|
 |
207d15 |
# Patch0 applies correctly but with mismatch and we dont't want backup file
|
|
|
207d15 |
%global _default_patch_flags --no-backup-if-mismatch
|
|
|
207d15 |
|
|
|
c9fe61 |
Name: oscap-anaconda-addon
|
|
|
d4907f |
Version: 0.9
|
|
|
f0da9c |
Release: 3%{?dist}
|
|
|
c9fe61 |
Summary: Anaconda addon integrating OpenSCAP to the installation process
|
|
|
c9fe61 |
|
|
|
c9fe61 |
License: GPLv2+
|
|
|
d4907f |
URL: https://www.open-scap.org/tools/oscap-anaconda-addon/
|
|
|
c9fe61 |
|
|
|
c9fe61 |
# This is a Red Hat maintained package which is specific to
|
|
|
c9fe61 |
# our distribution.
|
|
|
c9fe61 |
#
|
|
|
c9fe61 |
# The source is thus available only from within this SRPM
|
|
|
c9fe61 |
# or via direct git checkout:
|
|
|
fd2bce |
# git clone https://github.com/OpenSCAP/oscap-anaconda-addon.git
|
|
|
c9fe61 |
Source0: %{name}-%{version}.tar.gz
|
|
|
c9fe61 |
|
|
|
207d15 |
Patch0: datastream_tailoring_1364929.patch
|
|
|
d4907f |
Patch1: update_japanese_translation_1569449.patch
|
|
|
f0da9c |
Patch2: translation_summary_screen_1543318.patch
|
|
 |
f86f0b |
Patch999: centos-branding.patch
|
|
|
f0da9c |
|
|
|
c9fe61 |
BuildArch: noarch
|
|
|
fd2bce |
BuildRequires: gettext
|
|
|
c9fe61 |
BuildRequires: python2-devel
|
|
|
c9fe61 |
#BuildRequires: python-mock
|
|
|
fd2bce |
#BuildRequires: python-nose
|
|
|
fd2bce |
#BuildRequires: python-cpio
|
|
|
73b831 |
BuildRequires: anaconda-core >= 21.48.22.99
|
|
|
73b831 |
Requires: anaconda-core >= 21.48.22.99
|
|
|
c9fe61 |
Requires: openscap openscap-utils openscap-python
|
|
|
c9fe61 |
Requires: python-cpio
|
|
|
fd2bce |
Requires: scap-security-guide
|
|
|
c9fe61 |
|
|
|
c9fe61 |
%description
|
|
|
c9fe61 |
This is an addon that integrates OpenSCAP utilities with the Anaconda installer
|
|
|
c9fe61 |
and allows installation of systems following restrictions given by a SCAP
|
|
|
c9fe61 |
content.
|
|
|
c9fe61 |
|
|
|
c9fe61 |
%prep
|
|
|
fd2bce |
%setup -q -n %{name}-%{version}
|
|
|
207d15 |
%patch0 -p1
|
|
|
fd2bce |
%patch1 -p1
|
|
|
f0da9c |
%patch2 -p1
|
|
|
f86f0b |
%patch999 -p1
|
|
|
c9fe61 |
|
|
|
c9fe61 |
%build
|
|
|
c9fe61 |
|
|
|
c9fe61 |
#%check
|
|
|
c9fe61 |
#make test
|
|
|
c9fe61 |
|
|
|
c9fe61 |
|
|
|
c9fe61 |
%install
|
|
|
c9fe61 |
make install DESTDIR=%{buildroot}
|
|
|
fd2bce |
%find_lang %{name}
|
|
|
c9fe61 |
|
|
|
fd2bce |
%files -f %{name}.lang
|
|
|
c9fe61 |
%{_datadir}/anaconda/addons/org_fedora_oscap
|
|
|
c9fe61 |
|
|
|
207d15 |
%doc COPYING ChangeLog README.md
|
|
|
c9fe61 |
|
|
|
c9fe61 |
%changelog
|
|
|
f0da9c |
* Thu Mar 14 2019 Jan Černý <jcerny@redhat.com> - 0.9-3
|
|
|
f0da9c |
- Enable translation of title 'SECURITY POLICY' at Installation Summary screen
|
|
|
f0da9c |
Resolves: rhbz#1543318
|
|
|
913686 |
|
|
|
d4907f |
* Mon Aug 20 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.9-2
|
|
|
d4907f |
- Add Japanese translation
|
|
|
d4907f |
|
|
|
d4907f |
* Mon Jun 11 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.9-1
|
|
|
d4907f |
- Rebase to the upstream version 0.9
