Sync from SUSE:SLFO:Main scap-security-guide revision 48a8c2283b72515195fafd2e0fef178d

scap-security-guide.changes

@@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Wed Jul 30 07:41:26 UTC 2025 - Boychev <svetlin.boychev@suse.com>
+
+- ssg-remove-cis.patch: remove cis profiles 
+- Update description: remove cis profiles 
+
+-------------------------------------------------------------------
+Tue Jun 24 08:15:38 UTC 2025 - Marcus Meissner <meissner@suse.com>
+
+- buildrequire cmake3 on older SLES versions for build
+
+-------------------------------------------------------------------
+Thu Jun 12 09:12:01 UTC 2025 - Rumen Chikov <rumen.chikov@suse.com>
+
+- updated to 0.1.77 (jsc#ECO-3319)
+    - Introduce Architecture Decisions Records 
+    - Move stablization to the third Monday of the second month 
+    - Remove CCI References 
+    - Remove macOS content 
+- removed ssg-fix-python.patch: upstream
+- Added support for tencentos4
+ 
 -------------------------------------------------------------------
 Sun Mar 23 10:12:12 UTC 2025 - Marcus Meissner <meissner@suse.com>
 

scap-security-guide.spec

@@ -16,7 +16,7 @@
 #
 
 
-%if ! (0%{?fedora} || 0%{?rhel} > 5) || 0%{?alma} >= 9
+%if ! (0%{?fedora} || 0%{?rhel} > 5) || 0%{?alma} >= 9 || 0%{?tencentos} >= 4
 %if "%{_vendor}" == "debbuild"
 %global __python /usr/bin/python3
 %endif
@@ -24,25 +24,25 @@
 %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
 %endif
 
-%if 0%{?fedora} || 0%{?rhel} >= 8 || 0%{?alma} >=9
+%if 0%{?fedora} || 0%{?rhel} >= 8 || 0%{?alma} >=9 || 0%{?tencentos} >= 4
 %{!?pylint_check: %global pylint_check 0}
 %endif
 
-%if 0%{?fedora} || 0%{?suse_version} > 1320 || 0%{?rhel} >= 8 || 0%{?alma} >=9 || "%{_vendor}" == "debbuild"
+%if 0%{?fedora} || 0%{?suse_version} > 1320 || 0%{?rhel} >= 8 || 0%{?alma} >=9 || 0%{?tencentos} >= 4  ||  "%{_vendor}" == "debbuild"
 %global build_py3   1
 %if "%{_vendor}" != "debbuild"
 %global python_sitelib %{python3_sitelib}
 %endif
 %endif
 
-%if 0%{?fedora} || 0%{?rhel} >= 8 || 0%{?alma} >= 9
+%if 0%{?fedora} || 0%{?rhel} >= 8 || 0%{?alma} >= 9 || 0%{?tencentos} >= 4
 %global python2prefix python2
 %else
 %global python2prefix python
 %endif
 
 Name:           scap-security-guide
-Version:        0.1.76
+Version:        0.1.77
 Release:        0
 Summary:        XCCDF files for SUSE Linux and openSUSE
 License:        BSD-3-Clause
@@ -51,7 +51,7 @@ URL:            https://github.com/ComplianceAsCode/content
 Packager:       SUSE Security Team <security@suse.de>
 %endif
 Source:         https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz
-Patch0:         ssg-fix-python.patch
+Patch0:         ssg-remove-cis.patch
 
 # explicit require what is needed by the detection logic in the scripts
 Requires:       coreutils
@@ -62,7 +62,11 @@ Requires:       sed
 Requires:       sudo
 Requires:       zypper
 
+%if 0%{?suse_version} && 0%{?suse_version} < 1520
+BuildRequires:  cmake3 >= 3.5
+%else
 BuildRequires:  cmake >= 3.5
+%endif
 
 %if "%{_vendor}" == "debbuild"
 %{!?_licensedir:%global license %%doc}
@@ -89,6 +93,10 @@ BuildRequires:  python3
 BuildRequires:  python3
 %endif
 
+%if 0%{?tencentos} == 4
+BuildRequires:  python3
+%endif
+
 %if 0%{?suse_version}
 BuildRequires:  python3-xml
 %endif
@@ -102,6 +110,9 @@ BuildRequires:  python3-pyyaml
 %if 0%{?alma} == 9
 BuildRequires:  python3-pyyaml
 %else
+%if 0%{?tencentos} == 4
+BuildRequires:  python3-pyyaml
+%else
 %if "%{_vendor}" == "debbuild"
 BuildRequires:  python3-yaml
 %else
@@ -110,7 +121,7 @@ BuildRequires:  python3-PyYAML
 %endif
 %endif
 %endif
-
+%endif
 %if 0%{?rhel} == 7
 BuildRequires:  python-jinja2
 %else
@@ -120,6 +131,9 @@ BuildRequires:  python3-jinja2
 %if 0%{?alma} >= 9
 BuildRequires:  python3-jinja2
 %else
+%if 0%{?tencentos} >= 4
+BuildRequires:  python3-jinja2
+%else
 %if "%{_vendor}" == "debbuild"
 BuildRequires:  python3-jinja2
 %else
@@ -128,6 +142,7 @@ BuildRequires:  python3-Jinja2
 %endif
 %endif
 %endif
+%endif
 
