diff options
| author | Yi Zhao <yi.zhao@eng.windriver.com> | 2023-08-30 22:38:59 +0800 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2023-09-08 12:06:31 -0400 |
| commit | 533da3cd2b17c866b04bac530c90548fd46861d2 (patch) | |
| tree | 99d994150feed3a2f4f5fa130824cd1ff1ae7c9f | |
| parent | b9bc938785ccbdf4337243a194fcad476fcde4c6 (diff) | |
| download | meta-security-533da3cd2b17c866b04bac530c90548fd46861d2.tar.gz | |
scap-security-guide: pass the correct cpe/schemas/xsl paths to oscap
There is a build error when using openscap-native sstate cache mirror.
Steps to reproduce:
Create a new build project in build-1 directory.
$ bitbake openscap-native
Then remove all directories in build-1 directory except sstate-cache.
Use the sstate-cache directory as sstate mirror.
Create another new build project in build-2 directory.
Set SSATE_MIRRORS to point to the sstate-cache in build-1 directory.
$ bitbake scap-security-guide
Error message:
OpenSCAP Error: Schema file 'sds/1.3/scap-source-data-stream_1.3.xsd' not found in path
'/build-1/tmp-glibc/work-shared/openscap/oscap-build-artifacts/usr/share/openscap/schemas' when trying to validate
'/build-2/tmp-glibc/work/corei7-64-wrs-linux/scap-security-guide/0.1.67/build/ssg-openembedded-ds.xml'
[/build-1/tmp-glibc/work/x86_64-linux/openscap-native/1.3.8/git/src/source/validate.c:103]
The oscap command from openscap-native tries to find the schema files in
build-1 directory since these paths are hardcoded when building
openscap-native.
We need to pass the correct cpe/schemas/xsl paths to oscap to make sure
it can find the files in right location.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb index 988e48b..a972c24 100644 --- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb | |||
| @@ -22,6 +22,11 @@ B = "${S}/build" | |||
| 22 | 22 | ||
| 23 | inherit cmake pkgconfig python3native python3targetconfig ptest | 23 | inherit cmake pkgconfig python3native python3targetconfig ptest |
| 24 | 24 | ||
| 25 | STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" | ||
| 26 | export OSCAP_CPE_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe" | ||
| 27 | export OSCAP_SCHEMA_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas" | ||
| 28 | export OSCAP_XSLT_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl" | ||
| 29 | |||
| 25 | OECMAKE_GENERATOR = "Unix Makefiles" | 30 | OECMAKE_GENERATOR = "Unix Makefiles" |
| 26 | 31 | ||
| 27 | EXTRA_OECMAKE += "-DENABLE_PYTHON_COVERAGE=OFF -DSSG_PRODUCT_DEFAULT=OFF -DSSG_PRODUCT_OE=ON" | 32 | EXTRA_OECMAKE += "-DENABLE_PYTHON_COVERAGE=OFF -DSSG_PRODUCT_DEFAULT=OFF -DSSG_PRODUCT_OE=ON" |