|
|
|
d4907f |
- Drop patch that fixed selection of RHEL Alternate Architecture datastream
|
|
|
d4907f |
Resolves: rhbz#1564903
|
|
|
d4907f |
- Update project URL
|
|
|
d4907f |
Resolves: rhbz#1502379
|
|
|
d4907f |
|
|
|
207d15 |
* Tue Feb 06 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.8-4
|
|
|
207d15 |
- Define translation domain of oscap-anaconda-addon
|
|
|
207d15 |
Resolves: rhbz#1540302
|
|
|
207d15 |
|
|
|
207d15 |
* Tue Dec 12 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.8-3
|
|
|
207d15 |
- Return empty string when there is no tailoring file
|
|
|
207d15 |
Resolves: rhbz#1520276
|
|
|
207d15 |
|
|
|
207d15 |
* Mon Dec 11 2017 Watson Sato <wsato@redhat.com> - 0.8-2
|
|
|
207d15 |
- Add japanese translation
|
|
|
207d15 |
- Update other translations
|
|
|
207d15 |
Resolves: rhbz#1481190
|
|
|
207d15 |
- Fix selection of RHEL datastream
|
|
|
207d15 |
Resolves: rhbz#1520358
|
|
|
207d15 |
|
|
|
207d15 |
* Mon Nov 27 2017 Watson Sato <wsato@redhat.com> - 0.8-1
|
|
|
207d15 |
- Rebase to the upstream version 0.8
|
|
|
207d15 |
Related: rhbz#1472419
|
|
|
207d15 |
|
|
|
73b831 |
* Tue May 30 2017 Watson Sato <wsato@redhat.com> - 0.7-15
|
|
|
73b831 |
- Add japanese translation
|
|
|
73b831 |
- Update other translations
|
|
|
73b831 |
Resolves: rhbz#1383181
|
|
|
73b831 |
|
|
|
73b831 |
* Thu Apr 20 2017 Raphael Sanchez Prudencio <rsprudencio@redhat.com> - 0.7-14
|
|
|
73b831 |
- Fixed gtk warning messages when anaconda is starting.
|
|
|
73b831 |
Resolves: rhbz#1437106
|
|
|
73b831 |
|
|
|
73b831 |
* Tue Mar 28 2017 Martin Preisler <mpreisle@redhat.com> - 0.7-13
|
|
|
73b831 |
- Avoid long delay before a GeoIP related timeout in case internet is not available
|
|
|
73b831 |
Resolves: rhbz#1379479
|
|
 |
189315 |
|
|
|
c5477d |
* Tue Sep 13 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-12
|
|
|
c5477d |
- Properly handle tailoring files for datastreams
|
|
|
c5477d |
Resolves: rhbz#1364929
|
|
|
c5477d |
|
|
|
c5477d |
* Thu Aug 25 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-11
|
|
|
c5477d |
- Don't require blank stderr when running the oscap tool
|
|
|
c5477d |
Resolves: rhbz#1360765
|
|
|
c5477d |
- Beware of the invalid profiles
|
|
|
c5477d |
Resolves: rhbz#1365130
|
|
|
c5477d |
- Properly set the seen property for root passwords
|
|
|
c5477d |
Resolves: rhbz#1357603
|
|
|
c5477d |
|
|
|
c5477d |
* Thu Jun 30 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-10
|
|
|
c5477d |
- Clear spoke's info before setting an error
|
|
|
c5477d |
Resolves: rhbz#1349446
|
|
|
c5477d |
|
|
|
c5477d |
* Wed Jun 1 2016 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-9
|
|
|
c5477d |
- Use the System hub category provided by Anaconda
|
|
|
c5477d |
Resolves: rhbz#1269211
|
|
|
c5477d |
- Wait for Anaconda to settle before evaluation
|
|
|
c5477d |
Resolves: rhbz#1265552
|
|
|
c5477d |
- Make the changes overview scrollable and smaller
|
|
|
c5477d |
Related: rhbz#1263582
|
|
|
c5477d |
- Make the list of profiles scrollable
