diff options
author | mulhern <mulhern@yoctoproject.org> | 2013-08-25 17:10:22 -0400 |
---|---|---|
committer | mulhern <mulhern@yoctoproject.org> | 2013-08-30 15:38:50 -0400 |
commit | 6e23502b380d845382b914ca6b3afe96c4b80c8d (patch) | |
tree | 9e9be835163c3eae7c8a4a3ecaa0227035f994d6 /recipes-security/bastille | |
parent | abb566ce89c6138db948d5e61b25e58a90beaa1b (diff) | |
download | meta-security-6e23502b380d845382b914ca6b3afe96c4b80c8d.tar.gz |
Bastille: accept and observe --os flag in multiple situations.
[YOCTO #3867]
Five additional patches which cause the --os flag to be accepted and observed
are added. An additional distro, Yocto, is added. The individual patches
are described below.
upgrade_options_processing.patch: Changes setOptions procedure so that it
accepts named parameters for greater flexibility and adjusts all invocations
accordingly. Uses more precise specifications in invocatiosn of
Getop::Long::GetOptions. Omits code associated with a commented out flag.
accept_os_flag_in_backend.patch: Accepts and observes an additional --os
flag in BastilleBackEnd.
allow_os_with_assess.patch: No longer print a usage message and quit if
--assess or its related flags are specified along with the --os flag.
edit_usage_message.patch: Edit usage message to include the specification of
an --os flag with the specification of an --assess flag.
organize_distro_discovery.patch: Separates inferring the distro from
specifying the distro. Adds a "Yocto" distro among the other Linux
distros. Causes the specified distro to override the inferred
distro with a warning message when they are different. Previously if
either the inferred distro or the specified distro was not among supported
distros Bastille would quit with an error.
Signed-off-by: mulhern <mulhern@yoctoproject.org>
Diffstat (limited to 'recipes-security/bastille')
6 files changed, 681 insertions, 0 deletions
diff --git a/recipes-security/bastille/bastille_3.2.1.bb b/recipes-security/bastille/bastille_3.2.1.bb index c8d0103..8969f6b 100644 --- a/recipes-security/bastille/bastille_3.2.1.bb +++ b/recipes-security/bastille/bastille_3.2.1.bb | |||
@@ -24,6 +24,11 @@ SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3 | |||
24 | file://remove_questions_text_file_references.patch \ | 24 | file://remove_questions_text_file_references.patch \ |
25 | file://simplify_B_place.patch \ | 25 | file://simplify_B_place.patch \ |
26 | file://find_existing_config.patch \ | 26 | file://find_existing_config.patch \ |
27 | file://upgrade_options_processing.patch \ | ||
28 | file://accept_os_flag_in_backend.patch \ | ||
29 | file://allow_os_with_assess.patch \ | ||
30 | file://edit_usage_message.patch \ | ||
31 | file://organize_distro_discovery.patch \ | ||
27 | " | 32 | " |
28 | 33 | ||
29 | SRC_URI[md5sum] = "df803f7e38085aa5da79f85d0539f91b" | 34 | SRC_URI[md5sum] = "df803f7e38085aa5da79f85d0539f91b" |
diff --git a/recipes-security/bastille/files/accept_os_flag_in_backend.patch b/recipes-security/bastille/files/accept_os_flag_in_backend.patch new file mode 100644 index 0000000..4a438e4 --- /dev/null +++ b/recipes-security/bastille/files/accept_os_flag_in_backend.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | Upstream Status: Inappropriate [No upstream maintenance] | ||
2 | |||
3 | Signed-off-by: Anne Mulhern <mulhern@yoctoproject.org> | ||
4 | |||
5 | --- | ||
6 | |||
7 | Index: Bastille/BastilleBackEnd | ||
8 | =================================================================== | ||
9 | --- Bastille.orig/BastilleBackEnd 2013-08-21 12:40:54.000000000 -0400 | ||
10 | +++ Bastille/BastilleBackEnd 2013-08-21 12:43:21.895950001 -0400 | ||
11 | @@ -52,11 +52,13 @@ | ||
12 | my $force = 0; | ||
13 | my $debug = 0; | ||
14 | my $alternate_config=undef; | ||
15 | +my $os_version=undef; | ||
16 | |||
17 | if( Getopt::Long::GetOptions( "n" => \$nodisclaim, | ||
18 | "v" => \$verbose, | ||
