buck-security: Parameterize hard-coded file locations.

buck-security hard-codes a number of file locations for the target system on
which it operates and also its own dependencies. These hard-coded dependencies
have been parameterized and a few other related changes have been made. The
changes are more fully explained below.

buck-security.bb:

* The RDEPENDS_${PN} variable has been made more orderly in anticipation of
  subsequent changes. It also includes a few other perl modules required by
  the changes to the application.
* The functionality.patch file has been removed and superseded by the
  take_root_dir.patch patch.
* The definition of S is parameterized on BPN not PN; they are different if the
  package has a native option.
* The install step replaces the use directives and an assignment in the
  buck-security script in a more general way than previously.
* The recipes now allows the package to have a native version.

take_root_dir.patch:
  * buck-security

    * An additional flag, sysroot, that specifies the sysroot of the filesystem
      that the buck-security utility inspects is added. If the sysroot can not
      be located the script fails gracefully.
    * An additional flag, no-sudo, which prevents the script from exiting
      if it is not run by root is added.
    * An additional flag, disable-checks, which accepts a comma-separated list
      of checks to be disabled is added.
    * The script checks whether there has been an error in parsing the
      command-line arguments and fails with a usage message if there has.
    * The log flag now optionally takes a log file name.
    * The location of the configuration file is calculated relative to the
      location of the main script and if it can not be found the script fails
      gracefully.
    * The various file locations specified in the buck-security configuration
      file are made relative to the location of the buck-security script or the
      sysroot as appropriate.
    * If a log file has been specified the log is not also printed to stdout.
    * The command actually executed is printed in the log.
    * Some checks for mutually exclusive options are added.
    * Output level 3 is now meaningless, so it has been removed.
    * Various changes have been made to the report format.
    * Results are sorted lexicographically and, if abspath, do not include
      the sysroot.

  * checks/*.pm files
    * Wherever a directory had been hard-coded it is now parameterized on the
      sysroot.
    * In some cases, a test that had previously been run as a bash test was
      converted to a perl test to allow better handling of results and errors.
    * The output parameter is no longer accepted by the check procedure since
      this value is global.
    * All check procedures now accept an output_type parameter.
    * The dangling URLs are removed from the help text.

  * checks/lib/check.pm
    * The CheckBash and CheckPerl functions have been adapted so that the
      the filepaths are not hard-coded and so that the actual command is made
      available to the logging component.
    * A parameter indicating the outcome type is accepted and passed to the
      exception checker.
    * Error output is clearly distinguished from regular output.
    * A failure in a test is clearly distinguished from an insecure result.
    * The output is no longer formatted in the check functions.

  * checks/lib/mkchecksum.pm
    * The command no longer is run on non-existent directories.

  * checks/lib/exceptions.pm
    * The exception file path is located relative to the buck-security script.
    * If the exceptions are pathnames, the sysroot is prepended.
    * Correct wildcard semantics is observed.

  * checks/lib/users.pm
    * The passwd files are located relative to the sysroot.
    * Reading from the password file is made more principle.
    * The test experiences an error if files can not be found rather than
      the script terminating.
    * Some dead code is eliminated.

  * conf/buck-security.conf
    * The checksum_dir variable is a list instead of a string for easier
      manipulation.
    * The new configuration variable sysdir is added and the default is /.
    * The ssh_config variable is added.
    * All tests are included in the checks variable.

  * checks/sshd.pm
    * The ssh config file is set in the buck-security configuration file
      instead of hard-coded here.

  * checks/nopasswd.pm
    * This is a duplicate of emptypasswd, so it is removed.

  * RDEPENDS_${PN}_class-native variable is added as some tasks make no
    sense when run externally. Since they will not be run, there is no point

0 files changed, 0 insertions, 0 deletions