From 4bfd29a330a7dce83d5babc27b087b08c7928748 Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Tue, 13 Jun 2023 11:15:31 -0400 Subject: openscap: move to main meta-security layer Signed-off-by: Armin Kuster --- .../recipes-openscap/openscap/openscap_1.3.7.bb | 67 ---------------------- .../scap-security-guide_0.1.67.bb | 39 ------------- recipes-compliance/openscap/openscap_1.3.7.bb | 67 ++++++++++++++++++++++ .../scap-security-guide_0.1.67.bb | 39 +++++++++++++ 4 files changed, 106 insertions(+), 106 deletions(-) delete mode 100644 meta-security-compliance/recipes-openscap/openscap/openscap_1.3.7.bb delete mode 100644 meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.67.bb create mode 100644 recipes-compliance/openscap/openscap_1.3.7.bb create mode 100644 recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.7.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.7.bb deleted file mode 100644 index a422f9c..0000000 --- a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.7.bb +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright (C) 2017 - 2023 Armin Kuster -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMARRY = "NIST Certified SCAP 1.2 toolkit" -HOME_URL = "https://www.open-scap.org/tools/openscap-base/" -LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" -LICENSE = "LGPL-2.1-only" - -DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libpcre xmlsec1" -DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native libpcre-native xmlsec1-native" - - -SRCREV = "55efbfda0f617e05862ab6ed4862e10dbee52b03" -SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https" - -S = "${WORKDIR}/git" - -inherit cmake pkgconfig python3native python3targetconfig perlnative systemd - -PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" -PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=ON, ,python3, python3" -PACKAGECONFIG[perl] = "-DENABLE_PERL=ON, ,perl, perl" -PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=ON, ,rpm, rpm" -PACKAGECONFIG[gcrypt] = "-DWITH_CRYPTO=gcrypt, ,libgcrypt" -PACKAGECONFIG[nss3] = "-DWITH_CRYPTO=nss3, ,nss" -PACKAGECONFIG[selinux] = ", ,libselinux" - -EXTRA_OECMAKE += "-DENABLE_PROBES_LINUX=ON -DENABLE_PROBES_UNIX=ON \ - -DENABLE_PROBES_SOLARIS=OFF -DENABLE_PROBES_INDEPENDENT=ON \ - -DENABLE_OSCAP_UTIL=ON -DENABLE_OSCAP_UTIL_SSH=ON \ - -DENABLE_OSCAP_UTIL_DOCKER=OFF -DENABLE_OSCAP_UTIL_CHROOT=OFF \ - -DENABLE_OSCAP_UTIL_PODMAN=OFF -DENABLE_OSCAP_UTIL_VM=OFF \ - -DENABLE_PROBES_WINDOWS=OFF -DENABLE_VALGRIND=OFF \ - -DENABLE_SCE=ON -DENABLE_MITRE=OFF -DENABLE_TESTS=OFF \ - -DCMAKE_SKIP_INSTALL_RPATH=ON -DCMAKE_SKIP_RPATH=ON \ - " - -STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source" -STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" - -do_configure:append:class-native () { - sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${B}/config.h - sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${B}/config.h - sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${B}/config.h -} - -do_install:append () { - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -D -m 0644 ${B}/oscap-remediate.service ${D}${systemd_system_unitdir}/oscap-remediate.service - fi -} - -do_install:class-native[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}" -do_install:append:class-native () { - oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native} - install -d $oscapdir - cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir -} - - -SYSTEMD_PACKAGES = "${PN}" -SYSTEMD_SERVICE:${PN} = "oscap-remediate.service" - -FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR}" - -RDEPENDS:${PN} += "libxml2 python3-core libgcc bash" -BBCLASSEXTEND = "native" diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.67.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.67.bb deleted file mode 100644 index 53ee03e..0000000 --- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.67.bb +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright (C) 2017 - 2023 Armin Kuster -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMARRY = "SCAP content for various platforms, upstream version" -HOME_URL = "https://www.open-scap.org/security-policies/scap-security-guide/" -LIC_FILES_CHKSUM = "file://LICENSE;md5=9bfa86579213cb4c6adaffface6b2820" -LICENSE = "BSD-3-Clause" - -SRCREV = "dad85502ce8da722a6afc391346c41cee61e90a9" -SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https" - - -DEPENDS = "openscap-native python3-pyyaml-native python3-jinja2-native libxml2-native expat-native coreutils-native" - -S = "${WORKDIR}/git" - -inherit cmake pkgconfig python3native python3targetconfig - -STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" -export OSCAP_CPE_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe" -export OSCAP_SCHEMA_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas" -export OSCAP_XSLT_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl" - -OECMAKE_GENERATOR = "Unix Makefiles" - -EXTRA_OECMAKE += "-DENABLE_PYTHON_COVERAGE=OFF -DSSG_PRODUCT_DEFAULT=OFF -DSSG_PRODUCT_EXAMPLE=ON" - -B = "${S}/build" - -do_configure[depends] += "openscap-native:do_install" - -do_configure:prepend () { - sed -i -e 's:NAMES\ sed:NAMES\ ${HOSTTOOLS_DIR}/sed:g' ${S}/CMakeLists.txt - sed -i -e 's:NAMES\ grep:NAMES\ ${HOSTTOOLS_DIR}/grep:g' ${S}/CMakeLists.txt -} - -FILES:${PN} += "${datadir}/xml" - -RDEPENDS:${PN} = "openscap" diff --git a/recipes-compliance/openscap/openscap_1.3.7.bb b/recipes-compliance/openscap/openscap_1.3.7.bb new file mode 100644 index 0000000..a422f9c --- /dev/null +++ b/recipes-compliance/openscap/openscap_1.3.7.bb @@ -0,0 +1,67 @@ +# Copyright (C) 2017 - 2023 Armin Kuster +# Released under the MIT license (see COPYING.MIT for the terms) + +SUMARRY = "NIST Certified SCAP 1.2 toolkit" +HOME_URL = "https://www.open-scap.org/tools/openscap-base/" +LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" +LICENSE = "LGPL-2.1-only" + +DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libpcre xmlsec1" +DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native libpcre-native xmlsec1-native" + + +SRCREV = "55efbfda0f617e05862ab6ed4862e10dbee52b03" +SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https" + +S = "${WORKDIR}/git" + +inherit cmake pkgconfig python3native python3targetconfig perlnative systemd + +PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" +PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=ON, ,python3, python3" +PACKAGECONFIG[perl] = "-DENABLE_PERL=ON, ,perl, perl" +PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=ON, ,rpm, rpm" +PACKAGECONFIG[gcrypt] = "-DWITH_CRYPTO=gcrypt, ,libgcrypt" +PACKAGECONFIG[nss3] = "-DWITH_CRYPTO=nss3, ,nss" +PACKAGECONFIG[selinux] = ", ,libselinux" + +EXTRA_OECMAKE += "-DENABLE_PROBES_LINUX=ON -DENABLE_PROBES_UNIX=ON \ + -DENABLE_PROBES_SOLARIS=OFF -DENABLE_PROBES_INDEPENDENT=ON \ + -DENABLE_OSCAP_UTIL=ON -DENABLE_OSCAP_UTIL_SSH=ON \ + -DENABLE_OSCAP_UTIL_DOCKER=OFF -DENABLE_OSCAP_UTIL_CHROOT=OFF \ + -DENABLE_OSCAP_UTIL_PODMAN=OFF -DENABLE_OSCAP_UTIL_VM=OFF \ + -DENABLE_PROBES_WINDOWS=OFF -DENABLE_VALGRIND=OFF \ + -DENABLE_SCE=ON -DENABLE_MITRE=OFF -DENABLE_TESTS=OFF \ + -DCMAKE_SKIP_INSTALL_RPATH=ON -DCMAKE_SKIP_RPATH=ON \ + " + +STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source" +STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" + +do_configure:append:class-native () { + sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${B}/config.h + sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${B}/config.h + sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${B}/config.h +} + +do_install:append () { + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -D -m 0644 ${B}/oscap-remediate.service ${D}${systemd_system_unitdir}/oscap-remediate.service + fi +} + +do_install:class-native[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}" +do_install:append:class-native () { + oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native} + install -d $oscapdir + cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir +} + + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE:${PN} = "oscap-remediate.service" + +FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR}" + +RDEPENDS:${PN} += "libxml2 python3-core libgcc bash" +BBCLASSEXTEND = "native" diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb new file mode 100644 index 0000000..53ee03e --- /dev/null +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb @@ -0,0 +1,39 @@ +# Copyright (C) 2017 - 2023 Armin Kuster +# Released under the MIT license (see COPYING.MIT for the terms) + +SUMARRY = "SCAP content for various platforms, upstream version" +HOME_URL = "https://www.open-scap.org/security-policies/scap-security-guide/" +LIC_FILES_CHKSUM = "file://LICENSE;md5=9bfa86579213cb4c6adaffface6b2820" +LICENSE = "BSD-3-Clause" + +SRCREV = "dad85502ce8da722a6afc391346c41cee61e90a9" +SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https" + + +DEPENDS = "openscap-native python3-pyyaml-native python3-jinja2-native libxml2-native expat-native coreutils-native" + +S = "${WORKDIR}/git" + +inherit cmake pkgconfig python3native python3targetconfig + +STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" +export OSCAP_CPE_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe" +export OSCAP_SCHEMA_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas" +export OSCAP_XSLT_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl" + +OECMAKE_GENERATOR = "Unix Makefiles" + +EXTRA_OECMAKE += "-DENABLE_PYTHON_COVERAGE=OFF -DSSG_PRODUCT_DEFAULT=OFF -DSSG_PRODUCT_EXAMPLE=ON" + +B = "${S}/build" + +do_configure[depends] += "openscap-native:do_install" + +do_configure:prepend () { + sed -i -e 's:NAMES\ sed:NAMES\ ${HOSTTOOLS_DIR}/sed:g' ${S}/CMakeLists.txt + sed -i -e 's:NAMES\ grep:NAMES\ ${HOSTTOOLS_DIR}/grep:g' ${S}/CMakeLists.txt +} + +FILES:${PN} += "${datadir}/xml" + +RDEPENDS:${PN} = "openscap" -- cgit v1.2.3-54-g00ecf