From aaaf13de70fab904e6543b53c11c8222e3f6f9a1 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Tue, 16 Sep 2025 17:07:01 +0800 Subject: [PATCH 1/3] [BUG]update to scap-security-guide-0.1.77-1 to #ICY9VI update to scap-security-guide-0.1.77-1 for bugfix Signed-off-by: Jacob Wang --- download | 2 +- fix_scap_delta_tailoring.patch | 8 ++++---- scap-security-guide.spec | 34 +++++----------------------------- 3 files changed, 10 insertions(+), 34 deletions(-) diff --git a/download b/download index 215b538..7ce06f9 100644 --- a/download +++ b/download @@ -1,3 +1,3 @@ 219c992603514558e5f6f3d29adaa534 scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2 8cf987028930d5baf17214fb65ad8b6b scap-security-guide-0.1.73-1.el7_9-rhel7.tar.bz2 -37bf2c082163d3e5236636302f5ff03c scap-security-guide-0.1.76.tar.bz2 +b5fb217e6146a5bd9ac6ebd9cdcf312a scap-security-guide-0.1.77.tar.bz2 diff --git a/fix_scap_delta_tailoring.patch b/fix_scap_delta_tailoring.patch index a146bbc..d97c898 100644 --- a/fix_scap_delta_tailoring.patch +++ b/fix_scap_delta_tailoring.patch @@ -9,19 +9,19 @@ Subject: create_delta_scap_tailoring: pass path to build_config.yml explicitly 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake -index 337067c215..170ae3d39f 100644 +index c5c2f0d55d..81ff323b82 100644 --- a/cmake/SSGCommon.cmake +++ b/cmake/SSGCommon.cmake @@ -658,7 +658,7 @@ macro(ssg_build_disa_delta PRODUCT PROFILE) add_custom_command( OUTPUT "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring" -- COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir -+ COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir -c ${CMAKE_BINARY_DIR}/build_config.yml +- COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${Python_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir ++ COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${Python_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir -c ${CMAKE_BINARY_DIR}/build_config.yml DEPENDS "${PRODUCT}-content" COMMENT "[${PRODUCT}-generate-ssg-delta] generating disa tailoring file" ) --- +-- 2.48.1 diff --git a/scap-security-guide.spec b/scap-security-guide.spec index b7477ba..6b10710 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 # Base name of static rhel6 content tarball %global _static_rhel6_content %{name}-0.1.52-2.el7_9-rhel6 # Base name of static rhel7 content tarball @@ -6,8 +5,8 @@ # global _default_patch_fuzz 2 # Normally shouldn't be needed as patches should apply cleanly Name: scap-security-guide -Version: 0.1.76 -Release: 1%{anolis_release}%{?dist} +Version: 0.1.77 +Release: 1%{?dist} Summary: Security guidance and baselines in SCAP formats License: BSD-3-Clause Group: Applications/System @@ -54,14 +53,6 @@ The %{name}-doc package contains HTML formatted documents containing hardening guidances that have been generated from XCCDF benchmarks present in %{name} package. -%package extra -Summary: Extra files package -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} - -%description extra -The %{name}-extra package contains various situation guidebooks - %if ( %{defined rhel} && (! %{defined centos}) ) %package rule-playbooks Summary: Ansible playbooks per each rule. @@ -83,9 +74,6 @@ The %{name}-rule-playbooks package contains individual ansible playbooks per rul %endif %if 0%{?centos} %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON -%if 0%{?anolis} -%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{rhel}:BOOLEAN=TRUE -DSSG_PRODUCT_ANOLIS%{anolis}:BOOLEAN=TRUE -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON -%endif %endif %build @@ -114,11 +102,6 @@ ln -s ssg-rhel8-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-rhel8-ds ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefox-ds-1.2.xml %files -%exclude %{_datadir}/%{name}/ansible/rhel* -%exclude %{_datadir}/%{name}/bash/rhel* -%exclude %{_datadir}/%{name}/kickstart/ssg-rhel* -%exclude %{_datadir}/%{name}/tailoring/rhel* -%exclude %{_datadir}/xml/scap/ssg/content/ssg-rhel* %{_datadir}/xml/scap/ssg/content %{_datadir}/%{name}/kickstart %{_datadir}/%{name}/ansible @@ -136,13 +119,6 @@ ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefo %doc %{_docdir}/%{name}/guides/*.html %doc %{_docdir}/%{name}/tables/*.html -%files extra -%{_datadir}/%{name}/ansible/rhel* -%{_datadir}/%{name}/bash/rhel* -%{_datadir}/%{name}/kickstart/ssg-rhel* -%{_datadir}/%{name}/tailoring/rhel* -%{_datadir}/xml/scap/ssg/content/ssg-rhel* - %if ( %{defined rhel} && (! %{defined centos}) ) %files rule-playbooks %defattr(-,root,root,-) @@ -150,9 +126,9 @@ ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefo %endif %changelog -* Mon Mar 31 2025 Chang Gao - 0.1.76-1.0.1 -- Add extra package -- Add product for Anolis8 (#9770)(Yuqing) +* Tue Jun 03 2025 Matthew Burket - 0.1.77-1 +- Rebase scap-security-guide to the latest upstream version 0.1.76 (RHEL-94802) +- STIG: do not remediate rule disabling user namespaces (RHEL-76750) * Tue Feb 25 2025 Vojtech Polasek - 0.1.76-1 - rebase scap-security-guide to the latest upstream version 0.1.76 (RHEL-74241) -- Gitee From 4718c2072913232112f20f580ab88a11d37f72ad Mon Sep 17 00:00:00 2001 From: "taifu.gc" Date: Thu, 10 Nov 2022 02:22:35 +0800 Subject: [PATCH 2/3] Add extra package --- scap-security-guide.spec | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 6b10710..6cf4c96 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 # Base name of static rhel6 content tarball %global _static_rhel6_content %{name}-0.1.52-2.el7_9-rhel6 # Base name of static rhel7 content tarball @@ -6,7 +7,7 @@ Name: scap-security-guide Version: 0.1.77 -Release: 1%{?dist} +Release: 1%{anolis_release}%{?dist} Summary: Security guidance and baselines in SCAP formats License: BSD-3-Clause Group: Applications/System @@ -53,6 +54,14 @@ The %{name}-doc package contains HTML formatted documents containing hardening guidances that have been generated from XCCDF benchmarks present in %{name} package. +%package extra +Summary: Extra files package +Group: System Environment/Base +Requires: %{name} = %{version}-%{release} + +%description extra +The %{name}-extra package contains various situation guidebooks + %if ( %{defined rhel} && (! %{defined centos}) ) %package rule-playbooks Summary: Ansible playbooks per each rule. @@ -102,6 +111,11 @@ ln -s ssg-rhel8-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-rhel8-ds ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefox-ds-1.2.xml %files +%exclude %{_datadir}/%{name}/ansible/rhel* +%exclude %{_datadir}/%{name}/bash/rhel* +%exclude %{_datadir}/%{name}/kickstart/ssg-rhel* +%exclude %{_datadir}/%{name}/tailoring/rhel* +%exclude %{_datadir}/xml/scap/ssg/content/ssg-rhel* %{_datadir}/xml/scap/ssg/content %{_datadir}/%{name}/kickstart %{_datadir}/%{name}/ansible @@ -119,6 +133,13 @@ ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefo %doc %{_docdir}/%{name}/guides/*.html %doc %{_docdir}/%{name}/tables/*.html +%files extra +%{_datadir}/%{name}/ansible/rhel* +%{_datadir}/%{name}/bash/rhel* +%{_datadir}/%{name}/kickstart/ssg-rhel* +%{_datadir}/%{name}/tailoring/rhel* +%{_datadir}/xml/scap/ssg/content/ssg-rhel* + %if ( %{defined rhel} && (! %{defined centos}) ) %files rule-playbooks %defattr(-,root,root,-) @@ -126,6 +147,9 @@ ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefo %endif %changelog +* Tue Sep 16 2025 Chang Gao - 0.1.77-1.0.1 +- Add extra package + * Tue Jun 03 2025 Matthew Burket - 0.1.77-1 - Rebase scap-security-guide to the latest upstream version 0.1.76 (RHEL-94802) - STIG: do not remediate rule disabling user namespaces (RHEL-76750) -- Gitee From f4b8047b4b6d1c1e0946a4db5f3c5cc6875defe8 Mon Sep 17 00:00:00 2001 From: qhw01063182 Date: Thu, 23 Feb 2023 16:49:16 +0800 Subject: [PATCH 3/3] Add product for Anolis8 Signed-off-by: qhw01063182 --- scap-security-guide.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 6cf4c96..f7bc3c5 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -83,6 +83,9 @@ The %{name}-rule-playbooks package contains individual ansible playbooks per rul %endif %if 0%{?centos} %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON +%if 0%{?anolis} +%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{rhel}:BOOLEAN=TRUE -DSSG_PRODUCT_ANOLIS%{anolis}:BOOLEAN=TRUE -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON +%endif %endif %build @@ -149,6 +152,7 @@ ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefo %changelog * Tue Sep 16 2025 Chang Gao - 0.1.77-1.0.1 - Add extra package +- Add product for Anolis8 (#9770)(Yuqing) * Tue Jun 03 2025 Matthew Burket - 0.1.77-1 - Rebase scap-security-guide to the latest upstream version 0.1.76 (RHEL-94802) -- Gitee