pool/openscap
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 936259 from security

Browse Source 
- openscap-docker-add-suse.patch: add SLES support oscap-docker
  (bsc#1179314) (forwarded request 936258 from msmeissn)

OBS-URL: https://build.opensuse.org/request/show/936259
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openscap?expand=0&rev=75
This commit is contained in:
Dominique Leuenberger 2021-12-07 23:00:03 +00:00 committed by Git OBS Bridge
commit 65451281e7
3 changed files with 105 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
openscap-docker-add-suse.patch Normal file
View File

@ -0,0 +1,97 @@
From 9a434c4e613224b25b4dc56e38de32eb4cbdcd0c Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.de>
Date: Tue, 7 Dec 2021 11:57:21 +0100
Subject: [PATCH] added suse support
---
utils/oscap_docker_python/get_cve_input.py | 20 +++++++++----
.../oscap_docker_common.py | 30 ++++++++++++++++++-
2 files changed, 44 insertions(+), 6 deletions(-)
Index: openscap-1.3.5/utils/oscap_docker_python/get_cve_input.py
===================================================================
--- openscap-1.3.5.orig/utils/oscap_docker_python/get_cve_input.py
+++ openscap-1.3.5/utils/oscap_docker_python/get_cve_input.py
@@ -31,9 +31,12 @@ class getInputCVE(object):
hdr = {'User-agent': 'Mozilla/5.0'}
hdr2 = [('User-agent', 'Mozilla/5.0')]
- url = "https://www.redhat.com/security/data/oval/"
- dist_cve_name = "com.redhat.rhsa-RHEL{0}.xml.bz2"
- dists = [5, 6, 7]
+ rhel_url = "https://www.redhat.com/security/data/oval/"
+ rhel_dist_cve_name = "com.redhat.rhsa-RHEL{0}.xml.bz2"
+ rhel_dists = [5, 6, 7]
+ suse_url = "https://ftp.suse.com/pub/projects/security/oval/"
+ suse_dist_cve_name = "suse.linux.enterprise.{0}.xml"
+ suse_dists = [12, 15]
remote_pattern = '%a, %d %b %Y %H:%M:%S %Z'
def __init__(self, fs_dest, DEBUG=False):
@@ -46,10 +49,18 @@ class getInputCVE(object):
Given a distribution number (i.e. 7), it will fetch the
distribution specific data file if upstream has a newer
input file. Returns the path of file.
+ We just hack that SUSE has versions above 10 to mean SUSE
'''
- cve_file = self.dist_cve_name.format(dist)
+ if dist == "12" or dist == "15":
+ cve_file = self.suse_dist_cve_name.format(dist)
+ dist_url = urllib.parse.urljoin(self.suse_url, cve_file)
+ else:
+ cve_file = self.rhel_dist_cve_name.format(dist)
+ dist_url = urllib.parse.urljoin(self.rhel_url, cve_file)
+
+ # stderr.write("URL {0} cve_file {1}\n".format(dist_url,cve_file))
dest_file = join(self.dest, cve_file)
- dist_url = urllib.parse.urljoin(self.url, cve_file)
+
if self._is_cache_same(dest_file, dist_url):
return dest_file
Index: openscap-1.3.5/utils/oscap_docker_python/oscap_docker_common.py
===================================================================
--- openscap-1.3.5.orig/utils/oscap_docker_python/oscap_docker_common.py
+++ openscap-1.3.5/utils/oscap_docker_python/oscap_docker_common.py
@@ -55,7 +55,7 @@ def get_dist(mountpoint, oscap_binary, l
'''
Test the chroot and determine what RHEL dist it is; returns
- an integer representing the dist
+ an integer representing the dist (5 - 8 for RHEL, 12 and 15 for SLES)
'''
cpe_dict = '/usr/share/openscap/cpe/openscap-cpe-oval.xml'
@@ -77,3 +77,32 @@ def get_dist(mountpoint, oscap_binary, l
if "{0}{1}: true".format(CPE_RHEL, dist) in result.stdout:
print("This system seems based on RHEL{0}.".format(dist))
return dist
+
+ CPE_SLES = 'oval:org.open-scap.cpe.sles:def:'
+ DISTS = ["12", "15"]
+
+ '''
+ Test the chroot and determine what SUSE dist it is; returns
+ an integer representing the dist (12 and 15 for SUSE)
+ '''
+
+ cpe_dict = '/usr/share/openscap/cpe/openscap-cpe-oval.xml'
+ if not os.path.exists(cpe_dict):
+ # sometime it's installed into /usr/local/share instead of /usr/local
+ cpe_dict = '/usr/local/share/openscap/cpe/openscap-cpe-oval.xml'
+ if not os.path.exists(cpe_dict):
+ raise OscapError()
+
+ for dist in DISTS:
+ result = oscap_chroot(
+ mountpoint, oscap_binary,
+ ("oval", "eval", "--id", CPE_SLES + dist, cpe_dict,
+ mountpoint, "2>&1", ">", "/dev/null"),
+ '*',
+ local_env
+ )
+
+ if "{0}{1}: true".format(CPE_SLES, dist) in result.stdout:
+ print("This system seems based on SLES {0}.".format(dist))
+ return dist
+ print("System version not detected.")

6
openscap.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Dec 7 10:58:50 UTC 2021 - Marcus Meissner <meissner@suse.com>
- openscap-docker-add-suse.patch: add SLES support oscap-docker
(bsc#1179314)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 4 15:33:23 UTC 2021 - Marcus Meissner <meissner@suse.com> Mon Oct 4 15:33:23 UTC 2021 - Marcus Meissner <meissner@suse.com>

2
openscap.spec
View File

@ -40,6 +40,7 @@ Source5: oscap-scan.service
Source6: oscap-scan.sh Source6: oscap-scan.sh
Patch1: openscap-opensuse-cpe.patch Patch1: openscap-opensuse-cpe.patch
Patch2: openscap-suse-cpe.patch Patch2: openscap-suse-cpe.patch
Patch3: openscap-docker-add-suse.patch
URL: https://www.open-scap.org/ URL: https://www.open-scap.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: asciidoc BuildRequires: asciidoc
@ -177,6 +178,7 @@ This package contains the Script Checking Engine Library (SCE) for OpenSCAP.
%setup -q %setup -q
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
%build %build
%if 0%{?with_bindings} %if 0%{?with_bindings}