_RPATH ON)
-
-set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR})
-
-# add the automatically determined parts of the RPATH
-# which point to directories outside the build tree to the install RPATH
-set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
-
-# Turn on RPATH for OSX
-set(CMAKE_MACOSX_RPATH ON)
-
configure_file("include/Config.h.in" "${CMAKE_CURRENT_BINARY_DIR}/Config.h")
# It is not trivial to make the resulting file executable :-(
# People will have to `bash runwrapper.sh ...` in the meantime.
--
2.31.1

196
SOURCES/scap-workbench-1.2.2-refactor_messages-PR_271.patch Normal file
View File

@ -0,0 +1,196 @@
From 7786cd8b020ab3aa4a9720e6fa8f60285486a48b Mon Sep 17 00:00:00 2001
From: Matej Tyc <matyc@redhat.com>
Date: Wed, 27 Jan 2021 14:28:57 +0100
Subject: [PATCH] Refactored handling of scanner messages.
- Better detection of errors and warnings using leading E: and W: that
oscap emits.
- Possibility to expand the message filtering using inheritance.
---
include/OscapScannerBase.h | 15 +++++
src/OscapScannerBase.cpp | 132 ++++++++++++++++++++++++++++++++-----
2 files changed, 130 insertions(+), 17 deletions(-)
diff --git a/include/OscapScannerBase.h b/include/OscapScannerBase.h
index 00f67699..f82379be 100644
--- a/include/OscapScannerBase.h
+++ b/include/OscapScannerBase.h
@@ -77,6 +77,21 @@ class OscapScannerBase : public Scanner
ReadingState mReadingState;
+ enum MessageType
+ {
+ MSG_INFO, MSG_WARNING, MSG_ERROR, MSG_UNKNOWN
+ };
+
+ virtual void filterStdErr(QString& errorText);
+ void emitMessage(MessageType kind, QString& message);
+ virtual void selectWarning(MessageType& kind, const QString& message);
+ virtual void processWarning(QString& message);
+ virtual void selectInfo(MessageType& kind, const QString& message);
+ virtual void processInfo(QString& message);
+ virtual void selectError(MessageType& kind, const QString& message);
+ virtual void processError(QString& message);
+ virtual void processUnknown(QString& message);
+
/// We keep filling this buffer until we reach : or \n
QString mReadBuffer;
diff --git a/src/OscapScannerBase.cpp b/src/OscapScannerBase.cpp
index bdb02e74..0ec4575e 100644
--- a/src/OscapScannerBase.cpp
+++ b/src/OscapScannerBase.cpp
@@ -418,6 +418,117 @@ void OscapScannerBase::readStdOut(QProcess& process)
while (tryToReadStdOutChar(process));
}
+
+void OscapScannerBase::emitMessage(MessageType kind, QString& message)
+{
+ QString rawMessage = QObject::tr(message.toUtf8().constData());
+ switch (kind)
+ {
+ case MSG_INFO:
+ {
+ emit infoMessage(message);
+ break;
+ }
+ case MSG_WARNING:
+ {
+ emit warningMessage(message);
+ break;
+ }
+ default:
+ emit errorMessage(message);
+ }
+}
+
+
+void OscapScannerBase::selectWarning(MessageType& kind, const QString& message)
+{
+ if (message.contains("WARNING: "))
+ {
+ kind = MSG_WARNING;
+ }
+ if (message.contains(QRegExp("^W:\\s")))
+ {
+ kind = MSG_WARNING;
+ }
+}
+
+
+void OscapScannerBase::processWarning(QString& message)
+{
+ message = guiFriendlyMessage(message);
+}
+
+
+void OscapScannerBase::selectInfo(MessageType& kind, const QString& message)
+{
+ if (message.contains(QRegExp("^Downloading: .+ \\.{3} \\w+\\n")))
+ {
+ kind = MSG_INFO;
+ }
+}
+
+
+void OscapScannerBase::processInfo(QString& message)
+{
+ (void)message; // suppress the unused arg warning
+}
+
+
+void OscapScannerBase::selectError(MessageType& kind, const QString& message)
+{
+ if (message.contains(QRegExp("^E:\\s")))
+ {
+ kind = MSG_ERROR;
+ }
+}
+
+
+void OscapScannerBase::processError(QString& message)
+{
+ message.remove(QRegExp("Error:\\s*"));
+ message.remove(QRegExp("^E:\\s*"));
+ message.remove(QRegExp("\\n"));
+}
+
+
+void OscapScannerBase::processUnknown(QString& message)
+{
+ message = QString("The 'oscap' process has written the following content to stderr:\n%1").arg(message);
+}
+
+
+void OscapScannerBase::filterStdErr(QString& errorText)
+{
+ MessageType type = MSG_UNKNOWN;
+ // let detection of a more severe type of message (error) overrule a benign one (info)
+ selectInfo(type, errorText);
+ selectWarning(type, errorText);