19 | "force" => \$force, | ||
20 | "f=s" => \$alternate_config, | ||
21 | + "os=s" => \$os_version, | ||
22 | "debug" => \$debug) ) { | ||
23 | $error = 0; # no parse error | ||
24 | |||
25 | @@ -66,7 +68,8 @@ | ||
26 | |||
27 | &setOptions( | ||
28 | debug => $debug, | ||
29 | - verbose => $verbose); | ||
30 | + verbose => $verbose, | ||
31 | + os => $os_version); | ||
32 | &ConfigureForDistro; | ||
33 | |||
34 | if ( $error ) { # GetOptions couldn't parse all of the args | ||
diff --git a/recipes-security/bastille/files/allow_os_with_assess.patch b/recipes-security/bastille/files/allow_os_with_assess.patch new file mode 100644 index 0000000..e112f90 --- /dev/null +++ b/recipes-security/bastille/files/allow_os_with_assess.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | Upstream Status: Inappropriate [No upstream maintenance] | ||
2 | |||
3 | Signed-off-by: Anne Mulhern <mulhern@yoctoproject.org> | ||
4 | |||
5 | --- | ||
6 | |||
7 | Index: Bastille/bin/bastille | ||
8 | =================================================================== | ||
9 | --- Bastille.orig/bin/bastille 2013-08-21 08:59:06.647950000 -0400 | ||
10 | +++ Bastille/bin/bastille 2013-08-21 15:55:53.193631711 -0400 | ||
11 | @@ -195,7 +195,6 @@ | ||
12 | systemFileLocations | ||
13 | |||
14 | isAssessing='no' | ||
15 | -nonXArg='no' | ||
16 | |||
17 | if [ $PERL_V_MAJ -eq $MIN_V_MAJ -a $PERL_V_MIN -lt $MIN_V_MIN -o $PERL_V_MAJ -lt $MIN_V_MAJ ]; then # invalid Perl | ||
18 | printErr | ||
19 | @@ -316,12 +315,10 @@ | ||
20 | '--os') | ||
21 | options_left="$options_left --os" | ||
22 | optarg='yes' | ||
23 | - nonXArg='yes' | ||
24 | ;; | ||
25 | '-f') | ||
26 | options_left="$options_left -f" | ||
27 | optarg='yes' | ||
28 | - nonXArg='yes' | ||
29 | ;; | ||
30 | # Non-exclusive (undocumented and unsupported) options follow: | ||
31 | # There is no validity/combination checking done with these. | ||
32 | @@ -345,11 +342,6 @@ | ||
33 | fi | ||
34 | done | ||
35 | |||
36 | -#Detect case where -f or --os attempted use with --assess | ||
37 | - if [ \( x$nonXArg = xyes \) -a \( x$isAssessing = xyes \) ]; then | ||
38 | - printUsage | ||
39 | - exit 2 | ||
40 | - fi | ||
41 | |||
42 | # We have a valid version of perl! Verify that all the required | ||
43 | # modules can be found. | ||
diff --git a/recipes-security/bastille/files/edit_usage_message.patch b/recipes-security/bastille/files/edit_usage_message.patch new file mode 100644 index 0000000..72cdc2f --- /dev/null +++ b/recipes-security/bastille/files/edit_usage_message.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | Upstream Status: Inappropriate [No upstream maintenance] | ||
2 | |||
3 | Signed-off-by: Anne Mulhern <mulhern@yoctoproject.org> | ||
4 | |||
5 | --- | ||
6 | |||
7 | Index: Bastille/bin/bastille | ||
8 | =================================================================== | ||
9 | --- Bastille.orig/bin/bastille 2013-08-25 14:16:35.614779001 -0400 | ||
10 | +++ Bastille/bin/bastille 2013-08-25 14:16:38.674779000 -0400 | ||
11 | @@ -60,7 +60,7 @@ | ||
12 | printUsage () { | ||
13 | cat >&2 << EOF | ||
14 | $ERRSPACES Usage: bastille [ -b | -c | -x ] [ --os <version>] [ -f <alternate config> ] | ||
15 | -$ERRSPACES bastille [-r | -l | -h | --assess | --assessnobrowser ] | ||
16 | +$ERRSPACES bastille [-r | -l | -h | --assess | --assessnobrowser ] [ --os <version> ] | ||
17 | $ERRSPACES -b : use a saved config file to apply changes | ||
18 | $ERRSPACES directly to system | ||
19 | $ERRSPACES -c : use the Curses (non-X11) GUI, not available on HP-UX | ||
20 | Index: Bastille/Bastille/API.pm | ||
21 | =================================================================== | ||
22 | --- Bastille.orig/Bastille/API.pm 2013-08-25 08:15:40.266779002 -0400 | ||
23 | +++ Bastille/Bastille/API.pm 2013-08-25 14:18:22.750778811 -0400 | ||
24 | @@ -206,7 +206,7 @@ | ||
25 | #options before interactive or Bastille runs, so this check is often redundant | ||
