diff options
author | Armin Kuster <akuster808@gmail.com> | 2017-09-17 15:49:37 -0700 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2017-09-30 11:47:20 -0700 |
commit | 55dade439198bc6fa408f59c89c6d97ca174b729 (patch) | |
tree | 5c7a6267f0fd4ec4f23504928a821b95a2619b54 | |
parent | bb789d6d88b0753f12b5bff14bef69d1455eed3b (diff) | |
download | meta-security-55dade439198bc6fa408f59c89c6d97ca174b729.tar.gz |
openscap: add package
Signed-off-by: Armin Kuster <akuster808@gmail.com>
5 files changed, 140 insertions, 0 deletions
diff --git a/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch b/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch new file mode 100644 index 0000000..2d70855 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | Index: git/configure.ac | ||
2 | =================================================================== | ||
3 | --- git.orig/configure.ac | ||
4 | +++ git/configure.ac | ||
5 | @@ -360,25 +360,13 @@ case "${with_crypto}" in | ||
6 | AC_DEFINE([HAVE_NSS3], [1], [Define to 1 if you have 'NSS' library.]) | ||
7 | ;; | ||
8 | gcrypt) | ||
9 | - SAVE_LIBS=$LIBS | ||
10 | - AC_CHECK_LIB([gcrypt], [gcry_check_version], | ||
11 | - [crapi_CFLAGS=`libgcrypt-config --cflags`; | ||
12 | - crapi_LIBS=`libgcrypt-config --libs`; | ||
13 | - crapi_libname="GCrypt";], | ||
14 | - [AC_MSG_ERROR([library 'gcrypt' is required for GCrypt.])], | ||
15 | - []) | ||
16 | - AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'gcrypt' library.]) | ||
17 | - AC_CACHE_CHECK([for GCRYCTL_SET_ENFORCED_FIPS_FLAG], | ||
18 | - [ac_cv_gcryctl_set_enforced_fips_flag], | ||
19 | - [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include<gcrypt.h>], | ||
20 | - [return GCRYCTL_SET_ENFORCED_FIPS_FLAG;])], | ||
21 | - [ac_cv_gcryctl_set_enforced_fips_flag=yes], | ||
22 | - [ac_cv_gcryctl_set_enforced_fips_flag=no])]) | ||
23 | + PKG_CHECK_MODULES([libgcrypt], [libgcrypt >= 1.7.9],[], | ||
24 | + AC_MSG_FAILURE([libgcrypt devel support is missing])) | ||
25 | |||
26 | - if test "${ac_cv_gcryctl_set_enforced_fips_flag}" == "yes"; then | ||
27 | - AC_DEFINE([HAVE_GCRYCTL_SET_ENFORCED_FIPS_FLAG], [1], [Define to 1 if you have 'gcrypt' library with GCRYCTL_SET_ENFORCED_FIPS_FLAG.]) | ||
28 | - fi | ||
29 | - LIBS=$SAVE_LIBS | ||
30 | + crapi_libname="libgcrypt" | ||
31 | + crapi_CFLAGS=$libgcrypt_CFLAGS | ||
32 | + crapi_LIBS=$libgcrypt_LIBS | ||
33 | + AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'libgcrypt' library.]) | ||
34 | ;; | ||
35 | *) | ||
36 | AC_MSG_ERROR([unknown crypto backend]) | ||
diff --git a/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch b/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch new file mode 100644 index 0000000..ecbe602 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch | |||
@@ -0,0 +1,17 @@ | |||
1 | Index: git/configure.ac | ||
2 | =================================================================== | ||
3 | --- git.orig/configure.ac | ||
4 | +++ git/configure.ac | ||
5 | @@ -1109,11 +1109,7 @@ AC_ARG_WITH([crypto], | ||
6 | [], | ||
7 | [crypto=gcrypt]) | ||
8 | |||
9 | -if test "x${libexecdir}" = xNONE; then | ||
10 | - probe_dir="/usr/local/libexec/openscap" | ||
11 | -else | ||
12 | - EXPAND_DIR(probe_dir,"${libexecdir}/openscap") | ||
13 | -fi | ||
14 | +probe_dir="/usr/local/libexec/openscap" | ||
15 | |||
16 | AC_SUBST(probe_dir) | ||
17 | |||
diff --git a/meta-security-compliance/recipes-openscap/openscap/files/run-ptest b/meta-security-compliance/recipes-openscap/openscap/files/run-ptest new file mode 100644 index 0000000..454a6a3 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/files/run-ptest | |||
@@ -0,0 +1,3 @@ | |||
1 | #!/bin/sh | ||
2 | cd tests | ||
3 | make -k check | ||
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security-compliance/recipes-openscap/openscap/openscap.inc new file mode 100644 index 0000000..e9589b6 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/openscap.inc | |||