|
|
|
c5477d |
Resolves: rhbz#1263582
|
|
|
c5477d |
- Do not try to create a single file multiple times
|
|
|
c5477d |
Related: rhbz#1263315
|
|
|
c5477d |
- Avoid crashes on extraction errors
|
|
|
c5477d |
Resolves: rhbz#1263315
|
|
|
c5477d |
- Disable GPG checks when installing content to the system
|
|
|
c5477d |
Resolves: rhbz#1263216
|
|
|
c5477d |
- Allow fixing root password in graphical installations
|
|
|
c5477d |
Resolves: rhbz#1265116
|
|
|
c5477d |
- Enforce the minimal root password length
|
|
|
c5477d |
Resolves: rhbz#1238281
|
|
|
c5477d |
- Just report misconfiguration instead of crashing in text mode
|
|
|
c5477d |
Resolves: rhbz#1263207
|
|
|
c5477d |
- Do not verify SSL if inst.noverifyssl was given
|
|
|
c5477d |
Resolves: rhbz#1263257
|
|
|
c5477d |
- Also catch data_fetch.DataFetchError when trying to get content
|
|
|
c5477d |
Resolves: rhbz#1263239
|
|
|
c5477d |
- Use new method signature with payload class
|
|
|
c5477d |
Related: rhbz#1288636
|
|
Karanbir Singh |
72e552 |
|
|
|
fd2bce |
* Wed Sep 16 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-8
|
|
|
fd2bce |
- Do not remove the root password behind user's back
|
|
|
fd2bce |
Resolves: rhbz#1263254
|
|
|
fd2bce |
|
|
|
fd2bce |
* Mon Sep 7 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-7
|
|
|
fd2bce |
- Completely skip the execute() part if no profile is selected
|
|
|
fd2bce |
Resolves: rhbz#1254973
|
|
|
fd2bce |
|
|
|
fd2bce |
* Mon Aug 24 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-6
|
|
|
fd2bce |
- Specify the name of the help content file
|
|
|
fd2bce |
Resolves: rhbz#1254884
|
|
|
fd2bce |
- Skip files unrecognized by the 'oscap info' command
|
|
|
fd2bce |
Resolves: rhbz#1255075
|
|
|
fd2bce |
- Only allow DS and XCCDF ID selection if it makes sense
|
|
|
fd2bce |
Resolves: rhbz#1254876
|
|
|
fd2bce |
|
|
|
fd2bce |
* Tue Aug 4 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-5
|
|
|
fd2bce |
- Make sure DS and XCCDF ID lists are correctly refreshed
|
|
|
fd2bce |
Resolves: rhbz#1240946
|
|
|
fd2bce |
- Make sure the DS and XCCDF ID combo boxes are visible for DS content
|
|
|
fd2bce |
Resolves: rhbz#1249951
|
|
|
fd2bce |
- Try to load the OSCAP session early for DS content
|
|
|
fd2bce |
Resolves: rhbz#1247654
|
|
|
fd2bce |
- Test preinst_content_path before raw_preinst_content_path
|
|
|
fd2bce |
Resolves: rhbz#1249937
|
|
|
fd2bce |
- Clear any error if switching to the dry-run mode
|
|
|
fd2bce |
Related: rhbz#1247677
|
|
|
fd2bce |
- Do not continue with and invalid profile ID
|
|
|
fd2bce |
Resolves: rhbz#1247677
|
|
|
fd2bce |
- Cover all potential places with a non-main thread changing Gtk stuff
|
|
|
fd2bce |
Resolves: rhbz#1240967
|
|
|
fd2bce |
|
|
|
fd2bce |
* Thu Jul 23 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-4
|
|
|
fd2bce |
- Better handle and report erroneous states
|
|
|
fd2bce |
Resolves: rhbz#1241064
|
|
|
fd2bce |
- Make sure (some more) GUI actions run in the main thread
|
|
|
fd2bce |
Resolves: rhbz#1240967