+ selectError(type, errorText);
+ switch(type)
+ {
+ case MSG_INFO:
+ {
+ processInfo(errorText);
+ break;
+ }
+ case MSG_WARNING:
+ {
+ processWarning(errorText);
+ break;
+ }
+ case MSG_ERROR:
+ {
+ processError(errorText);
+ break;
+ }
+ default:
+ {
+ processUnknown(errorText);
+ }
+ }
+ emitMessage(type, errorText);
+}
+
void OscapScannerBase::watchStdErr(QProcess& process)
{
process.setReadChannel(QProcess::StandardError);
@@ -433,21 +544,7 @@ void OscapScannerBase::watchStdErr(QProcess& process)
if (!stdErrOutput.isEmpty())
{
- if (stdErrOutput.contains("WARNING: "))
- {
- QString guiMessage = guiFriendlyMessage(stdErrOutput);
- emit warningMessage(QObject::tr(guiMessage.toUtf8().constData()));
- }
- // Openscap >= 1.2.11 (60fb9f0c98eee) sends this message through stderr
- else if (stdErrOutput.contains(QRegExp("^Downloading: .+ \\.{3} \\w+\\n")))
- {
- emit infoMessage(stdErrOutput);
- }
- else
- {
- emit errorMessage(QObject::tr("The 'oscap' process has written the following content to stderr:\n"
- "%1").arg(stdErrOutput));
- }
+ filterStdErr(stdErrOutput);
}
}
@@ -458,8 +555,9 @@ QString OscapScannerBase::guiFriendlyMessage(const QString& cliMessage)
{
QString guiMessage = cliMessage;
- // Remove "WARNING:" prefix and trailing \n
- guiMessage.remove(QRegExp("(WARNING: )|\n"));
+ guiMessage.remove(QRegExp("WARNING:\\s*"));
+ guiMessage.remove(QRegExp("^W:\\s*"));
+ guiMessage.remove(QRegExp("\\n"));
if (cliMessage.contains("--fetch-remote-resources"))
guiMessage = QString("Remote resources might be necessary for this profile to work properly. Please select \"Fetch remote resources\" for complete scan");

560
SOURCES/scap-workbench-1.2.2-remote_sudo-PR_270.patch Normal file
View File

@ -0,0 +1,560 @@
From 0e48a7161be7fbabc02ba05407131be2595e9b6d Mon Sep 17 00:00:00 2001
From: Matej Tyc <matyc@redhat.com>
Date: Tue, 1 Dec 2020 18:46:20 +0100
Subject: [PATCH 1/4] Implement possibility to scan by sudoers.
- The remote scanning dialog got a "user is sudoer" checkbox.
- Dry run can make use of sudo in connection with oscap-ssh.
- The scanning procedure uses sudo invocation as part of the ssh command.
---
include/OscapScannerRemoteSsh.h | 2 ++
include/RemoteMachineComboBox.h | 2 ++
src/MainWindow.cpp | 4 ++++
src/OscapScannerRemoteSsh.cpp | 28 +++++++++++++++++++------
src/RemoteMachineComboBox.cpp | 7 +++++++
ui/RemoteMachineComboBox.ui | 36 +++++++++++++++++++++++++++++----
6 files changed, 69 insertions(+), 10 deletions(-)
diff --git a/include/OscapScannerRemoteSsh.h b/include/OscapScannerRemoteSsh.h
index d2aa7013..69eedfe4 100644
--- a/include/OscapScannerRemoteSsh.h
+++ b/include/OscapScannerRemoteSsh.h
@@ -36,6 +36,7 @@ class OscapScannerRemoteSsh : public OscapScannerBase
OscapScannerRemoteSsh();
virtual ~OscapScannerRemoteSsh();
+ void setUserIsSudoer(bool userIsSudoer);
virtual void setTarget(const QString& target);
virtual void setSession(ScanningSession* session);
@@ -57,6 +58,7 @@ class OscapScannerRemoteSsh : public OscapScannerBase
void removeRemoteDirectory(const QString& path, const QString& desc);
SshConnection mSshConnection;
+ bool mUserIsSudoer;
};
#endif
diff --git a/include/RemoteMachineComboBox.h b/include/RemoteMachineComboBox.h
index 41a9643c..3b338127 100644
--- a/include/RemoteMachineComboBox.h
+++ b/include/RemoteMachineComboBox.h
@@ -44,6 +44,7 @@ class RemoteMachineComboBox : public QWidget
void setRecentMachineCount(unsigned int count);
unsigned int getRecentMachineCount() const;
+ bool userIsSudoer() const;
public slots:
void notifyTargetUsed(const QString& target);
@@ -65,6 +66,7 @@ class RemoteMachineComboBox : public QWidget
QStringList mRecentTargets;
QComboBox* mRecentComboBox;
+ QCheckBox* mUserIsSudoer;
};
#endif
diff --git a/src/MainWindow.cpp b/src/MainWindow.cpp
index c9a0937b..236cfde1 100644
--- a/src/MainWindow.cpp
+++ b/src/MainWindow.cpp
@@ -678,6 +678,7 @@ void MainWindow::scanAsync(ScannerMode scannerMode)
// In the OscapScannerRemoteSsh class the port will be parsed out again...
const QString target = mUI.localMachineRadioButton->isChecked() ?
