[PATCH 1/2] [Fedora] Set up Fedora release name and CPE based on build system properties

Mon, 21 Oct 2013 11:28:37 -0700 

This patch modifies content of Fedora/input/guide.xml
based on full Fedora release name and CPE, based on
the values are retrieved from the build system (AKA
support Fedora SCAP SSG content on different Fedora
releases).

Sanity and regression testing passed, pushed to master.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team

P.S.: Content of Fedora/input/checks/* wrt to underlying
      Fedora release to be adjusted yet.
From 4ee9b7b499bbdb4be22a8e373ca3c01c41482bc6 Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <[email protected]>
Date: Mon, 21 Oct 2013 19:57:23 +0200
Subject: [PATCH 1/2] [Fedora] Set up Fedora release name and CPE based on
 build system properties

Signed-off-by: Jan Lieskovsky <[email protected]>
---
 Fedora/Makefile                   |  14 ++++-
 Fedora/input/guide.xml            |   6 +-
 Fedora/scap-security-guide.spec   |   5 +-
 Fedora/transforms/genguidexslt.py | 115 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 134 insertions(+), 6 deletions(-)
 create mode 100755 Fedora/transforms/genguidexslt.py

diff --git a/Fedora/Makefile b/Fedora/Makefile
index 1a35677..1bdb6fe 100644
--- a/Fedora/Makefile
+++ b/Fedora/Makefile
@@ -7,10 +7,19 @@ DIST = dist
 ID = ssg
 PROD = fedora
 
+FEDORA_GUIDE_XSLT = fedora_guide.xslt
+FEDORA_GUIDE_XML = fedora_guide.xml
+
 all: shorthand2xccdf guide content dist
 
-shorthand-guide:
-	xsltproc -o $(OUT)/$(ID)-$(PROD)-shorthand.xml $(IN)/guide.xslt $(IN)/guide.xml
+set-fedora-release:
+#	obtain full Fedora release name and CPE from the system
+	$(TRANS)/genguidexslt.py $(OUT)/$(FEDORA_GUIDE_XSLT)
+#	update Fedora/input/guide.xml based on retrieved values
+	xsltproc -o $(OUT)/$(FEDORA_GUIDE_XML) $(OUT)/$(FEDORA_GUIDE_XSLT) $(IN)/guide.xml
+
+shorthand-guide: set-fedora-release
+	xsltproc -o $(OUT)/$(ID)-$(PROD)-shorthand.xml $(IN)/guide.xslt $(OUT)/$(FEDORA_GUIDE_XML)
 	xmllint --format --output $(OUT)/$(ID)-$(PROD)-shorthand.xml $(OUT)/$(ID)-$(PROD)-shorthand.xml
 
 shorthand2xccdf: shorthand-guide
@@ -55,4 +64,5 @@ eval-common: content
 
 clean:
 	rm -f $(OUT)/*.xml $(OUT)/*.html $(OUT)/*.xhtml $(OUT)/*.pdf  $(OUT)/*.spec $(OUT)/*.tar $(OUT)/*.gz $(OUT)/*.ini $(OUT)/*.csv
+	rm -f $(OUT)/$(FEDORA_GUIDE_XSLT)
 	rm -rf $(DIST)/content
diff --git a/Fedora/input/guide.xml b/Fedora/input/guide.xml
index 8d21fe8..ddc6904 100644
--- a/Fedora/input/guide.xml
+++ b/Fedora/input/guide.xml
@@ -2,10 +2,10 @@
 <Benchmark xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:xhtml="http://www.w3.org/1999/xhtml"; xmlns:dc="http://purl.org/dc/elements/1.1/"; id="FEDORA-19" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.4.xsd" resolved="false" xml:lang="en-US" >
 
 <status date="2011-12-20">draft</status>
-<title>Guide to the Secure Configuration of Fedora release 19 (Schrödinger's Cat)</title>
+<title>Guide to the Secure Configuration of <fedora_release/></title>
 <description>This guide presents a catalog of security-relevant
-configuration settings for Fedora release 19 (Schrödinger's Cat) formatted in the
-eXtensible Configuration Checklist Description Format (XCCDF).  
+configuration settings for <fedora_release/> formatted in the
+eXtensible Configuration Checklist Description Format (XCCDF).
 <br/>
 <br/>
 Providing system administrators with such guidance informs them how to securely
diff --git a/Fedora/scap-security-guide.spec b/Fedora/scap-security-guide.spec
index 9536f56..071c47f 100644
--- a/Fedora/scap-security-guide.spec
+++ b/Fedora/scap-security-guide.spec
@@ -5,7 +5,7 @@
 # file one level up - in the main scap-security-guide directory (instead of
 # this one).
 
