diff options
3 files changed, 215 insertions, 2 deletions
diff --git a/recipes-compliance/openscap/files/0001-openscap-Add-openembedded.patch b/recipes-compliance/openscap/files/0001-openscap-Add-openembedded.patch new file mode 100644 index 0000000..1af72bb --- /dev/null +++ b/recipes-compliance/openscap/files/0001-openscap-Add-openembedded.patch | |||
@@ -0,0 +1,128 @@ | |||
1 | From 8f8b580a882e9584e2b3726dab2c3f8e01cb885f Mon Sep 17 00:00:00 2001 | ||
2 | From: Armin Kuster <akuster808@gmail.com> | ||
3 | Date: Sun, 4 Jun 2023 20:16:12 -0400 | ||
4 | Subject: [PATCH 1/2] openscap: Add openembedded | ||
5 | |||
6 | Signed-off-by: Armin Kuster <akuste808r@gmail.com> | ||
7 | |||
8 | Upstream-Status: Pending | ||
9 | Signed-off-by: Armin Kuster <akuste808r@gmail.com> | ||
10 | |||
11 | --- | ||
12 | cpe/openscap-cpe-dict.xml | 5 +++ | ||
13 | cpe/openscap-cpe-oval.xml | 45 +++++++++++++++++++++------ | ||
14 | src/OVAL/probes/unix/runlevel_probe.c | 8 ++++- | ||
15 | 3 files changed, 47 insertions(+), 11 deletions(-) | ||
16 | |||
17 | diff --git a/cpe/openscap-cpe-dict.xml b/cpe/openscap-cpe-dict.xml | ||
18 | index 02d536189..3338a9e55 100644 | ||
19 | --- a/cpe/openscap-cpe-dict.xml | ||
20 | +++ b/cpe/openscap-cpe-dict.xml | ||
21 | @@ -53,4 +53,9 @@ | ||
22 | <title xml:lang="en-us">Fedora 35</title> | ||
23 | <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.fedora:def:35</check> | ||
24 | </cpe-item> | ||
25 | + <cpe-item name="cpe:/o:openembedded:nodistro"> | ||
26 | + <title xml:lang="en-us">OpenEmbedded all versions</title> | ||
27 | + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.openembedded:def:1</check> | ||
28 | + </cpe-item> | ||
29 | + | ||
30 | </cpe-list> | ||
31 | diff --git a/cpe/openscap-cpe-oval.xml b/cpe/openscap-cpe-oval.xml | ||
32 | index 64099400b..2f3e25419 100644 | ||
33 | --- a/cpe/openscap-cpe-oval.xml | ||
34 | +++ b/cpe/openscap-cpe-oval.xml | ||
35 | @@ -821,6 +821,20 @@ | ||
36 | <criterion comment="Microsoft Windows Server 2016 is installed" test_ref="oval:org.open-scap.cpe.windows:tst:2016" /> | ||
37 | </criteria> | ||
38 | </definition> | ||
39 | + <definition class="inventory" id="oval:org.open-scap.cpe.openembedded:def:1" version="1" > | ||
40 | + <metadata> | ||
41 | + <title>OpenEmbedded Org</title> | ||
42 | + <affected family="unix"> | ||
43 | + <platform>OpenEmbedded Nodistro</platform> | ||
44 | + </affected> | ||
45 | + <reference ref_id="cpe:/o:openembedded:nodistro" source="CPE"/> | ||
46 | + <description>OpenEmbedded No Distro is installed</description> | ||
47 | + </metadata> | ||
48 | + <criteria> | ||
49 | + <criterion comment="Installed operating system is part of the unix family." test_ref="oval:org.open-scap.cpe.openembedded:tst:1" /> | ||
50 | + <criterion comment="OpenEmbedded is installed." test_ref="oval:org.open-scap.cpe.openembedded:tst:1" /> | ||
51 | + </criteria> | ||
52 | + </definition> | ||
53 | </definitions> | ||
54 | <tests> | ||
55 | <rpmverifyfile_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.rhel:tst:2" version="1" check="at least one" comment="/etc/redhat-release is provided by redhat-release package" | ||
56 | @@ -1228,16 +1242,19 @@ | ||
57 | <key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key> | ||
58 | <name>ProductName</name> | ||
59 | </registry_object> | ||
60 | - <textfilecontent54_object id="oval:org.open-scap.cpe.centos:obj:8" version="1" comment="Check os-release ID" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"> | ||
61 | - <filepath>/etc/os-release</filepath> | ||
62 | - <pattern operation="pattern match">^ID="(\w+)"$</pattern> | ||
63 | - <instance datatype="int">1</instance> | ||
64 | - </textfilecontent54_object> | ||
65 | - <textfilecontent54_object id="oval:org.open-scap.cpe.centos:obj:8000" version="1" comment="Check os-release VERSION_ID" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"> | ||
66 | - <filepath>/etc/os-release</filepath> | ||
67 | - <pattern operation="pattern match">^VERSION_ID="(\d)"$</pattern> | ||
68 | - <instance datatype="int">1</instance> | ||