"localhost" : mUI.remoteMachineDetails->getTarget();
+ const bool userIsSudoer = mUI.remoteMachineDetails->userIsSudoer();
bool fetchRemoteResources = mUI.fetchRemoteResourcesCheckbox->isChecked();
try
@@ -689,7 +690,10 @@ void MainWindow::scanAsync(ScannerMode scannerMode)
if (target == "localhost")
mScanner = new OscapScannerLocal();
else
+ {
mScanner = new OscapScannerRemoteSsh();
+ ((OscapScannerRemoteSsh *)mScanner)->setUserIsSudoer(userIsSudoer);
+ }
mScanner->setTarget(target);
diff --git a/src/OscapScannerRemoteSsh.cpp b/src/OscapScannerRemoteSsh.cpp
index dcfd6d5f..d20faf59 100644
--- a/src/OscapScannerRemoteSsh.cpp
+++ b/src/OscapScannerRemoteSsh.cpp
@@ -37,7 +37,8 @@ extern "C"
OscapScannerRemoteSsh::OscapScannerRemoteSsh():
OscapScannerBase(),
- mSshConnection(this)
+ mSshConnection(this),
+ mUserIsSudoer(false)
{
mSshConnection.setCancelRequestSource(&mCancelRequested);
}
@@ -87,6 +88,11 @@ void OscapScannerRemoteSsh::setTarget(const QString& target)
mSshConnection.setPort(port);
}
+void OscapScannerRemoteSsh::setUserIsSudoer(bool userIsSudoer)
+{
+ mUserIsSudoer = userIsSudoer;
+}
+
void OscapScannerRemoteSsh::setSession(ScanningSession* session)
{
OscapScannerBase::setSession(session);
@@ -99,6 +105,10 @@ void OscapScannerRemoteSsh::setSession(ScanningSession* session)
QStringList OscapScannerRemoteSsh::getCommandLineArgs() const
{
QStringList args("oscap-ssh");
+ if (mUserIsSudoer)
+ {
+ args.append("--sudo");
+ }
args.append(mSshConnection.getTarget());
args.append(QString::number(mSshConnection.getPort()));
@@ -235,19 +245,19 @@ void OscapScannerRemoteSsh::evaluate()
if (mScannerMode == SM_OFFLINE_REMEDIATION)
{
- args = buildOfflineRemediationArgs(inputFile,
+ args.append(buildOfflineRemediationArgs(inputFile,
resultFile,
reportFile,
- arfFile);
+ arfFile));
}
else
{
- args = buildEvaluationArgs(inputFile,
+ args.append(buildEvaluationArgs(inputFile,
tailoringFile,
resultFile,
reportFile,
arfFile,
- mScannerMode == SM_SCAN_ONLINE_REMEDIATION);
+ mScannerMode == SM_SCAN_ONLINE_REMEDIATION));
}
const QString sshCmd = args.join(" ");
@@ -255,8 +265,14 @@ void OscapScannerRemoteSsh::evaluate()
emit infoMessage(QObject::tr("Starting the remote process..."));
QProcess process(this);
+ QString sudo;
+ if (mUserIsSudoer)
+ {
+ // tell sudo not to bother to read password from the terminal
+ sudo = " sudo -n";
+ }
- process.start(SCAP_WORKBENCH_LOCAL_SSH_PATH, baseArgs + QStringList(QString("cd '%1'; " SCAP_WORKBENCH_REMOTE_OSCAP_PATH " %2").arg(workingDir).arg(sshCmd)));
+ process.start(SCAP_WORKBENCH_LOCAL_SSH_PATH, baseArgs + QStringList(QString("cd '%1';" "%2 " SCAP_WORKBENCH_REMOTE_OSCAP_PATH " %3").arg(workingDir).arg(sudo).arg(sshCmd)));
process.waitForStarted();
if (process.state() != QProcess::Running)
diff --git a/src/RemoteMachineComboBox.cpp b/src/RemoteMachineComboBox.cpp
index 46d1b7d1..7b402344 100644
--- a/src/RemoteMachineComboBox.cpp
+++ b/src/RemoteMachineComboBox.cpp
@@ -41,6 +41,8 @@ RemoteMachineComboBox::RemoteMachineComboBox(QWidget* parent):
this, SLOT(updateHostPort(int))
);
+ mUserIsSudoer = mUI.userIsSudoer;
+
setRecentMachineCount(5);
syncFromQSettings();
@@ -51,6 +53,11 @@ RemoteMachineComboBox::~RemoteMachineComboBox()
delete mQSettings;
}
+bool RemoteMachineComboBox::userIsSudoer() const
+{
+ return mUserIsSudoer->isChecked();
+}
+
QString RemoteMachineComboBox::getTarget() const
{
return QString("%1:%2").arg(mUI.host->text()).arg(mUI.port->value());
diff --git a/ui/RemoteMachineComboBox.ui b/ui/RemoteMachineComboBox.ui
index 780d06ce..f9e9665c 100644
--- a/ui/RemoteMachineComboBox.ui
+++ b/ui/RemoteMachineComboBox.ui
@@ -6,15 +6,24 @@
<rect>
<x>0</x>
<y>0</y>
- <width>553</width>
- <height>29</height>
+ <width>609</width>
+ <height>42</height>
</rect>
</property>
<property name="windowTitle">
<string>RemoteMachineComboBox</string>
</property>
<layout class="QHBoxLayout" name="horizontalLayout">
- <property name="margin">
+ <property name="leftMargin">
+ <number>0</number>
+ </property>
+ <property name="topMargin">
+ <number>0</number>
+ </property>
+ <property name="rightMargin">
+ <number>0</number>
+ </property>
+ <property name="bottomMargin">
<number>0</number>
</property>
<item>
@@ -73,8 +82,17 @@
</item>
<item>
<widget class="QSpinBox" name="port">
+ <property name="enabled">
+ <bool>true</bool>
+ </property>
+ <property name="sizePolicy">
+ <sizepolicy hsizetype="Minimum" vsizetype="Fixed">
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
<property name="buttonSymbols">
- <enum>QAbstractSpinBox::UpDownArrows</enum>
+ <enum>QAbstractSpinBox::NoButtons</enum>
</property>
<property name="minimum">
<number>1</number>
@@ -87,6 +105,16 @@
</property>
</widget>
</item>
+ <item>
+ <widget class="QCheckBox" name="userIsSudoer">
+ <property name="toolTip">
+ <string>Check if the remote user doesn't have root privileges, but they can perform administrative tasks using paswordless sudo.</string>
+ </property>
+ <property name="text">
+ <string>user is sudoer</string>
+ </property>
+ </widget>
+ </item>
<item>
<widget class="QComboBox" name="recentComboBox">
<property name="sizePolicy">
From 1fd9bc807f1c76452c0803436efd311000d7470b Mon Sep 17 00:00:00 2001
From: Matej Tyc <matyc@redhat.com>
Date: Wed, 27 Jan 2021 14:33:04 +0100
Subject: [PATCH 2/4] Updated message handling of sudo-related issues.
