# # spec file for package openscap # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir /var/adm/fillup-templates %endif %define sover 25 %define with_bindings 0 Name: openscap Version: 1.3.4 Release: 0 Source: https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz # temp snapshot to make it build with new RPM before 1.3.2 #Source: openscap-%version.tar.bz2 Source1: openscap-rpmlintrc Source2: sysconfig.oscap-scan # SUSE specific profile, based on yast2-security checks. # Generated from http://gitorious.org/test-suite/scap Source3: scap-yast2sec-xccdf.xml Source4: scap-yast2sec-oval.xml Source5: oscap-scan.service Source6: oscap-scan.sh Patch0: openscap-new-suse.patch URL: https://www.open-scap.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: asciidoc BuildRequires: doxygen # Next few lines are needed for unit tests, they expect /etc/os-release to exist %if !0%{?is_opensuse} && 0%{?sle_version} < 130000 BuildRequires: sles-release %else BuildRequires: distribution-release %endif BuildRequires: libacl-devel BuildRequires: libattr-devel BuildRequires: libbz2-devel BuildRequires: libcurl-devel BuildRequires: libgcrypt-devel BuildRequires: libxml2-devel # Use package name cause of "have choice for perl(XML::Parser): brp-check-suse perl-XML-Parser" BuildRequires: cmake BuildRequires: dbus-1-devel BuildRequires: gcc-c++ BuildRequires: libblkid-devel BuildRequires: libcap-devel BuildRequires: libselinux-devel BuildRequires: libtool BuildRequires: libxslt-devel BuildRequires: lua BuildRequires: openldap2-devel BuildRequires: pcre-devel BuildRequires: perl-XML-Parser BuildRequires: perl-XML-XPath BuildRequires: pkg-config BuildRequires: procps BuildRequires: procps-devel BuildRequires: python-devel BuildRequires: rpm-devel BuildRequires: sendmail BuildRequires: swig BuildRequires: unixODBC-devel BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(gobject-2.0) Summary: A Set of Libraries for Integration with SCAP License: LGPL-2.1-or-later Group: Development/Tools/Other BuildRequires: systemd-rpm-macros # remove extra packages from version 1.2.9 and older Obsoletes: openscap-engine-sce < %{version} Obsoletes: openscap-extra-probes < %{version} %description OpenSCAP is a set of open source libraries providing an easier path for integration of the SCAP line of standards. SCAP is a line of standards managed by NIST with the goal of providing a standard language for the expression of Computer Network Defense related information. More information about SCAP can be found at nvd.nist.gov. %package devel Requires: %{name} = %{version}-%{release} Requires: libopenscap%{sover} = %{version} Summary: Development Files for OpenSCAP Group: Development/Libraries/C and C++ %description devel This package contains the development files (mainly C header files) for the OpenSCAP C library. %package docker Summary: Docker plugin for OpenSCAP Group: System/Libraries %description docker This package contains the Docker support for OpenSCAP. %if 0%{?with_bindings} %package -n python-openscap %py_requires Requires: %{name} = %{version}-%{release} Provides: openscap-python = %{version}-%{release} Summary: OpenSCAP Python Library Group: Development/Libraries/Python %description -n python-openscap The OpenSCAP Python Library for easy integration with SCAP. %package -n perl-openscap Requires: %{name} = %{version}-%{release} Requires: perl = %{perl_version} Provides: openscap-perl = %{version}-%{release} Summary: OpenSCAP Perl Library Group: Development/Libraries/Perl %description -n perl-openscap The OpenSCAP Perl Library for easy integration with SCAP. %endif %package -n libopenscap%{sover} Summary: OpenSCAP C Library Group: System/Libraries %description -n libopenscap%{sover} The OpenSCAP C Library for easy integration with SCAP. %package utils Summary: Openscap utilities Group: System/Monitoring Requires: %{name} = %{version}-%{release} PreReq: %fillup_prereq %systemd_requires %description utils The %{name}-utils package contains various utilities based on %{name} library. %package