This patch applies fixes for second round of Fedora RPM package
review objections raised within:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c8
Has pushed it already (again mainly *.spec file changes, and
confirmed relevant tests still work) to get another version of
review opinion.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
From 56364b5154988d998b5cc025d2623b1f031cd870 Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <[email protected]>
Date: Wed, 16 Oct 2013 16:24:08 +0200
Subject: [PATCH] [Fedora] Apply further changes motivated by
scap-security-guide Fedora RPM review request (RH BZ#1018905, c#8)
Signed-off-by: Jan Lieskovsky <[email protected]>
---
Fedora/Makefile | 7 ++---
Fedora/input/auxiliary/scap-security-guide.8 | 18 +++++------
.../checks/platform/fedora-cpe-dictionary.xml | 10 ++++++
.../checks/platform/fedora19-cpe-dictionary.xml | 10 ------
Fedora/scap-security-guide.spec | 36 +++++++++++++++-------
Fedora/transforms/shorthand2xccdf.xslt | 2 +-
6 files changed, 48 insertions(+), 35 deletions(-)
create mode 100644 Fedora/input/checks/platform/fedora-cpe-dictionary.xml
delete mode 100644 Fedora/input/checks/platform/fedora19-cpe-dictionary.xml
diff --git a/Fedora/Makefile b/Fedora/Makefile
index e608354..1a35677 100644
--- a/Fedora/Makefile
+++ b/Fedora/Makefile
@@ -5,7 +5,7 @@ UTILS = utils
DIST = dist
ID = ssg
-PROD = fedora19
+PROD = fedora
all: shorthand2xccdf guide content dist
@@ -44,8 +44,7 @@ validate: validate-xml
# items in dist are expected for distribution in an rpm
dist: guide content
- mkdir -p $(DIST)/guide $(DIST)/content
- cp $(OUT)/*-guide.html $(DIST)/guide
+ mkdir -p $(DIST)/content
cp $(OUT)/$(ID)-$(PROD)-xccdf.xml $(DIST)/content
cp $(OUT)/$(ID)-$(PROD)-oval.xml $(DIST)/content
cp $(OUT)/$(ID)-$(PROD)-cpe-dictionary.xml $(DIST)/content
@@ -56,4 +55,4 @@ eval-common: content
clean:
rm -f $(OUT)/*.xml $(OUT)/*.html $(OUT)/*.xhtml $(OUT)/*.pdf $(OUT)/*.spec $(OUT)/*.tar $(OUT)/*.gz $(OUT)/*.ini $(OUT)/*.csv
- rm -rf $(DIST)/content $(DIST)/guide
+ rm -rf $(DIST)/content
diff --git a/Fedora/input/auxiliary/scap-security-guide.8 b/Fedora/input/auxiliary/scap-security-guide.8
index ec46ca8..0e3cdd0 100644
--- a/Fedora/input/auxiliary/scap-security-guide.8
+++ b/Fedora/input/auxiliary/scap-security-guide.8
@@ -39,15 +39,15 @@ common profile, run:
$ oscap xccdf eval --profile common \
--results /tmp/`hostname`-ssg-results.xml \
--report /tmp/`hostname`-ssg-results.html \
---cpe /usr/share/xml/scap/ssg/fedora/content/ssg-fedora19-cpe-dictionary.xml \
-/usr/share/xml/scap/ssg/fedora/content/ssg-fedora19-xccdf.xml
+--cpe /usr/share/xml/scap/ssg/fedora/content/ssg-fedora-cpe-dictionary.xml \
+/usr/share/xml/scap/ssg/fedora/content/ssg-fedora-xccdf.xml
To scan your system utilizing the scap-workbench systems compliance evaluation
GUI tool against the common profile, run:
$ scap-workbench
-tool, select /usr/share/xml/scap/ssg/fedora/content/ssg-fedora19-xccdf.xml
+tool, select /usr/share/xml/scap/ssg/fedora/content/ssg-fedora-xccdf.xml
as input file, and 'Common Profile for General-Purpose Fedora Systems' as the
profile file.
@@ -62,26 +62,26 @@ https://fedorahosted.org/scap-security-guide/wiki/usageguide
Houses SCAP content utilizing the following naming conventions:
.I CPE_Dictionaries:
-ssg-fedora19-cpe-dictionary.xml
+ssg-fedora-cpe-dictionary.xml
.I CPE_OVAL_Content:
-ssg-fedora19-cpe-oval.xml
+ssg-fedora-cpe-oval.xml
.I OVAL_Content:
-ssg-fedora19-oval.xml
+ssg-fedora-oval.xml
.I XCCDF_Content:
-ssg-fedora19-xccdf.xml
+ssg-fedora-xccdf.xml
.RE
-.I /usr/share/xml/scap/ssg/fedora/guide/
+.I /usr/share/doc/scap-security-guide-0.1/
.RS
HTML version of SSG profile.