---
include/OscapScannerRemoteSsh.h | 5 +++++
src/OscapScannerRemoteSsh.cpp | 23 +++++++++++++++++++++++
2 files changed, 28 insertions(+)
diff --git a/include/OscapScannerRemoteSsh.h b/include/OscapScannerRemoteSsh.h
index 69eedfe4..280a69da 100644
--- a/include/OscapScannerRemoteSsh.h
+++ b/include/OscapScannerRemoteSsh.h
@@ -43,6 +43,11 @@ class OscapScannerRemoteSsh : public OscapScannerBase
virtual QStringList getCommandLineArgs() const;
virtual void evaluate();
+ protected:
+
+ virtual void selectError(MessageType& kind, const QString& message);
+ virtual void processError(QString& message);
+
private:
void ensureConnected();
diff --git a/src/OscapScannerRemoteSsh.cpp b/src/OscapScannerRemoteSsh.cpp
index d20faf59..69b51373 100644
--- a/src/OscapScannerRemoteSsh.cpp
+++ b/src/OscapScannerRemoteSsh.cpp
@@ -344,6 +344,29 @@ void OscapScannerRemoteSsh::evaluate()
signalCompletion(mCancelRequested);
}
+void OscapScannerRemoteSsh::selectError(MessageType& kind, const QString& message)
+{
+ OscapScannerBase::selectError(kind, message);
+ if (mUserIsSudoer)
+ {
+ if (message.contains(QRegExp("^sudo:")))
+ {
+ kind = MSG_ERROR;
+ }
+ }
+
+}
+
+void OscapScannerRemoteSsh::processError(QString& message)
+{
+ OscapScannerBase::processError(message);
+ if (mUserIsSudoer && message.contains(QRegExp("^sudo:")))
+ {
+ message.replace(QRegExp("^sudo:"), "Error invoking sudo on the host:");
+ message += ".\nOnly passwordless sudo setup on the remote host is supported by scap-workbench.";
+ }
+}
+
void OscapScannerRemoteSsh::ensureConnected()
{
if (mSshConnection.isConnected())
From 57097b3b9d6f85caa96ab2940c29e94f16382252 Mon Sep 17 00:00:00 2001
From: Matej Tyc <matyc@redhat.com>
Date: Thu, 28 Jan 2021 17:12:08 +0100
Subject: [PATCH 3/4] Added documentation about setting up passwordless sudo.
---
doc/user_manual.adoc | 11 +++++++++++
src/OscapScannerRemoteSsh.cpp | 2 ++
2 files changed, 13 insertions(+)
diff --git a/doc/user_manual.adoc b/doc/user_manual.adoc
index 29ebd919..2c8501a0 100644
--- a/doc/user_manual.adoc
+++ b/doc/user_manual.adoc
@@ -363,6 +363,17 @@ files are not supported yet!
.Selecting a remote machine for scanning
image::scanning_remote_machine.png[align="center"]
+The remote user doesn't have to be a superuser - you can setup the remote
+`/etc/sudoers` file (using `visudo`) to enable the paswordless sudo for that particular user,
+and you check the "user is sudoer" checkbox.
+
+For example, if the scanning user is `oscap-user`, that would involve putting
+
+ oscap-user ALL=(root) NOPASSWD: /usr/bin/oscap xccdf eval *
+
+user specification into the `sudoers` file, or into a separate file
+that is included by `sudoers` s.a. `/etc/sudoers.d/99-oscap-user`.
+
=== Enable Online Remediation (optional)
****
diff --git a/src/OscapScannerRemoteSsh.cpp b/src/OscapScannerRemoteSsh.cpp
index 69b51373..7fa38b2e 100644
--- a/src/OscapScannerRemoteSsh.cpp
+++ b/src/OscapScannerRemoteSsh.cpp
@@ -364,6 +364,8 @@ void OscapScannerRemoteSsh::processError(QString& message)
{
message.replace(QRegExp("^sudo:"), "Error invoking sudo on the host:");
message += ".\nOnly passwordless sudo setup on the remote host is supported by scap-workbench.";
+ message += " \nTo configure a non-privileged user oscap-user to run only the oscap binary as root, "
+ "add this User Specification to your sudoers file: oscap-user ALL=(root) NOPASSWD: /usr/bin/oscap xccdf eval *";
}
}
From e8daecc80ad54e95de764728f0cbe4863a67be0d Mon Sep 17 00:00:00 2001
From: Matej Tyc <matyc@redhat.com>
Date: Thu, 28 Jan 2021 17:45:09 +0100
Subject: [PATCH 4/4] Added suport for the sudoers checkbox to history.
Recent remote scans now encode the sudo mode into the "target" that is
stored in the recent remote hosts list.
