openscap/openscap.spec

#
# spec file for package openscap
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
  %define _fillupdir /var/adm/fillup-templates
%endif

%define sover 25
%define with_bindings 0

Name:           openscap
Version:        1.3.5
Release:        0
Source:         https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz
# temp snapshot to make it build with new RPM before 1.3.2
#Source:         openscap-%version.tar.bz2
Source1:        openscap-rpmlintrc
Source2:        sysconfig.oscap-scan
# SUSE specific profile, based on yast2-security checks.
# Generated from http://gitorious.org/test-suite/scap
Source3:        scap-yast2sec-xccdf.xml
Source4:        scap-yast2sec-oval.xml
Source5:        oscap-scan.service
Source6:        oscap-scan.sh
URL:            https://www.open-scap.org/
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildRequires:  asciidoc
BuildRequires:  doxygen
# Next few lines are needed for unit tests, they expect /etc/os-release to exist
%if !0%{?is_opensuse} && 0%{?sle_version} < 130000
BuildRequires:  sles-release
%else
BuildRequires:  distribution-release
%endif
BuildRequires:  libacl-devel
BuildRequires:  libattr-devel
BuildRequires:  libbz2-devel
BuildRequires:  libcurl-devel
BuildRequires:  libgcrypt-devel
BuildRequires:  libxml2-devel
# Use package name cause of "have choice for perl(XML::Parser): brp-check-suse perl-XML-Parser"
BuildRequires:  cmake
BuildRequires:  dbus-1-devel
BuildRequires:  gcc-c++
BuildRequires:  libblkid-devel
BuildRequires:  libcap-devel
BuildRequires:  libselinux-devel
BuildRequires:  libtool
BuildRequires:  libxslt-devel
BuildRequires:  lua
BuildRequires:  openldap2-devel
BuildRequires:  pcre-devel
BuildRequires:  perl-XML-Parser
BuildRequires:  perl-XML-XPath
BuildRequires:  pkg-config
BuildRequires:  procps
BuildRequires:  procps-devel
BuildRequires:  python-devel
BuildRequires:  rpm-devel
BuildRequires:  sendmail
BuildRequires:  swig
BuildRequires:  unixODBC-devel
BuildRequires:  xmlsec1-devel
BuildRequires:  xmlsec1-openssl-devel
BuildRequires:  pkgconfig(glib-2.0)
BuildRequires:  pkgconfig(gobject-2.0)
Summary:        A Set of Libraries for Integration with SCAP
License:        LGPL-2.1-or-later
Group:          Development/Tools/Other
BuildRequires:  systemd-rpm-macros
# remove extra packages from version 1.2.9 and older
Obsoletes:      openscap-engine-sce < %{version}
Obsoletes:      openscap-extra-probes < %{version}

%description
OpenSCAP is a set of open source libraries providing an easier path for
integration of the SCAP line of standards.

SCAP is a line of standards managed by NIST with the goal of providing
a standard language for the expression of Computer Network Defense
related information.

More information about SCAP can be found at nvd.nist.gov.

%package devel
Requires:       %{name} = %{version}-%{release}
Requires:       libopenscap%{sover} = %{version}
Summary:        Development Files for OpenSCAP
Group:          Development/Libraries/C and C++

%description devel
This package contains the development files (mainly C header files) for the
OpenSCAP C library.

%package docker
Summary:        Docker plugin for OpenSCAP
Group:          System/Libraries

%description docker
This package contains the Docker support for OpenSCAP.

%if 0%{?with_bindings}
%package -n python-openscap
%py_requires
Requires:       %{name} = %{version}-%{release}
Provides:       openscap-python = %{version}-%{release}
Summary:        OpenSCAP Python Library
Group:          Development/Libraries/Python

%description -n python-openscap
The OpenSCAP Python Library for easy integration with SCAP.

%package -n perl-openscap
Requires:       %{name} = %{version}-%{release}
Requires:       perl = %{perl_version}
Provides:       openscap-perl = %{version}-%{release}
Summary:        OpenSCAP Perl Library
Group:          Development/Libraries/Perl

%description -n perl-openscap
The OpenSCAP Perl Library for easy integration with SCAP.
%endif

%package -n libopenscap%{sover}
Summary:        OpenSCAP C Library
Group:          System/Libraries

%description -n libopenscap%{sover}
The OpenSCAP C Library for easy integration with SCAP.

%package        utils
Summary:        Openscap utilities
Group:          System/Monitoring
Requires:       %{name} = %{version}-%{release}
PreReq:         %fillup_prereq
%systemd_requires

%description    utils
The %{name}-utils package contains various utilities based on %{name} library.

%package        content
Summary:        SCAP content
Group:          System/Monitoring
Requires:       %{name} = %{version}-%{release}

%description    content
SCAP content for Fedora delivered by Open-SCAP project.