|
|
|
fd2bce |
- Beware of RPM->cpio entries' paths having absolute paths
|
|
|
fd2bce |
Related: rhbz#1241064
|
|
|
fd2bce |
- Only output the kickstart section with content and profile set
|
|
|
fd2bce |
Resolves: rhbz#1241395
|
|
|
fd2bce |
- Just report integrity check failure instead of traceback
|
|
|
fd2bce |
Resolves: rhbz#1240710
|
|
|
fd2bce |
- Properly react on download/loading issues in text+kickstart mode
|
|
|
fd2bce |
Related: rhbz#1240710
|
|
|
fd2bce |
- Fetch and process the content even if GUI doesn't take care of it
|
|
|
fd2bce |
Resolves: rhbz#1240625
|
|
|
fd2bce |
|
|
|
fd2bce |
* Tue Jul 7 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-3
|
|
|
fd2bce |
- Do not output redundant/invalid fields for the SSG content (vpodzime)
|
|
|
fd2bce |
Resolves: rhbz#1240285
|
|
|
fd2bce |
- Better handle unsupported URL types (vpodzime)
|
|
|
fd2bce |
Resolves: rhbz#1232631
|
|
|
fd2bce |
- React better on network issues (vpodzime)
|
|
|
fd2bce |
Resolves: rhbz#1236657
|
|
|
fd2bce |
- Improve the description of the default profile (vpodzime)
|
|
|
fd2bce |
Resolves: rhbz#1238080
|
|
|
fd2bce |
- Use the openscap-scanner package instead of openscap-utils (vpodzime)
|
|
|
fd2bce |
Resolves: rhbz#1240249
|
|
|
fd2bce |
- Better handle the case with no profile selected (vpodzime)
|
|
|
fd2bce |
Resolves: rhbz#1235750
|
|
|
fd2bce |
- Add newline and one blank line after the %%addon section (vpodzime)
|
|
|
fd2bce |
Resolves: rhbz#1238267
|
|
|
fd2bce |
- Word-wrap profile descriptions (vpodzime)
|
|
|
fd2bce |
Resolves: rhbz#1236644
|
|
|
fd2bce |
|
|
|
fd2bce |
* Wed Jun 17 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-2
|
|
|
fd2bce |
- Add gettext to BuildRequires (vpodzime)
|
|
|
fd2bce |
Related: rhbz#1204640
|
|
|
fd2bce |
|
|
|
fd2bce |
* Tue Jun 16 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.7-1
|
|
|
fd2bce |
- Rebase to the upstream version 0.7
|
|
|
fd2bce |
Related: rhbz#1204640
|
|
|
fd2bce |
|
|
|
fd2bce |
* Tue Apr 28 2015 Vratislav Podzimek <vpodzime@redhat.com> - 0.6-1
|
|
|
fd2bce |
- Rebase to the upstream version 0.6
|
|
|
fd2bce |
Resolves: rhbz#1204640
|
|
|
fd2bce |
|
|
|
6fd024 |
* Mon Aug 04 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.4-3
|
|
|
6fd024 |
- Don't distribute backup files
|
|
|
6fd024 |
Resolves: rhbz#1065906
|
|
|
c9fe61 |
* Wed Jan 15 2014 Vratislav Podizmek <vpodzime@redhat.com> - 0.4-2
|
|
|
c9fe61 |
- Skip running tests on RHEL builds
|
|
|
c9fe61 |
Related: rhbz#1035662
|
|
|
c9fe61 |
* Tue Jan 14 2014 Vratislav Podzimek <vpodzime@redhat.com> - 0.4-1
|
|
|
c9fe61 |
- Beware of running Gtk actions from a non-main thread
|
|
|
c9fe61 |
- Fix path to the tailoring file when getting rules
|
|
|
c9fe61 |
- A git hook for running tests when pushing
|
|
|
c9fe61 |
- Inform user if no profile is selected
|
|
|
c9fe61 |
- Visually mark the selected profile
|
|
|
c9fe61 |
- Better UX with content URL entry and progress label
|
|
|
c9fe61 |
- React on invalid content properly (#1032846)
