openscap: update recipe

* Add PACKAGECONFIG for gcrypt, nss3 and selinux * Use EXTRA_OECMAKE rather than EXTRA_OECONF * Set CMAKE_SKIP_RPATH and CMAKE_SKIP_INSTALL_RPATH instead of chrpath * Remove ptest since there are many host contamination issues on target. We will add it back when these issues are solved. * Drop the unused patch * Add PV Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Yi Zhao <yi.zhao@windriver.com> 2019-07-25 16:34:18 +0800
committer: Armin Kuster <akuster808@gmail.com> 2019-08-04 12:17:25 -0700
commit: b9b575823d95ce22833f389e7ff5b37d68f003a1 (patch)
tree: 4b063760200a84f99d04a84b76dc6a37949f5497
parent: a655c8e4b4b883222c6266788d9a41200d28a9e8 (diff)
download: meta-security-b9b575823d95ce22833f389e7ff5b37d68f003a1.tar.gz
5 files changed, 30 insertions, 71 deletions
diff --git a/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch b/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch
deleted file mode 100644
index ecbe602..0000000
--- a/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Index: git/configure.ac
-===================================================================
--- git.orig/configure.ac
-+++ git/configure.ac
-@@ -1109,11 +1109,7 @@ AC_ARG_WITH([crypto],
-      [],
-      [crypto=gcrypt])
- 
-if test "x${libexecdir}" = xNONE; then
-       probe_dir="/usr/local/libexec/openscap"
-else
-       EXPAND_DIR(probe_dir,"${libexecdir}/openscap")
-fi
-+probe_dir="/usr/local/libexec/openscap"
- 
- AC_SUBST(probe_dir)
- 
diff --git a/meta-security-compliance/recipes-openscap/openscap/files/run-ptest b/meta-security-compliance/recipes-openscap/openscap/files/run-ptest
deleted file mode 100644
index 454a6a3..0000000
--- a/meta-security-compliance/recipes-openscap/openscap/files/run-ptest
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-cd tests
-make -k check
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
index e5daaf8..f23ea99 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap.inc
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
@@ -6,71 +6,50 @@ HOME_URL = "https://www.open-scap.org/tools/openscap-base/"
 LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
 LICENSE = "LGPL-2.1"
-DEPENDS = "autoconf-archive dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libgcrypt chrpath-replacement-native "
+DEPENDS = "autoconf-archive dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig"
+DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native dpkg-native"
-DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native nss-native"
 S = "${WORKDIR}/git"
-inherit cmake pkgconfig python3native perlnative ptest
+inherit cmake pkgconfig python3native perlnative
-PACKAGECONFIG ?= "python3 rpm perl"
+PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
-PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=True, , python3, python3"
+PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=ON, ,python3, python3"
-PACKAGECONFIG[perl] = "-DENABLE_PERL=True,, perl, perl"
+PACKAGECONFIG[perl] = "-DENABLE_PERL=ON, ,perl, perl"
-PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=True, ,rpm, rpm"
+PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=ON, ,rpm, rpm"
+PACKAGECONFIG[gcrypt] = "-DWITH_CRYPTO=gcrypt, ,libgcrypt"
-EXTRA_OECONF += "-DENABLE_PROBES_INDEPENDENT=yes -DENABLE_PROBES_LINUX=yes -DWITH_CRYPTO=gcrypt\
+PACKAGECONFIG[nss3] = "-DWITH_CRYPTO=nss3, ,nss"
-                -DENABLE_PROBES_SOLARIS=yes -DENABLE_PROBES_UNIX=yes  -DENABLE_TESTS=no \
+PACKAGECONFIG[selinux] = ", ,libselinux"
-                -DENABLE_OSCAP_UTIL_SSH=yes -DENABLE_OSCAP_UTIL=yes -DENABLE_SCE=yes \