69 | - </textfilecontent54_object> | ||
70 | + <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" version="1" id="oval:org.open-scap.cpe.openembedded-release:obj:1" > | ||
71 | + <filepath>/etc/os-release</filepath> | ||
72 | + </file_object> | ||
73 | + <textfilecontent54_object | ||
74 | + id="oval:org.open-scap.cpe.openembedded-release:obj:1" | ||
75 | + comment="Check specification in /etc/os-release." | ||
76 | + version="1" | ||
77 | + xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" | ||
78 | + > | ||
79 | + <path>/etc</path> | ||
80 | + <filename>os-release</filename> | ||
81 | + <pattern operation="pattern match">^VERSION=.(\d*.\d*)</pattern> | ||
82 | + <instance operation="greater than or equal" datatype="int">1</instance> | ||
83 | </objects> | ||
84 | <states> | ||
85 | <family_state id="oval:org.open-scap.cpe.unix:ste:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"> | ||
86 | @@ -1455,5 +1472,13 @@ | ||
87 | <registry_state id="oval:org.open-scap.cpe.windows:ste:2016" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows"> | ||
88 | <value operation="pattern match">^.*2016.*$</value> | ||
89 | </registry_state> | ||
90 | + <textfilecontent54_state | ||
91 | + id="oval:org.open-scap.cpe.openembedded-release:ste:1" | ||
92 | + comment="Check the /etc/os-release file for VERSION 4.2 specification." | ||
93 | + version="1" | ||
94 | + xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" | ||
95 | + > | ||
96 | + <subexpression operation="pattern match">4.2</subexpression> | ||
97 | + </textfilecontent54_state> | ||
98 | </states> | ||
99 | </oval_definitions> | ||
100 | diff --git a/src/OVAL/probes/unix/runlevel_probe.c b/src/OVAL/probes/unix/runlevel_probe.c | ||
101 | index 7a94b23fc..00a5b85f6 100644 | ||
102 | --- a/src/OVAL/probes/unix/runlevel_probe.c | ||
103 | +++ b/src/OVAL/probes/unix/runlevel_probe.c | ||
104 | @@ -403,6 +403,11 @@ static int is_wrlinux(void) | ||
105 | return parse_os_release("cpe:/o:windriver:wrlinux"); | ||
106 | } | ||
107 | |||
108 | +static int is_openembedded(void) | ||
109 | +{ | ||
110 | + return parse_os_release("cpe:/o:openembedded:nodistro"); | ||
111 | +} | ||
112 | + | ||
113 | static int is_common (void) | ||
114 | { | ||
115 | return (1); | ||
116 | @@ -424,7 +429,8 @@ const distro_tbl_t distro_tbl[] = { | ||
117 | { &is_suse, &get_runlevel_suse }, | ||
118 | { &is_solaris, &get_runlevel_redhat }, | ||
119 | { &is_wrlinux, &get_runlevel_wrlinux }, | ||
120 | - { &is_common, &get_runlevel_common } | ||
121 | + { &is_common, &get_runlevel_common }, | ||
122 | + { &is_openembedded, &get_runlevel_common } | ||
123 | }; | ||
124 | |||
125 | #define DISTRO_TBL_SIZE ((sizeof distro_tbl)/sizeof (distro_tbl_t)) | ||
126 | -- | ||
127 | 2.25.1 | ||
128 | |||
diff --git a/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch b/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch new file mode 100644 index 0000000..182d9ec --- /dev/null +++ b/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch | |||
@@ -0,0 +1,80 @@ | |||
1 | From eb3865f2603fff2cc5d39d2379ba9f3857affca9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Armin Kuster <akuster@mvista.com> | ||
3 | Date: Sun, 4 Jun 2023 20:51:50 -0400 | ||
4 | Subject: [PATCH 2/2] openembedded: add Poky distro | ||
5 | |||
6 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
7 | --- | ||
8 | cpe/openscap-cpe-dict.xml | 4 ++++ | ||
9 | cpe/openscap-cpe-oval.xml | 14 ++++++++++++++ | ||
10 | src/OVAL/probes/unix/runlevel_probe.c | 8 +++++++- | ||
11 | 3 files changed, 25 insertions(+), 1 deletion(-) | ||
12 | |||
13 | diff --git a/cpe/openscap-cpe-dict.xml b/cpe/openscap-cpe-dict.xml | ||
14 | index 3338a9e55..f86b55864 100644 | ||
15 | --- a/cpe/openscap-cpe-dict.xml | ||
16 | +++ b/cpe/openscap-cpe-dict.xml | ||
17 | @@ -57,5 +57,9 @@ | ||
18 | <title xml:lang="en-us">OpenEmbedded all versions</title> | ||
19 | <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.openembedded:def:1</check> | ||
20 | </cpe-item> | ||
21 | + <cpe-item name="cpe:/o:openembedded:poky"> | ||
