diff --git a/1.3.5.tar.gz b/1.3.5.tar.gz deleted file mode 100644 index 53e73da..0000000 --- a/1.3.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4702590dae5c346b7c10f808e55bce9c54812099304221c440141abbd0b37dd6 -size 13990718 diff --git a/1.3.6.tar.gz b/1.3.6.tar.gz new file mode 100644 index 0000000..dbf8c3b --- /dev/null +++ b/1.3.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:438621bf95a832be44ce799baec580cb0fdc92db7137721873e79ee4cbb1630b +size 14020002 diff --git a/openscap.changes b/openscap.changes index 23c125c..ee83943 100644 --- a/openscap.changes +++ b/openscap.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Thu Jan 20 08:43:41 UTC 2022 - Robert Frohl + +- openscap 1.3.6 + * New features + - Select and exclude groups of rules on the command line + - The boot-time remediation service for systemd's Offline Update mode + - Memory limit control using OSCAP_PROBE_MEMORY_USAGE_RATIO environment variable + - Allow disablement of SHA-1 and MD5 + - Allow providing pre-downloaded components + - Introduce OSBuild Blueprint fix type + * Maintenance, bug fix + - Fix coverity issues + - Patch the `segfault` in dpkginfo_fini() + - Add an alternative source of hostname + - Fail download on HTTP errors + - Compile "environmentvariable_probe" on Windows + - FreeBSD build and test fixes + - Add offline mode for password probe + - Initialize crypto API only once + - Fix UBI 9 scan + - oval/yamlfilecontent: Add 'null' values handling + - Do not set Rpath + - Do not split `XCCDF:requires` with multiple `idrefs` + - Allow empty /proc in offline mode +- oscap-remediate is shipped via /usr/bin + Added oscap-remediate.service.in.patch +- spec-cleaner run + ------------------------------------------------------------------- Tue Dec 7 10:58:50 UTC 2021 - Marcus Meissner diff --git a/openscap.spec b/openscap.spec index f4e0350..1db193d 100644 --- a/openscap.spec +++ b/openscap.spec @@ -1,7 +1,7 @@ # # spec file for package openscap # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,20 +16,20 @@ # -#Compat macro for new _fillupdir macro introduced in Nov 2017 -%if ! %{defined _fillupdir} - %define _fillupdir /var/adm/fillup-templates -%endif - %define sover 25 %define with_bindings 0 - +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif Name: openscap -Version: 1.3.5 +Version: 1.3.6 Release: 0 +Summary: A Set of Libraries for Integration with SCAP +License: LGPL-2.1-or-later +Group: Development/Tools/Other +URL: https://www.open-scap.org/ Source: https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz -# temp snapshot to make it build with new RPM before 1.3.2 -#Source: openscap-%version.tar.bz2 Source1: openscap-rpmlintrc Source2: sysconfig.oscap-scan # SUSE specific profile, based on yast2-security checks. @@ -41,55 +41,55 @@ Source6: oscap-scan.sh Patch1: openscap-opensuse-cpe.patch Patch2: openscap-suse-cpe.patch Patch3: openscap-docker-add-suse.patch -URL: https://www.open-scap.org/ -BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: asciidoc -BuildRequires: doxygen -# Next few lines are needed for unit tests, they expect /etc/os-release to exist -%if !0%{?is_opensuse} && 0%{?sle_version} < 130000 -BuildRequires: sles-release -%else -BuildRequires: distribution-release +%if 0%{?suse_version} != 1599 +Patch4: oscap-remediate.service.in.patch %endif -BuildRequires: libacl-devel -BuildRequires: libattr-devel -BuildRequires: libbz2-devel -BuildRequires: libcurl-devel -BuildRequires: libgcrypt-devel -BuildRequires: libxml2-devel +BuildRequires: asciidoc # Use package name cause of "have choice for perl(XML::Parser): brp-check-suse perl-XML-Parser" BuildRequires: cmake BuildRequires: dbus-1-devel +BuildRequires: doxygen BuildRequires: gcc-c++ +BuildRequires: gconf2-devel +BuildRequires: libacl-devel +BuildRequires: libattr-devel BuildRequires: libblkid-devel +BuildRequires: libbz2-devel BuildRequires: libcap-devel +BuildRequires: libcurl-devel +BuildRequires: libgcrypt-devel BuildRequires: libselinux-devel BuildRequires: libtool +BuildRequires: libxml2-devel BuildRequires: libxslt-devel +BuildRequires: libyaml-devel BuildRequires: lua BuildRequires: openldap2-devel BuildRequires: pcre-devel BuildRequires: perl-XML-Parser BuildRequires: perl-XML-XPath -BuildRequires: pkg-config +BuildRequires: pkgconfig BuildRequires: procps BuildRequires: procps-devel BuildRequires: python3-devel BuildRequires: rpm-devel BuildRequires: sendmail BuildRequires: swig +BuildRequires: systemd-rpm-macros BuildRequires: unixODBC-devel BuildRequires: xmlsec1-devel BuildRequires: xmlsec1-openssl-devel BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(gobject-2.0) -Summary: A Set of Libraries for Integration with SCAP -License: LGPL-2.1-or-later -Group: Development/Tools/Other -BuildRequires: systemd-rpm-macros # remove extra packages from version 1.2.9 and older Obsoletes: openscap-engine-sce < %{version} Obsoletes: openscap-extra-probes < %{version} +# Next few lines are needed for unit tests, they expect /etc/os-release to exist +%if !0%{?is_opensuse} && 0%{?sle_version} < 130000 +BuildRequires: sles-release +%else +BuildRequires: distribution-release +%endif %description OpenSCAP is a set of open source libraries providing an easier path for @@ -102,10 +102,10 @@ related information. More information about SCAP can be found at nvd.nist.gov. %package devel -Requires: %{name} = %{version}-%{release} -Requires: libopenscap%{sover} = %{version} Summary: Development Files for OpenSCAP Group: Development/Libraries/C and C++ +Requires: %{name} = %{version}-%{release} +Requires: libopenscap%{sover} = %{version} %description devel This package contains the development files (mainly C header files) for the @@ -120,21 +120,20 @@ This package contains the Docker support for OpenSCAP. %if 0%{?with_bindings} %package -n python-openscap -%py_requires -Requires: %{name} = %{version}-%{release} -Provides: openscap-python = %{version}-%{release} Summary: OpenSCAP Python Library Group: Development/Libraries/Python +Requires: %{name} = %{version}-%{release} +Provides: openscap-python = %{version}-%{release} %description -n python-openscap The OpenSCAP Python Library for easy integration with SCAP. %package -n perl-openscap +Summary: OpenSCAP Perl Library +Group: Development/Libraries/Perl Requires: %{name} = %{version}-%{release} Requires: perl = %{perl_version} Provides: openscap-perl = %{version}-%{release} -Summary: OpenSCAP Perl Library -Group: Development/Libraries/Perl %description -n perl-openscap The OpenSCAP Perl Library for easy integration with SCAP. @@ -151,6 +150,7 @@ The OpenSCAP C Library for easy integration with SCAP. Summary: Openscap utilities Group: System/Monitoring Requires: %{name} = %{version}-%{release} +# FIXME: use proper Requires(pre/post/preun/...) PreReq: %fillup_prereq %systemd_requires @@ -172,13 +172,10 @@ Group: System/Libraries %description -n libopenscap_sce%{sover} This package contains the Script Checking Engine Library (SCE) for OpenSCAP. -%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} +%{!?python_sitearch: %global python_sitearch %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} %prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 +%autosetup -p1 %build %if 0%{?with_bindings} @@ -186,7 +183,11 @@ This package contains the Script Checking Engine Library (SCE) for OpenSCAP. %else %cmake -DENABLE_DOCS=TRUE -DENABLE_PYTHON3=FALSE -DENABLE_PERL=FALSE -DCMAKE_SHARED_LINKER_FLAGS="" %endif +%if 0%{?sle_version} > 150100 || 0%{?suse_version} == 1599 +%cmake_build +%else %make_jobs +%endif %check export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{buildroot}/%{_libdir} @@ -224,6 +225,17 @@ mv %{buildroot}%{_sysconfdir}/bash_completion.d/* %{buildroot}%{_datadir}/bash-c ln -s %{_datadir}/openscap/scap-yast2sec-oval.xml %{buildroot}/%{_datadir}/openscap/scap-oval.xml ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/openscap/scap-xccdf.xml +# oscap-remediate should be in /usr/libexec but this is not well supported in +# older versions of the distro +%if 0%{?suse_version} != 1599 +%if 0%{?sle_version} > 150200 +mv %{buildroot}/%{_libexecdir}/oscap-remediate %{buildroot}/%{_bindir} +%else +# in older versions _libexecdir expands to /usr/lib, which does not help +mv %{buildroot}/%{_prefix}/libexec/oscap-remediate %{buildroot}/%{_bindir} +%endif +%endif + %post -n libopenscap%{sover} -p /sbin/ldconfig %postun -n libopenscap%{sover} -p /sbin/ldconfig @@ -231,19 +243,18 @@ ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/ope %postun -n libopenscap_sce%{sover} -p /sbin/ldconfig %post -n openscap-utils -%service_add_post oscap-scan.service +%service_add_post oscap-scan.service oscap-remediate.service %postun -n openscap-utils -%service_del_postun oscap-scan.service +%service_del_postun oscap-scan.service oscap-remediate.service %pre -n openscap-utils -%service_add_pre oscap-scan.service +%service_add_pre oscap-scan.service oscap-remediate.service %preun -n openscap-utils -%service_del_preun oscap-scan.service +%service_del_preun oscap-scan.service oscap-remediate.service %files -%defattr(-, root, root) %license COPYING %doc AUTHORS NEWS %dir %{_datadir}/openscap @@ -255,35 +266,29 @@ ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/ope %{_datadir}/openscap/xsl/* %files -n libopenscap%{sover} -%defattr(-, root, root) %{_libdir}/libopenscap.so.%{sover}* %files devel -%defattr(-, root, root) -%dir /usr/share/doc/openscap -/usr/share/doc/openscap/* -%{_includedir}/* +%dir %{_datadir}/doc/openscap %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc +%{_datadir}/doc/openscap/* +%{_includedir}/* %files docker -%defattr(-, root, root) %{python3_sitelib}/oscap_docker_python %{_bindir}/oscap-docker %if 0%{?with_bindings} %files -n python-openscap -%defattr(-, root, root) %{python_sitearch}/* %files -n perl-openscap -%defattr(-, root, root) %{perl_vendorlib}/openscap.pm %{perl_vendorarch}/openscap_pm.so %endif %files utils -%defattr(-,root,root,-) %{_fillupdir}/sysconfig.oscap-scan %doc docs/oscap-scan.cron %{_mandir}/man8/* @@ -299,13 +304,18 @@ ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/ope %{_bindir}/oscap-run-sce-script %{_sbindir}/rcoscap-scan %{_datadir}/bash-completion/completions/* +%{_bindir}/oscap-remediate-offline +%{_prefix}/lib/systemd/system/oscap-remediate.service +%if 0%{?suse_version} != 1599 +%{_bindir}/oscap-remediate +%else +%{_libexecdir}/oscap-remediate +%endif %files content -%defattr(-,root,root,-) %{_datadir}/openscap/scap*.xml %files -n libopenscap_sce%{sover} -%defattr(-,root,root,-) %{_libdir}/libopenscap_sce.so.* %changelog diff --git a/oscap-remediate.service.in.patch b/oscap-remediate.service.in.patch new file mode 100644 index 0000000..18eb39d --- /dev/null +++ b/oscap-remediate.service.in.patch @@ -0,0 +1,12 @@ +Index: openscap-1.3.6/oscap-remediate.service.in +=================================================================== +--- openscap-1.3.6.orig/oscap-remediate.service.in ++++ openscap-1.3.6/oscap-remediate.service.in +@@ -8,6 +8,6 @@ Before=shutdown.target system-update.tar + + [Service] + Type=oneshot +-ExecStart=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBEXECDIR@/oscap-remediate ++ExecStart=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_BINDIR@/oscap-remediate + + FailureAction=reboot