forked from pool/openscap
Marcus Meissner
afba4b9563
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=227
311 lines
9.0 KiB
RPMSpec
311 lines
9.0 KiB
RPMSpec
#
|
|
# spec file for package openscap
|
|
#
|
|
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
#Compat macro for new _fillupdir macro introduced in Nov 2017
|
|
%if ! %{defined _fillupdir}
|
|
%define _fillupdir /var/adm/fillup-templates
|
|
%endif
|
|
|
|
%define sover 25
|
|
%define with_bindings 0
|
|
|
|
Name: openscap
|
|
Version: 1.3.0
|
|
Release: 1.0
|
|
Source: https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz
|
|
Source1: openscap-rpmlintrc
|
|
Source2: sysconfig.oscap-scan
|
|
# SUSE specific profile, based on yast2-security
|
|
# checks.
|
|
# Generated from http://gitorious.org/test-suite/scap
|
|
Source3: scap-yast2sec-xccdf.xml
|
|
Source4: scap-yast2sec-oval.xml
|
|
Source5: oscap-scan.service
|
|
Source6: oscap-scan.sh
|
|
Patch0: openscap-new-suse.patch
|
|
Patch1: xinetd_probe.patch
|
|
Patch2: test_probes_rpmverifypackage-disable-epoch-test.patch
|
|
Patch3: sysctl_unittest.patch
|
|
Patch4: rpmverifyfile_unittest.patch
|
|
Patch5: rpmverify_unittest.patch
|
|
Url: http://www.open-scap.org/
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
BuildRequires: asciidoc
|
|
BuildRequires: doxygen
|
|
# Next few lines are needed for unit tests, they expect /etc/os-release to exist
|
|
%if !0%{?is_opensuse} && 0%{?sle_version} < 130000
|
|
BuildRequires: sles-release
|
|
%else
|
|
BuildRequires: dummy-release
|
|
%endif
|
|
BuildRequires: libacl-devel
|
|
BuildRequires: libattr-devel
|
|
BuildRequires: libbz2-devel
|
|
BuildRequires: libcurl-devel
|
|
BuildRequires: libgcrypt-devel
|
|
BuildRequires: libxml2-devel
|
|
# Use package name cause of "have choice for perl(XML::Parser): brp-check-suse perl-XML-Parser"
|
|
BuildRequires: cmake
|
|
BuildRequires: gcc-c++
|
|
BuildRequires: gconf2-devel
|
|
BuildRequires: libblkid-devel
|
|
BuildRequires: libcap-devel
|
|
BuildRequires: libselinux-devel
|
|
BuildRequires: libtool
|
|
BuildRequires: libxslt-devel
|
|
BuildRequires: lua
|
|
BuildRequires: openldap2-devel
|
|
BuildRequires: pcre-devel
|
|
BuildRequires: perl-XML-Parser
|
|
BuildRequires: perl-XML-XPath
|
|
BuildRequires: pkg-config
|
|
BuildRequires: procps
|
|
BuildRequires: procps-devel
|
|
BuildRequires: python-devel
|
|
BuildRequires: rpm-devel
|
|
BuildRequires: sendmail
|
|
BuildRequires: swig
|
|
BuildRequires: unixODBC-devel
|
|
Summary: A Set of Libraries for Integration with SCAP
|
|
License: LGPL-2.1-or-later
|
|
Group: Development/Tools/Other
|
|
BuildRequires: systemd-rpm-macros
|
|
|
|
%description
|
|
OpenSCAP is a set of open source libraries providing an easier path for
|
|
integration of the SCAP line of standards.
|
|
|
|
SCAP is a line of standards managed by NIST with the goal of providing
|
|
a standard language for the expression of Computer Network Defense
|
|
related information.
|
|
|
|
More information about SCAP can be found at nvd.nist.gov.
|
|
|
|
%package devel
|
|
Requires: %{name} = %{version}-%{release}
|
|
Requires: libopenscap%{sover} = %{version}
|
|
Summary: Development Files for OpenSCAP
|
|
Group: Development/Libraries/C and C++
|
|
|
|
%description devel
|
|
This package contains the development files (mainly C header files) for the
|
|
OpenSCAP C library.
