diff options
| author | Armin Kuster <akuster808@gmail.com> | 2023-06-20 18:39:07 -0400 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2023-06-25 15:05:28 -0400 |
| commit | 4dc2b5202769e86631780c2469779d3237161905 (patch) | |
| tree | 2a24038a754e07ee4776d2684c1641cc0daa7d5b /recipes-compliance/openscap | |
| parent | ca8bd5faf85542f6d9e859c27aac1f0aeb2a05e9 (diff) | |
| download | meta-security-4dc2b5202769e86631780c2469779d3237161905.tar.gz | |
openscap: Update to tip to get OE/Poky support
Drop changes now in upstream.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'recipes-compliance/openscap')
3 files changed, 2 insertions, 212 deletions
diff --git a/recipes-compliance/openscap/files/0001-openscap-Add-openembedded.patch b/recipes-compliance/openscap/files/0001-openscap-Add-openembedded.patch deleted file mode 100644 index 1af72bb..0000000 --- a/recipes-compliance/openscap/files/0001-openscap-Add-openembedded.patch +++ /dev/null | |||
| @@ -1,128 +0,0 @@ | |||
| 1 | From 8f8b580a882e9584e2b3726dab2c3f8e01cb885f Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Armin Kuster <akuster808@gmail.com> | ||
| 3 | Date: Sun, 4 Jun 2023 20:16:12 -0400 | ||
| 4 | Subject: [PATCH 1/2] openscap: Add openembedded | ||
| 5 | |||
| 6 | Signed-off-by: Armin Kuster <akuste808r@gmail.com> | ||
| 7 | |||
| 8 | Upstream-Status: Pending | ||
| 9 | Signed-off-by: Armin Kuster <akuste808r@gmail.com> | ||
| 10 | |||
| 11 | --- | ||
| 12 | cpe/openscap-cpe-dict.xml | 5 +++ | ||
| 13 | cpe/openscap-cpe-oval.xml | 45 +++++++++++++++++++++------ | ||
| 14 | src/OVAL/probes/unix/runlevel_probe.c | 8 ++++- | ||
| 15 | 3 files changed, 47 insertions(+), 11 deletions(-) | ||
| 16 | |||
| 17 | diff --git a/cpe/openscap-cpe-dict.xml b/cpe/openscap-cpe-dict.xml | ||
| 18 | index 02d536189..3338a9e55 100644 | ||
| 19 | --- a/cpe/openscap-cpe-dict.xml | ||
| 20 | +++ b/cpe/openscap-cpe-dict.xml | ||
| 21 | @@ -53,4 +53,9 @@ | ||
| 22 | <title xml:lang="en-us">Fedora 35</title> | ||
| 23 | <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.fedora:def:35</check> | ||
| 24 | </cpe-item> | ||
| 25 | + <cpe-item name="cpe:/o:openembedded:nodistro"> | ||
| 26 | + <title xml:lang="en-us">OpenEmbedded all versions</title> | ||
| 27 | + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.openembedded:def:1</check> | ||
| 28 | + </cpe-item> | ||
| 29 | + | ||
| 30 | </cpe-list> | ||
| 31 | diff --git a/cpe/openscap-cpe-oval.xml b/cpe/openscap-cpe-oval.xml | ||
| 32 | index 64099400b..2f3e25419 100644 | ||
| 33 | --- a/cpe/openscap-cpe-oval.xml | ||
| 34 | +++ b/cpe/openscap-cpe-oval.xml | ||
| 35 | @@ -821,6 +821,20 @@ | ||
| 36 | <criterion comment="Microsoft Windows Server 2016 is installed" test_ref="oval:org.open-scap.cpe.windows:tst:2016" /> | ||
| 37 | </criteria> | ||
| 38 | </definition> | ||
| 39 | + <definition class="inventory" id="oval:org.open-scap.cpe.openembedded:def:1" version="1" > | ||
| 40 | + <metadata> | ||
| 41 | + <title>OpenEmbedded Org</title> | ||
| 42 | + <affected family="unix"> | ||
| 43 | + <platform>OpenEmbedded Nodistro</platform> | ||
| 44 | + </affected> | ||
| 45 | + <reference ref_id="cpe:/o:openembedded:nodistro" source="CPE"/> | ||
| 46 | + <description>OpenEmbedded No Distro is installed</description> | ||
