Accepting request 1102114 from home:msmeissn:branches:security

- updated to 0.1.69 (jsc#ECO-3319) - Introduce a JSON build manifest (#10761) - Introduce a script to compare ComplianceAsCode versions (#10768) - Introduce CCN profiles for RHEL9 (#10860) - Map rules to components (#10609) - products/anolis23: supports Anolis OS 23 (#10548) - Render components to HTML (#10709) - Store rendered control files (#10656) - Test and use rules to components mapping (#10693) - Use distributed product properties (#10554) - 0001-Revert-fix-aide-remediations-add-crontabs.patch: removed, upstream OBS-URL: https://build.opensuse.org/request/show/1102114 OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=90
2023-08-03 07:00:46 +00:00 · 2023-08-03 07:00:46 +00:00 · 6dab979f4d
commit 6dab979f4d
parent 7e51c57c29
5 changed files with 20 additions and 98 deletions
--- a/0001-Revert-fix-aide-remediations-add-crontabs.patch
+++ b/0001-Revert-fix-aide-remediations-add-crontabs.patch
@ -1,90 +0,0 @@
-From 8f31dae05cc55de178f3038587ca0d6ff5d12b69 Mon Sep 17 00:00:00 2001
-From: Eduardo Barretto <eduardo.barretto@canonical.com>
-Date: Thu, 29 Jun 2023 12:14:35 +0200
-Subject: [PATCH] Revert "fix: aide/remediations: add crontabs"
-
-This reverts commit ac8389e3ddab599f6f5bf7465636817fb8dbbf3e.
-Fixes #10725
---
- .../aide/aide_periodic_cron_checking/ansible/shared.yml     | 6 +++---
- .../aide/aide_periodic_cron_checking/bash/shared.sh         | 1 -
- .../aide/aide_periodic_cron_checking/bash/ubuntu.sh         | 1 -
- .../aide/aide_scan_notification/ansible/shared.yml          | 6 +++---
- .../aide/aide_scan_notification/bash/shared.sh              | 1 -
- 5 files changed, 6 insertions(+), 9 deletions(-)
-
-diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/ansible/shared.yml
-index 7d4063bda2..d60c2e5464 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/ansible/shared.yml
-+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/ansible/shared.yml
-@@ -5,10 +5,10 @@
- # disruption = low
- - name: "Ensure AIDE is installed"
-   package:
-    name:
-      - aide
-      - crontabs
-+    name: "{{ item }}"
-     state: present
-+  with_items:
-+    - aide
- 
- - name: Set cron package name - RedHat
-   set_fact:
-diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
-index a4dac78100..dfa5c1b6c8 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
-+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
-@@ -1,7 +1,6 @@
- # platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
- 
- {{{ bash_package_install("aide") }}}
-{{{ bash_package_install("crontabs") }}}
- 
- if ! grep -q "{{{ aide_bin_path }}} --check" /etc/crontab ; then
-     echo "05 4 * * * root {{{ aide_bin_path }}} --check" >> /etc/crontab
-diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/ubuntu.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/ubuntu.sh
-index 00bd493ac7..719fd764af 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/ubuntu.sh
-+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/ubuntu.sh
-@@ -1,7 +1,6 @@
- # platform = multi_platform_ubuntu
- 
- {{{ bash_package_install("aide") }}}
-{{{ bash_package_install("crontabs") }}}
- 
- # AiDE usually adds its own cron jobs to /etc/cron.daily. If script is there, this rule is
- # compliant. Otherwise, we copy the script to the /etc/cron.weekly
-diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
-index 45db52bf23..2f734940a6 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
-+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
-@@ -7,10 +7,10 @@
- 
- - name: "Ensure AIDE is installed"
-   package:
-    name:
-      - aide
-      - crontabs
-+    name: "{{ item }}"
-     state: present
-+  with_items:
-+    - aide
- 
- - name: "{{{ rule_title }}}"
-   cron:
-diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh
-index b71b1ec967..f2b7d62a0b 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh
-+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh
-@@ -1,7 +1,6 @@
- # platform = multi_platform_all
- 
- {{{ bash_package_install("aide") }}}
-{{{ bash_package_install("crontabs") }}}
- {{{ bash_instantiate_variables("var_aide_scan_notification_email") }}}
- 
- CRONTAB=/etc/crontab
-- 
-2.35.3
-
--- a/scap-security-guide.changes
+++ b/scap-security-guide.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Wed Aug  2 13:49:20 UTC 2023 - Marcus Meissner <meissner@suse.com>
+
+- updated to 0.1.69 (jsc#ECO-3319)
+  - Introduce a JSON build manifest (#10761)
+  - Introduce a script to compare ComplianceAsCode versions (#10768)
+  - Introduce CCN profiles for RHEL9 (#10860)
+  - Map rules to components (#10609)
+  - products/anolis23: supports Anolis OS 23 (#10548)
+  - Render components to HTML (#10709)
+  - Store rendered control files (#10656)
+  - Test and use rules to components mapping (#10693)
+  - Use distributed product properties (#10554)
+- 0001-Revert-fix-aide-remediations-add-crontabs.patch: removed, upstream
+
 -------------------------------------------------------------------
 Thu Jul 27 06:58:41 UTC 2023 - Marcus Meissner <meissner@suse.com>

--- a/scap-security-guide.spec
+++ b/scap-security-guide.spec
@ -42,18 +42,15 @@
 %endif

 Name:           scap-security-guide
-Version:        0.1.68
+Version:        0.1.69
 Release:        0
 Summary:        XCCDF files for SUSE Linux and openSUSE
 License:        BSD-3-Clause
 Group:          Productivity/Security
 URL:            https://github.com/ComplianceAsCode/content
 %if "%{_vendor}" == "debbuild"
-Packager:       SUSE Security Team <security@suse.de>
 %endif
 Source:         https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz
-# upstream fix, will be in 0.69
-Patch1:         0001-Revert-fix-aide-remediations-add-crontabs.patch

 # explicit require what is needed by the detection logic in the scripts
 Requires:       coreutils
@ -192,7 +189,6 @@ Note that the included profiles are community supplied and not officially suppor

 %prep
 %setup -q -n content-%version
-%autopatch -p1

 %build
 cd build
@ -234,6 +230,7 @@ cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \
         -DSSG_PRODUCT_WRLINUX8=OFF \
         -DSSG_PRODUCT_WRLINUX1019=OFF \
         -DSSG_PRODUCT_ANOLIS8=OFF \
+         -DSSG_PRODUCT_ANOLIS23=OFF \
         ../
 make

--- a/v0.1.68.tar.gz
+++ b/v0.1.68.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bddd972f48dd794f9fe1a3fa8b495e76e5291957f8cac34955738a8ff95bd64e
-size 8401921
--- a/v0.1.69.tar.gz
+++ b/v0.1.69.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dc6dcd344d4c4fbc25963d00eb84e8ed7d4feb9a85a67a5c56b62f03c6ec5b26
+size 8493771