.RE
.SH SEE ALSO
-.B oscap(8)
+.B oscap(8), scap-workbench(20)
.SH AUTHOR
diff --git a/Fedora/input/checks/platform/fedora-cpe-dictionary.xml b/Fedora/input/checks/platform/fedora-cpe-dictionary.xml
new file mode 100644
index 0000000..b457e21
--- /dev/null
+++ b/Fedora/input/checks/platform/fedora-cpe-dictionary.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cpe-list xmlns="http://cpe.mitre.org/dictionary/2.0";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd";>
+ <cpe-item name="cpe:/o:fedoraproject:fedora:19">
+ <title xml:lang="en-us">Fedora release 19 (Schrödinger's Cat)</title>
+ <!-- the check references an OVAL file that contains an inventory definition -->
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="filename">installed_OS_is_fedora19</check>
+ </cpe-item>
+</cpe-list>
diff --git a/Fedora/input/checks/platform/fedora19-cpe-dictionary.xml b/Fedora/input/checks/platform/fedora19-cpe-dictionary.xml
deleted file mode 100644
index b457e21..0000000
--- a/Fedora/input/checks/platform/fedora19-cpe-dictionary.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<cpe-list xmlns="http://cpe.mitre.org/dictionary/2.0";
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
- xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd";>
- <cpe-item name="cpe:/o:fedoraproject:fedora:19">
- <title xml:lang="en-us">Fedora release 19 (Schrödinger's Cat)</title>
- <!-- the check references an OVAL file that contains an inventory definition -->
- <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="filename">installed_OS_is_fedora19</check>
- </cpe-item>
-</cpe-list>
diff --git a/Fedora/scap-security-guide.spec b/Fedora/scap-security-guide.spec
index f59e45a..cd7aee7 100644
--- a/Fedora/scap-security-guide.spec
+++ b/Fedora/scap-security-guide.spec
@@ -5,7 +5,7 @@
# file one level up - in the main scap-security-guide directory (instead of
# this one).
-%global fedorassgrelease 3.rc1
+%global fedorassgrelease 3.rc2
Name: scap-security-guide
Version: 0.1
@@ -17,15 +17,19 @@ URL: https://fedorahosted.org/scap-security-guide/
Source0: http://fedorapeople.org/~jlieskov/%{name}-%{version}-%{fedorassgrelease}.tar.gz
BuildArch: noarch
BuildRequires: libxslt, expat, python, openscap-utils >= 0.9.1, python-lxml
-Requires: openscap-utils >= 0.9.1
+Requires: xml-common, openscap-utils >= 0.9.1
%description
-The scap-security-guide project provides guide for configuration of the
-system from final system's security point of view. The guidance is specified
-in the Security Content Automation Protocol (SCAP) format and consitutes
-a catalog of practical hardening advice linked to government requirements
+The scap-security-guide project provides a guide for configuration of the
+system from the final system's security point of view. The guidance is specified
+in the Security Content Automation Protocol (SCAP) format and constitutes
+a catalog of practical hardening advice, linked to government requirements
where applicable. The project bridges the gap between generalized policy
-requirements and specific implementation guidelines.
+requirements and specific implementation guidelines. The Fedora system
+administrator can use the oscap CLI tool from openscap-utils package, or the
+scap-workbench GUI tool from scap-workbench package to verify that the system
+conforms to provided guideline. Refer to scap-security-guide(8) manual page for
+further information.
%prep
%setup -q -n %{name}-%{version}-%{fedorassgrelease}
@@ -37,18 +41,28 @@ cd Fedora && make dist
mkdir -p %{buildroot}%{_datadir}/xml/scap/ssg/fedora
mkdir -p %{buildroot}%{_mandir}/en/man8/
-# Add in core content (SCAP, guide)
-cp -a Fedora/dist/* %{buildroot}%{_datadir}/xml/scap/ssg/fedora
+# Add in core content (SCAP XCCDF and OVAL content)
+cp -a Fedora/dist/content/* %{buildroot}%{_datadir}/xml/scap/ssg/fedora
# Add in manpage
cp -a Fedora/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man8/scap-security-guide.8
%files
-%{_datadir}/xml/scap/ssg/fedora/*
+%{_datadir}/xml/scap
%lang(en) %{_mandir}/en/man8/scap-security-guide.8.*
-%doc Fedora/LICENSE
+%doc Fedora/LICENSE Fedora/output/ssg-fedora-guide.html
%changelog
+* Wed Oct 16 2013 Jan iankko Lieskovsky <[email protected]> 0.1-3.rc2
+- Apply further changes motivated by scap-security-guide Fedora RPM review
+ request (RH BZ#1018905, c#8):
+ * update package description,
+ * make content files to be owned by the scap-security-guide package,
+ * remove Fedora release number from generated content files,
+ * move HTML form of the guide under the doc directory (together
+ with that drop fedora/content subdir and place the content
+ directly under fedora/ subdir).
+
* Tue Oct 15 2013 Jan iankko Lieskovsky <[email protected]> 0.1-3.rc1
- Fixes for scap-security-guide Fedora RPM review request (RH BZ#1018905):
* drop Fedora release from package provided files' final path (c#5),
diff --git a/Fedora/transforms/shorthand2xccdf.xslt b/Fedora/transforms/shorthand2xccdf.xslt
index b804153..e2d0a16 100644
--- a/Fedora/transforms/shorthand2xccdf.xslt
+++ b/Fedora/transforms/shorthand2xccdf.xslt
@@ -14,7 +14,7 @@
<xsl:include href="constants.xslt"/>
-<xsl:variable name="ovalfile">unlinked-fedora19-oval.xml</xsl:variable>
+<xsl:variable name="ovalfile">unlinked-fedora-oval.xml</xsl:variable>
<xsl:variable name="defaultseverity" select="'low'" />
<!-- put elements created in this stylesheet into the xccdf namespace,
--
1.8.3.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
