diff --git a/.openscap.metadata b/.openscap.metadata new file mode 100644 index 0000000..489b49f --- /dev/null +++ b/.openscap.metadata @@ -0,0 +1 @@ +bd3d0897cb7934fcabbd49a07d0b82fac9661394 SOURCES/openscap-0.9.13.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SPECS/openscap.spec b/SPECS/openscap.spec new file mode 100644 index 0000000..a1e971a --- /dev/null +++ b/SPECS/openscap.spec @@ -0,0 +1,437 @@ +%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} +%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} + +%define relabel_files() \ +restorecon -R /usr/bin/oscap /usr/libexec/openscap; \ + +Name: openscap +Version: 0.9.13 +Release: 4%{?dist} +Summary: Set of open source libraries enabling integration of the SCAP line of standards +Group: System Environment/Libraries +License: LGPLv2+ +URL: http://www.open-scap.org/ +Source0: http://fedorahosted.org/releases/o/p/openscap/%{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: swig libxml2-devel libxslt-devel perl-XML-Parser +BuildRequires: rpm-devel +BuildRequires: libgcrypt-devel +BuildRequires: pcre-devel +BuildRequires: libacl-devel +BuildRequires: libselinux-devel libcap-devel +BuildRequires: libblkid-devel +%if %{?_with_check:1}%{!?_with_check:0} +BuildRequires: perl-XML-XPath +%endif +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description +OpenSCAP is a set of open source libraries providing an easier path +for integration of the SCAP line of standards. SCAP is a line of standards +managed by NIST with the goal of providing a standard language +for the expression of Computer Network Defense related information. + +%package devel +Summary: Development files for %{name} +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +Requires: %{name}-engine-sce = %{version}-%{release} +Requires: libxml2-devel +Requires: pkgconfig + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + +%package python +Summary: Python bindings for %{name} +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +BuildRequires: python-devel + +%description python +The %{name}-python package contains the bindings so that %{name} +libraries can be used by python. + + +%package utils +Summary: Openscap utilities +Group: Applications/System +Requires: %{name} = %{version}-%{release} +Requires: libcurl >= 7.12.0 +Requires: rpmdevtools rpm-build +BuildRequires: libcurl-devel >= 7.12.0 + +%description utils +The %{name}-utils package contains oscap command-line tool. The oscap +is configuration and vulnerability scanner, capable of performing +compliance checking using SCAP content. + +%package extra-probes +Summary: SCAP probes +Group: Applications/System +Requires: %{name} = %{version}-%{release} +BuildRequires: openldap-devel +BuildRequires: GConf2-devel +#BuildRequires: opendbx - for sql + +%description extra-probes +The %{name}-extra-probes package contains additional probes that are not +commonly used and require additional dependencies. + +%package engine-sce +Summary: Script Check Engine plug-in for OpenSCAP +Group: Applications/System +Requires: %{name} = %{version}-%{release} + +%description engine-sce +The Script Check Engine is non-standard extension to SCAP protocol. This +engine allows content authors to avoid OVAL language and write their assessment +commands using a scripting language (Bash, Perl, Python, Ruby, ...). + +%package selinux +Summary: SELinux policy module for openscap +Group: System Environment/Base +Requires: %{name}-utils = %{version}-%{release} +Requires: policycoreutils, libselinux-utils +Requires(post): selinux-policy-base, policycoreutils +Requires(postun): policycoreutils +BuildRequires: selinux-policy-devel +BuildArch: noarch + +%description selinux +This package installs and sets up the SELinux policy security module for openscap. + +%prep +%setup -q + +%build +%ifarch sparc64 +#sparc64 need big PIE +export CFLAGS="$RPM_OPT_FLAGS -fPIE" +export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" +%else +export CFLAGS="$RPM_OPT_FLAGS -fpie" +export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" +%endif + +%configure --enable-sce --enable-selinux_policy + +make %{?