scap-security-guide: Fix openembedded platform tests

Update the installed_OS_is_openembedded check to drop the quotes in the VERSION_ID string to match f451c68667cca of openembedded-core. Without this fix, all tests are reported as "notapplicable". Signed-off-by: Akshay Bhat <akshay.bhat@timesys.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Akshay Bhat <nodeax@gmail.com> 2022-02-14 14:08:38 -0500
committer: Armin Kuster <akuster808@gmail.com> 2022-02-20 19:39:28 -0800
commit: caec0c657de7d0e5f565bd63c501ba287db5dcd8 (patch)
tree: 6e50b0f4e72b78800f35dfd3d322277d3ccf8afb
parent: 9cd85e054fc8b3844e9bb74f34f4402029182844 (diff)
download: meta-security-caec0c657de7d0e5f565bd63c501ba287db5dcd8.tar.gz
2 files changed, 31 insertions, 0 deletions
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-installed_OS_is_openembedded-Update-pattern-match.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-installed_OS_is_openembedded-Update-pattern-match.patch
new file mode 100644
index 0000000..61d9206
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-installed_OS_is_openembedded-Update-pattern-match.patch
@@ -0,0 +1,30 @@
+From d943e41d64da6af89a6b8224110299ad88747497 Mon Sep 17 00:00:00 2001
+From: Akshay Bhat <akshay.bhat@timesys.com>
+Date: Mon, 14 Feb 2022 13:00:31 -0500
+Subject: [PATCH] installed_OS_is_openembedded: Update pattern match
+The VERSION_ID string is no longer quoted with f451c68667cca of
+openembedded-core. Update the pattern match check in
+installed_OS_is_openembedded to match the same.
+Signed-off-by: Akshay Bhat <akshay.bhat@timesys.com>
+---
+ shared/checks/oval/installed_OS_is_openembedded.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/shared/checks/oval/installed_OS_is_openembedded.xml b/shared/checks/oval/installed_OS_is_openembedded.xml
+index 01df16b43..eaf9f2b10 100644
+--- a/shared/checks/oval/installed_OS_is_openembedded.xml
+++ b/shared/checks/oval/installed_OS_is_openembedded.xml
+@@ -23,7 +23,7 @@
+   </ind:textfilecontent54_test>
+   <ind:textfilecontent54_object id="obj_openembedded" version="1" comment="Check OpenEmbedded version">
+     <ind:filepath>/etc/os-release</ind:filepath>
+-    <ind:pattern operation="pattern match">^VERSION_ID=\"nodistro\.[0-9].$</ind:pattern>
+    <ind:pattern operation="pattern match">^VERSION_ID=nodistro\.[0-9]$</ind:pattern>
+     <ind:instance datatype="int">1</ind:instance>
+   </ind:textfilecontent54_object>
+ 
+-- 
+2.25.1
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
index ddde5cc..f493ea8 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -9,6 +9,7 @@ SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44;;pr
           file://0003-fix-remaining-getchildren-and-getiterator-functions.patch \
           file://0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch \
           file://0002-Fix-missing-openembedded-from-ssg-constants.py.patch \
+           file://0001-installed_OS_is_openembedded-Update-pattern-match.patch \
          "
 PV = "0.1.44+git${SRCPV}"
author	Akshay Bhat <nodeax@gmail.com>	2022-02-14 14:08:38 -0500
committer	Armin Kuster <akuster808@gmail.com>	2022-02-20 19:39:28 -0800
commit	caec0c657de7d0e5f565bd63c501ba287db5dcd8 (patch)
tree	6e50b0f4e72b78800f35dfd3d322277d3ccf8afb
parent	9cd85e054fc8b3844e9bb74f34f4402029182844 (diff)
download	meta-security-caec0c657de7d0e5f565bd63c501ba287db5dcd8.tar.gz

diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-installed_OS_is_openembedded-Update-pattern-match.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-installed_OS_is_openembedded-Update-pattern-match.patch new file mode 100644 index 0000000..61d9206 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-installed_OS_is_openembedded-Update-pattern-match.patch
@@ -0,0 +1,30 @@
		1	From d943e41d64da6af89a6b8224110299ad88747497 Mon Sep 17 00:00:00 2001
		2	From: Akshay Bhat <akshay.bhat@timesys.com>
		3	Date: Mon, 14 Feb 2022 13:00:31 -0500
		4	Subject: [PATCH] installed_OS_is_openembedded: Update pattern match
		5
		6	The VERSION_ID string is no longer quoted with f451c68667cca of
		7	openembedded-core. Update the pattern match check in
		8	installed_OS_is_openembedded to match the same.
		9
		10	Signed-off-by: Akshay Bhat <akshay.bhat@timesys.com>
		11	---
		12	shared/checks/oval/installed_OS_is_openembedded.xml \| 2 +-
		13	1 file changed, 1 insertion(+), 1 deletion(-)
		14
		15	diff --git a/shared/checks/oval/installed_OS_is_openembedded.xml b/shared/checks/oval/installed_OS_is_openembedded.xml
		16	index 01df16b43..eaf9f2b10 100644
		17	--- a/shared/checks/oval/installed_OS_is_openembedded.xml
		18	+++ b/shared/checks/oval/installed_OS_is_openembedded.xml
		19	@@ -23,7 +23,7 @@
		20	</ind:textfilecontent54_test>
		21	<ind:textfilecontent54_object id="obj_openembedded" version="1" comment="Check OpenEmbedded version">
		22	<ind:filepath>/etc/os-release</ind:filepath>
		23	- <ind:pattern operation="pattern match">^VERSION_ID=\"nodistro\.[0-9].$</ind:pattern>
		24	+ <ind:pattern operation="pattern match">^VERSION_ID=nodistro\.[0-9]$</ind:pattern>
		25	<ind:instance datatype="int">1</ind:instance>
		26	</ind:textfilecontent54_object>
		27
		28	--
		29	2.25.1
		30


diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb index ddde5cc..f493ea8 100644 --- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb +++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -9,6 +9,7 @@ SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44;;pr
9	file://0003-fix-remaining-getchildren-and-getiterator-functions.patch \	9	file://0003-fix-remaining-getchildren-and-getiterator-functions.patch \
10	file://0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch \	10	file://0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch \
11	file://0002-Fix-missing-openembedded-from-ssg-constants.py.patch \	11	file://0002-Fix-missing-openembedded-from-ssg-constants.py.patch \
		12	file://0001-installed_OS_is_openembedded-Update-pattern-match.patch \
12	"	13	"
13	PV = "0.1.44+git${SRCPV}"	14	PV = "0.1.44+git${SRCPV}"
14		15