@@ -0,0 +1,2 @@ | |||
1 | STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source" | ||
2 | STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" | ||
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb new file mode 100644 index 0000000..0d26959 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb | |||
@@ -0,0 +1,82 @@ | |||
1 | # Copyright (C) 2017 Armin Kuster <akuster808@gmail.com> | ||
2 | # Released under the MIT license (see COPYING.MIT for the terms) | ||
3 | |||
4 | SUMARRY = "NIST Certified SCAP 1.2 toolkit" | ||
5 | HOME_URL = "https://www.open-scap.org/tools/openscap-base/" | ||
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" | ||
7 | LICENSE = "LGPL-2.1" | ||
8 | |||
9 | DEPENDS = "autoconf-archive pkgconfig gconf procps curl libxml2 rpm \ | ||
10 | libxslt libcap swig swig-native" | ||
11 | |||
12 | DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native nss-native" | ||
13 | |||
14 | SRCREV = "7a924c0eea10d05f512660192c8c4aef447801a6" | ||
15 | SRC_URI = "git://github.com/akuster/openscap.git;branch=oe \ | ||
16 | file://crypto_pkgconfig.patch \ | ||
17 | file://run-ptest \ | ||
18 | " | ||
19 | |||
20 | inherit autotools-brokensep pkgconfig python3native perlnative ptest | ||
21 | |||
22 | S = "${WORKDIR}/git" | ||
23 | |||
24 | PACKAGECONFIG ?= "nss3 pcre rpm" | ||
25 | PACKAGECONFIG[pcre] = ",--enable-regex-posix, libpcre" | ||
26 | PACKAGECONFIG[gcrypt] = "--with-crypto=gcrypt,, libgcrypt " | ||
27 | PACKAGECONFIG[nss3] = "--with-crypto=nss3,, nss" | ||
28 | PACKAGECONFIG[python] = "--enable-python, --disable-python, python, python" | ||
29 | PACKAGECONFIG[python3] = "--enable-python3, --disable-python3, python3, python3" | ||
30 | PACKAGECONFIG[perl] = "--enable-perl, --disable-perl, perl, perl" | ||
31 | PACKAGECONFIG[rpm] = " --enable-util-scap-as-rpm, --disable-util-scap-as-rpm, rpm, rpm" | ||
32 | |||
33 | EXTRA_OECONF += "--enable-probes-independent --enable-probes-linux \ | ||
34 | --enable-probes-solaris --enable-probes-unix --disable-util-oscap-docker\ | ||
35 | --enable-util-oscap-ssh --enable-util-oscap --enable-ssp --enable-sce \ | ||
36 | " | ||
37 | |||
38 | EXTRA_OECONF_class-native += "--disable-probes-independent --enable-probes-linux \ | ||
39 | --disable-probes-solaris --disable-probes-unix \ | ||
40 | --enable-util-oscap \ | ||
41 | " | ||
42 | |||
43 | do_configure_prepend () { | ||
44 | sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/perl/Makefile.am | ||
45 | sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python3/Makefile.am | ||
46 | sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python2/Makefile.am | ||
47 | } | ||
48 | |||
49 | |||
50 | include openscap.inc | ||
51 | |||
52 | do_configure_append_class-native () { | ||
53 | sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${S}/config.h | ||
54 | sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${S}/config.h | ||
55 | sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${S}/config.h | ||
56 | } | ||
57 | |||
58 | do_clean[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}" | ||
59 | |||
60 | do_install_append_class-native () { | ||
61 | oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native} | ||
62 | install -d $oscapdir | ||
63 | cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir | ||
64 | } | ||
65 | |||
66 | TESTDIR = "tests" | ||
67 | |||
68 | do_compile_ptest() { | ||
69 | echo 'buildtest-TESTS: $(check)' >> ${TESTDIR}/Makefile | ||
70 | oe_runmake -C ${TESTDIR} buildtest-TESTS | ||
71 | } | ||
72 | |||
73 | do_install_ptest() { | ||
74 | # install the tests | ||
75 | cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH} | ||
76 | } | ||
77 | |||
78 | FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}" | ||
79 | |||
80 | RDEPENDS_${PN} += "libxml2 python libgcc" | ||
81 | |||
82 | BBCLASSEXTEND = "native" | ||