| 47 | + </metadata> | ||
| 48 | + <criteria> | ||
| 49 | + <criterion comment="Installed operating system is part of the unix family." test_ref="oval:org.open-scap.cpe.openembedded:tst:1" /> | ||
| 50 | + <criterion comment="OpenEmbedded is installed." test_ref="oval:org.open-scap.cpe.openembedded:tst:1" /> | ||
| 51 | + </criteria> | ||
| 52 | + </definition> | ||
| 53 | </definitions> | ||
| 54 | <tests> | ||
| 55 | <rpmverifyfile_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.rhel:tst:2" version="1" check="at least one" comment="/etc/redhat-release is provided by redhat-release package" | ||
| 56 | @@ -1228,16 +1242,19 @@ | ||
| 57 | <key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key> | ||
| 58 | <name>ProductName</name> | ||
| 59 | </registry_object> | ||
| 60 | - <textfilecontent54_object id="oval:org.open-scap.cpe.centos:obj:8" version="1" comment="Check os-release ID" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"> | ||
| 61 | - <filepath>/etc/os-release</filepath> | ||
| 62 | - <pattern operation="pattern match">^ID="(\w+)"$</pattern> | ||
| 63 | - <instance datatype="int">1</instance> | ||
| 64 | - </textfilecontent54_object> | ||
| 65 | - <textfilecontent54_object id="oval:org.open-scap.cpe.centos:obj:8000" version="1" comment="Check os-release VERSION_ID" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"> | ||
| 66 | - <filepath>/etc/os-release</filepath> | ||
| 67 | - <pattern operation="pattern match">^VERSION_ID="(\d)"$</pattern> | ||
| 68 | - <instance datatype="int">1</instance> | ||
| 69 | - </textfilecontent54_object> | ||
| 70 | + <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" version="1" id="oval:org.open-scap.cpe.openembedded-release:obj:1" > | ||
| 71 | + <filepath>/etc/os-release</filepath> | ||
| 72 | + </file_object> | ||
| 73 | + <textfilecontent54_object | ||
| 74 | + id="oval:org.open-scap.cpe.openembedded-release:obj:1" | ||
| 75 | + comment="Check specification in /etc/os-release." | ||
| 76 | + version="1" | ||
| 77 | + xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" | ||
| 78 | + > | ||
| 79 | + <path>/etc</path> | ||
| 80 | + <filename>os-release</filename> | ||
| 81 | + <pattern operation="pattern match">^VERSION=.(\d*.\d*)</pattern> | ||
| 82 | + <instance operation="greater than or equal" datatype="int">1</instance> | ||
| 83 | </objects> | ||
| 84 | <states> | ||
| 85 | <family_state id="oval:org.open-scap.cpe.unix:ste:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"> | ||
| 86 | @@ -1455,5 +1472,13 @@ | ||
| 87 | <registry_state id="oval:org.open-scap.cpe.windows:ste:2016" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows"> | ||
| 88 | <value operation="pattern match">^.*2016.*$</value> | ||
| 89 | </registry_state> | ||
| 90 | + <textfilecontent54_state | ||
| 91 | + id="oval:org.open-scap.cpe.openembedded-release:ste:1" | ||
| 92 | + comment="Check the /etc/os-release file for VERSION 4.2 specification." | ||
| 93 | + version="1" | ||
| 94 | + xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" | ||
| 95 | + > | ||
| 96 | + <subexpression operation="pattern match">4.2</subexpression> | ||
| 97 | + </textfilecontent54_state> | ||
| 98 | </states> | ||
| 99 | </oval_definitions> | ||