-%global	fedorassgrelease	3.rc3
+%global	fedorassgrelease	3.rc4
 
 Name:		scap-security-guide
 Version:	0.1
@@ -53,6 +53,9 @@ cp -a Fedora/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man
 %doc Fedora/LICENSE Fedora/output/ssg-fedora-guide.html
 
 %changelog
+* Mon Oct 21 2013 Jan iankko Lieskovsky <[email protected]> 0.1-3.rc4
+- Set up Fedora release name and CPE based on build system properties
+
 * Thu Oct 17 2013 Jan iankko Lieskovsky <[email protected]> 0.1-3.rc3
 - Use correct file paths in scap-security-guide(8) manual page 
   (RH BZ#1018905, c#10)
diff --git a/Fedora/transforms/genguidexslt.py b/Fedora/transforms/genguidexslt.py
new file mode 100755
index 0000000..504e8d7
--- /dev/null
+++ b/Fedora/transforms/genguidexslt.py
@@ -0,0 +1,115 @@
+#!/usr/bin/python
+
+# PURPOSE: Generate XSLT transform to adjust:
+#
+#   Fedora/input/guide.xml
+#
+# content (release name and CPE) based on underlying system's Fedora version
+# (for now building on RHEL isn't supported)
+
+from contextlib import contextmanager
+import sys
+
+# Script helper routines below
+# ----------------------------
+
+# Open a file (PEP 343 version)
+@contextmanager
+def pep_343_open_file(filename, mode="r"):
+  try:
+    f = open(filename, mode)
+  except IOError, e:
+    yield None, e
+  else:
+    try:
+      yield f, None
+    finally:
+      f.close()
+
+# Read one line from file
+def read_file_line(filename):
+  with pep_343_open_file(filename) as (f, e):
+    if e:
+      return None
+    else:
+      return f.readline().rstrip('\n')
+
+# Constants for generated XSLT content below
+# ------------------------------------------
+
+XSLT_HEADER = '''<?xml version="1.0"?>
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
+ xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1";
+ xmlns:xhtml="http://www.w3.org/1999/xhtml";
+ xmlns:dc="http://purl.org/dc/elements/1.1/";>'''
+
+XSLT_TEMPLATES = '''
+
+<!-- Copy children -->
+<xsl:template match="@*|node()">
+  <xsl:copy>
+    <xsl:apply-templates select="@*|node()" />
+  </xsl:copy>
+</xsl:template>
+<!-- Update full Fedora release name based on param value -->
+<xsl:template match="fedora_release">
+  <xsl:value-of select="$fedora_release" />
+</xsl:template>
+<!-- Update Fedora CPE based on param value -->
+<xsl:template match="platform/@idref">
+  <xsl:attribute name="idref">
+    <xsl:value-of select="$fedora_cpe" />
+  </xsl:attribute>
+</xsl:template>
+
+'''
+
+XSLT_FOOTER = '</xsl:stylesheet>'
+
+# Helper XSLT content routines below
+# ----------------------------------
+
+# Store retrieved values from the system
+# into XSLT params
+def create_fedora_xslt_params(xslt_file):
+    release_xslt_param = "\n<xsl:param name=\"fedora_release\" select=\"\'%s\'\" />" % FEDORA_RELEASE
+    cpe_xslt_param = "\n<xsl:param name=\"fedora_cpe\" select=\"\'%s\'\" />" % FEDORA_CPE
+  
+    xslt_file.write(NEW_LINE + release_xslt_param)
+    xslt_file.write(cpe_xslt_param)
+ 
+# Create final XSLT transform file
+def create_xslt(filename):
+  with pep_343_open_file(filename, "w") as (f, e):
+    if e:
+      print "Error generating XSLT transform."
+      sys.exit(1)
+    else:
+      print "Writing XSLT transform file into: %s" % filename
+      f.write(XSLT_HEADER)
+      create_fedora_xslt_params(f)
+      f.write(XSLT_TEMPLATES)
+      f.write(XSLT_FOOTER)
+
+# Main section
+# ------------
+if __name__ == "__main__":
+
+  if len(sys.argv) < 2:
+    print "Provide filename for resulting XSLT file."
+    sys.exit(1)
+  
+  NEW_LINE = '\n'
+  XSLT_FILE = str(sys.argv[1])
+  FEDORA_RELEASE = read_file_line('/etc/fedora-release')
+  FEDORA_CPE = read_file_line('/etc/system-release-cpe')
+
+  if FEDORA_RELEASE is None or FEDORA_CPE is None:
+    print '''
+Unable to determine version of Fedora at the system. Be sure to
+build scap-security-guide (source) RPM either at Fedora 18 or at
+Fedora 19.\n'''
+    sys.exit(1)
+
+  create_xslt(XSLT_FILE)
-- 
1.8.3.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Reply via email to