From b6d47735b2cb285cce4d087836f1281e868004190b59d9d7f5e688231678501f Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Mon, 5 Mar 2018 12:41:14 +0000
Subject: [PATCH 1/6] - replace oscap-scan.init by oscap-scan.service, add a
 /usr/bin/oscap-scan   helper tool for this. (bsc#1083115)

OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=203
---
 openscap.changes   |   6 +++
 openscap.spec      |  16 ++++---
 oscap-scan.init    | 106 ---------------------------------------------
 oscap-scan.service |  12 +++++
 oscap-scan.sh      |  26 +++++++++++
 5 files changed, 55 insertions(+), 111 deletions(-)
 delete mode 100644 oscap-scan.init
 create mode 100644 oscap-scan.service
 create mode 100644 oscap-scan.sh

diff --git a/openscap.changes b/openscap.changes
index 58efb29..ff4b040 100644
--- a/openscap.changes
+++ b/openscap.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Mar  5 12:39:51 UTC 2018 - meissner@suse.com
+
+- replace oscap-scan.init by oscap-scan.service, add a /usr/bin/oscap-scan
+  helper tool for this. (bsc#1083115)
+
 -------------------------------------------------------------------
 Thu Feb 22 13:41:36 UTC 2018 - meissner@suse.com
 
diff --git a/openscap.spec b/openscap.spec
index 52b03a9..0b95373 100644
--- a/openscap.spec
+++ b/openscap.spec
@@ -28,13 +28,14 @@ Name:           openscap
 Version:        1.2.16
 Release:        1.0
 Source:         https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz
-Source1:        oscap-scan.init
 Source2:        sysconfig.oscap-scan
 # SUSE specific profile, based on yast2-security
 # checks.
 # Generated from http://gitorious.org/test-suite/scap
 Source3:        scap-yast2sec-xccdf.xml
 Source4:        scap-yast2sec-oval.xml
+Source5:        oscap-scan.service
+Source6:        oscap-scan.sh
 Url:            http://www.open-scap.org/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  doxygen
@@ -64,6 +65,7 @@ BuildRequires:  unixODBC-devel
 Summary:        A Set of Libraries for Integration with SCAP
 License:        LGPL-2.1+
 Group:          Development/Tools/Other
+BuildRequires:  systemd-rpm-macros
 
 %description
 OpenSCAP is a set of open source libraries providing an easier path for
@@ -142,7 +144,8 @@ The OpenSCAP Perl Library for easy integration with SCAP.
 Summary:        Openscap utilities
 Group:          System/Monitoring
 Requires:       %{name} = %{version}-%{release}
-PreReq:         %insserv_prereq %fillup_prereq
+PreReq:         %fillup_prereq
+%systemd_requires
 
 %description    utils
 The %{name}-utils package contains various utilities based on %{name} library.
@@ -196,13 +199,15 @@ find %{buildroot} -name "*.la" -delete
 rm %{buildroot}/usr/bin/scap-as-rpm
 
 mkdir -p $RPM_BUILD_ROOT%{_fillupdir}
-install -d -m 755 $RPM_BUILD_ROOT%{_initrddir}
-install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initrddir}/oscap-scan
 install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_fillupdir}
 
 install -m 644 %{SOURCE3}  $RPM_BUILD_ROOT/%{_datadir}/openscap
 install -m 644 %{SOURCE4}  $RPM_BUILD_ROOT/%{_datadir}/openscap
 