_smp_mflags} +# Remove shebang from bash-completion script +sed -i '/^#!.*bin/,+1 d' dist/bash_completion.d/oscap + +%check +#to run make check use "--with check" +%if %{?_with_check:1}%{!?_with_check:0} +make check +%endif + +%install +rm -rf $RPM_BUILD_ROOT + +make install INSTALL='install -p' DESTDIR=$RPM_BUILD_ROOT + +# remove content for another OS +rm $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-rhel6-oval.xml +rm $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-rhel6-xccdf.xml +rm $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-fedora14-oval.xml +rm $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-fedora14-xccdf.xml + +# Remove sectool SCE content which is not distributed along RHEL7 +rm $RPM_BUILD_ROOT/%{_datadir}/openscap/sectool-sce/sectool-xccdf.xml +rm $RPM_BUILD_ROOT/%{_datadir}/openscap/sectool-sce/*.sh +rmdir $RPM_BUILD_ROOT/%{_datadir}/openscap/sectool-sce + +# bash-completion script +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/bash_completion.d +install -pm 644 dist/bash_completion.d/oscap $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d/oscap + +find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' + +%clean +rm -rf $RPM_BUILD_ROOT + +%post -p /sbin/ldconfig + +%post selinux +semodule -n -i %{_datadir}/selinux/packages/oscap.pp +if /usr/sbin/selinuxenabled ; then + /usr/sbin/load_policy + %relabel_files +fi; +exit 0 + +%postun -p /sbin/ldconfig + +%postun selinux +if [ $1 -eq 0 ]; then + semodule -n -r oscap + if /usr/sbin/selinuxenabled ; then + /usr/sbin/load_policy + %relabel_files + fi; +fi; +exit 0 + +%files +%defattr(-,root,root,-) +%doc AUTHORS COPYING ChangeLog NEWS README +%{_libdir}/libopenscap.so.* +%{_libexecdir}/openscap/probe_dnscache +%{_libexecdir}/openscap/probe_environmentvariable +%{_libexecdir}/openscap/probe_environmentvariable58 +%{_libexecdir}/openscap/probe_family +%{_libexecdir}/openscap/probe_file +%{_libexecdir}/openscap/probe_fileextendedattribute +%{_libexecdir}/openscap/probe_filehash +%{_libexecdir}/openscap/probe_filehash58 +%{_libexecdir}/openscap/probe_iflisteners +%{_libexecdir}/openscap/probe_inetlisteningservers +%{_libexecdir}/openscap/probe_interface +%{_libexecdir}/openscap/probe_partition +%{_libexecdir}/openscap/probe_password +%{_libexecdir}/openscap/probe_process +%{_libexecdir}/openscap/probe_process58 +%{_libexecdir}/openscap/probe_routingtable +%{_libexecdir}/openscap/probe_rpminfo +%{_libexecdir}/openscap/probe_rpmverify +%{_libexecdir}/openscap/probe_rpmverifyfile +%{_libexecdir}/openscap/probe_rpmverifypackage +%{_libexecdir}/openscap/probe_runlevel +%{_libexecdir}/openscap/probe_selinuxboolean +%{_libexecdir}/openscap/probe_selinuxsecuritycontext +%{_libexecdir}/openscap/probe_shadow +%{_libexecdir}/openscap/probe_sysctl +%{_libexecdir}/openscap/probe_system_info +%{_libexecdir}/openscap/probe_textfilecontent +%{_libexecdir}/openscap/probe_textfilecontent54 +%{_libexecdir}/openscap/probe_uname +%{_libexecdir}/openscap/probe_variable +%{_libexecdir}/openscap/probe_xinetd +%{_libexecdir}/openscap/probe_xmlfilecontent +%dir %{_datadir}/openscap +%dir %{_datadir}/openscap/schemas +%dir %{_datadir}/openscap/xsl +%dir %{_datadir}/openscap/cpe +%{_datadir}/openscap/schemas/* +%{_datadir}/openscap/xsl/* +%{_datadir}/openscap/cpe/* + +%files python +%defattr(-,root,root,-) +%{python_sitearch}/* + +%files devel +%defattr(-,root,root,-) +%doc docs/{html,examples}/ +%{_includedir}/* +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc + +%files utils +%defattr(-,root,root,-) +%doc docs/oscap-scan.cron +%{_mandir}/man8/* +%{_bindir}/* +%{_sysconfdir}/bash_completion.d + +%files extra-probes +%{_libexecdir}/openscap/probe_ldap57 +%{_libexecdir}/openscap/probe_gconf + +%files engine-sce +%{_libdir}/libopenscap_sce.so.