-                -DENABLE_OSCAP_UTIL_DOCKER=no \
+EXTRA_OECMAKE += "-DENABLE_PROBES_LINUX=ON -DENABLE_PROBES_UNIX=ON \
-                "
+                  -DENABLE_PROBES_SOLARIS=OFF -DENABLE_PROBES_INDEPENDENT=ON \
+                  -DENABLE_OSCAP_UTIL=ON -DENABLE_OSCAP_UTIL_SSH=ON \
+                  -DENABLE_OSCAP_UTIL_DOCKER=OFF -DENABLE_OSCAP_UTIL_CHROOT=OFF \
+                  -DENABLE_OSCAP_UTIL_PODMAN=OFF -DENABLE_OSCAP_UTIL_VM=OFF \
+                  -DENABLE_PROBES_WINDOWS=OFF -DENABLE_VALGRIND=OFF \
+                  -DENABLE_SCE=ON -DENABLE_MITRE=OFF -DENABLE_TESTS=OFF \
+                  -DCMAKE_SKIP_INSTALL_RPATH=ON -DCMAKE_SKIP_RPATH=ON \
+                 "
 STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source"
 STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
-EXTRANATIVEPATH += "chrpath-native"
 do_configure_append_class-native () {
-        sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${B}/config.h
+    sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${B}/config.h
-        sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${B}/config.h
+    sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${B}/config.h
-        sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${B}/config.h
+    sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${B}/config.h
 }
-do_clean[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}"
+do_clean[cleandirs] += "${STAGING_OSCAP_BUILDDIR}"
-do_compile_append_class-target() {
-        sed -i -e 's:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:' ${B}/utils/oscap-docker
-}
 do_install_append_class-native () {
-        oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native}
+    oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native}
-        install -d $oscapdir    
+    install -d $oscapdir
-        cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir
+    cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir
 }
-TESTDIR = "tests"
-do_compile_ptest() {
-    oe-runcmake ${TESTDIR} 
-}
-do_install_ptest() {
-    # install the tests
-    cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH}
-}
-do_fixup_rpath() {
-        chrpath -d ${D}${libdir}/libopenscap.so.25.0.1
-        chrpath -d ${D}${libdir}/libopenscap_sce.so.25.0.1
-        chrpath -d ${D}${bindir}/oscap
-}
-addtask fixup_rpath before do_package after do_install
 FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}"
 RDEPENDS_${PN} += "libxml2 python3 libgcc"
-RDEPENDS_${PN}-ptest = "bash perl python3-core"
 BBCLASSEXTEND = "native"
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb
index c29fd42..ad29efd 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb
@@ -4,7 +4,6 @@ require openscap.inc
 SRCREV = "3a4c635691380fa990a226acc8558db35d7ebabc"
 SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \
-           file://run-ptest \
 "
 DEFAULT_PREFERENCE = "-1"
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
index aded920..963d3de 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
@@ -7,5 +7,6 @@ include openscap.inc
 SRCREV = "4bbdb46ff651f809d5b38ca08d769790c4bfff90"
 SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \
-           file://run-ptest \
 "
+PV = "1.3.1+git${SRCPV}"
author	Yi Zhao <yi.zhao@windriver.com>	2019-07-25 16:34:18 +0800
committer	Armin Kuster <akuster808@gmail.com>	2019-08-04 12:17:25 -0700
commit	b9b575823d95ce22833f389e7ff5b37d68f003a1 (patch)
tree	4b063760200a84f99d04a84b76dc6a37949f5497
parent	a655c8e4b4b883222c6266788d9a41200d28a9e8 (diff)
download	meta-security-b9b575823d95ce22833f389e7ff5b37d68f003a1.tar.gz