+# specific local scan during boot script
+install -m 644 %{SOURCE5}  $RPM_BUILD_ROOT/%{_unitdir}/oscap-scan.service
+install -m 755 %{SOURCE6}  $RPM_BUILD_ROOT/%{_datadir}/oscap-scan
+
 # create symlinks to default content
 ln -s  %{_datadir}/openscap/scap-yast2sec-oval.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-oval.xml
 ln -s  %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-xccdf.xml
@@ -300,10 +305,11 @@ ln -s  %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/
 %defattr(-,root,root,-)
 %{_fillupdir}/sysconfig.oscap-scan
 %doc docs/oscap-scan.cron
-%{_initrddir}/oscap-scan
 %{_mandir}/man8/*
+%{_unitdir}/oscap-scan.service
 %{_bindir}/oscap
 %{_bindir}/oscap-vm
+%{_bindir}/oscap-scan
 %{_bindir}/oscap-ssh
 %{_bindir}/oscap-chroot
 # currently not shipped as it is still python2
diff --git a/oscap-scan.init b/oscap-scan.init
deleted file mode 100644
index 7943db4..0000000
--- a/oscap-scan.init
+++ /dev/null
@@ -1,106 +0,0 @@
-#!/bin/sh
-#
-# oscap-scan:		OpenSCAP security scanner
-#
-# chkconfig: - 96 99
-# description:  This service runs OpenSCAP security scanner to check the \
-#		system settings. The program does not stay resident, \
-#		but rather runs once. The results of security audit are 
-#		stored in /var/log/oscap-scan.xml.log
-#
-# processname: /usr/bin/oscap
-# config: /etc/sysconfig/oscap-scan
-#
-# Return values according to LSB for all commands but status:
-# 0 - success
-# 1 - generic or unspecified error
-# 2 - invalid or excess argument(s)
-# 3 - unimplemented feature (e.g. "reload")
-# 4 - insufficient privilege
-# 5 - program is not installed
-# 6 - program is not configured
-# 7 - program is not running
-### BEGIN INIT INFO
-# Provides: oscap-scan
-# Required-Start: $syslog $local_fs $network $remote_fs
-# Required-Stop: $syslog $local_fs $network $remote_fs
-# Should-Start:
-# Should-Stop:
-# Default-Start:  3 5
-# Default-Stop: 0 1 6
-# Short-Description: OpenSCAP security scanner
-# Description:       This service runs OpenSCAP security scanner to check the
-#	system settings. The program does not stay resident,
-#	but rather runs once. The results of security audit are
-#	stored in /var/log/oscap-scan.xml.log
-### END INIT INFO
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-prog="oscap"
-
-# Source function library.
-. /etc/rc.status
-
-# Allow anyone to run status
-if [ "$1" = "status" ] ; then
-	exit 3
-fi
-
-# Check that we are root ... so non-root users stop here
-test $EUID = 0  ||  exit 4
-
-# Check config
-test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan
-
-RETVAL=0
-
-start() {
-	test -x /usr/bin/oscap  || exit 5
-	# Now check that the sysconfig is found and has important things
-	# configured
-	test -f /etc/sysconfig/oscap-scan || exit 6
-	test x"$OPTIONS" != "x" || exit 6
-	echo  -n $"Starting $prog: "
-	$prog $OPTIONS
-	rc_status -v
-	ERR=$?
-	if [ $ERR -eq 0 ] ; then
-		sleep 1
-		logger "OpenSCAP security scan: PASS"
-	elif [ $ERR -eq 1 ] ; then
-		sleep 1
-		logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
-	else
-		sleep 1
-		logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
-	fi
-}
-
-
-# See how we were called.
-case "$1" in
-    start)
-	start
-	;;
-    restart)
-	start
-	;;
-    stop)
-	RETVAL=0;
-	;;
-    condrestart)
-	RETVAL=0;
-	;;
-    try-restart)
-	RETVAL=0;
-	;;
-    reload)
-	RETVAL=0;
-	;;
-    *)
-	echo $"Usage: $0 {start}"
-	RETVAL=2
-	;;
-esac
-exit $RETVAL
-
diff --git a/oscap-scan.service b/oscap-scan.service
new file mode 100644
index 0000000..d17e8cc
--- /dev/null
+++ b/oscap-scan.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=OpenSCAP security scanner
+Wants=local-fs.target
+After=local-fs.target
+
+[Service]
+Type=forking
+EnvironmentFile=-/etc/sysconfig/oscap-scan
+ExecStart=/usr/bin/oscap $OPTIONS
+
+[Install]
+WantedBy=multi-user.target
diff --git a/oscap-scan.sh b/oscap-scan.sh
new file mode 100644
index 0000000..949aa38
--- /dev/null
+++ b/oscap-scan.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+prog="oscap"
+
+# Check config
+test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan
+
+RETVAL=0
+
+test -f /etc/sysconfig/oscap-scan || exit 6
+
+test x"$OPTIONS" != "x" || exit 6
+
+$prog $OPTIONS
+
+ERR=$?
+if [ $ERR -eq 0 ] ; then
+	logger "OpenSCAP security scan: PASS"
+elif [ $ERR -eq 1 ] ; then
+	logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
+else
+	logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
+fi
+
+exit 0