26 | $GLOBAL_ERROR{"usage"}="\n". | ||
27 | "$spc Usage: bastille [ -b | -c | -x ] [ --os <version> ] [ -f <alternate config> ]\n". | ||
28 | - "$spc bastille [ -r | --assess | --assessnobowser ]\n\n". | ||
29 | + "$spc bastille [ -r | --assess | --assessnobowser ] [ --os <version> ]\n\n". | ||
30 | "$spc --assess : check status of system and report in browser\n". | ||
31 | "$spc --assessnobrowser : check status of system and list report locations\n". | ||
32 | "$spc -b : use a saved config file to apply changes\n". | ||
diff --git a/recipes-security/bastille/files/organize_distro_discovery.patch b/recipes-security/bastille/files/organize_distro_discovery.patch new file mode 100644 index 0000000..d64d1e2 --- /dev/null +++ b/recipes-security/bastille/files/organize_distro_discovery.patch | |||
@@ -0,0 +1,476 @@ | |||
1 | Upstream Status: Inappropriate [No upstream maintenance] | ||
2 | |||
3 | Signed-off-by: Anne Mulhern <mulhern@yoctoproject.org> | ||
4 | |||
5 | --- | ||
6 | |||
7 | Index: Bastille/Bastille/API.pm | ||
8 | =================================================================== | ||
9 | --- Bastille.orig/Bastille/API.pm 2013-08-22 04:32:38.269968002 -0400 | ||
10 | +++ Bastille/Bastille/API.pm 2013-08-22 11:29:53.137968002 -0400 | ||
11 | @@ -141,7 +141,7 @@ | ||
12 | checkProcsForService | ||
13 | |||
14 | |||
15 | - $GLOBAL_OS $GLOBAL_ACTUAL_OS $CLI | ||
16 | + $CLI | ||
17 | $GLOBAL_LOGONLY $GLOBAL_VERBOSE $GLOBAL_DEBUG $GLOBAL_AUDITONLY $GLOBAL_AUDIT_NO_BROWSER $errorFlag | ||
18 | %GLOBAL_BIN %GLOBAL_DIR %GLOBAL_FILE | ||
19 | %GLOBAL_BDIR %GLOBAL_BFILE | ||
20 | @@ -198,7 +198,7 @@ | ||
21 | my $err ="ERROR: "; | ||
22 | my $spc =" "; | ||
23 | my $GLOBAL_OS="None"; | ||
24 | -my $GLOBAL_ACTUAL_OS="None"; | ||
25 | +my $GLOBAL_INFERRED_OS="None"; | ||
26 | my %GLOBAL_SUMS=(); | ||
27 | my $CLI=''; | ||
28 | |||
29 | @@ -306,7 +306,7 @@ | ||
30 | |||
31 | ########################################################################### | ||
32 | # | ||
33 | -# GetDistro checks to see if the target is a known distribution and reports | ||
34 | +# InferDistro checks to see if the target is a known distribution and reports | ||
35 | # said distribution. | ||
36 | # | ||
37 | # This is used throughout the script, but also by ConfigureForDistro. | ||
38 | @@ -314,205 +314,194 @@ | ||
39 | # | ||
40 | ########################################################################### | ||
41 | |||
42 | -sub GetDistro() { | ||
43 | +sub InferDistro() { | ||
44 | |||
45 | my ($release,$distro); | ||
46 | |||
47 | - # Only read files for the distro once. | ||
48 | - # if the --os option was used then | ||
49 | - if ($GLOBAL_OS eq "None") { | ||
50 | - if ( -e "/etc/mandrake-release" ) { | ||
51 | - open(MANDRAKE_RELEASE,"/etc/mandrake-release"); | ||
52 | - $release=<MANDRAKE_RELEASE>; | ||
53 | - | ||
54 | - if ( ($release =~ /^Mandrake Linux release (\d+\.\d+\w*)/) or ($release =~ /^Linux Mandrake release (\d+\.\d+\w*)/) ) { | ||
55 | - $distro="MN$1"; | ||
56 | - } | ||
57 | - elsif ( $release =~ /^Mandrakelinux release (\d+\.\d+)\b/ ) { | ||
58 | - $distro="MN$1"; | ||
59 | - } | ||
60 | - else { | ||
61 | - print STDERR "$err Couldn't determine Mandrake/Mandriva version! Setting to 10.1!\n"; | ||
62 | - $distro="MN10.1"; | ||
63 | - } | ||
64 | - | ||
65 | - close(MANDRAKE_RELEASE); | ||
66 | - } | ||
67 | - elsif ( -e "/etc/immunix-release" ) { | ||
68 | - open(IMMUNIX_RELEASE,"/etc/immunix-release"); | ||
69 | - $release=<IMMUNIX_RELEASE>; | ||
70 | - unless ($release =~ /^Immunix Linux release (\d+\.\d+\w*)/) { | ||
71 | - print STDERR "$err Couldn't determine Immunix version! Setting to 6.2!\n"; | ||
72 | - $distro="RH6.2"; | ||
73 | - } | ||
74 | - else { | ||
75 | - $distro="RH$1"; | ||
76 | - } | ||
77 | - close(*IMMUNIX_RELEASE); | ||
78 | - } | ||
79 | - elsif ( -e '/etc/fedora-release' ) { | ||