* + +%files selinux +%attr(0600,root,root) %{_datadir}/selinux/packages/oscap.pp +%{_datadir}/selinux/devel/include/contrib/oscap.if +# %{_mandir}/man8/openscap_selinux.8.* + +%changelog +* Fri Nov 08 2013 Šimon Lukašík 0.9.13-4 +- specify dependency between engine and devel sub-package + +* Fri Nov 08 2013 Šimon Lukašík 0.9.13-3 +- correct openscap-utils dependencies + +* Fri Nov 08 2013 Šimon Lukašík 0.9.13-2 +- drop openscap-content package (use scap-security-guide instead) + +* Fri Nov 08 2013 Šimon Lukašík 0.9.13-1 +- upgrade + +* Thu Sep 26 2013 Šimon Lukašík 0.9.12-2 +- Start building SQL probes for Fedora + +* Wed Sep 11 2013 Šimon Lukašík 0.9.12-1 +- upgrade + +* Thu Jul 18 2013 Petr Lautrbach 0.9.11-1 +- upgrade + +* Mon Jul 15 2013 Petr Lautrbach 0.9.10-1 +- upgrade + +* Mon Jun 17 2013 Petr Lautrbach 0.9.8-1 +- upgrade + +* Fri Apr 26 2013 Petr Lautrbach 0.9.7-1 +- upgrade +- add openscap-selinux sub-package + +* Wed Apr 24 2013 Petr Lautrbach 0.9.6-1 +- upgrade + +* Wed Mar 20 2013 Petr Lautrbach 0.9.5-1 +- upgrade + +* Mon Mar 04 2013 Petr Lautrbach 0.9.4.1-1 +- upgrade + +* Tue Feb 26 2013 Petr Lautrbach 0.9.4-1 +- upgrade + +* Thu Feb 14 2013 Fedora Release Engineering - 0.9.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Dec 17 2012 Petr Lautrbach 0.9.3-1 +- upgrade + +* Wed Nov 21 2012 Petr Lautrbach 0.9.2-1 +- upgrade + +* Mon Oct 22 2012 Petr Lautrbach 0.9.1-1 +- upgrade + +* Tue Sep 25 2012 Peter Vrabec 0.9.0-1 +- upgrade + +* Mon Aug 27 2012 Petr Lautrbach 0.8.5-1 +- upgrade + +* Tue Aug 07 2012 Petr Lautrbach 0.8.4-1 +- upgrade + +* Tue Jul 31 2012 Petr Lautrbach 0.8.3-2 +- fix Profile and @hidden issue + +* Mon Jul 30 2012 Petr Lautrbach 0.8.3-1 +- upgrade + +* Fri Jul 20 2012 Fedora Release Engineering - 0.8.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jun 08 2012 Petr Pisar - 0.8.2-2 +- Perl 5.16 rebuild + +* Fri Mar 30 2012 Petr Lautrbach 0.8.2-1 +- upgrade + +* Tue Feb 21 2012 Peter Vrabec 0.8.1-1 +- upgrade + +* Fri Feb 10 2012 Petr Pisar - 0.8.0-3 +- Rebuild against PCRE 8.30 + +* Fri Jan 13 2012 Fedora Release Engineering - 0.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Oct 11 2011 Peter Vrabec 0.8.0-1 +- upgrade + +* Mon Jul 25 2011 Peter Vrabec 0.7.4-1 +- upgrade + +* Thu Jul 21 2011 Petr Sabata - 0.7.3-3 +- Perl mass rebuild + +* Wed Jul 20 2011 Petr Sabata - 0.7.3-2 +- Perl mass rebuild + +* Fri Jun 24 2011 Peter Vrabec 0.7.3-1 +- upgrade + +* Fri Jun 17 2011 Marcela Mašláňová - 0.7.2-3 +- Perl mass rebuild + +* Fri Jun 10 2011 Marcela Mašláňová - 0.7.2-2 +- Perl 5.14 mass rebuild + +* Wed Apr 20 2011 Peter Vrabec 0.7.2-1 +- upgrade + +* Fri Mar 11 2011 Peter Vrabec 0.7.1-1 +- upgrade + +* Thu Feb 10 2011 Peter Vrabec 0.7.0-1 +- upgrade + +* Tue Feb 08 2011 Fedora Release Engineering - 0.6.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 31 2011 Peter Vrabec 0.6.8-1 +- upgrade + +* Fri Jan 14 2011 Peter Vrabec 0.6.7-1 +- upgrade + +* Wed Oct 20 2010 Peter Vrabec 0.6.4-1 +- upgrade + +* Tue Sep 14 2010 Peter Vrabec 0.6.3-1 +- upgrade + +* Fri Aug 27 2010 Peter Vrabec 0.6.2-1 +- upgrade + +* Wed Jul 14 2010 Peter Vrabec 0.6.0-1 +- upgrade + +* Wed May 26 2010 Peter Vrabec 0.5.11-1 +- upgrade + +* Fri May 07 2010 Peter Vrabec 0.5.10-1 +- upgrade + +* Fri Apr 16 2010 Peter Vrabec 0.5.9-1 +- upgrade + +* Fri Feb 26 2010 Peter Vrabec 0.5.7-1 +- upgrade +- new utils package + +* Mon Jan 04 2010 Peter Vrabec 0.5.6-1 +- upgrade + +* Tue Sep 29 2009 Peter Vrabec 0.5.3-1 +- upgrade + +* Wed Aug 19 2009 Peter Vrabec 0.5.2-1 +- upgrade + +* Mon Aug 03 2009 Peter Vrabec 0.5.1-2 +- add rpm-devel requirement + +* Mon Aug 03 2009 Peter Vrabec 0.5.1-1 +- upgrade + +* Thu Apr 30 2009 Peter Vrabec 0.3.3-1 +- upgrade + +* Thu Apr 23 2009 Peter Vrabec 0.3.2-1 +- upgrade + +* Sun Mar 29 2009 Peter Vrabec 0.1.4-1 +- upgrade + +* Fri Mar 27 2009 Peter Vrabec 0.1.3-2 +- spec file fixes (#491892) + +* Tue Mar 24 2009 Peter Vrabec 0.1.3-1 +- upgrade + +* Thu Jan 15 2009 Tomas Heinrich 0.1.1-1 +- Initial rpm +