| 100 | diff --git a/src/OVAL/probes/unix/runlevel_probe.c b/src/OVAL/probes/unix/runlevel_probe.c | ||
| 101 | index 7a94b23fc..00a5b85f6 100644 | ||
| 102 | --- a/src/OVAL/probes/unix/runlevel_probe.c | ||
| 103 | +++ b/src/OVAL/probes/unix/runlevel_probe.c | ||
| 104 | @@ -403,6 +403,11 @@ static int is_wrlinux(void) | ||
| 105 | return parse_os_release("cpe:/o:windriver:wrlinux"); | ||
| 106 | } | ||
| 107 | |||
| 108 | +static int is_openembedded(void) | ||
| 109 | +{ | ||
| 110 | + return parse_os_release("cpe:/o:openembedded:nodistro"); | ||
| 111 | +} | ||
| 112 | + | ||
| 113 | static int is_common (void) | ||
| 114 | { | ||
| 115 | return (1); | ||
| 116 | @@ -424,7 +429,8 @@ const distro_tbl_t distro_tbl[] = { | ||
| 117 | { &is_suse, &get_runlevel_suse }, | ||
| 118 | { &is_solaris, &get_runlevel_redhat }, | ||
| 119 | { &is_wrlinux, &get_runlevel_wrlinux }, | ||
| 120 | - { &is_common, &get_runlevel_common } | ||
| 121 | + { &is_common, &get_runlevel_common }, | ||
| 122 | + { &is_openembedded, &get_runlevel_common } | ||
| 123 | }; | ||
| 124 | |||
| 125 | #define DISTRO_TBL_SIZE ((sizeof distro_tbl)/sizeof (distro_tbl_t)) | ||
| 126 | -- | ||
| 127 | 2.25.1 | ||
| 128 | |||
diff --git a/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch b/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch deleted file mode 100644 index 182d9ec..0000000 --- a/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch +++ /dev/null | |||
| @@ -1,80 +0,0 @@ | |||
| 1 | From eb3865f2603fff2cc5d39d2379ba9f3857affca9 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Armin Kuster <akuster@mvista.com> | ||
| 3 | Date: Sun, 4 Jun 2023 20:51:50 -0400 | ||
| 4 | Subject: [PATCH 2/2] openembedded: add Poky distro | ||
| 5 | |||
| 6 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
| 7 | --- | ||
| 8 | cpe/openscap-cpe-dict.xml | 4 ++++ | ||
| 9 | cpe/openscap-cpe-oval.xml | 14 ++++++++++++++ | ||
| 10 | src/OVAL/probes/unix/runlevel_probe.c | 8 +++++++- | ||
| 11 | 3 files changed, 25 insertions(+), 1 deletion(-) | ||
| 12 | |||
| 13 | diff --git a/cpe/openscap-cpe-dict.xml b/cpe/openscap-cpe-dict.xml | ||
| 14 | index 3338a9e55..f86b55864 100644 | ||
| 15 | --- a/cpe/openscap-cpe-dict.xml | ||
| 16 | +++ b/cpe/openscap-cpe-dict.xml | ||
| 17 | @@ -57,5 +57,9 @@ | ||
| 18 | <title xml:lang="en-us">OpenEmbedded all versions</title> | ||
| 19 | <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.openembedded:def:1</check> | ||
| 20 | </cpe-item> | ||
| 21 | + <cpe-item name="cpe:/o:openembedded:poky"> | ||
| 22 | + <title xml:lang="en-us">Poky all versions</title> | ||
| 23 | + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.poky:def:1</check> | ||
| 24 | + </cpe-item> | ||
| 25 | |||
| 26 | </cpe-list> | ||
| 27 | diff --git a/cpe/openscap-cpe-oval.xml b/cpe/openscap-cpe-oval.xml | ||
| 28 | index 2f3e25419..03d192333 100644 | ||
| 29 | --- a/cpe/openscap-cpe-oval.xml | ||
| 30 | +++ b/cpe/openscap-cpe-oval.xml | ||
| 31 | @@ -835,6 +835,20 @@ | ||
| 32 | <criterion comment="OpenEmbedded is installed." test_ref="oval:org.open-scap.cpe.openembedded:tst:1" /> | ||
| 33 | </criteria> | ||
| 34 | </definition> | ||
| 35 | + <definition class="inventory" id="oval:org.open-scap.cpe.poky:def:1" version="1" > | ||
| 36 | + <metadata> | ||
