Ping On Sun, Jan 10, 2021 at 11:21 AM Jate Sujjavanich <[email protected]> wrote:
> Add patches to fix openembedded nodistro tests and openembedded build > within > ssg metadata. > > Signed-Off-By: Jate Sujjavanich <[email protected]> > --- > ...c-file-check-tests-in-installed-OS-d.patch | 46 +++++++++++++++++++ > ...g-openembedded-from-ssg-constants.py.patch | 34 ++++++++++++++ > .../scap-security-guide_git.bb | 2 + > 3 files changed, 82 insertions(+) > create mode 100644 > meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch > create mode 100644 > meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch > > diff --git > a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch > b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch > new file mode 100644 > index 0000000..60664a3 > --- /dev/null > +++ > b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch > @@ -0,0 +1,46 @@ > +From 2beb4bc83a157b21edb1a3fef295cd4cced467df Mon Sep 17 00:00:00 2001 > +From: Jate Sujjavanich <[email protected]> > +Date: Thu, 7 Jan 2021 18:10:01 -0500 > +Subject: [PATCH 1/3] Fix platform spec, file check, tests in installed OS > + detect for openembedded > + > +Change platform to multi in openembedded installed check matching others > +and allowing compile of xml into oval > +--- > + shared/checks/oval/installed_OS_is_openembedded.xml | 11 ++++++----- > + 1 file changed, 6 insertions(+), 5 deletions(-) > + > +diff --git a/shared/checks/oval/installed_OS_is_openembedded.xml > b/shared/checks/oval/installed_OS_is_openembedded.xml > +index 763d17bcb..01df16b43 100644 > +--- a/shared/checks/oval/installed_OS_is_openembedded.xml > ++++ b/shared/checks/oval/installed_OS_is_openembedded.xml > +@@ -1,11 +1,9 @@ > +-</def-group> > +- > + <def-group> > + <definition class="inventory" id="installed_OS_is_openembedded" > version="2"> > + <metadata> > + <title>OpenEmbedded</title> > + <affected family="unix"> > +- <platform>OPENEMBEDDED</platform> > ++ <platform>multi_platform_all</platform> > + </affected> > + <reference ref_id="cpe:/o:openembedded:openembedded:0" > + source="CPE" /> > +@@ -20,8 +18,11 @@ > + </criteria> > + </definition> > + > +- <ind:textfilecontent54_object id="test_openembedded" version="1" > comment="Check OPenEmbedded version"> > +- <ind:filepath>/etc/os-release/ind:filepath> > ++ <ind:textfilecontent54_test check="all" > check_existence="at_least_one_exists" comment="Check OpenEmbedded version" > id="test_openembedded" version="1"> > ++ <ind:object object_ref="obj_openembedded" /> > ++ </ind:textfilecontent54_test> > ++ <ind:textfilecontent54_object id="obj_openembedded" version="1" > comment="Check OpenEmbedded version"> > ++ <ind:filepath>/etc/os-release</ind:filepath> > + <ind:pattern operation="pattern > match">^VERSION_ID=\"nodistro\.[0-9].$</ind:pattern> > + <ind:instance datatype="int">1</ind:instance> > + </ind:textfilecontent54_object> > +-- > +2.24.3 (Apple Git-128) > + > diff --git > a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch > b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch > new file mode 100644 > index 0000000..1e712f6 > --- /dev/null > +++ > b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch > @@ -0,0 +1,34 @@ > +From 037a12301968a56f0c7e492ea4a05d2eecbd4cc6 Mon Sep 17 00:00:00 2001 > +From: Jate Sujjavanich <[email protected]> > +Date: Fri, 8 Jan 2021 20:18:00 -0500 > +Subject: [PATCH 2/3] Fix missing openembedded from ssg/constants.py > + > +--- > + ssg/constants.py | 4 +++- > + 1 file changed, 3 insertions(+), 1 deletion(-) > + > +diff --git a/ssg/constants.py b/ssg/constants.py > +index fab7cda5d..2ca289f84 100644 > +--- a/ssg/constants.py > ++++ b/ssg/constants.py > +@@ -234,7 +234,8 @@ PRODUCT_TO_CPE_MAPPING = { > + } > + > + MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhosp", "rhv", "debian", > "ubuntu", > +- "wrlinux", "opensuse", "sle", "ol", "ocp", > "example"] > ++ "wrlinux", "opensuse", "sle", "ol", "ocp", > "example", > ++ "openembedded"] > + > + MULTI_PLATFORM_MAPPING = { > + "multi_platform_debian": ["debian8"], > +@@ -249,6 +250,7 @@ MULTI_PLATFORM_MAPPING = { > + "multi_platform_sle": ["sle11", "sle12"], > + "multi_platform_ubuntu": ["ubuntu1404", "ubuntu1604", "ubuntu1804"], > + "multi_platform_wrlinux": ["wrlinux"], > ++ "multi_platform_openembedded": ["openembedded"], > + } > + > + RHEL_CENTOS_CPE_MAPPING = { > +-- > +2.24.3 (Apple Git-128) > + > diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/ > scap-security-guide_git.bb > b/meta-security-compliance/recipes-openscap/scap-security-guide/ > scap-security-guide_git.bb > index 6e7180f..0617c56 100644 > --- a/meta-security-compliance/recipes-openscap/scap-security-guide/ > scap-security-guide_git.bb > +++ b/meta-security-compliance/recipes-openscap/scap-security-guide/ > scap-security-guide_git.bb > @@ -7,6 +7,8 @@ SRC_URI = "git:// > github.com/akuster/scap-security-guide.git;branch=oe-0.1.44; \ > > file://0001-fix-deprecated-instance-of-element.getchildren.patch \ > file://0002-fix-deprecated-getiterator-function.patch \ > > file://0003-fix-remaining-getchildren-and-getiterator-functions.patch \ > + > file://0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch \ > + > file://0002-Fix-missing-openembedded-from-ssg-constants.py.patch \ > " > PV = "0.1.44+git${SRCPV}" > > -- > 2.25.1 > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52307): https://lists.yoctoproject.org/g/yocto/message/52307 Mute This Topic: https://lists.yoctoproject.org/mt/79573943/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
