From 334c8eca5d08b8b5004117c92356f89fe964d120 Mon Sep 17 00:00:00 2001 From: Renbo Date: Mon, 22 Jul 2024 11:27:39 +0800 Subject: [PATCH 1/3] update to scap-security-guide-0.1.73-1.src.rpm Signed-off-by: Renbo --- dist | 2 +- download | 2 +- ...-profiles-not-in-good-shape-for-RHEL.patch | 54 ---------- scap-security-guide.spec | 102 +++++++----------- 4 files changed, 42 insertions(+), 118 deletions(-) delete mode 100644 hide-profiles-not-in-good-shape-for-RHEL.patch diff --git a/dist b/dist index 37a6f9c..1fe92cf 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an8_9 +an8_10 diff --git a/download b/download index 9f5c9eb..db0e0a4 100644 --- a/download +++ b/download @@ -1,2 +1,2 @@ 219c992603514558e5f6f3d29adaa534 scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2 -28d1e8f00402c11fc0578a047096dee6 scap-security-guide-0.1.72.tar.bz2 +6fbaea66cae3aa3148ad98578dcc603d scap-security-guide-0.1.73.tar.bz2 diff --git a/hide-profiles-not-in-good-shape-for-RHEL.patch b/hide-profiles-not-in-good-shape-for-RHEL.patch deleted file mode 100644 index 40a7a28..0000000 --- a/hide-profiles-not-in-good-shape-for-RHEL.patch +++ /dev/null @@ -1,54 +0,0 @@ -From e0f62e3828b9deda102f247b3789f68aeb4e518d Mon Sep 17 00:00:00 2001 -From: Marcus Burghardt -Date: Fri, 16 Feb 2024 12:07:36 +0100 -Subject: [PATCH] Hide profiles not in good shape for RHEL - -There are some profiles introduced long time ago but no longer -maintained. For compatibility purposes they are not removed from -datastream but are now hidden for RHEL8 to prevent people from -using them. ---- - products/rhel8/profiles/cjis.profile | 2 ++ - products/rhel8/profiles/rht-ccp.profile | 2 ++ - products/rhel8/profiles/standard.profile | 2 ++ - 3 files changed, 6 insertions(+) - -diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile -index 30843b692e..c44c63516f 100644 ---- a/products/rhel8/profiles/cjis.profile -+++ b/products/rhel8/profiles/cjis.profile -@@ -1,5 +1,7 @@ - documentation_complete: true - -+hidden: true -+ - metadata: - version: 5.4 - SMEs: -diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile -index 01133a9bde..3f6cb751c9 100644 ---- a/products/rhel8/profiles/rht-ccp.profile -+++ b/products/rhel8/profiles/rht-ccp.profile -@@ -1,5 +1,7 @@ - documentation_complete: true - -+hidden: true -+ - title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)' - - description: |- -diff --git a/products/rhel8/profiles/standard.profile b/products/rhel8/profiles/standard.profile -index 11d72da2d9..79b491113a 100644 ---- a/products/rhel8/profiles/standard.profile -+++ b/products/rhel8/profiles/standard.profile -@@ -1,5 +1,7 @@ - documentation_complete: true - -+hidden: true -+ - title: 'Standard System Security Profile for Red Hat Enterprise Linux 8' - - description: |- --- -2.43.1 - diff --git a/scap-security-guide.spec b/scap-security-guide.spec index f682108..98a5c45 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -1,37 +1,33 @@ -%define anolis_release .0.1 # Base name of static rhel6 content tarball %global _static_rhel6_content %{name}-0.1.52-2.el7_9-rhel6 # https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds %global _vpath_builddir build # global _default_patch_fuzz 2 # Normally shouldn't be needed as patches should apply cleanly -Name: scap-security-guide -Version: 0.1.72 -Release: 2%{anolis_release}%{?dist} -Summary: Security guidance and baselines in SCAP formats -License: BSD-3-Clause -Group: Applications/System -URL: https://github.com/ComplianceAsCode/content/ -Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2 +Name: scap-security-guide +Version: 0.1.73 +Release: 1%{?dist} +Summary: Security guidance and baselines in SCAP formats +License: BSD-3-Clause +Group: Applications/System +URL: https://github.com/ComplianceAsCode/content/ +Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2 # Include tarball with last released rhel6 content -Source1: %{_static_rhel6_content}.tar.bz2 -# Patch hides cjis, rht-ccp and standard profiles for RHEL8 -Patch0: hide-profiles-not-in-good-shape-for-RHEL.patch - -BuildArch: noarch - -BuildRequires: libxslt -BuildRequires: expat -BuildRequires: openscap-scanner >= 1.2.5 -BuildRequires: cmake >= 2.8 -# To get python3 inside the buildroot require its path explicitly in BuildRequires -BuildRequires: /usr/bin/python3 -BuildRequires: python%{python3_pkgversion} -BuildRequires: python%{python3_pkgversion}-jinja2 -BuildRequires: python%{python3_pkgversion}-PyYAML -Requires: xml-common, openscap-scanner >= 1.2.5 -Obsoletes: openscap-content < 0:0.9.13 -Provides: openscap-content +Source1: %{_static_rhel6_content}.tar.bz2 + +BuildArch: noarch + +BuildRequires: libxslt +BuildRequires: expat +BuildRequires: openscap-scanner >= 1.2.5 +BuildRequires: cmake >= 2.8 +BuildRequires: python3-devel +BuildRequires: python%{python3_pkgversion} +BuildRequires: python%{python3_pkgversion}-jinja2 +BuildRequires: python%{python3_pkgversion}-PyYAML +Requires: xml-common, openscap-scanner >= 1.2.5 +Obsoletes: openscap-content < 0:0.9.13 +Provides: openscap-content %description The scap-security-guide project provides a guide for configuration of the @@ -46,28 +42,20 @@ conforms to provided guideline. Refer to scap-security-guide(8) manual page for further information. %package doc -Summary: HTML formatted security guides generated from XCCDF benchmarks -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} +Summary: HTML formatted security guides generated from XCCDF benchmarks +Group: System Environment/Base +Requires: %{name} = %{version}-%{release} %description doc The %{name}-doc package contains HTML formatted documents containing hardening guidances that have been generated from XCCDF benchmarks present in %{name} package. -%package extra -Summary: Extra files package -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} - -%description extra -The %{name}-extra package contains various situation guidebooks - -%if %{defined rhel} +%if ( %{defined rhel} && (! %{defined centos}) ) %package rule-playbooks -Summary: Ansible playbooks per each rule. -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} +Summary: Ansible playbooks per each rule. +Group: System Environment/Base +Requires: %{name} = %{version}-%{release} %description rule-playbooks The %{name}-rule-playbooks package contains individual ansible playbooks per rule. @@ -82,17 +70,16 @@ cd build %cmake \ -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE \ -DSSG_PRODUCT_RHEL7:BOOLEAN=TRUE \ --DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE -DSSG_ROCKY_LINUX_DERIVATIVES_ENABLED:BOOLEAN=TRUE:BOOLEAN=TRUE \ +-DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE \ -DSSG_PRODUCT_FIREFOX:BOOLEAN=TRUE \ -DSSG_PRODUCT_JRE:BOOLEAN=TRUE \ --DSSG_PRODUCT_ANOLIS8:BOOLEAN=TRUE \ %if %{defined centos} -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \ %else -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF \ %endif -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF \ -%if %{defined rhel} +%if ( %{defined rhel} && (! %{defined centos}) ) -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON \ %endif ../ @@ -108,11 +95,6 @@ cp -r %{_builddir}/%{_static_rhel6_content}/tables %{buildroot}%{_docdir}/%{name cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name} %files -%exclude %{_datadir}/%{name}/ansible/rhel* -%exclude %{_datadir}/%{name}/bash/rhel* -%exclude %{_datadir}/%{name}/kickstart/ssg-rhel* -%exclude %{_datadir}/%{name}/tailoring/rhel* -%exclude %{_datadir}/xml/scap/ssg/content/ssg-rhel* %{_datadir}/xml/scap/ssg/content %{_datadir}/%{name}/kickstart %{_datadir}/%{name}/ansible @@ -122,7 +104,7 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %doc %{_docdir}/%{name}/LICENSE %doc %{_docdir}/%{name}/README.md %doc %{_docdir}/%{name}/Contributors.md -%if %{defined rhel} +%if ( %{defined rhel} && (! %{defined centos}) ) %exclude %{_datadir}/%{name}/ansible/rule_playbooks %endif @@ -130,23 +112,19 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %doc %{_docdir}/%{name}/guides/*.html %doc %{_docdir}/%{name}/tables/*.html -%files extra -%{_datadir}/%{name}/ansible/rhel* -%{_datadir}/%{name}/bash/rhel* -%{_datadir}/%{name}/kickstart/ssg-rhel* -%{_datadir}/%{name}/tailoring/rhel* -%{_datadir}/xml/scap/ssg/content/ssg-rhel* - -%if %{defined rhel} +%if ( %{defined rhel} && (! %{defined centos}) ) %files rule-playbooks %defattr(-,root,root,-) %{_datadir}/%{name}/ansible/rule_playbooks %endif %changelog -* Tue Feb 27 2024 Chang Gao - 0.1.72-2.0.1 -- Add extra package -- Add product for Anolis8 (#9770)(Yuqing) +* Tue May 21 2024 Jan Černý - 0.1.73-1 +- Rebase scap-security-guide package to version 0.1.73 (RHEL-36733) +- Change crypto policy used in the CUI profile to FIPS (RHEL-30346) +- Fix file path identification in Rsyslog configuration (RHEL-17202) +- Use a correct chrony server address in STIG profile (RHEL-1814) +- Don't BuildRequire /usr/bin/python3 (RHEL-2244) * Fri Feb 16 2024 Marcus Burghardt - 0.1.72-2 - Unlist profiles no longer maintained in RHEL8. -- Gitee From e81022f5bf6bfa70c6a75535fc618a62dd1cace8 Mon Sep 17 00:00:00 2001 From: "taifu.gc" Date: Thu, 10 Nov 2022 02:22:35 +0800 Subject: [PATCH 2/3] Add extra package --- scap-security-guide.spec | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 98a5c45..81eb28e 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 # Base name of static rhel6 content tarball %global _static_rhel6_content %{name}-0.1.52-2.el7_9-rhel6 # https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds @@ -6,7 +7,7 @@ Name: scap-security-guide Version: 0.1.73 -Release: 1%{?dist} +Release: 1%{anolis_release}%{?dist} Summary: Security guidance and baselines in SCAP formats License: BSD-3-Clause Group: Applications/System @@ -51,6 +52,14 @@ The %{name}-doc package contains HTML formatted documents containing hardening guidances that have been generated from XCCDF benchmarks present in %{name} package. +%package extra +Summary: Extra files package +Group: System Environment/Base +Requires: %{name} = %{version}-%{release} + +%description extra +The %{name}-extra package contains various situation guidebooks + %if ( %{defined rhel} && (! %{defined centos}) ) %package rule-playbooks Summary: Ansible playbooks per each rule. @@ -95,6 +104,11 @@ cp -r %{_builddir}/%{_static_rhel6_content}/tables %{buildroot}%{_docdir}/%{name cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name} %files +%exclude %{_datadir}/%{name}/ansible/rhel* +%exclude %{_datadir}/%{name}/bash/rhel* +%exclude %{_datadir}/%{name}/kickstart/ssg-rhel* +%exclude %{_datadir}/%{name}/tailoring/rhel* +%exclude %{_datadir}/xml/scap/ssg/content/ssg-rhel* %{_datadir}/xml/scap/ssg/content %{_datadir}/%{name}/kickstart %{_datadir}/%{name}/ansible @@ -112,6 +126,13 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %doc %{_docdir}/%{name}/guides/*.html %doc %{_docdir}/%{name}/tables/*.html +%files extra +%{_datadir}/%{name}/ansible/rhel* +%{_datadir}/%{name}/bash/rhel* +%{_datadir}/%{name}/kickstart/ssg-rhel* +%{_datadir}/%{name}/tailoring/rhel* +%{_datadir}/xml/scap/ssg/content/ssg-rhel* + %if ( %{defined rhel} && (! %{defined centos}) ) %files rule-playbooks %defattr(-,root,root,-) @@ -119,6 +140,9 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %endif %changelog +* Mon Jul 22 2024 Chang Gao - 0.1.73-1.0.1 +- Add extra package + * Tue May 21 2024 Jan Černý - 0.1.73-1 - Rebase scap-security-guide package to version 0.1.73 (RHEL-36733) - Change crypto policy used in the CUI profile to FIPS (RHEL-30346) -- Gitee From a0add726172185573ed08d9726cdebb5a8e82c86 Mon Sep 17 00:00:00 2001 From: qhw01063182 Date: Thu, 23 Feb 2023 16:49:16 +0800 Subject: [PATCH 3/3] Add product for Anolis8 Signed-off-by: qhw01063182 --- scap-security-guide.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 81eb28e..c8a312a 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -82,6 +82,7 @@ cd build -DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE \ -DSSG_PRODUCT_FIREFOX:BOOLEAN=TRUE \ -DSSG_PRODUCT_JRE:BOOLEAN=TRUE \ +-DSSG_PRODUCT_ANOLIS8:BOOLEAN=TRUE \ %if %{defined centos} -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \ %else @@ -142,6 +143,7 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %changelog * Mon Jul 22 2024 Chang Gao - 0.1.73-1.0.1 - Add extra package +- Add product for Anolis8 (#9770)(Yuqing) * Tue May 21 2024 Jan Černý - 0.1.73-1 - Rebase scap-security-guide package to version 0.1.73 (RHEL-36733) -- Gitee