22 | + <title xml:lang="en-us">Poky all versions</title> | ||
23 | + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.poky:def:1</check> | ||
24 | + </cpe-item> | ||
25 | |||
26 | </cpe-list> | ||
27 | diff --git a/cpe/openscap-cpe-oval.xml b/cpe/openscap-cpe-oval.xml | ||
28 | index 2f3e25419..03d192333 100644 | ||
29 | --- a/cpe/openscap-cpe-oval.xml | ||
30 | +++ b/cpe/openscap-cpe-oval.xml | ||
31 | @@ -835,6 +835,20 @@ | ||
32 | <criterion comment="OpenEmbedded is installed." test_ref="oval:org.open-scap.cpe.openembedded:tst:1" /> | ||
33 | </criteria> | ||
34 | </definition> | ||
35 | + <definition class="inventory" id="oval:org.open-scap.cpe.poky:def:1" version="1" > | ||
36 | + <metadata> | ||
37 | + <title>Yocto Project Reference Distro</title> | ||
38 | + <affected family="unix"> | ||
39 | + <platform>Poky Distro</platform> | ||
40 | + </affected> | ||
41 | + <reference ref_id="cpe:/o:openembedded:poky" source="CPE"/> | ||
42 | + <description>Yocto Project Reference Distro is installed</description> | ||
43 | + </metadata> | ||
44 | + <criteria> | ||
45 | + <criterion comment="Installed operating system is part of the unix family." test_ref="oval:org.open-scap.cpe.poky:tst:1" /> | ||
46 | + <criterion comment="Yocto Project Reference Distro is installed." test_ref="oval:org.open-scap.cpe.poky:tst:1" /> | ||
47 | + </criteria> | ||
48 | + </definition> | ||
49 | </definitions> | ||
50 | <tests> | ||
51 | <rpmverifyfile_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.rhel:tst:2" version="1" check="at least one" comment="/etc/redhat-release is provided by redhat-release package" | ||
52 | diff --git a/src/OVAL/probes/unix/runlevel_probe.c b/src/OVAL/probes/unix/runlevel_probe.c | ||
53 | index 00a5b85f6..ae6fc0c19 100644 | ||
54 | --- a/src/OVAL/probes/unix/runlevel_probe.c | ||
55 | +++ b/src/OVAL/probes/unix/runlevel_probe.c | ||
56 | @@ -408,6 +408,11 @@ static int is_openembedded(void) | ||
57 | return parse_os_release("cpe:/o:openembedded:nodistro"); | ||
58 | } | ||
59 | |||
60 | +static int is_poky(void) | ||
61 | +{ | ||
62 | + return parse_os_release("cpe:/o:openembedded:poky"); | ||
63 | +} | ||
64 | + | ||
65 | static int is_common (void) | ||
66 | { | ||
67 | return (1); | ||
68 | @@ -430,7 +435,8 @@ const distro_tbl_t distro_tbl[] = { | ||
69 | { &is_solaris, &get_runlevel_redhat }, | ||
70 | { &is_wrlinux, &get_runlevel_wrlinux }, | ||
71 | { &is_common, &get_runlevel_common }, | ||
72 | - { &is_openembedded, &get_runlevel_common } | ||
73 | + { &is_openembedded, &get_runlevel_common }, | ||
74 | + { &is_poky, &get_runlevel_common } | ||
75 | }; | ||
76 | |||
77 | #define DISTRO_TBL_SIZE ((sizeof distro_tbl)/sizeof (distro_tbl_t)) | ||
78 | -- | ||
79 | 2.25.1 | ||
80 | |||
diff --git a/recipes-compliance/openscap/openscap_1.3.7.bb b/recipes-compliance/openscap/openscap_1.3.7.bb index a422f9c..14adaf9 100644 --- a/recipes-compliance/openscap/openscap_1.3.7.bb +++ b/recipes-compliance/openscap/openscap_1.3.7.bb | |||
@@ -11,7 +11,10 @@ DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native | |||
11 | 11 | ||
12 | 12 | ||
13 | SRCREV = "55efbfda0f617e05862ab6ed4862e10dbee52b03" | 13 | SRCREV = "55efbfda0f617e05862ab6ed4862e10dbee52b03" |
14 | SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https" | 14 | SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https \ |
15 | file://0001-openscap-Add-openembedded.patch \ | ||
16 | file://0002-openembedded-add-Poky-distro.patch \ | ||
17 | " | ||
15 | 18 | ||
16 | S = "${WORKDIR}/git" | 19 | S = "${WORKDIR}/git" |
17 | 20 | ||
@@ -63,5 +66,7 @@ SYSTEMD_SERVICE:${PN} = "oscap-remediate.service" | |||
63 | 66 | ||
64 | FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR}" | 67 | FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR}" |
65 | 68 | ||
66 | RDEPENDS:${PN} += "libxml2 python3-core libgcc bash" | 69 | |
70 | RDEPENDS:${PN} = "libxml2 python3-core libgcc bash" | ||
71 | RDEPENDS:${PN}-class-target = "libxml2 python3-core libgcc bash os-release" | ||
67 | BBCLASSEXTEND = "native" | 72 | BBCLASSEXTEND = "native" |