From 051d3d47448a3900249aaf8fc0c5788003cbc4a7 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 01 2019 18:44:10 +0000 Subject: import oscap-anaconda-addon-0.9-3.el7 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..47423a1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/oscap-anaconda-addon-0.9.tar.gz diff --git a/.oscap-anaconda-addon.metadata b/.oscap-anaconda-addon.metadata new file mode 100644 index 0000000..5043521 --- /dev/null +++ b/.oscap-anaconda-addon.metadata @@ -0,0 +1 @@ +c14dd9153a041cc740cf9b7d475ff28f0174e0d7 SOURCES/oscap-anaconda-addon-0.9.tar.gz diff --git a/SOURCES/datastream_tailoring_1364929.patch b/SOURCES/datastream_tailoring_1364929.patch new file mode 100644 index 0000000..c199a26 --- /dev/null +++ b/SOURCES/datastream_tailoring_1364929.patch @@ -0,0 +1,74 @@ +From 03734db97a920a742375ad162b95d08b78866036 Mon Sep 17 00:00:00 2001 +From: Vratislav Podzimek +Date: Tue, 13 Sep 2016 17:23:37 +0200 +Subject: [PATCH] Properly handle tailoring files for datastreams + +We need to load the tailoring file and iterate over tailoring profiles like we +do for Benchmark+tailoring. + +Resolves: rhbz#1364929 +Signed-off-by: Vratislav Podzimek +--- + org_fedora_oscap/content_handling.py | 25 +++++++++++++++++++++---- + 1 file changed, 21 insertions(+), 4 deletions(-) + +diff --git a/org_fedora_oscap/content_handling.py b/org_fedora_oscap/content_handling.py +index 0921ad9..fa4266b 100644 +--- a/org_fedora_oscap/content_handling.py ++++ b/org_fedora_oscap/content_handling.py +@@ -151,6 +151,9 @@ class DataStreamHandler(object): + # is used to speed up getting lists of profiles + self._profiles_cache = dict() + ++ # store the tailoring file path (if any) for later use ++ self._tailoring_file_path = tailoring_file_path ++ + if not os.path.exists(dsc_file_path): + msg = "Invalid file path: '%s'" % dsc_file_path + raise DataStreamHandlingError(msg) +@@ -165,10 +168,6 @@ class DataStreamHandler(object): + if OSCAP.xccdf_session_load(self._session) != 0: + raise DataStreamHandlingError(OSCAP.oscap_err_desc()) + +- if tailoring_file_path: +- OSCAP.xccdf_session_set_user_tailoring_file(self._session, +- tailoring_file_path) +- + if not OSCAP.xccdf_session_is_sds(self._session): + msg = "'%s' is not a data stream collection" % dsc_file_path + raise DataStreamHandlingError(msg) +@@ -282,6 +281,11 @@ class DataStreamHandler(object): + + OSCAP.xccdf_session_set_datastream_id(self._session, data_stream_id) + OSCAP.xccdf_session_set_component_id(self._session, checklist_id) ++ ++ if self._tailoring_file_path: ++ OSCAP.xccdf_session_set_user_tailoring_file(self._session, ++ self._tailoring_file_path) ++ + if OSCAP.xccdf_session_load(self._session) != 0: + raise DataStreamHandlingError(OSCAP.oscap_err_desc()) + +@@ -305,6 +309,19 @@ class DataStreamHandler(object): + + profiles.append(info) + ++ if self._tailoring_file_path: ++ tailoring = OSCAP.xccdf_policy_model_get_tailoring(policy_model) ++ profile_itr = OSCAP.xccdf_tailoring_get_profiles(tailoring) ++ while OSCAP.xccdf_profile_iterator_has_more(profile_itr): ++ profile = OSCAP.xccdf_profile_iterator_next(profile_itr) ++ ++ id_ = OSCAP.xccdf_profile_get_id(profile) ++ title = oscap_text_itr_get_text(OSCAP.xccdf_profile_get_title(profile)) ++ desc = oscap_text_itr_get_text(OSCAP.xccdf_profile_get_description(profile)) ++ info = ProfileInfo(id_, title, desc) ++ ++ profiles.append(info) ++ + OSCAP.xccdf_profile_iterator_free(profile_itr) + + # cache the result +-- +2.7.4 + diff --git a/SOURCES/translation_summary_screen_1543318.patch b/SOURCES/translation_summary_screen_1543318.patch new file mode 100644 index 0000000..7194f00 --- /dev/null +++ b/SOURCES/translation_summary_screen_1543318.patch @@ -0,0 +1,22 @@ +From c88dba4b9deeb78158bf2e239e4b7118a9e8b39f Mon Sep 17 00:00:00 2001 +From: Marek Haicman +Date: Thu, 7 Feb 2019 19:24:08 +0100 +Subject: [PATCH] Hack hub title to show translated. + +--- + org_fedora_oscap/gui/spokes/oscap.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py +index 72c1501..594969a 100644 +--- a/org_fedora_oscap/gui/spokes/oscap.py ++++ b/org_fedora_oscap/gui/spokes/oscap.py +@@ -190,6 +190,8 @@ def __init__(self, data, storage, payload, instclass): + + NormalSpoke.__init__(self, data, storage, payload, instclass) + self._addon_data = self.data.addons.org_fedora_oscap ++ # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1673071 ++ self.title = _(self.title) + self._storage = storage + self._ready = False + diff --git a/SOURCES/update_japanese_translation_1569449.patch b/SOURCES/update_japanese_translation_1569449.patch new file mode 100644 index 0000000..08c995b --- /dev/null +++ b/SOURCES/update_japanese_translation_1569449.patch @@ -0,0 +1,91 @@ +--- a/po/ja.po 2018-06-04 18:16:02.000000000 +0200 ++++ b/po/ja.po 2018-08-20 10:42:37.535040920 +0200 +@@ -1,10 +1,11 @@ + # Ludek Janda , 2017. #zanata ++# Ludek Janda , 2018. #zanata + msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" + "POT-Creation-Date: 2018-06-04 14:37+0200\n" +-"PO-Revision-Date: 2017-12-11 03:10+0000\n" ++"PO-Revision-Date: 2018-08-08 12:52+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Japanese\n" + "MIME-Version: 1.0\n" +@@ -12,7 +13,7 @@ + "Content-Transfer-Encoding: 8bit\n" + "Language: ja\n" + "Plural-Forms: nplurals=1; plural=0\n" +-"X-Generator: Zanata 4.4.5\n" ++"X-Generator: Zanata 4.6.0\n" + + #: ../org_fedora_oscap/rule_handling.py:392 + #, python-brace-format +@@ -21,6 +22,8 @@ + "in the partitioning layout before installation can occur with a security " + "profile" + msgstr "" ++"{0} " ++"は、別のパーティションもしくは論理ボリューム上になければなりません。また、セキュリティープロファイルがインストールされる前にパーティションレイアウトに作成されなければなりません" + + #. template for the message + #: ../org_fedora_oscap/rule_handling.py:403 +@@ -61,19 +64,19 @@ + + #: ../org_fedora_oscap/rule_handling.py:754 + msgid "Kdump will be disabled on startup" +-msgstr "" ++msgstr "Kdump は起動時に無効になります" + + #: ../org_fedora_oscap/rule_handling.py:756 + msgid "Kdump will be enabled on startup" +-msgstr "" ++msgstr "Kdump は起動時に有効になります" + + #: ../org_fedora_oscap/rule_handling.py:903 + msgid "Firewall will be disabled on startup" +-msgstr "" ++msgstr "ファイアウォールは起動時に無効になります" + + #: ../org_fedora_oscap/rule_handling.py:910 + msgid "Firewall will be enabled on startup" +-msgstr "" ++msgstr "ファイアウォールは起動時に有効になります" + + #: ../org_fedora_oscap/rule_handling.py:918 + #: ../org_fedora_oscap/rule_handling.py:955 +@@ -81,21 +84,21 @@ + msgid "" + "service '%s' has been added to the list of services to be added to the " + "firewall" +-msgstr "" ++msgstr "サービス '%s' が、ファイアウォールに追加予定のサービス一覧に追加されました" + + #: ../org_fedora_oscap/rule_handling.py:925 + #: ../org_fedora_oscap/rule_handling.py:966 + #, python-format + msgid "" + "port '%s' has been added to the list of ports to be added to the firewall" +-msgstr "" ++msgstr "ポート '%s' が、ファイアウォールに追加予定のポート一覧に追加されました" + + #: ../org_fedora_oscap/rule_handling.py:932 + #: ../org_fedora_oscap/rule_handling.py:977 + #, python-format + msgid "" + "trust '%s' has been added to the list of trusts to be added to the firewall" +-msgstr "" ++msgstr "トラスト '%s' が、ファイアウォールに追加予定のトラスト一覧に追加されました" + + #: ../org_fedora_oscap/rule_handling.py:986 + #: ../org_fedora_oscap/rule_handling.py:1001 +@@ -103,7 +106,7 @@ + msgid "" + "service '%s' has been added to the list of services to be removed from the " + "firewall" +-msgstr "" ++msgstr "サービス '%s' が、ファイアウォールから削除予定のサービス一覧に追加されました" + + #: ../org_fedora_oscap/ks/oscap.py:423 + #, python-format diff --git a/SPECS/oscap-anaconda-addon.spec b/SPECS/oscap-anaconda-addon.spec new file mode 100644 index 0000000..8d176f9 --- /dev/null +++ b/SPECS/oscap-anaconda-addon.spec @@ -0,0 +1,292 @@ +# Patch0 applies correctly but with mismatch and we dont't want backup file +%global _default_patch_flags --no-backup-if-mismatch + +Name: oscap-anaconda-addon +Version: 0.9 +Release: 3%{?dist} +Summary: Anaconda addon integrating OpenSCAP to the installation process + +License: GPLv2+ +URL: https://www.open-scap.org/tools/oscap-anaconda-addon/ + +# This is a Red Hat maintained package which is specific to +# our distribution. +# +# The source is thus available only from within this SRPM +# or via direct git checkout: +# git clone https://github.com/OpenSCAP/oscap-anaconda-addon.git +Source0: %{name}-%{version}.tar.gz + +Patch0: datastream_tailoring_1364929.patch +Patch1: update_japanese_translation_1569449.patch +Patch2: translation_summary_screen_1543318.patch + +BuildArch: noarch +BuildRequires: gettext +BuildRequires: python2-devel +#BuildRequires: python-mock +#BuildRequires: python-nose +#BuildRequires: python-cpio +BuildRequires: anaconda-core >= 21.48.22.99 +Requires: anaconda-core >= 21.48.22.99 +Requires: openscap openscap-utils openscap-python +Requires: python-cpio +Requires: scap-security-guide + +%description +This is an addon that integrates OpenSCAP utilities with the Anaconda installer +and allows installation of systems following restrictions given by a SCAP +content. + +%prep +%setup -q -n %{name}-%{version} +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 + +%build + +#%check +#make test + + +%install +make install DESTDIR=%{buildroot} +%find_lang %{name} + +%files -f %{name}.lang +%{_datadir}/anaconda/addons/org_fedora_oscap + +%doc COPYING ChangeLog README.md + +%changelog +* Thu Mar 14 2019 Jan Černý - 0.9-3 +- Enable translation of title 'SECURITY POLICY' at Installation Summary screen + Resolves: rhbz#1543318 + +* Mon Aug 20 2018 Watson Yuuma Sato - 0.9-2 +- Add Japanese translation + +* Mon Jun 11 2018 Watson Yuuma Sato - 0.9-1 +- Rebase to the upstream version 0.9 +- Drop patch that fixed selection of RHEL Alternate Architecture datastream + Resolves: rhbz#1564903 +- Update project URL + Resolves: rhbz#1502379 + +* Tue Feb 06 2018 Watson Yuuma Sato - 0.8-4 +- Define translation domain of oscap-anaconda-addon + Resolves: rhbz#1540302 + +* Tue Dec 12 2017 Watson Yuuma Sato - 0.8-3 +- Return empty string when there is no tailoring file + Resolves: rhbz#1520276 + +* Mon Dec 11 2017 Watson Sato - 0.8-2 +- Add japanese translation +- Update other translations + Resolves: rhbz#1481190 +- Fix selection of RHEL datastream + Resolves: rhbz#1520358 + +* Mon Nov 27 2017 Watson Sato - 0.8-1 +- Rebase to the upstream version 0.8 + Related: rhbz#1472419 + +* Tue May 30 2017 Watson Sato - 0.7-15 +- Add japanese translation +- Update other translations + Resolves: rhbz#1383181 + +* Thu Apr 20 2017 Raphael Sanchez Prudencio - 0.7-14 +- Fixed gtk warning messages when anaconda is starting. + Resolves: rhbz#1437106 + +* Tue Mar 28 2017 Martin Preisler - 0.7-13 +- Avoid long delay before a GeoIP related timeout in case internet is not available + Resolves: rhbz#1379479 + +* Tue Sep 13 2016 Vratislav Podzimek - 0.7-12 +- Properly handle tailoring files for datastreams + Resolves: rhbz#1364929 + +* Thu Aug 25 2016 Vratislav Podzimek - 0.7-11 +- Don't require blank stderr when running the oscap tool + Resolves: rhbz#1360765 +- Beware of the invalid profiles + Resolves: rhbz#1365130 +- Properly set the seen property for root passwords + Resolves: rhbz#1357603 + +* Thu Jun 30 2016 Vratislav Podzimek - 0.7-10 +- Clear spoke's info before setting an error + Resolves: rhbz#1349446 + +* Wed Jun 1 2016 Vratislav Podzimek - 0.7-9 +- Use the System hub category provided by Anaconda + Resolves: rhbz#1269211 +- Wait for Anaconda to settle before evaluation + Resolves: rhbz#1265552 +- Make the changes overview scrollable and smaller + Related: rhbz#1263582 +- Make the list of profiles scrollable + Resolves: rhbz#1263582 +- Do not try to create a single file multiple times + Related: rhbz#1263315 +- Avoid crashes on extraction errors + Resolves: rhbz#1263315 +- Disable GPG checks when installing content to the system + Resolves: rhbz#1263216 +- Allow fixing root password in graphical installations + Resolves: rhbz#1265116 +- Enforce the minimal root password length + Resolves: rhbz#1238281 +- Just report misconfiguration instead of crashing in text mode + Resolves: rhbz#1263207 +- Do not verify SSL if inst.noverifyssl was given + Resolves: rhbz#1263257 +- Also catch data_fetch.DataFetchError when trying to get content + Resolves: rhbz#1263239 +- Use new method signature with payload class + Related: rhbz#1288636 + +* Wed Sep 16 2015 Vratislav Podzimek - 0.7-8 +- Do not remove the root password behind user's back + Resolves: rhbz#1263254 + +* Mon Sep 7 2015 Vratislav Podzimek - 0.7-7 +- Completely skip the execute() part if no profile is selected + Resolves: rhbz#1254973 + +* Mon Aug 24 2015 Vratislav Podzimek - 0.7-6 +- Specify the name of the help content file + Resolves: rhbz#1254884 +- Skip files unrecognized by the 'oscap info' command + Resolves: rhbz#1255075 +- Only allow DS and XCCDF ID selection if it makes sense + Resolves: rhbz#1254876 + +* Tue Aug 4 2015 Vratislav Podzimek - 0.7-5 +- Make sure DS and XCCDF ID lists are correctly refreshed + Resolves: rhbz#1240946 +- Make sure the DS and XCCDF ID combo boxes are visible for DS content + Resolves: rhbz#1249951 +- Try to load the OSCAP session early for DS content + Resolves: rhbz#1247654 +- Test preinst_content_path before raw_preinst_content_path + Resolves: rhbz#1249937 +- Clear any error if switching to the dry-run mode + Related: rhbz#1247677 +- Do not continue with and invalid profile ID + Resolves: rhbz#1247677 +- Cover all potential places with a non-main thread changing Gtk stuff + Resolves: rhbz#1240967 + +* Thu Jul 23 2015 Vratislav Podzimek - 0.7-4 +- Better handle and report erroneous states + Resolves: rhbz#1241064 +- Make sure (some more) GUI actions run in the main thread + Resolves: rhbz#1240967 +- Beware of RPM->cpio entries' paths having absolute paths + Related: rhbz#1241064 +- Only output the kickstart section with content and profile set + Resolves: rhbz#1241395 +- Just report integrity check failure instead of traceback + Resolves: rhbz#1240710 +- Properly react on download/loading issues in text+kickstart mode + Related: rhbz#1240710 +- Fetch and process the content even if GUI doesn't take care of it + Resolves: rhbz#1240625 + +* Tue Jul 7 2015 Vratislav Podzimek - 0.7-3 +- Do not output redundant/invalid fields for the SSG content (vpodzime) + Resolves: rhbz#1240285 +- Better handle unsupported URL types (vpodzime) + Resolves: rhbz#1232631 +- React better on network issues (vpodzime) + Resolves: rhbz#1236657 +- Improve the description of the default profile (vpodzime) + Resolves: rhbz#1238080 +- Use the openscap-scanner package instead of openscap-utils (vpodzime) + Resolves: rhbz#1240249 +- Better handle the case with no profile selected (vpodzime) + Resolves: rhbz#1235750 +- Add newline and one blank line after the %%addon section (vpodzime) + Resolves: rhbz#1238267 +- Word-wrap profile descriptions (vpodzime) + Resolves: rhbz#1236644 + +* Wed Jun 17 2015 Vratislav Podzimek - 0.7-2 +- Add gettext to BuildRequires (vpodzime) + Related: rhbz#1204640 + +* Tue Jun 16 2015 Vratislav Podzimek - 0.7-1 +- Rebase to the upstream version 0.7 + Related: rhbz#1204640 + +* Tue Apr 28 2015 Vratislav Podzimek - 0.6-1 +- Rebase to the upstream version 0.6 + Resolves: rhbz#1204640 + +* Mon Aug 04 2014 Vratislav Podzimek - 0.4-3 +- Don't distribute backup files + Resolves: rhbz#1065906 +* Wed Jan 15 2014 Vratislav Podizmek - 0.4-2 +- Skip running tests on RHEL builds + Related: rhbz#1035662 +* Tue Jan 14 2014 Vratislav Podzimek - 0.4-1 +- Beware of running Gtk actions from a non-main thread +- Fix path to the tailoring file when getting rules +- A git hook for running tests when pushing +- Inform user if no profile is selected +- Visually mark the selected profile +- Better UX with content URL entry and progress label +- React on invalid content properly (#1032846) +- Stop spinner when data fetching is finished +- Make the data fetching thread non-fatal (#1049989) +- Exit code 2 from the oscap tool is not an error for us (#1050913) +- Be ready to work with archives/RPMs containing data streams +- Add unit tests for the keep_type_map function +- Add support for namedtuples to keep_type_map +- Add target for running pylint check +- Add target for running just unittests +- On the way to tailoring +- Tests for kickstart XCCDF tailoring handling +- Kickstart support for XCCDF tailoring +- Check session validity also when using XCCDF benchmark + +* Tue Dec 10 2013 Vratislav Podzimek - 0.3-1 +- Implement and use our own better function for joining paths +- The content entry should have focus if there is no content +- RPM is just a weird archive in the pre-installation phase +- Ignore RPM files as well +- Adapt tests to dir constants now ending with "/" +- CpioArchive cannot be created from a piped output +- Fix namespace definitions in the testing XCCDF file +- Prevent putting None into xccdf_session_is_sds +- Fix the __all__ variable in the common module +- Strip content dir prefix when setting xccdf/cpe paths +- Inform user we now support archive URLs as well +- Ignore various file types in the git repository +- Try to find content files in the fetched archive or RPM +- Run pylint -E as part of the test target +- Return list of extracted files/directories when extracting archive +- Do not try to search for empty file paths in archives +- Properly set the content type based on the URL's suffix +- Switch profiles on double-click +- Hook urlEntry's activate signal to fetchButton click +- Save the spoke's glade file with a new Glade +- The addon now requires the python-cpio package +- Use really_hide for the UI elements for datastream-id and xccdf-id +- Support for RPM content in the GUI spoke +- RPM content support for kickstart processing +- Add property for the raw post-installation content path +- Make content type case insensitive +- Rest of the code needed for RPM extraction +- Actually look for the file path in entry names +- Basic stuff needed for the RPM content support +- Run tests in paralel +- Specify files in a better way in spec + +* Mon Oct 21 2013 Vratislav Podzimek - 0.2-1 +- Initial RPM for the oscap-anaconda-addon