80 | - open(FEDORA_RELEASE,'/etc/fedora-release'); | ||
81 | - $release=<FEDORA_RELEASE>; | ||
82 | - close FEDORA_RELEASE; | ||
83 | - if ($release =~ /^Fedora Core release (\d+\.?\d*)/) { | ||
84 | - $distro = "RHFC$1"; | ||
85 | - } | ||
86 | - elsif ($release =~ /^Fedora release (\d+\.?\d*)/) { | ||
87 | - $distro = "RHFC$1"; | ||
88 | - } | ||
89 | - else { | ||
90 | - print STDERR "$err Could not determine Fedora version! Setting to Fedora Core 8\n"; | ||
91 | - $distro='RHFC8'; | ||
92 | - } | ||
93 | + if ( -e "/etc/mandrake-release" ) { | ||
94 | + open(MANDRAKE_RELEASE,"/etc/mandrake-release"); | ||
95 | + $release=<MANDRAKE_RELEASE>; | ||
96 | + | ||
97 | + if ( ($release =~ /^Mandrake Linux release (\d+\.\d+\w*)/) or ($release =~ /^Linux Mandrake release (\d+\.\d+\w*)/) ) { | ||
98 | + $distro="MN$1"; | ||
99 | + } | ||
100 | + elsif ( $release =~ /^Mandrakelinux release (\d+\.\d+)\b/ ) { | ||
101 | + $distro="MN$1"; | ||
102 | + } | ||
103 | + else { | ||
104 | + print STDERR "$err Could not infer Mandrake/Mandriva version! Setting to 10.1!\n"; | ||
105 | + $distro="MN10.1"; | ||
106 | + } | ||
107 | + | ||
108 | + close(MANDRAKE_RELEASE); | ||
109 | + } | ||
110 | + elsif ( -e "/etc/immunix-release" ) { | ||
111 | + open(IMMUNIX_RELEASE,"/etc/immunix-release"); | ||
112 | + $release=<IMMUNIX_RELEASE>; | ||
113 | + unless ($release =~ /^Immunix Linux release (\d+\.\d+\w*)/) { | ||
114 | + print STDERR "$err Could not infer Immunix version! Setting to 6.2!\n"; | ||
115 | + $distro="RH6.2"; | ||
116 | + } | ||
117 | + else { | ||
118 | + $distro="RH$1"; | ||
119 | } | ||
120 | - elsif ( -e "/etc/redhat-release" ) { | ||
121 | - open(*REDHAT_RELEASE,"/etc/redhat-release"); | ||
122 | - $release=<REDHAT_RELEASE>; | ||
123 | - if ($release =~ /^Red Hat Linux release (\d+\.?\d*\w*)/) { | ||
124 | - $distro="RH$1"; | ||
125 | - } | ||
126 | - elsif ($release =~ /^Red Hat Linux .+ release (\d+)\.?\d*([AEW]S)/) { | ||
127 | - $distro="RHEL$1$2"; | ||
128 | - } | ||
129 | - elsif ($release =~ /^Red Hat Enterprise Linux ([AEW]S) release (\d+)/) { | ||
130 | - $distro="RHEL$2$1"; | ||
131 | + close(*IMMUNIX_RELEASE); | ||
132 | + } | ||
133 | + elsif ( -e '/etc/fedora-release' ) { | ||
134 | + open(FEDORA_RELEASE,'/etc/fedora-release'); | ||
135 | + $release=<FEDORA_RELEASE>; | ||
136 | + close FEDORA_RELEASE; | ||
137 | + if ($release =~ /^Fedora Core release (\d+\.?\d*)/) { | ||
138 | + $distro = "RHFC$1"; | ||
139 | + } | ||
140 | + elsif ($release =~ /^Fedora release (\d+\.?\d*)/) { | ||
141 | + $distro = "RHFC$1"; | ||
142 | + } | ||
143 | + else { | ||
144 | + print STDERR "$err Could not infer Fedora version! Setting to Fedora Core 8\n"; | ||
145 | + $distro='RHFC8'; | ||
146 | + } | ||
147 | + } | ||
148 | + elsif ( -e "/etc/redhat-release" ) { | ||
149 | + open(*REDHAT_RELEASE,"/etc/redhat-release"); | ||
150 | + $release=<REDHAT_RELEASE>; | ||
151 | + if ($release =~ /^Red Hat Linux release (\d+\.?\d*\w*)/) { | ||
152 | + $distro="RH$1"; | ||
153 | + } | ||
154 | + elsif ($release =~ /^Red Hat Linux .+ release (\d+)\.?\d*([AEW]S)/) { | ||
155 | + $distro="RHEL$1$2"; | ||
156 | + } | ||
157 | + elsif ($release =~ /^Red Hat Enterprise Linux ([AEW]S) release (\d+)/) { | ||
158 | + $distro="RHEL$2$1"; | ||
159 | + } | ||
160 | + elsif ($release =~ /^CentOS release (\d+\.\d+)/) { | ||
161 | + my $version = $1; | ||
162 | + if ($version =~ /^4\./) { | ||
163 | + $distro='RHEL4AS'; | ||
164 | } | ||
165 | - elsif ($release =~ /^CentOS release (\d+\.\d+)/) { | ||
166 | - my $version = $1; | ||
167 | - if ($version =~ /^4\./) { | ||
168 | - $distro='RHEL4AS'; | ||
169 | - } | ||
170 | - elsif ($version =~ /^3\./) { | ||
171 | - $distro='RHEL3AS'; | ||
172 | - } | ||
173 | - else { | ||
174 | - print STDERR "$err Could not determine CentOS version! Setting to Red Hat Enterprise 4 AS.\n"; | ||
175 | - $distro='RHEL4AS'; | ||
176 | - } | ||
177 | - } | ||
