diff options
author | Dave Cobbley <david.j.cobbley@linux.intel.com> | 2018-08-14 20:05:37 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-23 04:26:31 +0300 |
commit | eb8dc40360f0cfef56fb6947cc817a547d6d9bc6 (patch) | |
tree | de291a73dc37168da6370e2cf16c347d1eba9df8 /meta-security/meta-security-compliance/recipes-openscap/openscap | |
parent | 9c3cf826d853102535ead04cebc2d6023eff3032 (diff) | |
download | openbmc-eb8dc40360f0cfef56fb6947cc817a547d6d9bc6.tar.xz |
[Subtree] Removing import-layers directory
As part of the move to subtrees, need to bring all the import layers
content to the top level.
Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f
Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-security/meta-security-compliance/recipes-openscap/openscap')
5 files changed, 144 insertions, 0 deletions
diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch b/meta-security/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch new file mode 100644 index 000000000..2d70855ab --- /dev/null +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch @@ -0,0 +1,36 @@ +Index: git/configure.ac +=================================================================== +--- git.orig/configure.ac ++++ git/configure.ac +@@ -360,25 +360,13 @@ case "${with_crypto}" in + AC_DEFINE([HAVE_NSS3], [1], [Define to 1 if you have 'NSS' library.]) + ;; + gcrypt) +- SAVE_LIBS=$LIBS +- AC_CHECK_LIB([gcrypt], [gcry_check_version], +- [crapi_CFLAGS=`libgcrypt-config --cflags`; +- crapi_LIBS=`libgcrypt-config --libs`; +- crapi_libname="GCrypt";], +- [AC_MSG_ERROR([library 'gcrypt' is required for GCrypt.])], +- []) +- AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'gcrypt' library.]) +- AC_CACHE_CHECK([for GCRYCTL_SET_ENFORCED_FIPS_FLAG], +- [ac_cv_gcryctl_set_enforced_fips_flag], +- [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include<gcrypt.h>], +- [return GCRYCTL_SET_ENFORCED_FIPS_FLAG;])], +- [ac_cv_gcryctl_set_enforced_fips_flag=yes], +- [ac_cv_gcryctl_set_enforced_fips_flag=no])]) ++ PKG_CHECK_MODULES([libgcrypt], [libgcrypt >= 1.7.9],[], ++ AC_MSG_FAILURE([libgcrypt devel support is missing])) + +- if test "${ac_cv_gcryctl_set_enforced_fips_flag}" == "yes"; then +- AC_DEFINE([HAVE_GCRYCTL_SET_ENFORCED_FIPS_FLAG], [1], [Define to 1 if you have 'gcrypt' library with GCRYCTL_SET_ENFORCED_FIPS_FLAG.]) +- fi +- LIBS=$SAVE_LIBS ++ crapi_libname="libgcrypt" ++ crapi_CFLAGS=$libgcrypt_CFLAGS ++ crapi_LIBS=$libgcrypt_LIBS ++ AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'libgcrypt' library.]) + ;; + *) + AC_MSG_ERROR([unknown crypto backend]) diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch b/meta-security/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch new file mode 100644 index 000000000..ecbe6026f --- /dev/null +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch @@ -0,0 +1,17 @@ +Index: git/configure.ac +=================================================================== +--- git.orig/configure.ac ++++ git/configure.ac +@@ -1109,11 +1109,7 @@ AC_ARG_WITH([crypto], + [], + [crypto=gcrypt]) + +-if test "x${libexecdir}" = xNONE; then +- probe_dir="/usr/local/libexec/openscap" +-else +- EXPAND_DIR(probe_dir,"${libexecdir}/openscap") +-fi ++probe_dir="/usr/local/libexec/openscap" + + AC_SUBST(probe_dir) + diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/files/run-ptest b/meta-security/meta-security-compliance/recipes-openscap/openscap/files/run-ptest new file mode 100644 index 000000000..454a6a3c9 --- /dev/null +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/files/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh +cd tests +make -k check diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc new file mode 100644 index 000000000..e9589b6bd --- /dev/null +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc @@ -0,0 +1,2 @@ +STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source" +STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.15.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.15.bb new file mode 100644 index 000000000..7cbb1e2ec --- /dev/null +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.15.bb @@ -0,0 +1,86 @@ +# Copyright (C) 2017 Armin Kuster <akuster808@gmail.com> +# Released under the MIT license (see COPYING.MIT for the terms) + +SUMARRY = "NIST Certified SCAP 1.2 toolkit" +HOME_URL = "https://www.open-scap.org/tools/openscap-base/" +LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" +LICENSE = "LGPL-2.1" + +DEPENDS = "autoconf-archive pkgconfig gconf procps curl libxml2 rpm \ + libxslt libcap swig swig-native" + +DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native nss-native" + +SRCREV = "240930d42611983c65ecae16dbca3248ce130921" +SRC_URI = "git://github.com/akuster/openscap.git;branch=oe \ + file://crypto_pkgconfig.patch \ + file://run-ptest \ +" + +inherit autotools-brokensep pkgconfig python3native perlnative ptest + +S = "${WORKDIR}/git" + +PACKAGECONFIG ?= "nss3 pcre rpm" +PACKAGECONFIG[pcre] = ",--enable-regex-posix, libpcre" +PACKAGECONFIG[gcrypt] = "--with-crypto=gcrypt,, libgcrypt " +PACKAGECONFIG[nss3] = "--with-crypto=nss3,, nss" +PACKAGECONFIG[python] = "--enable-python, --disable-python, python, python" +PACKAGECONFIG[python3] = "--enable-python3, --disable-python3, python3, python3" +PACKAGECONFIG[perl] = "--enable-perl, --disable-perl, perl, perl" +PACKAGECONFIG[rpm] = " --enable-util-scap-as-rpm, --disable-util-scap-as-rpm, rpm, rpm" + +export LDFLAGS += " -ldl" + +EXTRA_OECONF += "--enable-probes-independent --enable-probes-linux \ + --enable-probes-solaris --enable-probes-unix --disable-util-oscap-docker\ + --enable-util-oscap-ssh --enable-util-oscap --enable-ssp --enable-sce \ +" + +EXTRA_OECONF_class-native += "--disable-probes-independent --enable-probes-linux \ + --disable-probes-solaris --disable-probes-unix \ + --enable-util-oscap \ +" + +do_configure_prepend () { + sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/perl/Makefile.am + sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python3/Makefile.am + sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python2/Makefile.am +} + + +include openscap.inc + +do_configure_append_class-native () { + sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${S}/config.h + sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${S}/config.h + sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${S}/config.h +} + +do_clean[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}" + +do_install_append_class-native () { + oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native} + install -d $oscapdir + cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir +} + +TESTDIR = "tests" + +do_compile_ptest() { + sed -i 's:python2:python:' ${S}/${TESTDIR}/nist/test_worker.py + echo 'buildtest-TESTS: $(check)' >> ${TESTDIR}/Makefile + oe_runmake -C ${TESTDIR} buildtest-TESTS +} + +do_install_ptest() { + # install the tests + cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH} +} + +FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}" + +RDEPENDS_${PN} += "libxml2 python libgcc" +RDEPENDS_${PN}-ptest = "bash perl python" + +BBCLASSEXTEND = "native" |