%package -n libopenscap_sce%{sover}
Summary:        Script Checking Engine Library for OpenSCAP
Group:          System/Libraries

%description -n libopenscap_sce%{sover}
This package contains the Script Checking Engine Library (SCE) for OpenSCAP.

%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}

%prep
%setup -q

%build
%if 0%{?with_bindings}
%cmake -DENABLE_DOCS=TRUE -DCMAKE_SHARED_LINKER_FLAGS=""
%else
%cmake -DENABLE_DOCS=TRUE -DENABLE_PYTHON3=FALSE -DENABLE_PERL=FALSE -DCMAKE_SHARED_LINKER_FLAGS=""
%endif
%make_jobs

%check
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{buildroot}/%{_libdir}
cd build
# unit tests do not succeed, while working on 1.3 migration we submitted a few
# patches upstream but there is still one unit test that always fails and 1-3
# which fail occasionally
ctest %{?_smp_mflags} || :
cd ..

%install
%cmake_install

mkdir -p %{buildroot}/%{_fillupdir}
install -m 644 %{SOURCE2} %{buildroot}/%{_fillupdir}

mkdir -p %{buildroot}/%{_libexecdir}/openscap
mkdir -p %{buildroot}/%{_libdir}/openscap

install -m 644 %{SOURCE3} %{buildroot}/%{_datadir}/openscap
install -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/openscap

# specific local scan during boot script
mkdir -p %{buildroot}/%{_unitdir}
install -m 644 %{SOURCE5} %{buildroot}/%{_unitdir}/oscap-scan.service
mkdir -p %{buildroot}/%{_bindir}
install -m 755 %{SOURCE6} %{buildroot}/%{_bindir}/oscap-scan

mkdir -p %{buildroot}/%{_sbindir}
ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcoscap-scan

mkdir -p %{buildroot}%{_datadir}/bash-completion/completions
mv %{buildroot}%{_sysconfdir}/bash_completion.d/* %{buildroot}%{_datadir}/bash-completion/completions/
# create symlinks to default content
ln -s  %{_datadir}/openscap/scap-yast2sec-oval.xml %{buildroot}/%{_datadir}/openscap/scap-oval.xml
ln -s  %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/openscap/scap-xccdf.xml

%post -n libopenscap%{sover} -p /sbin/ldconfig
%postun -n libopenscap%{sover} -p /sbin/ldconfig

%post -n libopenscap_sce%{sover} -p /sbin/ldconfig
%postun -n libopenscap_sce%{sover} -p /sbin/ldconfig

%post -n openscap-utils
%service_add_post oscap-scan.service

%postun -n openscap-utils
%service_del_postun oscap-scan.service

%pre -n openscap-utils
%service_add_pre oscap-scan.service

%preun -n openscap-utils
%service_del_preun oscap-scan.service

%files
%defattr(-, root, root)
%license COPYING
%doc AUTHORS NEWS
%dir %{_datadir}/openscap
%dir %{_datadir}/openscap/cpe
%dir %{_datadir}/openscap/schemas
%dir %{_datadir}/openscap/xsl
%{_datadir}/openscap/cpe/*
%{_datadir}/openscap/schemas/*
%{_datadir}/openscap/xsl/*

%files -n libopenscap%{sover}
%defattr(-, root, root)
%{_libdir}/libopenscap.so.%{sover}*

%files devel
%defattr(-, root, root)
%dir /usr/share/doc/openscap
/usr/share/doc/openscap/*
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc

%files docker
%defattr(-, root, root)
%if 0%{?suse_version} >= 1500
%{python3_sitelib}/oscap_docker_python
%else
%{python_sitelib}/oscap_docker_python
%endif
%{_bindir}/oscap-docker

%if 0%{?with_bindings}
%files -n python-openscap
%defattr(-, root, root)
%{python_sitearch}/*

%files -n perl-openscap
%defattr(-, root, root)
%{perl_vendorlib}/openscap.pm
%{perl_vendorarch}/openscap_pm.so
%endif

%files utils
%defattr(-,root,root,-)
%{_fillupdir}/sysconfig.oscap-scan
%doc docs/oscap-scan.cron
%{_mandir}/man8/*
%{_unitdir}/oscap-scan.service
%{_bindir}/autotailor
%{_bindir}/oscap
%{_bindir}/oscap-vm
%{_bindir}/oscap-scan
%{_bindir}/oscap-ssh
%{_bindir}/oscap-chroot
%{_bindir}/scap-as-rpm
%{_bindir}/oscap-podman
%{_bindir}/oscap-run-sce-script
%{_sbindir}/rcoscap-scan
%{_datadir}/bash-completion/completions/*

%files content
%defattr(-,root,root,-)
%{_datadir}/openscap/scap*.xml

%files -n libopenscap_sce%{sover}
%defattr(-,root,root,-)
%{_libdir}/libopenscap_sce.so.*

%changelog