From 0510e1e4b71299e4c893164eb6175f91951c452debdfd6af11818ca897c2234f Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Mon, 5 Mar 2018 12:52:43 +0000
Subject: [PATCH 2/6] OBS-URL:
 https://build.opensuse.org/package/show/security/openscap?expand=0&rev=204

---
 openscap.spec | 1 +
 1 file changed, 1 insertion(+)

diff --git a/openscap.spec b/openscap.spec
index 0b95373..4bb98ae 100644
--- a/openscap.spec
+++ b/openscap.spec
@@ -205,6 +205,7 @@ install -m 644 %{SOURCE3}  $RPM_BUILD_ROOT/%{_datadir}/openscap
 install -m 644 %{SOURCE4}  $RPM_BUILD_ROOT/%{_datadir}/openscap
 
 # specific local scan during boot script
+mkdir -p $RPM_BUILD_ROOT/%{_unitdir}/
 install -m 644 %{SOURCE5}  $RPM_BUILD_ROOT/%{_unitdir}/oscap-scan.service
 install -m 755 %{SOURCE6}  $RPM_BUILD_ROOT/%{_datadir}/oscap-scan
 

From 5a159d70e7f866967560d9045132604749f102618fd7908d8ee735bc802feee4 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Mon, 5 Mar 2018 13:06:12 +0000
Subject: [PATCH 3/6] OBS-URL:
 https://build.opensuse.org/package/show/security/openscap?expand=0&rev=205

---
 openscap.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openscap.spec b/openscap.spec
index 4bb98ae..01c5d19 100644
--- a/openscap.spec
+++ b/openscap.spec
@@ -207,7 +207,7 @@ install -m 644 %{SOURCE4}  $RPM_BUILD_ROOT/%{_datadir}/openscap
 # specific local scan during boot script
 mkdir -p $RPM_BUILD_ROOT/%{_unitdir}/
 install -m 644 %{SOURCE5}  $RPM_BUILD_ROOT/%{_unitdir}/oscap-scan.service
-install -m 755 %{SOURCE6}  $RPM_BUILD_ROOT/%{_datadir}/oscap-scan
+install -m 755 %{SOURCE6}  $RPM_BUILD_ROOT/%{_bindir}/oscap-scan
 
 # create symlinks to default content
 ln -s  %{_datadir}/openscap/scap-yast2sec-oval.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-oval.xml

From b38d166f2f9240ff495bba1877508d820e0eaaf2cbe18839e381f38569b0406b Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Mon, 5 Mar 2018 13:13:41 +0000
Subject: [PATCH 4/6] OBS-URL:
 https://build.opensuse.org/package/show/security/openscap?expand=0&rev=206

---
 openscap.spec | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/openscap.spec b/openscap.spec
index 01c5d19..dcc6972 100644
--- a/openscap.spec
+++ b/openscap.spec
@@ -220,14 +220,17 @@ ln -s  %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/
 %postun -n libopenscap_sce%{sover} -p /sbin/ldconfig
 
 %preun utils
-%{stop_on_removal oscap-scan}
+%service_del_preun oscap-scan.service
 
 %post utils
-%{fillup_and_insserv -n oscap-scan}
+%service_add_post oscap-scan.service
+%{fillup -n oscap-scan}
 
 %postun utils
-%{restart_on_update oscap-scan}
-%{insserv_cleanup}
+%service_del_postun oscap-scan.service
+
+%pre utils
+%service_add_pre oscap-scan.service
 