content Summary: SCAP content Group: System/Monitoring Requires: %{name} = %{version}-%{release} %description content SCAP content for Fedora delivered by Open-SCAP project. %package -n libopenscap_sce%{sover} Summary: Script Checking Engine Library for OpenSCAP Group: System/Libraries %description -n libopenscap_sce%{sover} This package contains the Script Checking Engine Library (SCE) for OpenSCAP. %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} %prep %setup -q %patch0 -p1 %build %if 0%{?with_bindings} %cmake -DENABLE_DOCS=TRUE -DCMAKE_SHARED_LINKER_FLAGS="" %else %cmake -DENABLE_DOCS=TRUE -DENABLE_PYTHON3=FALSE -DENABLE_PERL=FALSE -DCMAKE_SHARED_LINKER_FLAGS="" %endif %make_jobs %check export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{buildroot}/%{_libdir} cd build # unit tests do not succeed, while working on 1.3 migration we submitted a few # patches upstream but there is still one unit test that always fails and 1-3 # which fail occasionally ctest %{?_smp_mflags} || : cd .. %install %cmake_install mkdir -p %{buildroot}/%{_fillupdir} install -m 644 %{SOURCE2} %{buildroot}/%{_fillupdir} mkdir -p %{buildroot}/%{_libexecdir}/openscap mkdir -p %{buildroot}/%{_libdir}/openscap install -m 644 %{SOURCE3} %{buildroot}/%{_datadir}/openscap install -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/openscap # specific local scan during boot script mkdir -p %{buildroot}/%{_unitdir} install -m 644 %{SOURCE5} %{buildroot}/%{_unitdir}/oscap-scan.service mkdir -p %{buildroot}/%{_bindir} install -m 755 %{SOURCE6} %{buildroot}/%{_bindir}/oscap-scan mkdir -p %{buildroot}/%{_sbindir} ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcoscap-scan mkdir -p %{buildroot}%{_datadir}/bash-completion/completions mv %{buildroot}%{_sysconfdir}/bash_completion.d/* %{buildroot}%{_datadir}/bash-completion/completions/ # create symlinks to default content ln -s %{_datadir}/openscap/scap-yast2sec-oval.xml %{buildroot}/%{_datadir}/openscap/scap-oval.xml ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/openscap/scap-xccdf.xml %post -n libopenscap%{sover} -p /sbin/ldconfig %postun -n libopenscap%{sover} -p /sbin/ldconfig %post -n libopenscap_sce%{sover} -p /sbin/ldconfig %postun -n libopenscap_sce%{sover} -p /sbin/ldconfig %post -n openscap-utils %service_add_post oscap-scan.service %postun -n openscap-utils %service_del_postun oscap-scan.service %pre -n openscap-utils %service_add_pre oscap-scan.service %preun -n openscap-utils %service_del_preun oscap-scan.service %files %defattr(-, root, root) %license COPYING %doc AUTHORS NEWS %dir %{_datadir}/openscap %dir %{_datadir}/openscap/cpe %dir %{_datadir}/openscap/schemas %dir %{_datadir}/openscap/xsl %{_datadir}/openscap/cpe/* %{_datadir}/openscap/schemas/* %{_datadir}/openscap/xsl/* %files -n libopenscap%{sover} %defattr(-, root, root) %{_libdir}/libopenscap.so.%{sover}* %files devel %defattr(-, root, root) %dir /usr/share/doc/openscap /usr/share/doc/openscap/* %{_includedir}/* %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc %files docker %defattr(-, root, root) %if 0%{?suse_version} >= 1500 %{python3_sitelib}/oscap_docker_python %else %{python_sitelib}/oscap_docker_python %endif %{_bindir}/oscap-docker %if 0%{?with_bindings} %files -n python-openscap %defattr(-, root, root) %{python_sitearch}/* %files -n perl-openscap %defattr(-, root, root) %{perl_vendorlib}/openscap.pm %{perl_vendorarch}/openscap_pm.so %endif %files utils %defattr(-,root,root,-) %{_fillupdir}/sysconfig.oscap-scan %doc docs/oscap-scan.cron %{_mandir}/man8/* %{_unitdir}/oscap-scan.service %{_bindir}/autotailor %{_bindir}/oscap %{_bindir}/oscap-vm %{_bindir}/oscap-scan %{_bindir}/oscap-ssh %{_bindir}/oscap-chroot %{_bindir}/scap-as-rpm %{_bindir}/oscap-podman %{_bindir}/oscap-run-sce-script %{_sbindir}/rcoscap-scan %{_datadir}/bash-completion/completions/* %files content %defattr(-,root,root,-) %{_datadir}/openscap/scap*.xml %files -n libopenscap_sce%{sover} %defattr(-,root,root,-) %{_libdir}/libopenscap_sce.so.* %changelog