|
|
|
|
%package docker
|
|
Summary: Docker plugin for OpenSCAP
|
|
Group: System/Libraries
|
|
|
|
%description docker
|
|
This package contains the Docker support for OpenSCAP.
|
|
|
|
%if 0%{?with_bindings}
|
|
%package -n python-openscap
|
|
%py_requires
|
|
Requires: %{name} = %{version}-%{release}
|
|
Provides: openscap-python = %{version}-%{release}
|
|
Summary: OpenSCAP Python Library
|
|
Group: Development/Libraries/Python
|
|
|
|
%description -n python-openscap
|
|
The OpenSCAP Python Library for easy integration with SCAP.
|
|
|
|
%package -n perl-openscap
|
|
Requires: %{name} = %{version}-%{release}
|
|
Requires: perl = %{perl_version}
|
|
Provides: openscap-perl = %{version}-%{release}
|
|
Summary: OpenSCAP Perl Library
|
|
Group: Development/Libraries/Perl
|
|
|
|
%description -n perl-openscap
|
|
The OpenSCAP Perl Library for easy integration with SCAP.
|
|
%endif
|
|
|
|
%package -n libopenscap%{sover}
|
|
Summary: OpenSCAP C Library
|
|
Group: System/Libraries
|
|
|
|
%description -n libopenscap%{sover}
|
|
The OpenSCAP C Library for easy integration with SCAP.
|
|
|
|
%package utils
|
|
Summary: Openscap utilities
|
|
Group: System/Monitoring
|
|
Requires: %{name} = %{version}-%{release}
|
|
PreReq: %fillup_prereq
|
|
%systemd_requires
|
|
|
|
%description utils
|
|
The %{name}-utils package contains various utilities based on %{name} library.
|
|
|
|
%package content
|
|
Summary: SCAP content
|
|
Group: System/Monitoring
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
|
%description content
|
|
SCAP content for Fedora delivered by Open-SCAP project.
|
|
|
|
%package -n libopenscap_sce%{sover}
|
|
Summary: Script Checking Engine Library for OpenSCAP
|
|
Group: System/Libraries
|
|
|
|
%description -n libopenscap_sce%{sover}
|
|
This package contains the Script Checking Engine Library (SCE) for OpenSCAP.
|
|
|
|
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
|
|
|
%prep
|
|
%setup -q
|
|
%patch0 -p1
|
|
%patch1 -p1
|
|
%patch2 -p1
|
|
%patch3 -p1
|
|
%patch4 -p1
|
|
%patch5 -p1
|
|
|
|
%build
|
|
%if 0%{?with_bindings}
|
|
%cmake -DENABLE_DOCS=TRUE -DCMAKE_SHARED_LINKER_FLAGS=""
|
|
%else
|
|
%cmake -DENABLE_DOCS=TRUE -DENABLE_PYTHON3=FALSE -DENABLE_PERL=FALSE -DCMAKE_SHARED_LINKER_FLAGS=""
|
|
%endif
|
|
%make_jobs
|
|
|
|
%check
|
|
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{buildroot}/%{_libdir}
|
|
cd build
|
|
# unit tests do not succeed, while working on 1.3 migration we submitted a few
|
|
# patches upstream but there is still one unit test that always fails and 1-3
|
|
# which fail occasionally
|
|
ctest %{?_smp_mflags} || :
|
|
cd ..