 BuildRequires:  expat
 BuildRequires:  libxml2
@@ -153,7 +168,6 @@ SUSE supported in this version of scap-security-guide:
 - ANSSI-BP-028 profile for SUSE Linux Enterprise Server 12 and 15
 - PCI-DSS profile for SUSE Linux Enterprise Server 12 and 15
 - HIPAA profile for SUSE Linux Enterprise Server 12 and 15
-- CIS profile for SUSE Linux Enterprise Server 12 and 15
 - Hardening for Public Cloud Image of SUSE Linux Enterprise Server for SAP Applications 15
 - Public Cloud Hardening for SUSE Linux Enterprise 15
 
@@ -162,7 +176,7 @@ are community supplied and not officially supported by SUSE.
 
 %package redhat
 Summary:        XCCDF files for RHEL, CentOS, Fedora, ScientificLinux and AlmaLinux
-%if 0%{?fedora} || 0%{?rhel} || 0%{?alma}
+%if 0%{?fedora} || 0%{?rhel} || 0%{?alma} || 0%{?tencentos}
 Conflicts:      scap-security-guide
 %endif
 
@@ -204,7 +218,7 @@ Note that the included profiles are community supplied and not officially suppor
 
 %prep
 %setup -q -n content-%version
-%patch -P 0 -p 1
+%patch -P 0
 
 %build
 cd build
@@ -239,6 +253,7 @@ cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \
 	 -DSSG_PRODUCT_RHOSP10=ON \
 	 -DSSG_PRODUCT_RHOSP13=ON \
 	 -DSSG_PRODUCT_RHV4=ON \
+         -DSSG_PRODUCT_TENCENTOS4=ON \
 	 -DSSG_PRODUCT_SLE12=ON \
 	 -DSSG_PRODUCT_SLE15=ON \
          -DSSG_PRODUCT_SLMICRO5=ON \
@@ -253,7 +268,6 @@ cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \
          -DSSG_PRODUCT_WRLINUX1019=OFF \
          -DSSG_PRODUCT_ANOLIS8=OFF \
          -DSSG_PRODUCT_ANOLIS23=OFF \
-    -DCMAKE_POLICY_VERSION_MINIMUM=3.5 \
          ../
 make
 
@@ -304,6 +318,7 @@ make install DESTDIR=%buildroot
 %doc %{_datadir}/doc/scap-security-guide/guides/ssg-ol*
 %doc %{_datadir}/doc/scap-security-guide/guides/ssg-openeuler*
 %doc %{_datadir}/doc/scap-security-guide/guides/ssg-rh*
+%doc %{_datadir}/doc/scap-security-guide/guides/ssg-tencentos*
 %dir %{_datadir}/doc/scap-security-guide/tables/
 %doc %{_datadir}/doc/scap-security-guide/tables/table-ol*
 %doc %{_datadir}/doc/scap-security-guide/tables/table-rh*
@@ -320,6 +335,7 @@ make install DESTDIR=%buildroot
 %{_datadir}/scap-security-guide/*/*fedora*
 %{_datadir}/scap-security-guide/*/*ol*
 %{_datadir}/scap-security-guide/*/*openeuler*
+%{_datadir}/scap-security-guide/*/*tencentos*
 %{_datadir}/scap-security-guide/*/*rh*
 %dir %{_datadir}/xml/scap/
 %dir %{_datadir}/xml/scap/ssg/
@@ -331,6 +347,7 @@ make install DESTDIR=%buildroot
 %{_datadir}/xml/scap/ssg/content/*-fedora*
 %{_datadir}/xml/scap/ssg/content/*-ol*
 %{_datadir}/xml/scap/ssg/content/*-openeuler*
+%{_datadir}/xml/scap/ssg/content/*-tencentos*
 %{_datadir}/xml/scap/ssg/content/*-rh*
 
 %files debian

ssg-fix-python.patch

@@ -1,13 +0,0 @@
-Index: content-0.1.76/ssg/jinja.py
-===================================================================
---- content-0.1.76.orig/ssg/jinja.py
-+++ content-0.1.76/ssg/jinja.py
-@@ -255,7 +255,7 @@ def _load_macros(macros_directory, subst
-     add_python_functions(substitutions_dict)
- 
-     if not os.path.isdir(macros_directory):
--        msg = (f"The directory '{macros_directory}' does not exist.")
-+        msg = ("The directory '{1}' does not exist.").format(macros_directory)
-         raise RuntimeError(msg)
- 
-     _load_macros_from_directory(macros_directory, substitutions_dict)