---
include/OscapScannerRemoteSsh.h | 3 ++-
include/RemoteMachineComboBox.h | 2 +-
src/MainWindow.cpp | 5 ++++-
src/OscapScannerRemoteSsh.cpp | 30 +++++++++++++++++++++++-------
src/RemoteMachineComboBox.cpp | 17 +++++++++++------
5 files changed, 41 insertions(+), 16 deletions(-)
diff --git a/include/OscapScannerRemoteSsh.h b/include/OscapScannerRemoteSsh.h
index 280a69da..50214b80 100644
--- a/include/OscapScannerRemoteSsh.h
+++ b/include/OscapScannerRemoteSsh.h
@@ -31,11 +31,12 @@ class OscapScannerRemoteSsh : public OscapScannerBase
Q_OBJECT
public:
- static void splitTarget(const QString& in, QString& target, unsigned short& port);
+ static void splitTarget(const QString& in, QString& target, unsigned short& port, bool& userIsSudoer);
OscapScannerRemoteSsh();
virtual ~OscapScannerRemoteSsh();
+ bool getUserIsSudoer() const;
void setUserIsSudoer(bool userIsSudoer);
virtual void setTarget(const QString& target);
virtual void setSession(ScanningSession* session);
diff --git a/include/RemoteMachineComboBox.h b/include/RemoteMachineComboBox.h
index 3b338127..c2d946c9 100644
--- a/include/RemoteMachineComboBox.h
+++ b/include/RemoteMachineComboBox.h
@@ -47,7 +47,7 @@ class RemoteMachineComboBox : public QWidget
bool userIsSudoer() const;
public slots:
- void notifyTargetUsed(const QString& target);
+ void notifyTargetUsed(const QString& target, bool userIsSudoer);
void clearHistory();
protected slots:
diff --git a/src/MainWindow.cpp b/src/MainWindow.cpp
index 236cfde1..496e1724 100644
--- a/src/MainWindow.cpp
+++ b/src/MainWindow.cpp
@@ -763,7 +763,10 @@ void MainWindow::scanAsync(ScannerMode scannerMode)
);
if (target != "localhost")
- mUI.remoteMachineDetails->notifyTargetUsed(mScanner->getTarget());
+ {
+ bool userIsSudoer = ((OscapScannerRemoteSsh *)mScanner)->getUserIsSudoer();
+ mUI.remoteMachineDetails->notifyTargetUsed(mScanner->getTarget(), userIsSudoer);
+ }
mScanThread->start();
}
diff --git a/src/OscapScannerRemoteSsh.cpp b/src/OscapScannerRemoteSsh.cpp
index 7fa38b2e..b1c4426f 100644
--- a/src/OscapScannerRemoteSsh.cpp
+++ b/src/OscapScannerRemoteSsh.cpp
@@ -46,7 +46,7 @@ OscapScannerRemoteSsh::OscapScannerRemoteSsh():
OscapScannerRemoteSsh::~OscapScannerRemoteSsh()
{}
-void OscapScannerRemoteSsh::splitTarget(const QString& in, QString& target, unsigned short& port)
+void OscapScannerRemoteSsh::splitTarget(const QString& in, QString& target, unsigned short& port, bool& userIsSudoer)
{
// NB: We dodge a bullet here because the editor will always pass a port
// as the last component. A lot of checking and parsing does not need
@@ -56,10 +56,19 @@ void OscapScannerRemoteSsh::splitTarget(const QString& in, QString& target, unsi
// being there and always being the last component.
// FIXME: Ideally, this should split from the right side and stop after one split
- QStringList split = in.split(':');
+ userIsSudoer = false;
+ QStringList sudoerSplit = in.split(' ');
+ if (sudoerSplit.size() > 1)
+ {
+ if (sudoerSplit.at(1) == "sudo")
+ {
+ userIsSudoer = true;
+ }
+ }
+ QStringList hostPortSplit = sudoerSplit.at(0).split(':');
- const QString portString = split.back();
- split.removeLast();
+ const QString portString = hostPortSplit.back();
+ hostPortSplit.removeLast();
{
bool status = false;
@@ -69,25 +78,32 @@ void OscapScannerRemoteSsh::splitTarget(const QString& in, QString& target, unsi
port = status ? portCandidate : 22;
}
- target = split.join(":");
+ target = hostPortSplit.join(":");
}
void OscapScannerRemoteSsh::setTarget(const QString& target)
{
- OscapScannerBase::setTarget(target);
+ QStringList sudoerSplit = target.split(' ');
+ OscapScannerBase::setTarget(sudoerSplit.at(0));
if (mSshConnection.isConnected())
mSshConnection.disconnect();
QString cleanTarget;
unsigned short port;
+ bool userIsSudoer;
- splitTarget(target, cleanTarget, port);
+ splitTarget(target, cleanTarget, port, userIsSudoer);
mSshConnection.setTarget(cleanTarget);
mSshConnection.setPort(port);
}
+bool OscapScannerRemoteSsh::getUserIsSudoer() const
+{
+ return mUserIsSudoer;
+}
+
void OscapScannerRemoteSsh::setUserIsSudoer(bool userIsSudoer)
{
mUserIsSudoer = userIsSudoer;
diff --git a/src/RemoteMachineComboBox.cpp b/src/RemoteMachineComboBox.cpp
index 7b402344..127bdac7 100644
--- a/src/RemoteMachineComboBox.cpp
+++ b/src/RemoteMachineComboBox.cpp
@@ -30,7 +30,7 @@ RemoteMachineComboBox::RemoteMachineComboBox(QWidget* parent):
#if (QT_VERSION >= QT_VERSION_CHECK(4, 7, 0))
// placeholder text is only supported in Qt 4.7 onwards
- mUI.host->setPlaceholderText(QObject::tr("username@hostname"));
+ mUI.host->setPlaceholderText(QObject::tr("username@hostname [sudo]"));
#endif
mQSettings = new QSettings(this);
@@ -77,11 +77,12 @@ unsigned int RemoteMachineComboBox::getRecentMachineCount() const
return mRecentTargets.size();
}
-void RemoteMachineComboBox::notifyTargetUsed(const QString& target)
+void RemoteMachineComboBox::notifyTargetUsed(const QString& target, bool userIsSudoer)
{
QString host;
unsigned short port;
- OscapScannerRemoteSsh::splitTarget(target, host, port);
+ bool placeholder;
+ OscapScannerRemoteSsh::splitTarget(target, host, port, placeholder);
// skip invalid suggestions
if (host.isEmpty() || port == 0)