178 | - else { | ||
179 | - # JJB/HP - Should this be B_log? | ||
180 | - print STDERR "$err Couldn't determine Red Hat version! Setting to 9!\n"; | ||
181 | - $distro="RH9"; | ||
182 | - } | ||
183 | - close(REDHAT_RELEASE); | ||
184 | - | ||
185 | - } | ||
186 | - elsif ( -e "/etc/debian_version" ) { | ||
187 | - $stable="3.1"; #Change this when Debian stable changes | ||
188 | - open(*DEBIAN_RELEASE,"/etc/debian_version"); | ||
189 | - $release=<DEBIAN_RELEASE>; | ||
190 | - unless ($release =~ /^(\d+\.\d+\w*)/) { | ||
191 | - print STDERR "$err System is not running a stable Debian GNU/Linux version. Setting to $stable.\n"; | ||
192 | - $distro="DB$stable"; | ||
193 | + elsif ($version =~ /^3\./) { | ||
194 | + $distro='RHEL3AS'; | ||
195 | } | ||
196 | else { | ||
197 | - $distro="DB$1"; | ||
198 | - } | ||
199 | - close(DEBIAN_RELEASE); | ||
200 | - } | ||
201 | - elsif ( -e "/etc/SuSE-release" ) { | ||
202 | - open(*SUSE_RELEASE,"/etc/SuSE-release"); | ||
203 | - $release=<SUSE_RELEASE>; | ||
204 | - if ($release =~ /^SuSE Linux (\d+\.\d+\w*)/i) { | ||
205 | - $distro="SE$1"; | ||
206 | - } | ||
207 | - elsif ($release =~ /^SUSE LINUX Enterprise Server (\d+\.?\d?\w*)/i) { | ||
208 | - $distro="SESLES$1"; | ||
209 | - } | ||
210 | - elsif ($release =~ /^SUSE Linux Enterprise Server (\d+\.?\d?\w*)/i) { | ||
211 | - $distro="SESLES$1"; | ||
212 | - } | ||
213 | - elsif ($release =~ /^openSuSE (\d+\.\d+\w*)/i) { | ||
214 | - $distro="SE$1"; | ||
215 | + print STDERR "$err Could not infer CentOS version! Setting to Red Hat Enterprise 4 AS.\n"; | ||
216 | + $distro='RHEL4AS'; | ||
217 | } | ||
218 | - else { | ||
219 | - print STDERR "$err Couldn't determine SuSE version! Setting to 10.3!\n"; | ||
220 | - $distro="SE10.3"; | ||
221 | - } | ||
222 | - close(SUSE_RELEASE); | ||
223 | - } | ||
224 | - elsif ( -e "/etc/turbolinux-release") { | ||
225 | - open(*TURBOLINUX_RELEASE,"/etc/turbolinux-release"); | ||
226 | - $release=<TURBOLINUX_RELEASE>; | ||
227 | - unless ($release =~ /^Turbolinux Workstation (\d+\.\d+\w*)/) { | ||
228 | - print STDERR "$err Couldn't determine TurboLinux version! Setting to 7.0!\n"; | ||
229 | - $distro="TB7.0"; | ||
230 | - } | ||
231 | - else { | ||
232 | - $distro="TB$1"; | ||
233 | - } | ||
234 | - close(TURBOLINUX_RELEASE); | ||
235 | + } | ||
236 | + else { | ||
237 | + # JJB/HP - Should this be B_log? | ||
238 | + print STDERR "$err Could not infer Red Hat version! Setting to 9!\n"; | ||
239 | + $distro="RH9"; | ||
240 | + } | ||
241 | + close(REDHAT_RELEASE); | ||
242 | + | ||
243 | + } | ||
244 | + elsif ( -e "/etc/debian_version" ) { | ||
245 | + $stable="3.1"; #Change this when Debian stable changes | ||
246 | + open(*DEBIAN_RELEASE,"/etc/debian_version"); | ||
247 | + $release=<DEBIAN_RELEASE>; | ||
248 | + unless ($release =~ /^(\d+\.\d+\w*)/) { | ||
249 | + print STDERR "$err System is not running a stable Debian GNU/Linux version. Setting to $stable.\n"; | ||
250 | + $distro="DB$stable"; | ||
251 | + } | ||
252 | + else { | ||
253 | + $distro="DB$1"; | ||
254 | + } | ||
255 | + close(DEBIAN_RELEASE); | ||
256 | + } | ||
257 | + elsif ( -e "/etc/SuSE-release" ) { | ||
258 | + open(*SUSE_RELEASE,"/etc/SuSE-release"); | ||
259 | + $release=<SUSE_RELEASE>; | ||
260 | + if ($release =~ /^SuSE Linux (\d+\.\d+\w*)/i) { | ||
261 | + $distro="SE$1"; | ||
262 | + } | ||
263 | + elsif ($release =~ /^SUSE LINUX Enterprise Server (\d+\.?\d?\w*)/i) { | ||
264 | + $distro="SESLES$1"; | ||
265 | + } | ||
266 | + elsif ($release =~ /^SUSE Linux Enterprise Server (\d+\.?\d?\w*)/i) { | ||
267 | + $distro="SESLES$1"; | ||
268 | + } | ||
269 | + elsif ($release =~ /^openSuSE (\d+\.\d+\w*)/i) { | ||
270 | + $distro="SE$1"; | ||
271 | + } | ||
272 | + else { | ||
273 | + print STDERR "$err Could not infer SuSE version! Setting to 10.3!\n"; | ||
274 | + $distro="SE10.3"; | ||
275 | } | ||
276 | + close(SUSE_RELEASE); | ||
