Hello community, here is the log from the commit of package openscap for openSUSE:Factory checked in at 2018-03-07 10:35:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openscap (Old) and /work/SRC/openSUSE:Factory/.openscap.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openscap" Wed Mar 7 10:35:14 2018 rev:55 rq:583006 version:1.2.16 Changes: -------- --- /work/SRC/openSUSE:Factory/openscap/openscap.changes 2018-02-23 15:29:35.158982339 +0100 +++ /work/SRC/openSUSE:Factory/.openscap.new/openscap.changes 2018-03-07 10:35:17.353154897 +0100 @@ -1,0 +2,11 @@ +Mon Mar 5 15:11:19 UTC 2018 - [email protected] + +- Replace old $RPM_* shell vars. + +------------------------------------------------------------------- +Mon Mar 5 12:39:51 UTC 2018 - [email protected] + +- replace oscap-scan.init by oscap-scan.service, add a /usr/bin/oscap-scan + helper tool for this. (bsc#1083115) + +------------------------------------------------------------------- Old: ---- oscap-scan.init New: ---- oscap-scan.service oscap-scan.sh ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openscap.spec ++++++ --- /var/tmp/diff_new_pack.PzLjo6/_old 2018-03-07 10:35:19.157089827 +0100 +++ /var/tmp/diff_new_pack.PzLjo6/_new 2018-03-07 10:35:19.165089539 +0100 @@ -28,13 +28,14 @@ Version: 1.2.16 Release: 1.0 Source: https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz -Source1: oscap-scan.init Source2: sysconfig.oscap-scan # SUSE specific profile, based on yast2-security # checks. # Generated from http://gitorious.org/test-suite/scap Source3: scap-yast2sec-xccdf.xml Source4: scap-yast2sec-oval.xml +Source5: oscap-scan.service +Source6: oscap-scan.sh Url: http://www.open-scap.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: doxygen @@ -62,8 +63,9 @@ BuildRequires: swig BuildRequires: unixODBC-devel Summary: A Set of Libraries for Integration with SCAP -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: Development/Tools/Other +BuildRequires: systemd-rpm-macros %description OpenSCAP is a set of open source libraries providing an easier path for @@ -142,7 +144,8 @@ Summary: Openscap utilities Group: System/Monitoring Requires: %{name} = %{version}-%{release} -PreReq: %insserv_prereq %fillup_prereq +PreReq: %fillup_prereq +%systemd_requires %description utils The %{name}-utils package contains various utilities based on %{name} library. @@ -195,17 +198,20 @@ # last python2 user in oscap-utils ... needs porting to python3 rm %{buildroot}/usr/bin/scap-as-rpm -mkdir -p $RPM_BUILD_ROOT%{_fillupdir} -install -d -m 755 $RPM_BUILD_ROOT%{_initrddir} -install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initrddir}/oscap-scan -install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_fillupdir} +mkdir -p %{buildroot}/%{_fillupdir} +install -m 644 %{SOURCE2} %{buildroot}/%{_fillupdir} -install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_datadir}/openscap -install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_datadir}/openscap +install -m 644 %{SOURCE3} %{buildroot}/%{_datadir}/openscap +install -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/openscap + +# specific local scan during boot script +mkdir -p %{buildroot}/%{_unitdir} +install -m 644 %{SOURCE5} %{buildroot}/%{_unitdir}/oscap-scan.service +install -m 755 %{SOURCE6} %{buildroot}/%{_bindir}/oscap-scan # create symlinks to default content -ln -s %{_datadir}/openscap/scap-yast2sec-oval.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-oval.xml -ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-xccdf.xml +ln -s %{_datadir}/openscap/scap-yast2sec-oval.xml %{buildroot}/%{_datadir}/openscap/scap-oval.xml +ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/openscap/scap-xccdf.xml %post -n libopenscap%{sover} -p /sbin/ldconfig %post -n libopenscap_sce%{sover} -p /sbin/ldconfig @@ -214,14 +220,17 @@ %postun -n libopenscap_sce%{sover} -p /sbin/ldconfig %preun utils -%{stop_on_removal oscap-scan} +%service_del_preun oscap-scan.service %post utils -%{fillup_and_insserv -n oscap-scan} +%service_add_post oscap-scan.service +%{fillup_only -n oscap-scan} %postun utils -%{restart_on_update oscap-scan} -%{insserv_cleanup} +%service_del_postun oscap-scan.service + +%pre utils +%service_add_pre oscap-scan.service %files %defattr(-, root, root) @@ -300,10 +309,11 @@ %defattr(-,root,root,-) %{_fillupdir}/sysconfig.oscap-scan %doc docs/oscap-scan.cron -%{_initrddir}/oscap-scan %{_mandir}/man8/* +%{_unitdir}/oscap-scan.service %{_bindir}/oscap %{_bindir}/oscap-vm +%{_bindir}/oscap-scan %{_bindir}/oscap-ssh %{_bindir}/oscap-chroot # currently not shipped as it is still python2 ++++++ oscap-scan.service ++++++ [Unit] Description=OpenSCAP security scanner Wants=local-fs.target After=local-fs.target [Service] Type=forking EnvironmentFile=-/etc/sysconfig/oscap-scan ExecStart=/usr/bin/oscap $OPTIONS [Install] WantedBy=multi-user.target ++++++ oscap-scan.sh ++++++ #!/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin prog="oscap" # Check config test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan RETVAL=0 test -f /etc/sysconfig/oscap-scan || exit 6 test x"$OPTIONS" != "x" || exit 6 $prog $OPTIONS ERR=$? if [ $ERR -eq 0 ] ; then logger "OpenSCAP security scan: PASS" elif [ $ERR -eq 1 ] ; then logger "OpenSCAP security scan: ERROR. Run oscap scan from command line." else logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log" fi exit 0
