openscap: add package

Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2017-09-17 15:49:37 -0700
committer: Armin Kuster <akuster808@gmail.com> 2017-09-30 11:47:20 -0700
commit: 55dade439198bc6fa408f59c89c6d97ca174b729 (patch)
tree: 5c7a6267f0fd4ec4f23504928a821b95a2619b54
parent: bb789d6d88b0753f12b5bff14bef69d1455eed3b (diff)
download: meta-security-55dade439198bc6fa408f59c89c6d97ca174b729.tar.gz
5 files changed, 140 insertions, 0 deletions
diff --git a/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch b/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch
new file mode 100644
index 0000000..2d70855
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch
@@ -0,0 +1,36 @@
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
+++ git/configure.ac
+@@ -360,25 +360,13 @@ case "${with_crypto}" in
+         AC_DEFINE([HAVE_NSS3], [1], [Define to 1 if you have 'NSS' library.])
+         ;;
+     gcrypt)
+-       SAVE_LIBS=$LIBS
+-        AC_CHECK_LIB([gcrypt], [gcry_check_version],
+-                     [crapi_CFLAGS=`libgcrypt-config --cflags`;
+-                      crapi_LIBS=`libgcrypt-config --libs`;
+-                      crapi_libname="GCrypt";],
+-                     [AC_MSG_ERROR([library 'gcrypt' is required for GCrypt.])],
+-                     [])
+-        AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'gcrypt' library.])
+-       AC_CACHE_CHECK([for GCRYCTL_SET_ENFORCED_FIPS_FLAG],
+-                    [ac_cv_gcryctl_set_enforced_fips_flag],
+-                    [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include<gcrypt.h>],
+-                                                        [return GCRYCTL_SET_ENFORCED_FIPS_FLAG;])],
+-                                       [ac_cv_gcryctl_set_enforced_fips_flag=yes],
+-                                       [ac_cv_gcryctl_set_enforced_fips_flag=no])])
+       PKG_CHECK_MODULES([libgcrypt], [libgcrypt >= 1.7.9],[],
+                         AC_MSG_FAILURE([libgcrypt devel support is missing]))
+ 
+-       if test "${ac_cv_gcryctl_set_enforced_fips_flag}" == "yes"; then
+-          AC_DEFINE([HAVE_GCRYCTL_SET_ENFORCED_FIPS_FLAG], [1], [Define to 1 if you have 'gcrypt' library with GCRYCTL_SET_ENFORCED_FIPS_FLAG.])
+-       fi
+-       LIBS=$SAVE_LIBS
+       crapi_libname="libgcrypt"
+       crapi_CFLAGS=$libgcrypt_CFLAGS
+       crapi_LIBS=$libgcrypt_LIBS
+        AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'libgcrypt' library.])
+         ;;
+          *)
+           AC_MSG_ERROR([unknown crypto backend])
diff --git a/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch b/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch
new file mode 100644
index 0000000..ecbe602
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch
@@ -0,0 +1,17 @@
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
+++ git/configure.ac
+@@ -1109,11 +1109,7 @@ AC_ARG_WITH([crypto],
+      [],
+      [crypto=gcrypt])
+ 
+-if test "x${libexecdir}" = xNONE; then
+-       probe_dir="/usr/local/libexec/openscap"
+-else
+-       EXPAND_DIR(probe_dir,"${libexecdir}/openscap")
+-fi
+probe_dir="/usr/local/libexec/openscap"
+ 
+ AC_SUBST(probe_dir)
+ 
diff --git a/meta-security-compliance/recipes-openscap/openscap/files/run-ptest b/meta-security-compliance/recipes-openscap/openscap/files/run-ptest
new file mode 100644
index 0000000..454a6a3
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/openscap/files/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+cd tests
+make -k check
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
new file mode 100644
index 0000000..e9589b6
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
@@ -0,0 +1,2 @@
+STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source"
+STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb
new file mode 100644
index 0000000..0d26959
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb
@@ -0,0 +1,82 @@
+# Copyright (C) 2017 Armin Kuster  <akuster808@gmail.com>
+# Released under the MIT license (see COPYING.MIT for the terms)
+SUMARRY = "NIST Certified SCAP 1.2 toolkit"
+HOME_URL = "https://www.open-scap.org/tools/openscap-base/"
+LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
+LICENSE = "LGPL-2.1"
+DEPENDS = "autoconf-archive pkgconfig gconf procps curl libxml2 rpm \
+          libxslt libcap swig swig-native"
+DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native nss-native"
+SRCREV = "7a924c0eea10d05f512660192c8c4aef447801a6"
+SRC_URI = "git://github.com/akuster/openscap.git;branch=oe \
+           file://crypto_pkgconfig.patch \
+           file://run-ptest \
+"
+inherit autotools-brokensep pkgconfig python3native perlnative ptest
+S = "${WORKDIR}/git"
+PACKAGECONFIG ?= "nss3 pcre rpm"
+PACKAGECONFIG[pcre] = ",--enable-regex-posix, libpcre"
+PACKAGECONFIG[gcrypt] = "--with-crypto=gcrypt,, libgcrypt "
+PACKAGECONFIG[nss3] = "--with-crypto=nss3,, nss"
+PACKAGECONFIG[python] = "--enable-python, --disable-python, python, python"
+PACKAGECONFIG[python3] = "--enable-python3, --disable-python3, python3, python3"
+PACKAGECONFIG[perl] = "--enable-perl, --disable-perl, perl, perl"
+PACKAGECONFIG[rpm] = " --enable-util-scap-as-rpm, --disable-util-scap-as-rpm, rpm, rpm"
+EXTRA_OECONF += "--enable-probes-independent --enable-probes-linux \
+                --enable-probes-solaris --enable-probes-unix  --disable-util-oscap-docker\
+                --enable-util-oscap-ssh --enable-util-oscap --enable-ssp --enable-sce \
+"
+EXTRA_OECONF_class-native += "--disable-probes-independent --enable-probes-linux \
+                --disable-probes-solaris --disable-probes-unix \
+                --enable-util-oscap \
+"
+do_configure_prepend () {
+        sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/perl/Makefile.am
+        sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python3/Makefile.am
+        sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python2/Makefile.am
+}
+include openscap.inc
+do_configure_append_class-native () {
+        sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${S}/config.h
+        sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${S}/config.h
+        sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${S}/config.h
+}
+do_clean[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}"
+do_install_append_class-native () {
+        oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native}
+        install -d $oscapdir    
+        cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir
+}
+TESTDIR = "tests"
+do_compile_ptest() {
+    echo 'buildtest-TESTS: $(check)' >> ${TESTDIR}/Makefile
+    oe_runmake -C ${TESTDIR} buildtest-TESTS
+}
+do_install_ptest() {
+    # install the tests
+    cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH}
+}
+FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}"
+RDEPENDS_${PN} += "libxml2 python libgcc"
+BBCLASSEXTEND = "native"
author	Armin Kuster <akuster808@gmail.com>	2017-09-17 15:49:37 -0700
committer	Armin Kuster <akuster808@gmail.com>	2017-09-30 11:47:20 -0700
commit	55dade439198bc6fa408f59c89c6d97ca174b729 (patch)
tree	5c7a6267f0fd4ec4f23504928a821b95a2619b54
parent	bb789d6d88b0753f12b5bff14bef69d1455eed3b (diff)
download	meta-security-55dade439198bc6fa408f59c89c6d97ca174b729.tar.gz