|
|
|
c9fe61 |
- Stop spinner when data fetching is finished
|
|
|
c9fe61 |
- Make the data fetching thread non-fatal (#1049989)
|
|
|
c9fe61 |
- Exit code 2 from the oscap tool is not an error for us (#1050913)
|
|
|
c9fe61 |
- Be ready to work with archives/RPMs containing data streams
|
|
|
c9fe61 |
- Add unit tests for the keep_type_map function
|
|
|
c9fe61 |
- Add support for namedtuples to keep_type_map
|
|
|
c9fe61 |
- Add target for running pylint check
|
|
|
c9fe61 |
- Add target for running just unittests
|
|
|
c9fe61 |
- On the way to tailoring
|
|
|
c9fe61 |
- Tests for kickstart XCCDF tailoring handling
|
|
|
c9fe61 |
- Kickstart support for XCCDF tailoring
|
|
|
c9fe61 |
- Check session validity also when using XCCDF benchmark
|
|
|
c9fe61 |
|
|
|
c9fe61 |
* Tue Dec 10 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.3-1
|
|
|
c9fe61 |
- Implement and use our own better function for joining paths
|
|
|
c9fe61 |
- The content entry should have focus if there is no content
|
|
|
c9fe61 |
- RPM is just a weird archive in the pre-installation phase
|
|
|
c9fe61 |
- Ignore RPM files as well
|
|
|
c9fe61 |
- Adapt tests to dir constants now ending with "/"
|
|
|
c9fe61 |
- CpioArchive cannot be created from a piped output
|
|
|
c9fe61 |
- Fix namespace definitions in the testing XCCDF file
|
|
|
c9fe61 |
- Prevent putting None into xccdf_session_is_sds
|
|
|
c9fe61 |
- Fix the __all__ variable in the common module
|
|
|
c9fe61 |
- Strip content dir prefix when setting xccdf/cpe paths
|
|
|
c9fe61 |
- Inform user we now support archive URLs as well
|
|
|
c9fe61 |
- Ignore various file types in the git repository
|
|
|
c9fe61 |
- Try to find content files in the fetched archive or RPM
|
|
|
c9fe61 |
- Run pylint -E as part of the test target
|
|
|
c9fe61 |
- Return list of extracted files/directories when extracting archive
|
|
|
c9fe61 |
- Do not try to search for empty file paths in archives
|
|
|
c9fe61 |
- Properly set the content type based on the URL's suffix
|
|
|
c9fe61 |
- Switch profiles on double-click
|
|
|
c9fe61 |
- Hook urlEntry's activate signal to fetchButton click
|
|
|
c9fe61 |
- Save the spoke's glade file with a new Glade
|
|
|
c9fe61 |
- The addon now requires the python-cpio package
|
|
|
c9fe61 |
- Use really_hide for the UI elements for datastream-id and xccdf-id
|
|
|
c9fe61 |
- Support for RPM content in the GUI spoke
|
|
|
c9fe61 |
- RPM content support for kickstart processing
|
|
|
c9fe61 |
- Add property for the raw post-installation content path
|
|
|
c9fe61 |
- Make content type case insensitive
|
|
|
c9fe61 |
- Rest of the code needed for RPM extraction
|
|
|
c9fe61 |
- Actually look for the file path in entry names
|
|
|
c9fe61 |
- Basic stuff needed for the RPM content support
|
|
|
c9fe61 |
- Run tests in paralel
|
|
|
c9fe61 |
- Specify files in a better way in spec
|
|
|
c9fe61 |
|
|
|
c9fe61 |
* Mon Oct 21 2013 Vratislav Podzimek <vpodzime@redhat.com> - 0.2-1
|
|
|
c9fe61 |
- Initial RPM for the oscap-anaconda-addon
|