277 | + } | ||
278 | + elsif ( -e "/etc/turbolinux-release") { | ||
279 | + open(*TURBOLINUX_RELEASE,"/etc/turbolinux-release"); | ||
280 | + $release=<TURBOLINUX_RELEASE>; | ||
281 | + unless ($release =~ /^Turbolinux Workstation (\d+\.\d+\w*)/) { | ||
282 | + print STDERR "$err Could not infer TurboLinux version! Setting to 7.0!\n"; | ||
283 | + $distro="TB7.0"; | ||
284 | + } | ||
285 | else { | ||
286 | - # We're either on Mac OS X, HP-UX or an unsupported O/S. | ||
287 | - if ( -x '/usr/bin/uname') { | ||
288 | + $distro="TB$1"; | ||
289 | + } | ||
290 | + close(TURBOLINUX_RELEASE); | ||
291 | + } | ||
292 | + else { | ||
293 | + # We're either on Mac OS X, HP-UX or an unsupported O/S. | ||
294 | + if ( -x '/usr/bin/uname') { | ||
295 | # uname is in /usr/bin on Mac OS X and HP-UX | ||
296 | - $release=`/usr/bin/uname -sr`; | ||
297 | - } | ||
298 | - else { | ||
299 | - print STDERR "$err Could not determine operating system version!\n"; | ||
300 | - $distro="unknown" | ||
301 | - } | ||
302 | - | ||
303 | - # Figure out what kind of system we're on. | ||
304 | - if ($release ne "") { | ||
305 | - if ($release =~ /^Darwin\s+(\d+)\.(\d+)/) { | ||
306 | - if ($1 == 6 ) { | ||
307 | - $distro = "OSX10.2"; | ||
308 | - } | ||
309 | - elsif ($1 == 7) { | ||
310 | - $distro = "OSX10.3"; | ||
311 | - } | ||
312 | - elsif ($1 == 8) { | ||
313 | - $distro = "OSX10.3"; | ||
314 | - } | ||
315 | - else { | ||
316 | - $distro = "unknown"; | ||
317 | - } | ||
318 | + $release=`/usr/bin/uname -sr`; | ||
319 | + } | ||
320 | + else { | ||
321 | + print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n"; | ||
322 | + $distro="unknown"; | ||
323 | + } | ||
324 | + | ||
325 | + # Figure out what kind of system we're on. | ||
326 | + if ($release ne "") { | ||
327 | + if ($release =~ /^Darwin\s+(\d+)\.(\d+)/) { | ||
328 | + if ($1 == 6 ) { | ||
329 | + $distro = "OSX10.2"; | ||
330 | } | ||
331 | - elsif ( $release =~ /(^HP-UX)\s*B\.(\d+\.\d+)/ ) { | ||
332 | - $distro="$1$2"; | ||
333 | + elsif ($1 == 7) { | ||
334 | + $distro = "OSX10.3"; | ||
335 | } | ||
336 | + elsif ($1 == 8) { | ||
337 | + $distro = "OSX10.3"; | ||
338 | + } | ||
339 | else { | ||
340 | - print STDERR "$err Could not determine operating system version!\n"; | ||
341 | - $distro="unknown"; | ||
342 | + print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n"; | ||
343 | + $distro = "unknown"; | ||
344 | } | ||
345 | } | ||
346 | + elsif ( $release =~ /(^HP-UX)\s*B\.(\d+\.\d+)/ ) { | ||
347 | + $distro="$1$2"; | ||
348 | + } | ||
349 | + else { | ||
350 | + print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n"; | ||
351 | + $distro="unknown"; | ||
352 | + } | ||
353 | } | ||
354 | - | ||
355 | - $GLOBAL_OS=$distro; | ||
356 | - } elsif (not (defined $GLOBAL_OS)) { | ||
357 | - print "ERROR: GLOBAL OS Scoping Issue\n"; | ||
358 | - } else { | ||
359 | - $distro = $GLOBAL_OS; | ||
360 | } | ||
361 | - | ||
362 | return $distro; | ||
363 | } | ||
364 | |||
365 | ################################################################################### | ||
366 | -# &getActualDistro; # | ||
367 | +# &getInferredDistro; # | ||
368 | # # | ||
369 | # This subroutine returns the actual os version in which is running on. This # | ||
370 | # os version is independent of the --os switch feed to bastille. # | ||
371 | # # | ||
372 | ################################################################################### | ||
373 | -sub getActualDistro { | ||
374 | - # set local variable to $GLOBAL_OS | ||
375 | +sub getInferredDistro { | ||
376 | + if ($GLOBAL_INFERRED_OS eq "None") { | ||
377 | + $GLOBAL_INFERRED_OS = &InferDistro; | ||
378 | + } | ||
379 | + return $GLOBAL_INFERRED_OS; | ||
380 | +} | ||
381 | |||
382 | - if ($GLOBAL_ACTUAL_OS eq "None") { | ||
383 | - my $os = $GLOBAL_OS; | ||
384 | - # undef GLOBAL_OS so that the GetDistro routine will return | ||