diff --git a/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch b/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch new file mode 100644 index 0000000..2d70855 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch
@@ -0,0 +1,36 @@
	1	Index: git/configure.ac
	2	===================================================================
	3	--- git.orig/configure.ac
	4	+++ git/configure.ac
	5	@@ -360,25 +360,13 @@ case "${with_crypto}" in
	6	AC_DEFINE([HAVE_NSS3], [1], [Define to 1 if you have 'NSS' library.])
	7	;;
	8	gcrypt)
	9	- SAVE_LIBS=$LIBS
	10	- AC_CHECK_LIB([gcrypt], [gcry_check_version],
	11	- [crapi_CFLAGS=`libgcrypt-config --cflags`;
	12	- crapi_LIBS=`libgcrypt-config --libs`;
	13	- crapi_libname="GCrypt";],
	14	- [AC_MSG_ERROR([library 'gcrypt' is required for GCrypt.])],
	15	- [])
	16	- AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'gcrypt' library.])
	17	- AC_CACHE_CHECK([for GCRYCTL_SET_ENFORCED_FIPS_FLAG],
	18	- [ac_cv_gcryctl_set_enforced_fips_flag],
	19	- [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include<gcrypt.h>],
	20	- [return GCRYCTL_SET_ENFORCED_FIPS_FLAG;])],
	21	- [ac_cv_gcryctl_set_enforced_fips_flag=yes],
	22	- [ac_cv_gcryctl_set_enforced_fips_flag=no])])
	23	+ PKG_CHECK_MODULES([libgcrypt], [libgcrypt >= 1.7.9],[],
	24	+ AC_MSG_FAILURE([libgcrypt devel support is missing]))
	25
	26	- if test "${ac_cv_gcryctl_set_enforced_fips_flag}" == "yes"; then
	27	- AC_DEFINE([HAVE_GCRYCTL_SET_ENFORCED_FIPS_FLAG], [1], [Define to 1 if you have 'gcrypt' library with GCRYCTL_SET_ENFORCED_FIPS_FLAG.])
	28	- fi
	29	- LIBS=$SAVE_LIBS
	30	+ crapi_libname="libgcrypt"
	31	+ crapi_CFLAGS=$libgcrypt_CFLAGS
	32	+ crapi_LIBS=$libgcrypt_LIBS
	33	+ AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'libgcrypt' library.])
	34	;;
	35	*)
	36	AC_MSG_ERROR([unknown crypto backend])