|
|
|
|
%install
|
|
%cmake_install
|
|
|
|
mkdir -p %{buildroot}/%{_fillupdir}
|
|
install -m 644 %{SOURCE2} %{buildroot}/%{_fillupdir}
|
|
|
|
mkdir -p %{buildroot}/%{_libexecdir}/openscap
|
|
mkdir -p %{buildroot}/%{_libdir}/openscap
|
|
|
|
install -m 644 %{SOURCE3} %{buildroot}/%{_datadir}/openscap
|
|
install -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/openscap
|
|
|
|
# specific local scan during boot script
|
|
mkdir -p %{buildroot}/%{_unitdir}
|
|
install -m 644 %{SOURCE5} %{buildroot}/%{_unitdir}/oscap-scan.service
|
|
mkdir -p %{buildroot}/%{_bindir}
|
|
install -m 755 %{SOURCE6} %{buildroot}/%{_bindir}/oscap-scan
|
|
|
|
mkdir -p %{buildroot}/%{_sbindir}
|
|
ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcoscap-scan
|
|
|
|
mkdir -p %{buildroot}%{_datadir}/bash-completion/completions
|
|
mv %{buildroot}%{_sysconfdir}/bash_completion.d/* %{buildroot}%{_datadir}/bash-completion/completions/
|
|
# create symlinks to default content
|
|
ln -s %{_datadir}/openscap/scap-yast2sec-oval.xml %{buildroot}/%{_datadir}/openscap/scap-oval.xml
|
|
ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/openscap/scap-xccdf.xml
|
|
|
|
%post -n libopenscap%{sover} -p /sbin/ldconfig
|
|
%postun -n libopenscap%{sover} -p /sbin/ldconfig
|
|
|
|
%post -n libopenscap_sce%{sover} -p /sbin/ldconfig
|
|
%postun -n libopenscap_sce%{sover} -p /sbin/ldconfig
|
|
|
|
%post -n openscap-utils
|
|
%service_add_post oscap-scan.service
|
|
|
|
%postun -n openscap-utils
|
|
%service_del_postun oscap-scan.service
|
|
|
|
%pre -n openscap-utils
|
|
%service_add_pre oscap-scan.service
|
|
|
|
%preun -n openscap-utils
|
|
%service_del_preun oscap-scan.service
|
|
|
|
%files
|
|
%defattr(-, root, root)
|
|
%license COPYING
|
|
%doc AUTHORS NEWS
|
|
%dir %{_datadir}/openscap
|
|
%dir %{_datadir}/openscap/cpe
|
|
%dir %{_datadir}/openscap/schemas
|
|
%dir %{_datadir}/openscap/xsl
|
|
%{_datadir}/openscap/cpe/*
|
|
%{_datadir}/openscap/schemas/*
|
|
%{_datadir}/openscap/xsl/*
|
|
|
|
%files -n libopenscap%{sover}
|
|
%defattr(-, root, root)
|
|
%{_libdir}/libopenscap.so.%{sover}*
|
|
|
|
%files devel
|
|
%defattr(-, root, root)
|
|
%dir /usr/share/doc/openscap
|
|
/usr/share/doc/openscap/*
|
|
%{_includedir}/*
|
|
%{_libdir}/*.so
|
|
%{_libdir}/pkgconfig/*.pc
|
|
|
|
%files docker
|
|
%defattr(-, root, root)
|
|
%if 0%{?suse_version} >= 1500
|
|
%{python3_sitelib}/oscap_docker_python
|
|
%else
|
|
%{python_sitelib}/oscap_docker_python
|
|
%endif
|
|
%{_bindir}/oscap-docker
|
|
|
|
%if 0%{?with_bindings}
|
|
%files -n python-openscap
|
|
%defattr(-, root, root)
|
|
%{python_sitearch}/*
|
|
|
|
%files -n perl-openscap
|
|
%defattr(-, root, root)
|
|
%{perl_vendorlib}/openscap.pm
|
|
%{perl_vendorarch}/openscap_pm.so
|
|
%endif
|
|
|
|
%files utils
|
|
%defattr(-,root,root,-)
|
|
%{_fillupdir}/sysconfig.oscap-scan
|
|
%doc docs/oscap-scan.cron
|
|
%{_mandir}/man8/*
|
|
%{_unitdir}/oscap-scan.service
|
|
%{_bindir}/oscap
|
|
%{_bindir}/oscap-vm
|
|
%{_bindir}/oscap-scan
|
|
%{_bindir}/oscap-ssh
|
|
%{_bindir}/oscap-chroot
|
|
%{_bindir}/scap-as-rpm
|
|
%{_sbindir}/rcoscap-scan
|
|
%{_datadir}/bash-completion/completions/*
|
|
|
|
%files content
|
|
%defattr(-,root,root,-)
|
|
%{_datadir}/openscap/scap*.xml
|
|
|
|
%files -n libopenscap_sce%{sover}
|
|
%defattr(-,root,root,-)
|
|
%{_libdir}/libopenscap_sce.so.*
|
|
|
|
%changelog
|