Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openscap for openSUSE:Factory checked in at 2021-12-08 00:00:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openscap (Old) and /work/SRC/openSUSE:Factory/.openscap.new.31177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openscap" Wed Dec 8 00:00:03 2021 rev:75 rq:936259 version:1.3.5 Changes: -------- --- /work/SRC/openSUSE:Factory/openscap/openscap.changes 2021-10-11 15:31:48.454863276 +0200 +++ /work/SRC/openSUSE:Factory/.openscap.new.31177/openscap.changes 2021-12-08 00:00:31.943579252 +0100 @@ -1,0 +2,6 @@ +Tue Dec 7 10:58:50 UTC 2021 - Marcus Meissner <meiss...@suse.com> + +- openscap-docker-add-suse.patch: add SLES support oscap-docker + (bsc#1179314) + +------------------------------------------------------------------- New: ---- openscap-docker-add-suse.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openscap.spec ++++++ --- /var/tmp/diff_new_pack.kuJK5B/_old 2021-12-08 00:00:32.615576953 +0100 +++ /var/tmp/diff_new_pack.kuJK5B/_new 2021-12-08 00:00:32.619576939 +0100 @@ -40,6 +40,7 @@ Source6: oscap-scan.sh Patch1: openscap-opensuse-cpe.patch Patch2: openscap-suse-cpe.patch +Patch3: openscap-docker-add-suse.patch URL: https://www.open-scap.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: asciidoc @@ -177,6 +178,7 @@ %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build %if 0%{?with_bindings} ++++++ openscap-docker-add-suse.patch ++++++ >From 9a434c4e613224b25b4dc56e38de32eb4cbdcd0c Mon Sep 17 00:00:00 2001 From: Marcus Meissner <meiss...@suse.de> Date: Tue, 7 Dec 2021 11:57:21 +0100 Subject: [PATCH] added suse support --- utils/oscap_docker_python/get_cve_input.py | 20 +++++++++---- .../oscap_docker_common.py | 30 ++++++++++++++++++- 2 files changed, 44 insertions(+), 6 deletions(-) Index: openscap-1.3.5/utils/oscap_docker_python/get_cve_input.py =================================================================== --- openscap-1.3.5.orig/utils/oscap_docker_python/get_cve_input.py +++ openscap-1.3.5/utils/oscap_docker_python/get_cve_input.py @@ -31,9 +31,12 @@ class getInputCVE(object): hdr = {'User-agent': 'Mozilla/5.0'} hdr2 = [('User-agent', 'Mozilla/5.0')] - url = "https://www.redhat.com/security/data/oval/"; - dist_cve_name = "com.redhat.rhsa-RHEL{0}.xml.bz2" - dists = [5, 6, 7] + rhel_url = "https://www.redhat.com/security/data/oval/"; + rhel_dist_cve_name = "com.redhat.rhsa-RHEL{0}.xml.bz2" + rhel_dists = [5, 6, 7] + suse_url = "https://ftp.suse.com/pub/projects/security/oval/"; + suse_dist_cve_name = "suse.linux.enterprise.{0}.xml" + suse_dists = [12, 15] remote_pattern = '%a, %d %b %Y %H:%M:%S %Z' def __init__(self, fs_dest, DEBUG=False): @@ -46,10 +49,18 @@ class getInputCVE(object): Given a distribution number (i.e. 7), it will fetch the distribution specific data file if upstream has a newer input file. Returns the path of file. + We just hack that SUSE has versions above 10 to mean SUSE ''' - cve_file = self.dist_cve_name.format(dist) + if dist == "12" or dist == "15": + cve_file = self.suse_dist_cve_name.format(dist) + dist_url = urllib.parse.urljoin(self.suse_url, cve_file) + else: + cve_file = self.rhel_dist_cve_name.format(dist) + dist_url = urllib.parse.urljoin(self.rhel_url, cve_file) + + # stderr.write("URL {0} cve_file {1}\n".format(dist_url,cve_file)) dest_file = join(self.dest, cve_file) - dist_url = urllib.parse.urljoin(self.url, cve_file) + if self._is_cache_same(dest_file, dist_url): return dest_file Index: openscap-1.3.5/utils/oscap_docker_python/oscap_docker_common.py =================================================================== --- openscap-1.3.5.orig/utils/oscap_docker_python/oscap_docker_common.py +++ openscap-1.3.5/utils/oscap_docker_python/oscap_docker_common.py @@ -55,7 +55,7 @@ def get_dist(mountpoint, oscap_binary, l ''' Test the chroot and determine what RHEL dist it is; returns - an integer representing the dist + an integer representing the dist (5 - 8 for RHEL, 12 and 15 for SLES) ''' cpe_dict = '/usr/share/openscap/cpe/openscap-cpe-oval.xml' @@ -77,3 +77,32 @@ def get_dist(mountpoint, oscap_binary, l if "{0}{1}: true".format(CPE_RHEL, dist) in result.stdout: print("This system seems based on RHEL{0}.".format(dist)) return dist + + CPE_SLES = 'oval:org.open-scap.cpe.sles:def:' + DISTS = ["12", "15"] + + ''' + Test the chroot and determine what SUSE dist it is; returns + an integer representing the dist (12 and 15 for SUSE) + ''' + + cpe_dict = '/usr/share/openscap/cpe/openscap-cpe-oval.xml' + if not os.path.exists(cpe_dict): + # sometime it's installed into /usr/local/share instead of /usr/local + cpe_dict = '/usr/local/share/openscap/cpe/openscap-cpe-oval.xml' + if not os.path.exists(cpe_dict): + raise OscapError() + + for dist in DISTS: + result = oscap_chroot( + mountpoint, oscap_binary, + ("oval", "eval", "--id", CPE_SLES + dist, cpe_dict, + mountpoint, "2>&1", ">", "/dev/null"), + '*', + local_env + ) + + if "{0}{1}: true".format(CPE_SLES, dist) in result.stdout: + print("This system seems based on SLES {0}.".format(dist)) + return dist + print("System version not detected.")