diff --git a/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch b/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch new file mode 100644 index 0000000..ecbe602 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch
@@ -0,0 +1,17 @@
	1	Index: git/configure.ac
	2	===================================================================
	3	--- git.orig/configure.ac
	4	+++ git/configure.ac
	5	@@ -1109,11 +1109,7 @@ AC_ARG_WITH([crypto],
	6	[],
	7	[crypto=gcrypt])
	8
	9	-if test "x${libexecdir}" = xNONE; then
	10	- probe_dir="/usr/local/libexec/openscap"
	11	-else
	12	- EXPAND_DIR(probe_dir,"${libexecdir}/openscap")
	13	-fi
	14	+probe_dir="/usr/local/libexec/openscap"
	15
	16	AC_SUBST(probe_dir)
	17


diff --git a/meta-security-compliance/recipes-openscap/openscap/files/run-ptest b/meta-security-compliance/recipes-openscap/openscap/files/run-ptest new file mode 100644 index 0000000..454a6a3 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/files/run-ptest
@@ -0,0 +1,3 @@
	1	#!/bin/sh
	2	cd tests
	3	make -k check


diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security-compliance/recipes-openscap/openscap/openscap.inc new file mode 100644 index 0000000..e9589b6 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
@@ -0,0 +1,2 @@
	1	STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source"
	2	STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"


diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb new file mode 100644 index 0000000..0d26959 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb
@@ -0,0 +1,82 @@
	1	# Copyright (C) 2017 Armin Kuster <akuster808@gmail.com>
	2	# Released under the MIT license (see COPYING.MIT for the terms)
	3
	4	SUMARRY = "NIST Certified SCAP 1.2 toolkit"
	5	HOME_URL = "https://www.open-scap.org/tools/openscap-base/"
	6	LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
	7	LICENSE = "LGPL-2.1"
	8
	9	DEPENDS = "autoconf-archive pkgconfig gconf procps curl libxml2 rpm \
	10	libxslt libcap swig swig-native"
	11
	12	DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native nss-native"
	13
	14	SRCREV = "7a924c0eea10d05f512660192c8c4aef447801a6"
	15	SRC_URI = "git://github.com/akuster/openscap.git;branch=oe \
	16	file://crypto_pkgconfig.patch \
	17	file://run-ptest \
	18	"
	19
	20	inherit autotools-brokensep pkgconfig python3native perlnative ptest
	21
	22	S = "${WORKDIR}/git"
	23
	24	PACKAGECONFIG ?= "nss3 pcre rpm"
	25	PACKAGECONFIG[pcre] = ",--enable-regex-posix, libpcre"
	26	PACKAGECONFIG[gcrypt] = "--with-crypto=gcrypt,, libgcrypt "
	27	PACKAGECONFIG[nss3] = "--with-crypto=nss3,, nss"
	28	PACKAGECONFIG[python] = "--enable-python, --disable-python, python, python"
	29	PACKAGECONFIG[python3] = "--enable-python3, --disable-python3, python3, python3"
	30	PACKAGECONFIG[perl] = "--enable-perl, --disable-perl, perl, perl"
	31	PACKAGECONFIG[rpm] = " --enable-util-scap-as-rpm, --disable-util-scap-as-rpm, rpm, rpm"
	32
	33	EXTRA_OECONF += "--enable-probes-independent --enable-probes-linux \
	34	--enable-probes-solaris --enable-probes-unix --disable-util-oscap-docker\
	35	--enable-util-oscap-ssh --enable-util-oscap --enable-ssp --enable-sce \
	36	"
	37
	38	EXTRA_OECONF_class-native += "--disable-probes-independent --enable-probes-linux \
	39	--disable-probes-solaris --disable-probes-unix \
	40	--enable-util-oscap \
	41	"
	42
	43	do_configure_prepend () {
	44	sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/perl/Makefile.am
	45	sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python3/Makefile.am
	46	sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python2/Makefile.am
	47	}
	48
	49
	50	include openscap.inc
	51
	52	do_configure_append_class-native () {
	53	sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${S}/config.h
	54	sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${S}/config.h
	55	sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${S}/config.h
	56	}
	57
	58	do_clean[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}"
	59
	60	do_install_append_class-native () {
	61	oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native}
	62	install -d $oscapdir
	63	cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir
	64	}
	65
	66	TESTDIR = "tests"
	67
	68	do_compile_ptest() {
	69	echo 'buildtest-TESTS: $(check)' >> ${TESTDIR}/Makefile
	70	oe_runmake -C ${TESTDIR} buildtest-TESTS
	71	}
	72
	73	do_install_ptest() {
	74	# install the tests
	75	cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH}
	76	}
	77
	78	FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}"
	79
	80	RDEPENDS_${PN} += "libxml2 python libgcc"
	81
	82	BBCLASSEXTEND = "native"