 %files
 %defattr(-, root, root)

From ddbf5be776ba8f65be1b19b070a6aa58fc9dc71c5aa1775786677e3045e3d0f3 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Mon, 5 Mar 2018 13:31:32 +0000
Subject: [PATCH 5/6] OBS-URL:
 https://build.opensuse.org/package/show/security/openscap?expand=0&rev=207

---
 openscap.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openscap.spec b/openscap.spec
index dcc6972..b95fba8 100644
--- a/openscap.spec
+++ b/openscap.spec
@@ -224,7 +224,7 @@ ln -s  %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/
 
 %post utils
 %service_add_post oscap-scan.service
-%{fillup -n oscap-scan}
+%{fillup_only -n oscap-scan}
 
 %postun utils
 %service_del_postun oscap-scan.service

From da4441b12ae2c386b3a9037759759c2eec5bf1689c7538ad3fa7d05ae7da34ae Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Mon, 5 Mar 2018 15:23:38 +0000
Subject: [PATCH 6/6] Accepting request 583005 from
 home:jengelh:branches:security

- Replace old $RPM_* shell vars.

OBS-URL: https://build.opensuse.org/request/show/583005
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=208
---
 openscap.changes |  5 +++++
 openscap.spec    | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/openscap.changes b/openscap.changes
index ff4b040..3f7de92 100644
--- a/openscap.changes
+++ b/openscap.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Mar  5 15:11:19 UTC 2018 - jengelh@inai.de
+
+- Replace old $RPM_* shell vars.
+
 -------------------------------------------------------------------
 Mon Mar  5 12:39:51 UTC 2018 - meissner@suse.com
 
diff --git a/openscap.spec b/openscap.spec
index b95fba8..9fd5629 100644
--- a/openscap.spec
+++ b/openscap.spec
@@ -63,7 +63,7 @@ BuildRequires:  rpm-devel
 BuildRequires:  swig
 BuildRequires:  unixODBC-devel
 Summary:        A Set of Libraries for Integration with SCAP
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          Development/Tools/Other
 BuildRequires:  systemd-rpm-macros
 
@@ -198,20 +198,20 @@ find %{buildroot} -name "*.la" -delete
 # last python2 user in oscap-utils ... needs porting to python3
 rm %{buildroot}/usr/bin/scap-as-rpm
 
-mkdir -p $RPM_BUILD_ROOT%{_fillupdir}
-install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_fillupdir}
+mkdir -p %{buildroot}/%{_fillupdir}
+install -m 644 %{SOURCE2} %{buildroot}/%{_fillupdir}
 
-install -m 644 %{SOURCE3}  $RPM_BUILD_ROOT/%{_datadir}/openscap
-install -m 644 %{SOURCE4}  $RPM_BUILD_ROOT/%{_datadir}/openscap
+install -m 644 %{SOURCE3} %{buildroot}/%{_datadir}/openscap
+install -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/openscap
 
 # specific local scan during boot script
-mkdir -p $RPM_BUILD_ROOT/%{_unitdir}/
-install -m 644 %{SOURCE5}  $RPM_BUILD_ROOT/%{_unitdir}/oscap-scan.service
-install -m 755 %{SOURCE6}  $RPM_BUILD_ROOT/%{_bindir}/oscap-scan
+mkdir -p %{buildroot}/%{_unitdir}
+install -m 644 %{SOURCE5} %{buildroot}/%{_unitdir}/oscap-scan.service
+install -m 755 %{SOURCE6} %{buildroot}/%{_bindir}/oscap-scan
 
 # create symlinks to default content
-ln -s  %{_datadir}/openscap/scap-yast2sec-oval.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-oval.xml
-ln -s  %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-xccdf.xml
+ln -s  %{_datadir}/openscap/scap-yast2sec-oval.xml %{buildroot}/%{_datadir}/openscap/scap-oval.xml
+ln -s  %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/openscap/scap-xccdf.xml
 
 %post -n libopenscap%{sover} -p /sbin/ldconfig
 %post -n libopenscap_sce%{sover} -p /sbin/ldconfig