385 | - # the actualDistro, it might otherwise return the distro set | ||
386 | - # by the --os switch. | ||
387 | - $GLOBAL_OS = "None"; | ||
388 | - $GLOBAL_ACTUAL_OS = &GetDistro; | ||
389 | - # reset the GLOBAL_OS variable | ||
390 | - $GLOBAL_OS = $os; | ||
391 | +sub GetDistro { | ||
392 | + if ($GLOBAL_OS eq "None") { | ||
393 | + return &getInferredDistro; | ||
394 | } | ||
395 | - return $GLOBAL_ACTUAL_OS; | ||
396 | + return $GLOBAL_OS; | ||
397 | } | ||
398 | + | ||
399 | # These are helper routines which used to be included inside GetDistro | ||
400 | sub is_OS_supported($) { | ||
401 | my $os=$_[0]; | ||
402 | @@ -556,7 +545,8 @@ | ||
403 | "SE7.2","SE7.3", "SE8.0","SE8.1","SE9.0","SE9.1", | ||
404 | "SE9.2","SE9.3","SE10.0","SE10.1","SE10.2","SE10.3", | ||
405 | "SESLES8","SESLES9","SESLES10", | ||
406 | - "TB7.0" | ||
407 | + "TB7.0", | ||
408 | + "Yocto" | ||
409 | ], | ||
410 | |||
411 | "HP-UX" => [ | ||
412 | @@ -882,23 +872,19 @@ | ||
413 | ########################################################################### | ||
414 | sub ConfigureForDistro { | ||
415 | |||
416 | - my $retval=1; | ||
417 | - | ||
418 | - # checking to see if the os version given is in fact supported | ||
419 | my $distro = &GetDistro; | ||
420 | |||
421 | - # checking to see if the actual os version is in fact supported | ||
422 | - my $actualDistro = &getActualDistro; | ||
423 | + my $inferredDistro = &getInferredDistro; | ||
424 | + | ||
425 | + if (! ($inferredDistro eq $distro) ) { | ||
426 | + print STDERR "WARNING: Inferred distro $inferredDistro is not the same as specified distro $distro. Using specified distro.\n"; | ||
427 | + } | ||
428 | + | ||
429 | $ENV{'LOCALE'}=''; # So that test cases checking for english results work ok. | ||
430 | - if ((! &is_OS_supported($distro)) or (! &is_OS_supported($actualDistro)) ) { | ||
431 | - # if either is not supported then print out a list of supported versions | ||
432 | - if (! &is_OS_supported($distro)) { | ||
433 | - print STDERR "$err '$distro' is not a supported operating system.\n"; | ||
434 | - } | ||
435 | - else { | ||
436 | - print STDERR "$err Bastille is unable to operate correctly on this\n"; | ||
437 | - print STDERR "$spc $distro operating system.\n"; | ||
438 | - } | ||
439 | + | ||
440 | + if (! &is_OS_supported($distro)) { | ||
441 | + print STDERR "$err '$distro' is not a supported operating system.\n"; | ||
442 | + | ||
443 | my %supportedOSHash = &getSupportedOSHash; | ||
444 | print STDERR "$spc Valid operating system versions are as follows:\n"; | ||
445 | |||
446 | @@ -930,7 +916,7 @@ | ||
447 | # intend via setting the Perl umask | ||
448 | umask(077); | ||
449 | |||
450 | - &getFileAndServiceInfo($distro,$actualDistro); | ||
451 | + &getFileAndServiceInfo($distro,$distro); | ||
452 | |||
453 | # &dumpFileInfo; # great for debuging file location issues | ||
454 | # &dumpServiceInfo; # great for debuging service information issues | ||
455 | @@ -942,7 +928,7 @@ | ||
456 | "$spc You must use Bastille\'s -n flag (for example:\n" . | ||
457 | "$spc bastille -f -n) or \'touch $nodisclaim_file \'\n"; | ||
458 | |||
459 | - return $retval; | ||
460 | + return 1; | ||
461 | } | ||
462 | |||
463 | |||
464 | Index: Bastille/Bastille/LogAPI.pm | ||
465 | =================================================================== | ||
466 | --- Bastille.orig/Bastille/LogAPI.pm 2013-08-22 04:32:38.269968002 -0400 | ||
467 | +++ Bastille/Bastille/LogAPI.pm 2013-08-22 04:32:47.509968002 -0400 | ||
468 | @@ -111,7 +111,7 @@ | ||
469 | # do this here to prevent bootstrapping problem, where we need to | ||
470 | # write an error that the errorlog location isn't defined. | ||
471 | my $logdir="/var/log/Bastille"; | ||
472 | - if(&getActualDistro =~ "^HP-UX"){ | ||
473 | + if(&getInferredDistro =~ "^HP-UX"){ | ||
474 | $logdir = "/var/opt/sec_mgmt/bastille/log/"; | ||
475 | } | ||
476 | |||
