scap-security-guide: Fix openembedded platform tests and build

Add patches to fix openembedded nodistro tests and openembedded build within ssg metadata. Signed-Off-By: Jate Sujjavanich <jatedev@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Jate Sujjavanich <jatedev@gmail.com> 2021-01-10 16:21:04 +0000
committer: Armin Kuster <akuster808@gmail.com> 2021-02-14 16:31:00 -0800
commit: 16ee7308c9fd48d69b02c5519d2e5edddc560658 (patch)
tree: 08ff29bf709487414e984ea0bf20bd3d70e8f3db /meta-security-compliance
parent: 0a3c0f3499aa62bd41c52e958334586146e1e278 (diff)
download: meta-security-16ee7308c9fd48d69b02c5519d2e5edddc560658.tar.gz
3 files changed, 82 insertions, 0 deletions
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch
new file mode 100644
index 0000000..60664a3
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch
@@ -0,0 +1,46 @@
+From 2beb4bc83a157b21edb1a3fef295cd4cced467df Mon Sep 17 00:00:00 2001
+From: Jate Sujjavanich <jatedev@gmail.com>
+Date: Thu, 7 Jan 2021 18:10:01 -0500
+Subject: [PATCH 1/3] Fix platform spec, file check, tests in installed OS
+ detect for openembedded
+Change platform to multi in openembedded installed check matching others
+and allowing compile of xml into oval
+---
+ shared/checks/oval/installed_OS_is_openembedded.xml | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+diff --git a/shared/checks/oval/installed_OS_is_openembedded.xml b/shared/checks/oval/installed_OS_is_openembedded.xml
+index 763d17bcb..01df16b43 100644
+--- a/shared/checks/oval/installed_OS_is_openembedded.xml
+++ b/shared/checks/oval/installed_OS_is_openembedded.xml
+@@ -1,11 +1,9 @@
+-</def-group>
+-
+ <def-group>
+   <definition class="inventory" id="installed_OS_is_openembedded" version="2">
+     <metadata>
+       <title>OpenEmbedded</title>
+       <affected family="unix">
+-        <platform>OPENEMBEDDED</platform>
+        <platform>multi_platform_all</platform>
+       </affected>
+       <reference ref_id="cpe:/o:openembedded:openembedded:0"
+       source="CPE" />
+@@ -20,8 +18,11 @@
+     </criteria>
+   </definition>
+ 
+-  <ind:textfilecontent54_object id="test_openembedded" version="1" comment="Check OPenEmbedded version">
+-    <ind:filepath>/etc/os-release/ind:filepath>
+  <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check OpenEmbedded version" id="test_openembedded" version="1">
+    <ind:object object_ref="obj_openembedded" />
+  </ind:textfilecontent54_test>
+  <ind:textfilecontent54_object id="obj_openembedded" version="1" comment="Check OpenEmbedded version">
+    <ind:filepath>/etc/os-release</ind:filepath>
+     <ind:pattern operation="pattern match">^VERSION_ID=\"nodistro\.[0-9].$</ind:pattern>
+     <ind:instance datatype="int">1</ind:instance>
+   </ind:textfilecontent54_object>
+-- 
+2.24.3 (Apple Git-128)
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch
new file mode 100644
index 0000000..1e712f6
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch
@@ -0,0 +1,34 @@
+From 037a12301968a56f0c7e492ea4a05d2eecbd4cc6 Mon Sep 17 00:00:00 2001
+From: Jate Sujjavanich <jatedev@gmail.com>
+Date: Fri, 8 Jan 2021 20:18:00 -0500
+Subject: [PATCH 2/3] Fix missing openembedded from ssg/constants.py
+---
+ ssg/constants.py | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+diff --git a/ssg/constants.py b/ssg/constants.py
+index fab7cda5d..2ca289f84 100644
+--- a/ssg/constants.py
+++ b/ssg/constants.py
+@@ -234,7 +234,8 @@ PRODUCT_TO_CPE_MAPPING = {
+ }
+ 
+ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhosp", "rhv", "debian", "ubuntu",
+-                       "wrlinux", "opensuse", "sle", "ol", "ocp", "example"]
+                       "wrlinux", "opensuse", "sle", "ol", "ocp", "example",
+                       "openembedded"]
+ 
+ MULTI_PLATFORM_MAPPING = {
+     "multi_platform_debian": ["debian8"],
+@@ -249,6 +250,7 @@ MULTI_PLATFORM_MAPPING = {
+     "multi_platform_sle": ["sle11", "sle12"],
+     "multi_platform_ubuntu": ["ubuntu1404", "ubuntu1604", "ubuntu1804"],
+     "multi_platform_wrlinux": ["wrlinux"],
+    "multi_platform_openembedded": ["openembedded"],
+ }
+ 
+ RHEL_CENTOS_CPE_MAPPING = {
+-- 
+2.24.3 (Apple Git-128)
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
index 6e7180f..0617c56 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -7,6 +7,8 @@ SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44; \
           file://0001-fix-deprecated-instance-of-element.getchildren.patch \
           file://0002-fix-deprecated-getiterator-function.patch \
           file://0003-fix-remaining-getchildren-and-getiterator-functions.patch \
+           file://0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch \
+           file://0002-Fix-missing-openembedded-from-ssg-constants.py.patch \
          "
 PV = "0.1.44+git${SRCPV}"
author	Jate Sujjavanich <jatedev@gmail.com>	2021-01-10 16:21:04 +0000
committer	Armin Kuster <akuster808@gmail.com>	2021-02-14 16:31:00 -0800
commit	16ee7308c9fd48d69b02c5519d2e5edddc560658 (patch)
tree	08ff29bf709487414e984ea0bf20bd3d70e8f3db /meta-security-compliance
parent	0a3c0f3499aa62bd41c52e958334586146e1e278 (diff)
download	meta-security-16ee7308c9fd48d69b02c5519d2e5edddc560658.tar.gz

diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch new file mode 100644 index 0000000..60664a3 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch
@@ -0,0 +1,46 @@
		1	From 2beb4bc83a157b21edb1a3fef295cd4cced467df Mon Sep 17 00:00:00 2001
		2	From: Jate Sujjavanich <jatedev@gmail.com>
		3	Date: Thu, 7 Jan 2021 18:10:01 -0500
		4	Subject: [PATCH 1/3] Fix platform spec, file check, tests in installed OS
		5	detect for openembedded
		6
		7	Change platform to multi in openembedded installed check matching others
		8	and allowing compile of xml into oval
		9	---
		10	shared/checks/oval/installed_OS_is_openembedded.xml \| 11 ++++++-----
		11	1 file changed, 6 insertions(+), 5 deletions(-)
		12
		13	diff --git a/shared/checks/oval/installed_OS_is_openembedded.xml b/shared/checks/oval/installed_OS_is_openembedded.xml
		14	index 763d17bcb..01df16b43 100644
		15	--- a/shared/checks/oval/installed_OS_is_openembedded.xml
		16	+++ b/shared/checks/oval/installed_OS_is_openembedded.xml
		17	@@ -1,11 +1,9 @@
		18	-</def-group>
		19	-
		20	<def-group>
		21	<definition class="inventory" id="installed_OS_is_openembedded" version="2">
		22	<metadata>
		23	<title>OpenEmbedded</title>
		24	<affected family="unix">
		25	- <platform>OPENEMBEDDED</platform>
		26	+ <platform>multi_platform_all</platform>
		27	</affected>
		28	<reference ref_id="cpe:/o:openembedded:openembedded:0"
		29	source="CPE" />
		30	@@ -20,8 +18,11 @@
		31	</criteria>
		32	</definition>
		33
		34	- <ind:textfilecontent54_object id="test_openembedded" version="1" comment="Check OPenEmbedded version">
		35	- <ind:filepath>/etc/os-release/ind:filepath>
		36	+ <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check OpenEmbedded version" id="test_openembedded" version="1">
		37	+ <ind:object object_ref="obj_openembedded" />
		38	+ </ind:textfilecontent54_test>
		39	+ <ind:textfilecontent54_object id="obj_openembedded" version="1" comment="Check OpenEmbedded version">
		40	+ <ind:filepath>/etc/os-release</ind:filepath>
		41	<ind:pattern operation="pattern match">^VERSION_ID=\"nodistro\.[0-9].$</ind:pattern>
		42	<ind:instance datatype="int">1</ind:instance>
		43	</ind:textfilecontent54_object>
		44	--
		45	2.24.3 (Apple Git-128)
		46


diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch new file mode 100644 index 0000000..1e712f6 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch
@@ -0,0 +1,34 @@
		1	From 037a12301968a56f0c7e492ea4a05d2eecbd4cc6 Mon Sep 17 00:00:00 2001
		2	From: Jate Sujjavanich <jatedev@gmail.com>
		3	Date: Fri, 8 Jan 2021 20:18:00 -0500
		4	Subject: [PATCH 2/3] Fix missing openembedded from ssg/constants.py
		5
		6	---
		7	ssg/constants.py \| 4 +++-
		8	1 file changed, 3 insertions(+), 1 deletion(-)
		9
		10	diff --git a/ssg/constants.py b/ssg/constants.py
		11	index fab7cda5d..2ca289f84 100644
		12	--- a/ssg/constants.py
		13	+++ b/ssg/constants.py
		14	@@ -234,7 +234,8 @@ PRODUCT_TO_CPE_MAPPING = {
		15	}
		16
		17	MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhosp", "rhv", "debian", "ubuntu",
		18	- "wrlinux", "opensuse", "sle", "ol", "ocp", "example"]
		19	+ "wrlinux", "opensuse", "sle", "ol", "ocp", "example",
		20	+ "openembedded"]
		21
		22	MULTI_PLATFORM_MAPPING = {
		23	"multi_platform_debian": ["debian8"],
		24	@@ -249,6 +250,7 @@ MULTI_PLATFORM_MAPPING = {
		25	"multi_platform_sle": ["sle11", "sle12"],
		26	"multi_platform_ubuntu": ["ubuntu1404", "ubuntu1604", "ubuntu1804"],
		27	"multi_platform_wrlinux": ["wrlinux"],
		28	+ "multi_platform_openembedded": ["openembedded"],
		29	}
		30
		31	RHEL_CENTOS_CPE_MAPPING = {
		32	--
		33	2.24.3 (Apple Git-128)
		34


diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb index 6e7180f..0617c56 100644 --- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb +++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -7,6 +7,8 @@ SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44; \
7	file://0001-fix-deprecated-instance-of-element.getchildren.patch \	7	file://0001-fix-deprecated-instance-of-element.getchildren.patch \
8	file://0002-fix-deprecated-getiterator-function.patch \	8	file://0002-fix-deprecated-getiterator-function.patch \
9	file://0003-fix-remaining-getchildren-and-getiterator-functions.patch \	9	file://0003-fix-remaining-getchildren-and-getiterator-functions.patch \
		10	file://0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch \
		11	file://0002-Fix-missing-openembedded-from-ssg-constants.py.patch \
10	"	12	"
11	PV = "0.1.44+git${SRCPV}"	13	PV = "0.1.44+git${SRCPV}"
12		14