>From 2411c946d507e4b744a118ce7a417da929d88606 Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Sat, 15 Feb 2014 09:50:16 -0500
Subject: [PATCH 1/3] Adding datastream output for RHEL6
Updated RHEL6 build process to generate a SCAP datastream (ssg-rhel6-ds.xml).
This is required by several tools, such as oscap-anaconda and SCAP Workbench.
Additionally, this sets us up for signing content.
Did *not* update the RPM build process and documentation yet. The datastream
will be generated via `make content` and should be considered a developer
preview at this time. As additional testing occurs we'll evaluate shipping the
DS in the next RPM release.
---
RHEL/6/Makefile | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/RHEL/6/Makefile b/RHEL/6/Makefile
index 4c9b062..2835c94 100644
--- a/RHEL/6/Makefile
+++ b/RHEL/6/Makefile
@@ -86,6 +86,16 @@ content: shorthand2xccdf guide checks
$(TRANS)/cpe_generate.py $(OUT)/unlinked-rhel6-oval.xml
$(IN)/checks/platform/rhel6-cpe-dictionary.xml $(ID)
$(TRANS)/relabelids.py unlinked-rhel6-xccdf.xml $(ID)
$(TRANS)/relabelids.py unlinked-ocilrefs-rhel6-xccdf.xml $(ID)
+# Once things are relabelled, create a datastream
+ xsltproc /usr/share/openscap/xsl/xccdf_1.1_remove_dangling_sub.xsl
$(OUT)/$(ID)-rhel6-xccdf.xml \
+ > $(OUT)/$(ID)-rhel6-xccdf-nodangles.xml
+ xsltproc --stringparam reverse_DNS org.ssgproject.content
/usr/share/openscap/xsl/xccdf_1.1_to_1.2.xsl \
+ $(OUT)/$(ID)-rhel6-xccdf-nodangles.xml >
$(OUT)/$(ID)-rhel6-xccdf-1.2.xml
+ sed -i '/idref="dangling reference to /d'
$(OUT)/$(ID)-rhel6-xccdf-1.2.xml
+ oscap ds sds-compose $(OUT)/$(ID)-rhel6-xccdf-1.2.xml
$(OUT)/$(ID)-rhel6-ds.xml
+# Add in CPE and OVAL content to datastream
+ oscap ds sds-add $(OUT)/$(ID)-rhel6-cpe-dictionary.xml
$(OUT)/$(ID)-rhel6-ds.xml
+ oscap ds sds-add $(OUT)/$(ID)-rhel6-oval.xml $(OUT)/$(ID)-rhel6-ds.xml
content-stig: shorthand2xccdf guide checks
xmllint --format --output $(OUT)/unlinked-stig-rhel6-xccdf.xml
$(OUT)/unlinked-stig-rhel6-xccdf.xml
--
1.7.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide