#1 Enable CentOS derivatives.
Closed 4 months ago by ggbecker. Opened a year ago by ggbecker.
rpms/ ggbecker/scap-security-guide c8s  into  c8s

@@ -82,7 +82,7 @@ 

  -DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE \

  -DSSG_PRODUCT_FIREFOX:BOOLEAN=TRUE \

  -DSSG_PRODUCT_JRE:BOOLEAN=TRUE \

- -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF \

+ -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \

  -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF ../

  %make_build

  

Switching SSG_CENTOS_DERIVATIVES_ENABLED to ON enables the project to build security content for CentOS.

Thanks for the potential contribution @ggbecker. Sorry for the delay in response, we're still working out the kinks with our contribution process. CentOS Stream 8 is still built "inside out". What I mean by that is that there is still an internal dist-git and build system where RHEL builds are done, before being exported automatically to this dist-git to be built in the CentOS build system. This means that we can't merge this pull request directly. We can however use it to demonstrate changes and generate a patch file that can be applied to the internal dist-git by RHEL maintainers, if they decide to accept the change. To get their attention, would you mind filing a bugzilla describing this change in detail? This link will pre-populate the necessary fields. Please also link to this pull request in that bugzilla.

https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%208&version=CentOS%20Stream&component=scap-security-guide

This will work much better in CentOS Stream 9, as we're moving to having the RHEL maintainers work directly in a public dist-git so that can merge pull requests from contributors.

I'm a scap-security-guide RHEL mantainer and this change won't be accepted in the internal dist-git. This is applicable only to CentOS and should be added on top of what comes from RHEL. For the CentOS Stream we are actually not sure how things will be for scap-security-guide since CentOS content from scap-security-guide package should not be applicable to RHEL.

We'd prefer to have a conditional in the RHEL spec file, rather than add on to our debranding work that has to be manually reapplied on top of each source push. We've had some success moving our debranding to internal dist-git by keying off the centos macro. What do you think about applying something like this to internal dist-git?

%if %{defined centos}
-DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \
%else
-DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF \
%endif

Alternatively, it can be done in one line with a little less readability.

-DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=%{?centos:ON}%{!?centos:OFF} \

@carlwgeorge Thanks for the instructions. We have updated the RHEL spec file and should be part of next updates for both RHEL7 and RHEL8. I'm closing this one as it's not necessary anymore.

Pull-Request has been closed by ggbecker

4 months ago

That's great to hear. I can see that change was made in scap-security-guide-0.1.56-1.el8, which was exported here, and was built here. It will be included in the next cs8 compose we ship.

Metadata