@@ -90,7 +91,8 @@ void RemoteMachineComboBox::notifyTargetUsed(const QString& target)
const unsigned int machineCount = getRecentMachineCount();
// this moves target to the beginning of the list if it was in the list already
- mRecentTargets.prepend(target);
+ QString targetWithSudo = target + (userIsSudoer ? " sudo" : "");
+ mRecentTargets.prepend(targetWithSudo);
mRecentTargets.removeDuplicates();
setRecentMachineCount(machineCount);
@@ -106,6 +108,7 @@ void RemoteMachineComboBox::clearHistory()
{
mUI.host->setText("");
mUI.port->setValue(22);
+ mUI.userIsSudoer->setChecked(false);
const unsigned int machineCount = getRecentMachineCount();
mRecentTargets.clear();
@@ -167,6 +170,7 @@ void RemoteMachineComboBox::updateHostPort(int index)
{
mUI.host->setText("");
mUI.port->setValue(22);
+ mUI.userIsSudoer->setChecked(false);
return;
}
@@ -179,10 +183,11 @@ void RemoteMachineComboBox::updateHostPort(int index)
QString host;
unsigned short port;
+ bool userIsSudoer;
- OscapScannerRemoteSsh::splitTarget(target, host, port);
+ OscapScannerRemoteSsh::splitTarget(target, host, port, userIsSudoer);
mUI.host->setText(host);
mUI.port->setValue(port);
-
+ mUI.userIsSudoer->setChecked(userIsSudoer);
}

50
SOURCES/scap-workbench-1.2.2-replace-obsolete-Qstring-SkipEmptyParts-pr-266.patch Normal file
View File

@ -0,0 +1,50 @@
From c4a7616b9c61acee077359e71db2b3ab4db8098b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Wed, 7 Oct 2020 08:54:22 +0200
Subject: [PATCH] Replace obsolete QString::SkipEmptyParts
Starting from Qt 5.15, the enum QString::SplitBehavior is obsolete
and Qt::SplitBehavior should be used instead.
See:
https://doc.qt.io/qt-5.15/qstring-obsolete.html#SplitBehavior-enum
https://doc.qt.io/qt-5/qt.html#SplitBehaviorFlags-enum
---
src/OscapCapabilities.cpp | 4 ++++
src/RPMOpenHelper.cpp | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/src/OscapCapabilities.cpp b/src/OscapCapabilities.cpp
index 03099fb..83d75f7 100644
--- a/src/OscapCapabilities.cpp
+++ b/src/OscapCapabilities.cpp
@@ -86,7 +86,11 @@ void OscapCapabilities::parse(const QString& mmv)
if (lines.size() < 1)
return; // TODO: Throw exception?
+#if (QT_VERSION >= QT_VERSION_CHECK(5, 15, 0))
+ const QStringList firstLine = lines[0].split(' ', Qt::SkipEmptyParts);
+#else
const QStringList firstLine = lines[0].split(' ', QString::SkipEmptyParts);
+#endif
const QString& versionCandidate = firstLine.last();
if (!versionCandidate.contains(QRegExp("^([0-9]+\\.){2,}[0-9]+$")))
diff --git a/src/RPMOpenHelper.cpp b/src/RPMOpenHelper.cpp
index b12f109..180571b 100644
--- a/src/RPMOpenHelper.cpp
+++ b/src/RPMOpenHelper.cpp
@@ -54,7 +54,11 @@ RPMOpenHelper::RPMOpenHelper(const QString& path)
static QRegExp tailoringRE("^\\.\\/usr\\/share\\/xml\\/scap\\/[^\\/]+\\/tailoring-xccdf\\.xml+$");
static QRegExp inputRE("^\\.\\/usr\\/share\\/xml\\/scap\\/[^\\/]+\\/[^\\/]+\\-(xccdf|ds)\\.xml+$");
+#if (QT_VERSION >= QT_VERSION_CHECK(5, 15, 0))
+ QStringList lines = proc.getStdErrContents().split('\n', Qt::SkipEmptyParts);
+#else
QStringList lines = proc.getStdErrContents().split('\n', QString::SkipEmptyParts);
+#endif
for (QStringList::const_iterator it = lines.constBegin(); it != lines.constEnd(); ++it)
{
const QString& line = *it;
--
2.26.2

87
SOURCES/scap-workbench-1.2.2-ui_dimensions.patch Normal file
View File

@ -0,0 +1,87 @@
diff --git a/ui/SSGIntegrationDialog.ui b/ui/SSGIntegrationDialog.ui
index 2e613740..519773f1 100644
--- a/ui/SSGIntegrationDialog.ui
+++ b/ui/SSGIntegrationDialog.ui
@@ -7,7 +7,7 @@
<x>0</x>
<y>0</y>
<width>889</width>
- <height>288</height>
+ <height>330</height>
</rect>
</property>
<property name="sizePolicy">
@@ -28,6 +28,9 @@
<layout class="QVBoxLayout" name="verticalLayout">
<item>
<layout class="QHBoxLayout" name="horizontalLayout_3">
+ <property name="spacing">
+ <number>12</number>
+ </property>
<item>
<widget class="QLabel" name="ssgLogo">
<property name="sizePolicy">
@@ -52,15 +55,19 @@
</item>
<item>
<layout class="QVBoxLayout" name="verticalLayout_3">
+ <property name="sizeConstraint">
+ <enum>QLayout::SetMinimumSize</enum>
+ </property>
<property name="leftMargin">
<number>0</number>
</property>
<item>
<widget class="QLabel" name="label">
- <property name="font">
- <font>
- <pointsize>11</pointsize>
- </font>
+ <property name="sizePolicy">
+ <sizepolicy hsizetype="Preferred" vsizetype="Minimum">
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
</property>
<property name="text">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;SCAP Security Guide was found installed on this machine.&lt;/p&gt;&lt;p&gt;The content provided by SCAP Security Guide allows you to quickly scan your machine according to well stablished security baselines.&lt;/p&gt;&lt;p&gt;Also, these guides are a good starting point if you'd like to customize a policy or profile for your own needs.&lt;/p&gt;&lt;p&gt;Select one of the default guides to load, or select Other SCAP Content option to load your own content.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
@@ -111,10 +118,13 @@
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
+ <property name="sizeType">
+ <enum>QSizePolicy::MinimumExpanding</enum>
+ </property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