diff --git a/recipes-security/bastille/files/upgrade_options_processing.patch b/recipes-security/bastille/files/upgrade_options_processing.patch new file mode 100644 index 0000000..4093867 --- /dev/null +++ b/recipes-security/bastille/files/upgrade_options_processing.patch | |||
@@ -0,0 +1,91 @@ | |||
1 | Upstream Status: Inappropriate [No upstream maintenance] | ||
2 | |||
3 | Signed-off-by: Anne Mulhern <mulhern@yoctoproject.org> | ||
4 | |||
5 | --- | ||
6 | |||
7 | Index: Bastille/Bastille/API.pm | ||
8 | =================================================================== | ||
9 | --- Bastille.orig/Bastille/API.pm 2013-08-21 11:41:09.235950000 -0400 | ||
10 | +++ Bastille/Bastille/API.pm 2013-08-21 11:41:16.183950000 -0400 | ||
11 | @@ -271,9 +271,15 @@ | ||
12 | # setOptions takes six arguments, $GLOBAL_DEBUG, $GLOBAL_LOGONLY, | ||
13 | # $GLOBAL_VERBOSE, $GLOBAL_AUDITONLY, $GLOBAL_AUDIT_NO_BROWSER, and GLOBAL_OS; | ||
14 | ########################################################################### | ||
15 | -sub setOptions($$$$$$) { | ||
16 | - ($GLOBAL_DEBUG,$GLOBAL_LOGONLY,$GLOBAL_VERBOSE,$GLOBAL_AUDITONLY, | ||
17 | - $GLOBAL_AUDIT_NO_BROWSER,$GLOBAL_OS) = @_; | ||
18 | +sub setOptions { | ||
19 | + my %opts = @_; | ||
20 | + | ||
21 | + $GLOBAL_DEBUG = $opts{debug}; | ||
22 | + $GLOBAL_LOGONLY = $opts{logonly}; | ||
23 | + $GLOBAL_VERBOSE = $opts{verbose}; | ||
24 | + $GLOBAL_AUDITONLY = $opts{auditonly}; | ||
25 | + $GLOBAL_AUDIT_NO_BROWSER = $opts{audit_no_browser}; | ||
26 | + $GLOBAL_OS = $opts{os}; | ||
27 | if ($GLOBAL_AUDIT_NO_BROWSER) { | ||
28 | $GLOBAL_AUDITONLY = 1; | ||
29 | } | ||
30 | Index: Bastille/BastilleBackEnd | ||
31 | =================================================================== | ||
32 | --- Bastille.orig/BastilleBackEnd 2013-08-21 11:41:09.235950000 -0400 | ||
33 | +++ Bastille/BastilleBackEnd 2013-08-21 12:40:54.055950001 -0400 | ||
34 | @@ -50,15 +50,13 @@ | ||
35 | my $nodisclaim = 0; | ||
36 | my $verbose = 0; | ||
37 | my $force = 0; | ||
38 | -my $log_only = 0; | ||
39 | my $debug = 0; | ||
40 | my $alternate_config=undef; | ||
41 | |||
42 | if( Getopt::Long::GetOptions( "n" => \$nodisclaim, | ||
43 | "v" => \$verbose, | ||
44 | "force" => \$force, | ||
45 | -# "log" => \$log_only, # broken | ||
46 | - "f:s" => \$alternate_config, | ||
47 | + "f=s" => \$alternate_config, | ||
48 | "debug" => \$debug) ) { | ||
49 | $error = 0; # no parse error | ||
50 | |||
51 | @@ -66,7 +64,9 @@ | ||
52 | $error = 1; # parse error | ||
53 | } | ||
54 | |||
55 | -&setOptions($debug,$log_only,$verbose); | ||
56 | +&setOptions( | ||
57 | + debug => $debug, | ||
58 | + verbose => $verbose); | ||
59 | &ConfigureForDistro; | ||
60 | |||
61 | if ( $error ) { # GetOptions couldn't parse all of the args | ||
62 | Index: Bastille/InteractiveBastille | ||
63 | =================================================================== | ||
64 | --- Bastille.orig/InteractiveBastille 2013-08-21 11:41:09.235950000 -0400 | ||
65 | +++ Bastille/InteractiveBastille 2013-08-21 12:40:30.531950001 -0400 | ||
66 | @@ -234,8 +234,8 @@ | ||
67 | "a" => \$audit, | ||
68 | "force" => \$force, | ||
69 | "log" => \$log_only, | ||
70 | - "os:s" => \$os_version, | ||
71 | - "f:s" => \$alternate_config, | ||
72 | + "os=s" => \$os_version, | ||
73 | + "f=s" => \$alternate_config, | ||
74 | "debug" => \$debug) ) { | ||
75 | $error = 0; # no parse error | ||
76 | } else { | ||
77 | @@ -293,7 +293,13 @@ | ||
78 | $UseRequiresRules = 'N'; | ||
79 | } | ||
80 | |||
81 | -&setOptions($debug,$log_only,$verbose,$audit,$auditnobrowser,$os_version); | ||
82 | +&setOptions( | ||
83 | + debug => $debug, | ||
84 | + logonly => $log_only, | ||
85 | + verbose => $verbose, | ||
86 | + auditonly => $audit, | ||
87 | + audit_no_browser => $auditnobrowser, | ||
88 | + os => $os_version); | ||
89 | &ConfigureForDistro; | ||
90 | |||
91 | # ensuring mutually exclusive options are exclusive | ||