>From 8d47723e9c54e968616544ab79ee1b24c07f1e25 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 25 Oct 2013 05:57:58 -0400 Subject: [PATCH] RPM spec update This patch: - Applies Jan's RHEL6 .spec file changes per RH BZ#1018905 per https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-October/004381.html - Extendes the %doc to cover HTML policy tables - Removed the execution bit on JBossEAP5/eap5-cpe-dictionary.xml
Perhaps a little BOFH, pushing this patch as an ack of Jan's patch + bugfixes for policy tables and jboss cpe dictionary. --- RHEL6/LICENSE | 24 ++++++++++++++++ RHEL6/Makefile | 7 ++--- scap-security-guide.spec | 53 ++++++++++++++++++++---------------- 3 files changed, 56 insertions(+), 28 deletions(-) mode change 100755 => 100644 JBossEAP5/eap5-cpe-dictionary.xml create mode 100644 RHEL6/LICENSE diff --git a/JBossEAP5/eap5-cpe-dictionary.xml b/JBossEAP5/eap5-cpe-dictionary.xml old mode 100755 new mode 100644 diff --git a/RHEL6/LICENSE b/RHEL6/LICENSE new file mode 100644 index 0000000..c650b12 --- /dev/null +++ b/RHEL6/LICENSE @@ -0,0 +1,24 @@ +This is free and unencumbered software released into the public domain. + +Anyone is free to copy, modify, publish, use, compile, sell, or +distribute this software, either in source code form or as a compiled +binary, for any purpose, commercial or non-commercial, and by any +means. + +In jurisdictions that recognize copyright laws, the author or authors +of this software dedicate any and all copyright interest in the +software to the public domain. We make this dedication for the benefit +of the public at large and to the detriment of our heirs and +successors. We intend this dedication to be an overt act of +relinquishment in perpetuity of all present and future rights to this +software under copyright law. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +For more information, please refer to: <http://unlicense.org> diff --git a/RHEL6/Makefile b/RHEL6/Makefile index aa746ce..9e6159f 100644 --- a/RHEL6/Makefile +++ b/RHEL6/Makefile @@ -73,7 +73,7 @@ table-stigs: shorthand2xccdf table-srgmap checks xsltproc -stringparam overlay "../$(IN)/auxiliary/stig_overlay.xml" -o $(OUT)/unlinked-stig-rhel6-xccdf.xml \ $(TRANS)/xccdf-apply-overlay-stig.xslt \ $(OUT)/unlinked-rhel6-xccdf.xml - xsltproc -o $(OUT)/table-stig-rhel6.html $(TRANS)/xccdf2table-stig.xslt $(OUT)/unlinked-stig-rhel6-xccdf.xml + xsltproc -o $(OUT)/table-rhel6-stig.html $(TRANS)/xccdf2table-stig.xslt $(OUT)/unlinked-stig-rhel6-xccdf.xml tables: table-refs table-idents table-srgmap table-stigs @@ -114,8 +114,7 @@ eval-common: # items in dist are expected for distribution in an rpm dist: tables guide content - mkdir -p $(DIST)/guide $(DIST)/content $(DIST)/policytables - cp $(OUT)/*-guide.html $(DIST)/guide + mkdir -p $(DIST)/content $(DIST)/policytables cp $(OUT)/$(ID)-rhel6-xccdf.xml $(DIST)/content cp $(OUT)/$(ID)-rhel6-oval.xml $(DIST)/content cp $(OUT)/$(ID)-rhel6-cpe-dictionary.xml $(DIST)/content @@ -124,4 +123,4 @@ dist: tables guide content clean: rm -f $(OUT)/*.xml $(OUT)/*.html $(OUT)/*.xhtml $(OUT)/*.pdf $(OUT)/*.spec $(OUT)/*.tar $(OUT)/*.gz $(OUT)/*.ini $(OUT)/*.csv - rm -rf $(DIST)/content $(DIST)/policytables $(DIST)/guide + rm -rf $(DIST)/content $(DIST)/policytables diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 4a8562a..78ce28a 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -1,5 +1,5 @@ -%global redhatssgrelease 14 +%global redhatssgrelease 15.rc2 Name: scap-security-guide Version: 0.1 @@ -12,19 +12,23 @@ License: Public Domain URL: https://fedorahosted.org/scap-security-guide/ Source0: %{name}-%{version}-%{redhatssgrelease}.tar.gz -BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildArch: noarch -BuildRequires: coreutils, libxslt, expat, python, openscap-utils >= 0.9.1, python-lxml -Requires: filesystem, openscap-utils >= 0.9.1 +BuildRequires: libxslt, expat, python, openscap-utils >= 0.9.1, python-lxml +Requires: xml-common, openscap-utils >= 0.9.1 %description -The scap-security-guide project provides security configuration guidance in -formats of the Security Content Automation Protocol (SCAP). It provides a -catalog of practical hardening advice and links it to government requirements -where applicable. The project bridges the gap between generalized policy -requirements and specific implementation guidance. +The scap-security-guide project provides a guide for configuration of the +system from the final system's security point of view. The guidance is +specified in the Security Content Automation Protocol (SCAP) format and +constitutes a catalog of practical hardening advice, linked to government +requirements where applicable. The project bridges the gap between generalized +policy requirements and specific implementation guidelines. The Red Hat +Enterprise Linux 6 system administrator can use the oscap command-line tool +from the openscap-utils package to verify that the system conforms to provided +guideline. Refer to scap-security-guide(8) manual page for further information. + %prep %setup -q -n %{name}-%{version}-%{redhatssgrelease} @@ -32,30 +36,31 @@ requirements and specific implementation guidance. cd RHEL6 && make dist %install -rm -rf $RPM_BUILD_ROOT -#make install DESTDIR=$RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT%{_datadir}/xml/scap/ssg/ -mkdir -p $RPM_BUILD_ROOT%{_mandir}/en/man8/ +mkdir -p %{buildroot}%{_datadir}/xml/scap/ssg/{content,policytables} +mkdir -p %{buildroot}%{_mandir}/en/man8/ -# Add in core content (SCAP, guide, tables) -cp -r RHEL6/dist/* $RPM_BUILD_ROOT%{_datadir}/xml/scap/ssg/ -cp JBossEAP5/eap5-* $RPM_BUILD_ROOT%{_datadir}/xml/scap/ssg/content/ -cp JBossEAP5/docs/JBossEAP5_Guide.html $RPM_BUILD_ROOT%{_datadir}/xml/scap/ssg/guide/ +# Add in core content (SCAP, tables) +cp -a RHEL6/dist/content/* %{buildroot}%{_datadir}/xml/scap/ssg/content/ +cp -a RHEL6/dist/policytables/* %{buildroot}%{_datadir}/xml/scap/ssg/policytables/ +cp -a JBossEAP5/eap5-* %{buildroot}%{_datadir}/xml/scap/ssg/content/ # Add in manpage -gzip -c RHEL6/input/auxiliary/scap-security-guide.8 > $RPM_BUILD_ROOT%{_mandir}/en/man8/scap-security-guide.8.gz +cp -a RHEL6/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man8/scap-security-guide.8 makewhatis -chcon -u system_u $RPM_BUILD_ROOT%{_mandir}/en/man8/scap-security-guide.8.gz - -%clean -rm -rf $RPM_BUILD_ROOT %files -%defattr(-,root,root,-) -%{_datadir}/xml/scap/ssg +%{_datadir}/xml/scap %lang(en) %{_mandir}/en/man8/scap-security-guide.8.gz +%doc RHEL6/LICENSE RHEL6/output/rhel6-guide.html RHEL6/output/table-rhel6-cces.html RHEL6/output/table-rhel6-nistrefs-common.html RHEL6/output/table-rhel6-nistrefs.html RHEL6/output/table-rhel6-srgmap-flat.html RHEL6/output/table-rhel6-srgmap-flat.xhtml RHEL6/output/table-rhel6-srgmap.html RHEL6/output/table-rhel6-stig.html JBossEAP5/docs/JBossEAP5_Guide.html %changelog +* Fri Oct 25 2013 Shawn Wells <[email protected]> 0.1-15.rc2 +- Updated file permissions of JBossEAP5/eap5-cpe-dictionary.xml (chmod -x) to resolve rpmlint errors +- RHEL6 HTML table naming bugfixes (table-rhel6-*, not table-*-rhel6) + +* Fri Oct 25 2013 Jan iankko Lieskovsky <[email protected]> 0.1-15.rc1 +- Apply spec file changes required by review request (RH BZ#1018905) + * Thu Oct 24 2013 Shawn Wells <[email protected]> 0.1-14 - Formal RPM release - Inclusion of rht-ccp profile -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