- <height>40</height>
+ <height>20</height>
</size>
</property>
</spacer>
@@ -157,24 +167,6 @@
</item>
</layout>
</item>
- <item>
- <widget class="QWidget" name="widget" native="true">
- <property name="sizePolicy">
- <sizepolicy hsizetype="Preferred" vsizetype="Maximum">
- <horstretch>0</horstretch>
- <verstretch>0</verstretch>
- </sizepolicy>
- </property>
- <layout class="QHBoxLayout" name="horizontalLayout">
- <property name="spacing">
- <number>6</number>
- </property>
- <property name="margin">
- <number>0</number>
- </property>
- </layout>
- </widget>
- </item>
</layout>
</widget>
<resources/>

13
SOURCES/scap-workbench-gcc11.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/MainWindow.cpp b/src/MainWindow.cpp
index c9a0937..e811e83 100644
--- a/src/MainWindow.cpp
+++ b/src/MainWindow.cpp
@@ -409,7 +409,7 @@ void MainWindow::openFile(const QString& path, bool reload)
// Refill mFSWatch after opening file
mFSWatch->removePaths(mFSWatch->files());
- for (const QString path : mScanningSession->getOriginalClosure())
+ for (const QString &path : mScanningSession->getOriginalClosure())
{
mFSWatch->addPath(path);
}

259
SPECS/scap-workbench.spec Normal file
View File

@ -0,0 +1,259 @@
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
Name: scap-workbench
Version: 1.2.1
Release: 13%{?dist}
Summary: Scanning, tailoring, editing and validation tool for SCAP content
License: GPLv3+
URL: http://www.open-scap.org/tools/scap-workbench
Source0: https://github.com/OpenSCAP/scap-workbench/releases/download/%{version}/scap-workbench-%{version}.tar.bz2
Patch1: scap-workbench-1.2.2-fix-qt-deprecated-pr-259.patch
Patch2: scap-workbench-1.2.2-replace-obsolete-Qstring-SkipEmptyParts-pr-266.patch
Patch3: %{name}-gcc11.patch
Patch4: scap-workbench-1.2.2-no-rpath-pr-285.patch
Patch5: scap-workbench-1.2.2-fix-appdata-pr-288.diff
Patch6: scap-workbench-1.2.2-fix-appdata-pr-295.patch
Patch7: scap-workbench-1.2.2-generate-result-based-remediation-from-tailored-profile.patch
Patch8: scap-workbench-1.2.2-ui_dimensions.patch
Patch9: scap-workbench-1.2.2-refactor_messages-PR_271.patch
Patch10: scap-workbench-1.2.2-remote_sudo-PR_270.patch
BuildRequires: cmake >= 2.6
BuildRequires: qt5-qtbase-devel >= 5.0.0
BuildRequires: qt5-qtxmlpatterns-devel >= 5.0.0
# Although releases usually contain compiled docs, builds from source via Packit need to generate those.
BuildRequires: asciidoc
BuildRequires: openscap-devel >= 1.2.11
BuildRequires: openscap-utils >= 1.2.11
Requires: openscap-utils >= 1.2.11
# ssh to scan remote machines
BuildRequires: openssh-clients
Requires: openssh-clients
Requires: openssh-askpass
# because of 'setsid' which we use to force ssh to use GUI askpass
BuildRequires: util-linux
Requires: util-linux
# for privileged local scanning
Requires: polkit
# default content
Requires: scap-security-guide
# fonts, see https://bugzilla.redhat.com/show_bug.cgi?id=1134418
Requires: font(:lang=en)
%description
scap-workbench is GUI tool that provides scanning functionality for SCAP
content. The tool is based on OpenSCAP library.
%prep
%autosetup -p1
%build
%cmake
%cmake_build
%install
%cmake_install
%files
%{_bindir}/scap-workbench
%{_datadir}/applications/org.open_scap.scap_workbench.desktop
%{_datadir}/scap-workbench/*.png
%{_datadir}/scap-workbench/translations/*
%{_libexecdir}/scap-workbench-oscap.sh
%{_libexecdir}/scap-workbench-pkexec-oscap.sh
%{_libexecdir}/scap-workbench-rpm-extract.sh
%{_datadir}/polkit-1/actions/scap-workbench-oscap.policy
%{_datadir}/pixmaps/scap-workbench.png
%{_datadir}/icons/hicolor/scalable/apps/scap-workbench.svg
%{_datadir}/metainfo/org.open_scap.scap_workbench.appdata.xml
%doc %{_mandir}/man8/scap-workbench.8.gz
%doc %{_pkgdocdir}/user_manual.html
%doc %{_pkgdocdir}/COPYING
%doc %{_pkgdocdir}/README.md
%changelog
* Wed Dec 01 2021 Matej Tyc <matyc@redhat.com> - 1.2.1-13
- Ported 1.2.2 patches that we are present in el8 packages (rhbz#2029381)
* Mon Nov 08 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.2.1-12
- Fix appdata (rhbz#2021212)
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.1-11
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Jul 27 2021 Jan Černý <jcerny@redhat.com> - 1.2.1-10
- Do not set rpath (rhbz#1986352)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.1-9
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Oct 16 2020 Jeff Law <law@redhat.com> - 1.2.1-7
- Use reference to avoid range-loop-construct diagnostic
* Wed Oct 07 2020 Jan Černý <jcerny@redhat.com> - 1.2.1-6
- Replace obsolete QString::SkipEmptyParts
* Tue Aug 04 2020 Jan Černý <jcerny@redhat.com> - 1.2.1-5
- Remove qt5-devel from "Requires" section
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/WO625MVYEAAJNHNRLEEJDVZTIWMQOBRR/
- Update for new CMake out of source builds
https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
- Fix Qt5 deprecated symbols
- Fix FTBS in Rawhide/F33 (RHBZ#1865462)
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-4
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 27 2020 Jan Černý <jcerny@redhat.com> - 1.2.1-1
- Upgrade to the latest upstream release
* Fri Jan 03 2020 Matěj Týč <matyc@redhat.com> - 1.2.0-4
- Added asciidoc as build-time dependency for Packit.
