From 55dade439198bc6fa408f59c89c6d97ca174b729 Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Sun, 17 Sep 2017 15:49:37 -0700 Subject: openscap: add package Signed-off-by: Armin Kuster --- .../openscap/files/crypto_pkgconfig.patch | 36 ++++++++++ .../openscap/files/probe_dir_fixup.patch | 17 +++++ .../recipes-openscap/openscap/files/run-ptest | 3 + .../recipes-openscap/openscap/openscap.inc | 2 + .../recipes-openscap/openscap/openscap_1.2.14.bb | 82 ++++++++++++++++++++++ 5 files changed, 140 insertions(+) create mode 100644 meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch create mode 100644 meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch create mode 100644 meta-security-compliance/recipes-openscap/openscap/files/run-ptest create mode 100644 meta-security-compliance/recipes-openscap/openscap/openscap.inc create mode 100644 meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb diff --git a/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch b/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch new file mode 100644 index 0000000..2d70855 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch @@ -0,0 +1,36 @@ +Index: git/configure.ac +=================================================================== +--- git.orig/configure.ac ++++ git/configure.ac +@@ -360,25 +360,13 @@ case "${with_crypto}" in + AC_DEFINE([HAVE_NSS3], [1], [Define to 1 if you have 'NSS' library.]) + ;; + gcrypt) +- SAVE_LIBS=$LIBS +- AC_CHECK_LIB([gcrypt], [gcry_check_version], +- [crapi_CFLAGS=`libgcrypt-config --cflags`; +- crapi_LIBS=`libgcrypt-config --libs`; +- crapi_libname="GCrypt";], +- [AC_MSG_ERROR([library 'gcrypt' is required for GCrypt.])], +- []) +- AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'gcrypt' library.]) +- AC_CACHE_CHECK([for GCRYCTL_SET_ENFORCED_FIPS_FLAG], +- [ac_cv_gcryctl_set_enforced_fips_flag], +- [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include], +- [return GCRYCTL_SET_ENFORCED_FIPS_FLAG;])], +- [ac_cv_gcryctl_set_enforced_fips_flag=yes], +- [ac_cv_gcryctl_set_enforced_fips_flag=no])]) ++ PKG_CHECK_MODULES([libgcrypt], [libgcrypt >= 1.7.9],[], ++ AC_MSG_FAILURE([libgcrypt devel support is missing])) + +- if test "${ac_cv_gcryctl_set_enforced_fips_flag}" == "yes"; then +- AC_DEFINE([HAVE_GCRYCTL_SET_ENFORCED_FIPS_FLAG], [1], [Define to 1 if you have 'gcrypt' library with GCRYCTL_SET_ENFORCED_FIPS_FLAG.]) +- fi +- LIBS=$SAVE_LIBS ++ crapi_libname="libgcrypt" ++ crapi_CFLAGS=$libgcrypt_CFLAGS ++ crapi_LIBS=$libgcrypt_LIBS ++ AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'libgcrypt' library.]) + ;; + *) + AC_MSG_ERROR([unknown crypto backend]) diff --git a/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch b/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch new file mode 100644 index 0000000..ecbe602 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch @@ -0,0 +1,17 @@ +Index: git/configure.ac +=================================================================== +--- git.orig/configure.ac ++++ git/configure.ac +@@ -1109,11 +1109,7 @@ AC_ARG_WITH([crypto], + [], + [crypto=gcrypt]) + +-if test "x${libexecdir}" = xNONE; then +- probe_dir="/usr/local/libexec/openscap" +-else +- EXPAND_DIR(probe_dir,"${libexecdir}/openscap") +-fi ++probe_dir="/usr/local/libexec/openscap" + + AC_SUBST(probe_dir) + diff --git a/meta-security-compliance/recipes-openscap/openscap/files/run-ptest b/meta-security-compliance/recipes-openscap/openscap/files/run-ptest new file mode 100644 index 0000000..454a6a3 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/files/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh +cd tests +make -k check diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security-compliance/recipes-openscap/openscap/openscap.inc new file mode 100644 index 0000000..e9589b6 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/openscap.inc @@ -0,0 +1,2 @@ +STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source" +STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb new file mode 100644 index 0000000..0d26959 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb @@ -0,0 +1,82 @@ +# Copyright (C) 2017 Armin Kuster +# Released under the MIT license (see COPYING.MIT for the terms) + +SUMARRY = "NIST Certified SCAP 1.2 toolkit" +HOME_URL = "https://www.open-scap.org/tools/openscap-base/" +LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" +LICENSE = "LGPL-2.1" + +DEPENDS = "autoconf-archive pkgconfig gconf procps curl libxml2 rpm \ + libxslt libcap swig swig-native" + +DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native nss-native" + +SRCREV = "7a924c0eea10d05f512660192c8c4aef447801a6" +SRC_URI = "git://github.com/akuster/openscap.git;branch=oe \ + file://crypto_pkgconfig.patch \ + file://run-ptest \ +" + +inherit autotools-brokensep pkgconfig python3native perlnative ptest + +S = "${WORKDIR}/git" + +PACKAGECONFIG ?= "nss3 pcre rpm" +PACKAGECONFIG[pcre] = ",--enable-regex-posix, libpcre" +PACKAGECONFIG[gcrypt] = "--with-crypto=gcrypt,, libgcrypt " +PACKAGECONFIG[nss3] = "--with-crypto=nss3,, nss" +PACKAGECONFIG[python] = "--enable-python, --disable-python, python, python" +PACKAGECONFIG[python3] = "--enable-python3, --disable-python3, python3, python3" +PACKAGECONFIG[perl] = "--enable-perl, --disable-perl, perl, perl" +PACKAGECONFIG[rpm] = " --enable-util-scap-as-rpm, --disable-util-scap-as-rpm, rpm, rpm" + +EXTRA_OECONF += "--enable-probes-independent --enable-probes-linux \ + --enable-probes-solaris --enable-probes-unix --disable-util-oscap-docker\ + --enable-util-oscap-ssh --enable-util-oscap --enable-ssp --enable-sce \ +" + +EXTRA_OECONF_class-native += "--disable-probes-independent --enable-probes-linux \ + --disable-probes-solaris --disable-probes-unix \ + --enable-util-oscap \ +" + +do_configure_prepend () { + sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/perl/Makefile.am + sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python3/Makefile.am + sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python2/Makefile.am +} + + +include openscap.inc + +do_configure_append_class-native () { + sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${S}/config.h + sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${S}/config.h + sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${S}/config.h +} + +do_clean[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}" + +do_install_append_class-native () { + oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native} + install -d $oscapdir + cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir +} + +TESTDIR = "tests" + +do_compile_ptest() { + echo 'buildtest-TESTS: $(check)' >> ${TESTDIR}/Makefile + oe_runmake -C ${TESTDIR} buildtest-TESTS +} + +do_install_ptest() { + # install the tests + cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH} +} + +FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}" + +RDEPENDS_${PN} += "libxml2 python libgcc" + +BBCLASSEXTEND = "native" -- cgit v1.2.3-54-g00ecf