| 37 | + <title>Yocto Project Reference Distro</title> | ||
| 38 | + <affected family="unix"> | ||
| 39 | + <platform>Poky Distro</platform> | ||
| 40 | + </affected> | ||
| 41 | + <reference ref_id="cpe:/o:openembedded:poky" source="CPE"/> | ||
| 42 | + <description>Yocto Project Reference Distro is installed</description> | ||
| 43 | + </metadata> | ||
| 44 | + <criteria> | ||
| 45 | + <criterion comment="Installed operating system is part of the unix family." test_ref="oval:org.open-scap.cpe.poky:tst:1" /> | ||
| 46 | + <criterion comment="Yocto Project Reference Distro is installed." test_ref="oval:org.open-scap.cpe.poky:tst:1" /> | ||
| 47 | + </criteria> | ||
| 48 | + </definition> | ||
| 49 | </definitions> | ||
| 50 | <tests> | ||
| 51 | <rpmverifyfile_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.rhel:tst:2" version="1" check="at least one" comment="/etc/redhat-release is provided by redhat-release package" | ||
| 52 | diff --git a/src/OVAL/probes/unix/runlevel_probe.c b/src/OVAL/probes/unix/runlevel_probe.c | ||
| 53 | index 00a5b85f6..ae6fc0c19 100644 | ||
| 54 | --- a/src/OVAL/probes/unix/runlevel_probe.c | ||
| 55 | +++ b/src/OVAL/probes/unix/runlevel_probe.c | ||
| 56 | @@ -408,6 +408,11 @@ static int is_openembedded(void) | ||
| 57 | return parse_os_release("cpe:/o:openembedded:nodistro"); | ||
| 58 | } | ||
| 59 | |||
| 60 | +static int is_poky(void) | ||
| 61 | +{ | ||
| 62 | + return parse_os_release("cpe:/o:openembedded:poky"); | ||
| 63 | +} | ||
| 64 | + | ||
| 65 | static int is_common (void) | ||
| 66 | { | ||
| 67 | return (1); | ||
| 68 | @@ -430,7 +435,8 @@ const distro_tbl_t distro_tbl[] = { | ||
| 69 | { &is_solaris, &get_runlevel_redhat }, | ||
| 70 | { &is_wrlinux, &get_runlevel_wrlinux }, | ||
| 71 | { &is_common, &get_runlevel_common }, | ||
| 72 | - { &is_openembedded, &get_runlevel_common } | ||
| 73 | + { &is_openembedded, &get_runlevel_common }, | ||
| 74 | + { &is_poky, &get_runlevel_common } | ||
| 75 | }; | ||
| 76 | |||
| 77 | #define DISTRO_TBL_SIZE ((sizeof distro_tbl)/sizeof (distro_tbl_t)) | ||
| 78 | -- | ||
| 79 | 2.25.1 | ||
| 80 | |||
diff --git a/recipes-compliance/openscap/openscap_1.3.7.bb b/recipes-compliance/openscap/openscap_1.3.7.bb index 14adaf9..a8757f3 100644 --- a/recipes-compliance/openscap/openscap_1.3.7.bb +++ b/recipes-compliance/openscap/openscap_1.3.7.bb | |||
| @@ -9,11 +9,9 @@ LICENSE = "LGPL-2.1-only" | |||
| 9 | DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libpcre xmlsec1" | 9 | DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libpcre xmlsec1" |
| 10 | DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native libpcre-native xmlsec1-native" | 10 | DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native libpcre-native xmlsec1-native" |
| 11 | 11 | ||
| 12 | 12 | #Jun 20th, 2023 | |
| 13 | SRCREV = "55efbfda0f617e05862ab6ed4862e10dbee52b03" | 13 | SRCREV = "c99fc854ff566fac9d130622fe9fd434484eb13d" |
| 14 | SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https \ | 14 | SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https \ |
| 15 | file://0001-openscap-Add-openembedded.patch \ | ||
| 16 | file://0002-openembedded-add-Poky-distro.patch \ | ||
| 17 | " | 15 | " |
| 18 | 16 | ||
| 19 | S = "${WORKDIR}/git" | 17 | S = "${WORKDIR}/git" |