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jul 18 2018 Martin Preisler <mpreisle@redhat.com> 1.2.0-1
- Updated to new upstream release 1.2.0
- Now using Qt5
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Nov 10 2017 Martin Preisler <mpreisle@redhat.com> 1.1.6-1
- Updated to new upstream release 1.1.6
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon Jun 19 2017 Martin Preisler <mpreisle@redhat.com> 1.1.5-1
- Updated to new upstream release 1.1.5
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Jan 17 2017 Martin Preisler <mpreisle@redhat.com> - 1.1.4-2
- Rebuilt for OpenSCAP 1.2.13
* Mon Jan 02 2017 Martin Preisler <mpreisle@redhat.com> 1.1.4-1
- Updated to new upstream release 1.1.4
* Mon Dec 12 2016 Martin Preisler <mpreisle@redhat.com> 1.1.3-1
- Updated to new upstream release 1.1.3
- Bumped openscap requirement to 1.2.11 because of the remote resource warning
* Mon Jun 20 2016 Martin Preisler <mpreisle@redhat.com> 1.1.2-1
- Updated to new upstream release 1.1.2
- Removed SCL related bits
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Mon Nov 02 2015 Martin Preisler <mpreisle@redhat.com> 1.1.1-2
- Require English fonts (bz#1134418)
- Updated with latest upstream URLs
- Reorganized the spec a little
* Tue Sep 29 2015 Martin Preisler <mpreisle@redhat.com> 1.1.1-1
- Updated to new upstream release 1.1.1-1
* Wed Jul 29 2015 Martin Preisler <mpreisle@redhat.com> 1.1.0-4
- Make BuildRequires more explicit by requiring qt >= 4.0.0 and cmake >= 2.6
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 1.1.0-2
- Rebuilt for GCC 5 C++11 ABI change
* Tue Mar 24 2015 Martin Preisler <mpreisle@redhat.com> 1.1.0-1
- Updated to new upstream release 1.1.0
- Added openssh-clients and util-linux to BuildRequires, workbench checks those
at configure time now
- Added scap-security-guide to Requires
* Fri Jan 09 2015 Martin Preisler <mpreisle@redhat.com> 1.0.3-1
- Updated to new upstream release 1.0.3
* Thu Oct 30 2014 Martin Preisler <mpreisle@redhat.com> 1.0.2-2
- Fix RPM open functionality, see rhbz#1154039
* Wed Sep 24 2014 Martin Preisler <mpreisle@redhat.com> 1.0.2-1
- Updated to new upstream release 1.0.2
* Fri Sep 05 2014 Martin Preisler <mpreisle@redhat.com> 1.0.1-1
- Updated to new upstream release 1.0.1
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun 27 2014 Martin Preisler <mpreisle@redhat.com> 1.0.0-1
- Updated to new version
* Tue Jun 10 2014 Martin Preisler <mpreisle@redhat.com> 0.8.9-1
- Updated to new version
- appdata is now available
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Mar 26 2014 Martin Preisler <mpreisle@redhat.com> 0.8.8-1
- Updated to new version
* Wed Feb 19 2014 Martin Preisler <mpreisle@redhat.com> 0.8.7-1
- Updated to new version
* Thu Jan 30 2014 Martin Preisler <mpreisle@redhat.com> 0.8.6-1
- Updated to new version
- Require polkit
* Mon Jan 20 2014 Martin Preisler <mpreisle@redhat.com> 0.8.5-2
- Require openssh-askpass for GUI openssh challenge responses
* Fri Jan 10 2014 Martin Preisler <mpreisle@redhat.com> 0.8.5-1
- Updated to new version
* Mon Dec 09 2013 Martin Preisler <mpreisle@redhat.com> 0.8.4-1
- Updated to new version
* Fri Nov 29 2013 Martin Preisler <mpreisle@redhat.com> 0.8.3-1
- Updated to new version
- Added measures to deal with unversioned pkgdocdir in Fedora 20+
* Mon Nov 18 2013 Martin Preisler <mpreisle@redhat.com> 0.8.2-2
- Removed the openscap detection workaround, it is no longer needed with openscap 0.9.13
* Wed Oct 30 2013 Martin Preisler <mpreisle@redhat.com> 0.8.2-1
- Updated to new version
- Added a workaround to the cmake invocation because of faulty openscap .pc file
* Fri Sep 20 2013 Martin Preisler <mpreisle@redhat.com> 0.8.1-1
- Updated to new version
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Jul 04 2013 Martin Preisler <mpreisle@redhat.com> 0.8.0-1
- Initial release of the rewritten workbench