diff --git a/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch b/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch deleted file mode 100644 index ecbe602..0000000 --- a/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch +++ /dev/null
@@ -1,17 +0,0 @@
1	Index: git/configure.ac
2	===================================================================
3	--- git.orig/configure.ac
4	+++ git/configure.ac
5	@@ -1109,11 +1109,7 @@ AC_ARG_WITH([crypto],
6	[],
7	[crypto=gcrypt])
8
9	-if test "x${libexecdir}" = xNONE; then
10	- probe_dir="/usr/local/libexec/openscap"
11	-else
12	- EXPAND_DIR(probe_dir,"${libexecdir}/openscap")
13	-fi
14	+probe_dir="/usr/local/libexec/openscap"
15
16	AC_SUBST(probe_dir)
17


diff --git a/meta-security-compliance/recipes-openscap/openscap/files/run-ptest b/meta-security-compliance/recipes-openscap/openscap/files/run-ptest deleted file mode 100644 index 454a6a3..0000000 --- a/meta-security-compliance/recipes-openscap/openscap/files/run-ptest +++ /dev/null
@@ -1,3 +0,0 @@
1	#!/bin/sh
2	cd tests
3	make -k check


diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security-compliance/recipes-openscap/openscap/openscap.inc index e5daaf8..f23ea99 100644 --- a/meta-security-compliance/recipes-openscap/openscap/openscap.inc +++ b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
@@ -6,71 +6,50 @@ HOME_URL = "https://www.open-scap.org/tools/openscap-base/"
6	LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"	6	LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
7	LICENSE = "LGPL-2.1"	7	LICENSE = "LGPL-2.1"
8		8
9	DEPENDS = "autoconf-archive dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libgcrypt chrpath-replacement-native "	9	DEPENDS = "autoconf-archive dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig"
10		10	DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native dpkg-native"
11	DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native nss-native"
12		11
13	S = "${WORKDIR}/git"	12	S = "${WORKDIR}/git"
14		13
15	inherit cmake pkgconfig python3native perlnative ptest	14	inherit cmake pkgconfig python3native perlnative
16		15
17	PACKAGECONFIG ?= "python3 rpm perl"	16	PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
18	PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=True, , python3, python3"	17	PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=ON, ,python3, python3"
19	PACKAGECONFIG[perl] = "-DENABLE_PERL=True,, perl, perl"	18	PACKAGECONFIG[perl] = "-DENABLE_PERL=ON, ,perl, perl"
20	PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=True, ,rpm, rpm"	19	PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=ON, ,rpm, rpm"
21		20	PACKAGECONFIG[gcrypt] = "-DWITH_CRYPTO=gcrypt, ,libgcrypt"
22	EXTRA_OECONF += "-DENABLE_PROBES_INDEPENDENT=yes -DENABLE_PROBES_LINUX=yes -DWITH_CRYPTO=gcrypt\	21	PACKAGECONFIG[nss3] = "-DWITH_CRYPTO=nss3, ,nss"
23	-DENABLE_PROBES_SOLARIS=yes -DENABLE_PROBES_UNIX=yes -DENABLE_TESTS=no \	22	PACKAGECONFIG[selinux] = ", ,libselinux"
24	-DENABLE_OSCAP_UTIL_SSH=yes -DENABLE_OSCAP_UTIL=yes -DENABLE_SCE=yes \	23
25	-DENABLE_OSCAP_UTIL_DOCKER=no \	24	EXTRA_OECMAKE += "-DENABLE_PROBES_LINUX=ON -DENABLE_PROBES_UNIX=ON \
26	"	25	-DENABLE_PROBES_SOLARIS=OFF -DENABLE_PROBES_INDEPENDENT=ON \
27		26	-DENABLE_OSCAP_UTIL=ON -DENABLE_OSCAP_UTIL_SSH=ON \
		27	-DENABLE_OSCAP_UTIL_DOCKER=OFF -DENABLE_OSCAP_UTIL_CHROOT=OFF \
		28	-DENABLE_OSCAP_UTIL_PODMAN=OFF -DENABLE_OSCAP_UTIL_VM=OFF \
		29	-DENABLE_PROBES_WINDOWS=OFF -DENABLE_VALGRIND=OFF \
		30	-DENABLE_SCE=ON -DENABLE_MITRE=OFF -DENABLE_TESTS=OFF \
		31	-DCMAKE_SKIP_INSTALL_RPATH=ON -DCMAKE_SKIP_RPATH=ON \
		32	"
28		33
29	STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source"	34	STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source"
30	STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"	35	STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
31		36
32	EXTRANATIVEPATH += "chrpath-native"
33
34	do_configure_append_class-native () {	37	do_configure_append_class-native () {
35	sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${B}/config.h	38	sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${B}/config.h
36	sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${B}/config.h	39	sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${B}/config.h
37	sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${B}/config.h	40	sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${B}/config.h
38	}	41	}
39		42
40	do_clean[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}"	43	do_clean[cleandirs] += "${STAGING_OSCAP_BUILDDIR}"
41
42	do_compile_append_class-target() {
43	sed -i -e 's:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:' ${B}/utils/oscap-docker
44	}
45		44
46	do_install_append_class-native () {	45	do_install_append_class-native () {
47	oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native}	46	oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native}
48	install -d $oscapdir	47	install -d $oscapdir
49	cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir	48	cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir
50	}	49	}
51		50
52	TESTDIR = "tests"
53
54	do_compile_ptest() {
55	oe-runcmake ${TESTDIR}
56	}
57
58	do_install_ptest() {
59	# install the tests
60	cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH}
61	}
62
63	do_fixup_rpath() {
64	chrpath -d ${D}${libdir}/libopenscap.so.25.0.1
65	chrpath -d ${D}${libdir}/libopenscap_sce.so.25.0.1
66	chrpath -d ${D}${bindir}/oscap
67	}
68
69	addtask fixup_rpath before do_package after do_install
70
71	FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}"	51	FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}"
72		52
73	RDEPENDS_${PN} += "libxml2 python3 libgcc"	53	RDEPENDS_${PN} += "libxml2 python3 libgcc"
74	RDEPENDS_${PN}-ptest = "bash perl python3-core"
75		54
76	BBCLASSEXTEND = "native"	55	BBCLASSEXTEND = "native"


diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb index c29fd42..ad29efd 100644 --- a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb +++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb
@@ -4,7 +4,6 @@ require openscap.inc
4		4
5	SRCREV = "3a4c635691380fa990a226acc8558db35d7ebabc"	5	SRCREV = "3a4c635691380fa990a226acc8558db35d7ebabc"
6	SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \	6	SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \
7	file://run-ptest \
8	"	7	"
9		8
10	DEFAULT_PREFERENCE = "-1"	9	DEFAULT_PREFERENCE = "-1"


diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb index aded920..963d3de 100644 --- a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb +++ b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
@@ -7,5 +7,6 @@ include openscap.inc
7		7
8	SRCREV = "4bbdb46ff651f809d5b38ca08d769790c4bfff90"	8	SRCREV = "4bbdb46ff651f809d5b38ca08d769790c4bfff90"
9	SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \	9	SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \
10	file://run-ptest \
11	"	10	"
		11
		12	PV = "1.3.1+git${SRCPV}"