This patch projects fixes for objections raised within scap-security-guide RPM package review request (RH BZ#1018905) to RHEL6 content building functionality too, so we could package it into EPEL-6.
More exactly: * remove BuildRoot (not needed already), https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c4 * remove coreutils from BuildRequires, filesystem from Requires (not needed), https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c4 * add xml-common to Requires (so /usr/share/xml/scap directory would be also owned by scap-security-guide RPM - see also below), https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c8 * update %description to be more clear (some sentences were reported as to be harder to understand), https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c8 https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c9 https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c10 * replace $RPM_BUILD_ROOT with %{buildroot} in %install section (%{buildroot} is defined on RHEL6 as can be verified with: rpm --eval '%{buildroot}' command) https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c4 * remove not necessary %install section bits (removing former RPM_BUILD_ROOT etc.) https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c1 * adjust adding of core content (replace $RPM_BUILD_ROOT, exactly list directories that will get copied - IOW copy just content/ and policytables/ ones. HTML guides from previous guide/ will be stored under scap-security-guide's %doc directory), https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c8 * don't directly compress the manual page and rather let the build system to choose which compress algorithm to use (for case compression algorithm would change) https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c4 * don't confine the manual page (not needed), https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c4 * remove the %clean section (not needed), https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c4 * remove defattr from %files section (was required only on rpm < 4.4), http://fedoraproject.org/wiki/Packaging:Guidelines#File_Permissions * modify %files path after %{_datadir} (replace /xml/scap/ssg with /xml/scap so /usr/share/xml/scap/ directory is also owned by scap-security-guide package, and removed too by package removal), https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c4 https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c8 * add LICENSE into RHEL6 subdirectory, https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c4 * package LICENSE, RHEL6 and JBossEAP5 guide under scap-security-guide's RPM %doc directory. https://bugzilla.redhat.com/show_bug.cgi?id=1018905#c8 Sanity && regression testing: - make tarball, make srpm, make rpm => PASS, - RHEL6's make, make validate, make validate-xml, make content, make guide, make dist, make eval-common, make checks, make tables => PASS, - oscap xccdf eval for generated XCCDF file: $ export SSG="/usr/share/xml/scap/ssg/content" $ oscap xccdf eval --profile common --cpe $SSG/ssg-rhel6-cpe-dictionary.xml \ --report /tmp/el6.html $SSG/ssg-rhel6-xccdf.xml => PASS, - HTML guides for both RHEL6 and JBossEAP are packaged too, and look reasonable in quick firefox preview. Please review. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
From 6f2c0f2462ce87b7a4cbfff0b381c3906458f738 Mon Sep 17 00:00:00 2001 From: Jan Lieskovsky <[email protected]> Date: Fri, 25 Oct 2013 16:19:13 +0200 Subject: [PATCH] [RHEL6] Apply spec file changes required by review request (RH BZ#1018905) More exactly: * remove BuildRoot (not needed) * remove coreutils from BuildRequires, filesystem from Requires (not needed), * add xml-common to Requires (so /usr/share/xml/scap directory would be also owned by scap-security-guide RPM), * update %description to be more clear (some sentences were harder to understand), * replace $RPM_BUILD_ROOT with %{buildroot} in %install section, * remove not necessary %install section bits, * adjust adding of core content (replace $RPM_BUILD_ROOT, exactly list directories that will get copied), * don't directly compress the manual page and rather let the build system to choose which compress algorithm to use, * don't confine the manual page (not needed), * remove the %clean section (not needed), * remove defattr from %files section (was required only on rpm < 4.4), * modify %files path after %{_datadir} (replace /xml/scap/ssg with /xml/scap so /usr/share/xml/scap/ directory is also owned by scap-security-guide package, and removed too by package removal), * add LICENSE into RHEL6 subdirectory, * package LICENSE, RHEL6 and JBossEAP5 guide under scap-security-guide's RPM %doc directory. Signed-off-by: Jan Lieskovsky <[email protected]> --- RHEL6/LICENSE | 24 ++++++++++++++++++++++++ RHEL6/Makefile | 5 ++--- scap-security-guide.spec | 49 ++++++++++++++++++++++++------------------------ 3 files changed, 51 insertions(+), 27 deletions(-) create mode 100644 RHEL6/LICENSE diff --git a/RHEL6/LICENSE b/RHEL6/LICENSE new file mode 100644 index 0000000..c650b12 --- /dev/null +++ b/RHEL6/LICENSE @@ -0,0 +1,24 @@ +This is free and unencumbered software released into the public domain. + +Anyone is free to copy, modify, publish, use, compile, sell, or +distribute this software, either in source code form or as a compiled +binary, for any purpose, commercial or non-commercial, and by any +means. + +In jurisdictions that recognize copyright laws, the author or authors +of this software dedicate any and all copyright interest in the +software to the public domain. We make this dedication for the benefit +of the public at large and to the detriment of our heirs and +successors. We intend this dedication to be an overt act of +relinquishment in perpetuity of all present and future rights to this +software under copyright law. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +For more information, please refer to: <http://unlicense.org> diff --git a/RHEL6/Makefile b/RHEL6/Makefile index aa746ce..7bda125 100644 --- a/RHEL6/Makefile +++ b/RHEL6/Makefile @@ -114,8 +114,7 @@ eval-common: # items in dist are expected for distribution in an rpm dist: tables guide content - mkdir -p $(DIST)/guide $(DIST)/content $(DIST)/policytables - cp $(OUT)/*-guide.html $(DIST)/guide + mkdir -p $(DIST)/content $(DIST)/policytables cp $(OUT)/$(ID)-rhel6-xccdf.xml $(DIST)/content cp $(OUT)/$(ID)-rhel6-oval.xml $(DIST)/content cp $(OUT)/$(ID)-rhel6-cpe-dictionary.xml $(DIST)/content @@ -124,4 +123,4 @@ dist: tables guide content clean: rm -f $(OUT)/*.xml $(OUT)/*.html $(OUT)/*.xhtml $(OUT)/*.pdf $(OUT)/*.spec $(OUT)/*.tar $(OUT)/*.gz $(OUT)/*.ini $(OUT)/*.csv - rm -rf $(DIST)/content $(DIST)/policytables $(DIST)/guide + rm -rf $(DIST)/content $(DIST)/policytables diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 4a8562a..3f0434b 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -1,5 +1,5 @@ -%global redhatssgrelease 14 +%global redhatssgrelease 15.rc1 Name: scap-security-guide Version: 0.1 @@ -12,19 +12,23 @@ License: Public Domain URL: https://fedorahosted.org/scap-security-guide/ Source0: %{name}-%{version}-%{redhatssgrelease}.tar.gz -BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildArch: noarch -BuildRequires: coreutils, libxslt, expat, python, openscap-utils >= 0.9.1, python-lxml -Requires: filesystem, openscap-utils >= 0.9.1 +BuildRequires: libxslt, expat, python, openscap-utils >= 0.9.1, python-lxml +Requires: xml-common, openscap-utils >= 0.9.1 %description -The scap-security-guide project provides security configuration guidance in -formats of the Security Content Automation Protocol (SCAP). It provides a -catalog of practical hardening advice and links it to government requirements -where applicable. The project bridges the gap between generalized policy -requirements and specific implementation guidance. +The scap-security-guide project provides a guide for configuration of the +system from the final system's security point of view. The guidance is +specified in the Security Content Automation Protocol (SCAP) format and +constitutes a catalog of practical hardening advice, linked to government +requirements where applicable. The project bridges the gap between generalized +policy requirements and specific implementation guidelines. The Red Hat +Enterprise Linux 6 system administrator can use the oscap command-line tool +from the openscap-utils package to verify that the system conforms to provided +guideline. Refer to scap-security-guide(8) manual page for further information. + %prep %setup -q -n %{name}-%{version}-%{redhatssgrelease} @@ -32,30 +36,27 @@ requirements and specific implementation guidance. cd RHEL6 && make dist %install -rm -rf $RPM_BUILD_ROOT -#make install DESTDIR=$RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT%{_datadir}/xml/scap/ssg/ -mkdir -p $RPM_BUILD_ROOT%{_mandir}/en/man8/ +mkdir -p %{buildroot}%{_datadir}/xml/scap/ssg/{content,policytables} +mkdir -p %{buildroot}%{_mandir}/en/man8/ -# Add in core content (SCAP, guide, tables) -cp -r RHEL6/dist/* $RPM_BUILD_ROOT%{_datadir}/xml/scap/ssg/ -cp JBossEAP5/eap5-* $RPM_BUILD_ROOT%{_datadir}/xml/scap/ssg/content/ -cp JBossEAP5/docs/JBossEAP5_Guide.html $RPM_BUILD_ROOT%{_datadir}/xml/scap/ssg/guide/ +# Add in core content (SCAP, tables) +cp -a RHEL6/dist/content/* %{buildroot}%{_datadir}/xml/scap/ssg/content/ +cp -a RHEL6/dist/policytables/* %{buildroot}%{_datadir}/xml/scap/ssg/policytables/ +cp -a JBossEAP5/eap5-* %{buildroot}%{_datadir}/xml/scap/ssg/content/ # Add in manpage -gzip -c RHEL6/input/auxiliary/scap-security-guide.8 > $RPM_BUILD_ROOT%{_mandir}/en/man8/scap-security-guide.8.gz +cp -a RHEL6/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man8/scap-security-guide.8 makewhatis -chcon -u system_u $RPM_BUILD_ROOT%{_mandir}/en/man8/scap-security-guide.8.gz - -%clean -rm -rf $RPM_BUILD_ROOT %files -%defattr(-,root,root,-) -%{_datadir}/xml/scap/ssg +%{_datadir}/xml/scap %lang(en) %{_mandir}/en/man8/scap-security-guide.8.gz +%doc RHEL6/LICENSE RHEL6/output/rhel6-guide.html JBossEAP5/docs/JBossEAP5_Guide.html %changelog +* Fri Oct 25 2013 Jan iankko Lieskovsky <[email protected]> 0.1-15.rc1 +- Apply spec file changes required by review request (RH BZ#1018905) + * Thu Oct 24 2013 Shawn Wells <[email protected]> 0.1-14 - Formal RPM release - Inclusion of rht-ccp profile -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
